[nsp] ACLs

Ed Ravin eravin at panix.com
Fri Feb 28 13:47:46 EST 2003


On Fri, Feb 28, 2003 at 09:42:39AM -0700, Arif, Ijaz wrote:
> Does anybody have problem with copying and pasting ACLs on router?

It's a royal pain, especially when the ACL grows to more than one
screen length and you have to start using multiple cut/paste operations
to get the new ACL in.  And then there's the problem of a typo halfway
down in the paste buffer, which can't be easily corrected from the
command line, so usually you have to start the cut/paste all over again.

I wrote a Perl/Expect script to deal with this - it lets you edit ACLs
as local files on your system, then send them to the router via an
existing telnet session.  The script takes care of syntax checking
the ACL before installing it (by installing it under a different name),
and minimizes the "window of vulnerability" by automatically installing
the new ACL immediately after removing the old one.  It requires
Perl, the Expect.pm module, and the the IO-Tty module.  You can download
it from Sourceforge over at:

 http://sourceforge.net/project/showfiles.php?group_id=25401&release_id=83743



More information about the cisco-nsp mailing list