10-23-2007 10:25 AM
After reading through a couple of scenarios in the RME User guide I am still a little confuses on how should I go about deploying an access list permit statement to all the devices I have in Ciscoworks with Netconfig....is this considered an user-defined task if so how do I go about deploying this statement?
10-23-2007 10:36 AM
You can do this using a User-Defined task or Ad hoc task in Netconfig. Just add your ACLs as you want them to look on the device.
If, however, your device already has an ACL configured, and you want to add new lines, you should use Config Editor or Archive Management Baseline Compliance to do this. Deployment in those situations will remove the current ACL, then add the new lines.
If you did want to use Netconfig to edit an ACL, you would need the first line of your user-defined task or adhoc task to be:
no access-list
Then you would put back the entire ACL as you want it to appear on the device.
If, however, all you want to do is append statements to an existing ACL, then you can just build a user-defined task or adhoc task that simply adds new lines. For example:
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
Admittedly, the ACL management capability in LMS is no where near as comprehensive as the ACL management capabilities in the ACL Manager application. The Cisco Security Management Suite has some more ACL management capabilities.
10-23-2007 10:49 AM
Thanks for the quick update.....that is exactly what I wanted to do is to append statements to an existing ACL. I tested using Config Editor and it was fairly simple wasn't sure what system defined task to use to apply ACL Statement.
I will definitely look into the Security Suite
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide