ACL consolidation tool

Unanswered Question
Sep 10th, 2009

I have taken over a router with a lot of "grown" access-lists (a total of about 3000 lines !).

Now I'm looking for a way to consolidate these entries, e.g. summarize, find duplicates, reorder etc.

I there a tool (by Cisco or other) to do this ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Thu, 09/10/2009 - 10:50

I saw a tool once that was part of a larger toolset that did ACL parsing. I don't remember the name though. It cost something like $60K so I didn't spend much time looking at it. What I would do is clear the hit counts, let it run for a week or two, then create a new ACL allowing only lines with hit counts. Remove the old ACL from the interface and apply the new. You may get a few calls and you can open as you get them. If all heck breaks loose you can re-apply the old ACL to the interface and try again.

Hope that helps.


This Discussion