09-12-2009 06:57 AM
Is it possible to use SNMP from a netmanager to modify or apply an ACL on a cisco 3750G with ios 12.25SEB2?
09-12-2009 09:03 AM
Not directly, but you can use SNMP plus TFTP or RCP to upload configuration snippets to the device using the CISCO-CONFIG-COPY-MIB. For example, if you want to change access-list 101, you would create a snippet such as:
no access-list 101
access-list 101 permit tcp any any eq 80
access-list 101 permit tcp any any eq 25
access-list 101 permit tcp any any eq 22
access-list 101 deny tcp any any established
end
Then set the necessary objects in the CONFIG-COPY-MIB to force the device to upload this snippet, and merge it with the running config. See this tech tip on how to use the CONFIG-COPY-MIB:
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094aa6.shtml
09-12-2009 09:22 AM
ok thanks - so if i updload this file it will delete acl 101 and recreate it. its not really merging with the running config is it ? is there risk to causing other issues with the running config?
09-12-2009 09:33 AM
No, it does merge with the running config just as it would if you typed the commands out. If you left out the "no access-list" command, the ACEs would simply be appended to the end of the existing ACL. Again, this is the same as if you manually typed these new ACEs.
There is no risk to other portions of the config as the snippet will not overwrite the existing running config.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: