We have an industrial environment with over 100 IE-3000 switches. We are using port based ACLs to limit various protocols to the connected devices(fa1/1 no telnet, fa1/2 no www, fa1/3 no telnet or www, etc). The configs are pretty much the same from switch to switch and the individual ACLs work fine. The problem comes in when we do a firmware upgrade or install a new device that forces us to modify the ACLs. Doing this repeatedly over a hundred switches is tedious & time consuming. Is there a way to declare the ACLs on a core switch (Cat 4500) and have the field switches call the instance of the ACL to apply it on the specific switch ports? I'm just trying to find an easier way to manage a bunch of individual ACLs.
I have this problem too.