Highlighted
Absent Member.
Absent Member.
1772 views

don't shoot - it's a Cisco question!


Cisco buffs, mavens, aficianados - what have you... got a bit of a curious
question here. Let's say you want to use a rather length access-list,
maybe a few hundred entries and the entries may change fairly frequently,
and you don't want to grow old typing away at the CLI making all these
alterations, can a txt file be uploaded to flash and referenced? In my
case it's a PIX - but same would go for an ASA and likely their Intergrated
routers.

I know there is something you can do with downloadable ACLs using TACACs or
RADIUS, but that's not really what I am looking for.




--
http://brokertech.parallel42.ca/blog
0 Likes
5 Replies
Highlighted
Absent Member.
Absent Member.

Re: don't shoot - it's a Cisco question!


One can save a copy of said acl into a text editor, change what you
want and copy & paste it back into the device. I've done this several
times while telneted into routers.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: don't shoot - it's a Cisco question!

Stevo wrote:
> One can save a copy of said acl into a text editor, change what you
> want and copy & paste it back into the device. I've done this several
> times while telneted into routers.


Seconded. provided the ACL isn't required for the interface I am using
(*and yes, I have messed up like that before*) I just do "sh run | inc
<acl name>", copy that to a text file, edit it, prefix it with "no
access-list <acl-name>" then paste it back in conf t mode; for puTTY,
that's just a right click 🙂
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: don't shoot - it's a Cisco question!

hmmm... interesting.

thx guys - that might be worth a shot.
--
http://brokertech.parallel42.ca/blog
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: don't shoot - it's a Cisco question!

On Wed, 03 Jun 2009 14:31:32 +0000, Rick Chisholm wrote:

> Cisco buffs, mavens, aficianados - what have you... got a bit of a
> curious question here. Let's say you want to use a rather length
> access-list, maybe a few hundred entries and the entries may change
> fairly frequently, and you don't want to grow old typing away at the CLI
> making all these alterations, can a txt file be uploaded to flash and
> referenced? In my case it's a PIX - but same would go for an ASA and
> likely their Intergrated routers.


If it's an ASA you might be able to do some neat stuff with the ASDM.
I'm a CLI guy myself, but I was impressed with how well the latest ASDM
works with 8.x code.



--
Joe
Does this washcloth smell like chloroform?

Joe Marton Emeritus Knowledge Partner
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: don't shoot - it's a Cisco question!

this might also be important - does a PIX 515 support multiple access-lists
bound to the same interface?

For example, say I have a ACL outside-access-in, that mostly covers my
pinholes etc. Can I have another ACL bad-hosts, to deny activity from
known malicious sites?

eg:

#(config)access-group outside-access-in in interface outside
#(config)access-group bad-hosts in interface outside

?


--
http://brokertech.parallel42.ca/blog
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.