[c-nsp] Applying ACL
John Kougoulos
koug at intracom.gr
Fri Jun 1 03:11:16 EDT 2007
my preferred method is to upload the acl with tftp, ofcourse with the
first line "permit tcp any any established"
also I have created a script on the tftp server (which works only with
non-named access-lists), which extracts the acls from a router
configuration file, and places each acl on a different file:
#!/bin/sh
myfile=$1
\rm /tftpboot/acls/*
for i in `grep access-list $myfile | grep -v "as-path" | awk ' { print
$2 } ' | sort | uniq`
do
echo "no access-list $i" >acls/acl-$i
grep "access-list $i " $myfile >> acls/acl-$i
echo "end" >>acls/acl-$i
done
therefore I apply the changes with this method
router# wri net (-> to tftp server)
tftpserver# vi router-confg
tftpserver# ./abovescript router-confg
router# copy tftp://tftpserver/acls/acl-140 running-config
Best Regards,
John
Jeff Kell wrote:
> Gert Doering wrote:
>> But usually you're dead in the water as soon as you copy-and-paste a
>> new version of the ACL and the first line gets active, prohibiting any
>> further lines to go through...
>
> ...unless that first line is a 'permit tcp any any established'
>
> Still might want to do a 'reload in 5' right before, just in case you lock yourself out of the playhouse :-)
>
> Jeff
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list