[nsp] Script to check for unused ACLs
Niels den Otter
otter at surfnet.nl
Fri Jan 2 17:43:42 EST 2004
John,
On Friday, 2 January 2004, John Kristoff wrote:
> I thought someone might find this helpful. Below is a simple script to
> find unused ACLs in your IOS configs. Pass a directory with stored
> configs on the command line (or adjust it to suit your needs). Please
> send me any script bugs or additional matches I may have fogotten back to
> me so I can update my copy with your improved version. In testing, 250
> unused ACLs were the minimum found for organization that I've seen so far.
> :-)
I have tried the script on part of our router configs and found the
following config lines that do not match yet.
ip receive access-list <ACL>
ip msdp sa-filter in <peer address> list <ACL1> rp-list <ACL2>
ip msdp sa-filter out <peer address> list <ACL1> rp-list <ACL2>
tag-switching advertise-tags for <ACL>
tag-switching request-tags for <ACL>
-- Niels
More information about the cisco-nsp
mailing list