Tracking ACL Changes - Using access-list remarks

gedmond · ‎04-25-2008

Hi,

Does any have a way to compare current running ACLs against a previously saved copy of the config? Quarterly we need to review the security and it would be nice to run a quick compare to evaluate what has changed since the last quarter and make sure these changes are reflected in our change log as outlined by our corporate security policy.

I'm considering adding access-list remarks to my config to help document it better. I've heard this could clutter the config but using a "show run |exclude remarks" could help when troublshooting.

Does anyone have any thoughts?

Thanks

Glen

htarra · ‎05-02-2008

you can use command "show run | include access-list" and save this copy in a text file. In the next quarter you cna again get the output using same command, copy it and save in a different file then compare both files using a variey of free tools availbale on internet for this

michael.leblanc · ‎05-23-2008

Do a "copy running-config tftp" and compare the transfered file with your prior configuration file, with an application such as the one found at:

http://www.scootersoftware.com/moreinfo.php

The "Beyond Compare" application allows you to view differences between files rapidly.

Has a ton of other features as well.