[c-nsp] Modifying ACLs on production router

Frank Bulk frnkblk at iname.com
Mon Oct 6 17:12:11 EDT 2008


What if access to that TFTP server is cut off by an incomplete ACL?

Frank

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Grzegorz Janoszka
Sent: Sunday, October 05, 2008 1:59 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Modifying ACLs on production router

Matlock, Kenneth L wrote:
> So from then on, I've always removed the ACL from the interface, removed
the ACL, rebuilt it, and re-applied it to the interface. If you have the
lines copied into a clipboard, you can paste the stuff in fairly quickly,
and not really allow much 'bad' traffic in.

The simplest thing is to prepare a file containing "no acl XXX" and then
redefinition of the acl, put it of tftp server and load it using:
copy tftp://I.P.I.P/acl running-config

You do not need any extra tricks to do it, like temporary acl's and do on.

--
Grzegorz Janoszka
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list