Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SNMP to modify or add ACL

Is it possible to use SNMP from a netmanager to modify or apply an ACL on a cisco 3750G with ios 12.25SEB2?

3 REPLIES
Cisco Employee

Re: SNMP to modify or add ACL

Not directly, but you can use SNMP plus TFTP or RCP to upload configuration snippets to the device using the CISCO-CONFIG-COPY-MIB. For example, if you want to change access-list 101, you would create a snippet such as:

no access-list 101

access-list 101 permit tcp any any eq 80

access-list 101 permit tcp any any eq 25

access-list 101 permit tcp any any eq 22

access-list 101 deny tcp any any established

end

Then set the necessary objects in the CONFIG-COPY-MIB to force the device to upload this snippet, and merge it with the running config. See this tech tip on how to use the CONFIG-COPY-MIB:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094aa6.shtml

New Member

Re: SNMP to modify or add ACL

ok thanks - so if i updload this file it will delete acl 101 and recreate it. its not really merging with the running config is it ? is there risk to causing other issues with the running config?

Cisco Employee

Re: SNMP to modify or add ACL

No, it does merge with the running config just as it would if you typed the commands out. If you left out the "no access-list" command, the ACEs would simply be appended to the end of the existing ACL. Again, this is the same as if you manually typed these new ACEs.

There is no risk to other portions of the config as the snippet will not overwrite the existing running config.

1442
Views
0
Helpful
3
Replies