Joe Clarke Sat, 09/12/2009 - 09:03

Not directly, but you can use SNMP plus TFTP or RCP to upload configuration snippets to the device using the CISCO-CONFIG-COPY-MIB. For example, if you want to change access-list 101, you would create a snippet such as:

no access-list 101

access-list 101 permit tcp any any eq 80

access-list 101 permit tcp any any eq 25

access-list 101 permit tcp any any eq 22

access-list 101 deny tcp any any established


Then set the necessary objects in the CONFIG-COPY-MIB to force the device to upload this snippet, and merge it with the running config. See this tech tip on how to use the CONFIG-COPY-MIB:

jschweng Sat, 09/12/2009 - 09:22

ok thanks - so if i updload this file it will delete acl 101 and recreate it. its not really merging with the running config is it ? is there risk to causing other issues with the running config?

Joe Clarke Sat, 09/12/2009 - 09:33

No, it does merge with the running config just as it would if you typed the commands out. If you left out the "no access-list" command, the ACEs would simply be appended to the end of the existing ACL. Again, this is the same as if you manually typed these new ACEs.

There is no risk to other portions of the config as the snippet will not overwrite the existing running config.


This Discussion