[nsp] acl: how to suppress keyword for service in acl?
Ed Ravin
eravin at panix.com
Thu May 6 17:47:33 EDT 2004
On Thu, May 06, 2004 at 10:51:20AM +0200, Oliver Boehmer (oboehmer) wrote:
> > Is there an official place on the CCO site to get the cisco
> > /etc/service alike file which is used for the keyword names? So I can
> > get it per http and link it with my application each time a new
> > version appeares.
>
> I don't know of any such file, the port names are not stored in a
> central location (unlike /etc/services). The easiest way to get a list
> of all supported keywords names is the "?" within the parser, something
> which could be automated using an expect script.
How about this way:
access-list extended test-me
permit ip any any eq 1
permit ip any any eq 2
permit ip any any eq 3
permit ip any any eq 4
[...]
permit ip any any eq 65534
permit ip any any eq 65535
Save it to the router and then download it back :-). Might have to do it
in smaller blocks, I have no idea if IOS will let you make an access list
that big.
When I wrote aclmaker, I gave the job of syntax checking the ACLs to the
router - it uploads the ACL to the router with a name like "foo-test", so it
won't affect any existing ACLs, then deletes it afterwards. If the
router complained about syntax errors, then aclmaker rejects the ACL as
invalid. See the COSI-NMS site on Sourceforge for more info on aclmaker.
More information about the cisco-nsp
mailing list