[[nsp] ACLs]

Shalosky, Brian K Mr CONT USAREC Brian.Shalosky at usarec.army.mil
Fri Feb 28 14:01:15 EST 2003


I've seen this same problem several times.  You can try to set up a TFTP
server and apply your access lists that way.

To use a TFTP server, create the access list statements using any text
editor, and save the access list in ASCII format to a TFTP server that is
accessible by your router. Then, from your router, use the copy tftp:file_id
system:running-config command to copy the access list to your router.
Finally, perform the copy system:running-config nvram:startup-config command
to save the access list to your router's NVRAM.

Then, if you ever want to make changes to an access list, you can make them
to the text file on the TFTP server, and copy the edited file to your router
as before.


----------------------------------------------------------------------------
 Note   The first command of an edited access list file should delete the
previous access list (for example, type a no access-list command at the
beginning of the file). If you do not first delete the previous version of
the access list, when you copy the edited file to your router you will
merely be appending additional criteria statements to the end of the
existing access list. 

----------------------------------------------------------------------------

Brian 


-----Original Message-----
From: Chris Davis [mailto:chris.davis at computerjobs.com] 
Sent: Friday, February 28, 2003 1:48 PM
To: cisco-nsp at puck.nether.net
Subject: RE: [[nsp] ACLs]

Isn't ACL optimization a feature of CiscoWorks?  Unless I'm mistaken, your
router should accept an ACL as pasted.

I've seen HyperTerminal on Windows botch captures & pastes.  Otherwise I've
had no problems.

If you've mistyped ACL lines in your text editor, the router will not accept
the lines that are in error when you paste the ACL.  However, if your ACL is
long you may not notice the router's complaints about the bad lines, and
then when you do 'show run' you wonder where your (erroneous) ACL lines
went.

I have a suggestion for a safer sequence to follow for replacing ACL 190-  
 1- Capture your ACL 190 and make your changes/additions in your text
editor.
 2- Find and replace the ACL number in your text editor to 191 (or some
other number not already in use on the router).
 3- Paste the edited ACL with its new number (191 in this example) into your
router.
 4- Apply the new ACL 191 to the interface in place of the old ACL 190.  

This way in case of a mistake or problem like you are experiencing, you can
switch back to the old ACL just by reapplying it.  No need to open the saved
ACL text file and try to paste it back in. Later, once you're confident
everything's well and good, you can remove the old ACL 190.

Christopher Davis
http://www.winSnmpWalk.org


>-----Original Message-----
>From: Joshua Smith [mailto:joshua.ej.smith at usa.net]
>Sent: Friday, February 28, 2003 1:17 PM
>To: Arif, Ijaz; cisco-nsp at puck.nether.net
>Subject: Re: [[nsp] ACLs]
>
>the router 'optimizes' them for it's consumption, i don't have
>a link or a better explanation though, sorry
>
>joshua
>
>"Arif, Ijaz" <Ijaz.Arif at attcanada.com> wrote:
>  
> Does anybody have problem with copying and pasting ACLs on router? I am
> having problem here when I want to update my ACLs lets say 190, I am doing
> it in following order:
>  
> 1: First I remove ACL 190
> 2: then I paste new ACLs
>  
> But I am getting the ACLs out of order when I do show run, it's not in
order
> what I pasted in. Any idea what's going on here.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list