Deploying access-list statements in LMS 3.0

dionjiles · ‎10-23-2007

After reading through a couple of scenarios in the RME User guide I am still a little confuses on how should I go about deploying an access list permit statement to all the devices I have in Ciscoworks with Netconfig....is this considered an user-defined task if so how do I go about deploying this statement?

Joe Clarke · ‎10-23-2007

You can do this using a User-Defined task or Ad hoc task in Netconfig. Just add your ACLs as you want them to look on the device.

If, however, your device already has an ACL configured, and you want to add new lines, you should use Config Editor or Archive Management Baseline Compliance to do this. Deployment in those situations will remove the current ACL, then add the new lines.

If you did want to use Netconfig to edit an ACL, you would need the first line of your user-defined task or adhoc task to be:

no access-list

Then you would put back the entire ACL as you want it to appear on the device.

If, however, all you want to do is append statements to an existing ACL, then you can just build a user-defined task or adhoc task that simply adds new lines. For example:

access-list 101 permit ip 10.0.0.0 0.255.255.255 any

Admittedly, the ACL management capability in LMS is no where near as comprehensive as the ACL management capabilities in the ACL Manager application. The Cisco Security Management Suite has some more ACL management capabilities.

dionjiles · ‎10-23-2007

Thanks for the quick update.....that is exactly what I wanted to do is to append statements to an existing ACL. I tested using Config Editor and it was fairly simple wasn't sure what system defined task to use to apply ACL Statement.

I will definitely look into the Security Suite