Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Manage/Change large pix ACLs - best practices?

Its becoming incredibly difficult to manage our access lists. Some are thousands of lines long. I'm curious as to some recommended practices for changing and managing them without disrupting service.

Some of our current challenges:

1) Changing ACL through PDM demolishes the access list because during the re-write of the ACL you wind up denying access to your PDM session.

2) Copying and pasting is incredibly slow and difficult to manage. The ACLs are so big even windows notepad won't hold them...you have to use a different editor.

3) Removing ACL from interface to copy/paste disrupts service.

Any ideas? I was thinking:

1) Copy ACL to text editor, change name to "temp" and past to pix.

2) Change access-group command to use "temp" ACL

3) Copy ACL being edited, edit and paste to pix

4) Change access-group command to use edite ACL.

Seems like a lot of hassle to simply add a rule which actually happens quite frequently.

Thanks in advanced!

2 REPLIES
New Member

Re: Manage/Change large pix ACLs - best practices?

I would upgrade to version 6.3(1) or a version that support the access-list "line" command. I change/modify rules on our production PIX's without a problem. And no more copyiny/pasting to text editor.

New Member

Re: Manage/Change large pix ACLs - best practices?

Thanks for the reply!

Unfortunately that isn't an option. Some specific bugs affect our implementation.

175
Views
0
Helpful
2
Replies
CreatePlease to create content