cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5959
Views
5
Helpful
3
Replies
Highlighted
Beginner

ACL maker

Is there such a tool (GUI perhaps) to easely create ACL's ?

Also, I've always been wondering why, when you create an acl then go back and try to add a line, that it wipes out all the acl...?!? How do you add 1 line to a complicated ACL list whithout retyping the whole ACL itself? Or is there no other choice?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Enthusiast

Re: ACL maker

Wireshark has the ability to create an ACL from a captured packet. Navigate as follows: Wireshark | Analyze menu | Firewall ACL Rules.

http://www.wireshark.org/

With regard to the addition of an Access Control Entry (ACE) to an existing ACL:

Let's assume you had an ACL named ACL-Example. Do a "show ip access-list ACL-Example"

Note the sequence numbers beside the ACEs (they probably start at 10, and increment by 10's).

Lets assume you saw this:

10 permit tcp any any eq www

20 permit tcp any any eq smtp

You might decide that you wanted to place a new ACE between these two ACEs. You would specify a sequence number between 10 and 20.

e.g.:

devicename(config) # ip access-list extended ACL-Example

devicename(config-ext-nacl) # 15 permit tcp any any eq ftp

devicename(config-ext-nacl) # ex

devicename(config) # ip access-list resequence ACL-Example 10 10

This would resequence the ACEs, starting at 10, and incrementing by 10.

Exit configuration mode, do a "show ip access-list ACL-Example", and verify the result:

e.g.:

10 permit tcp any any eq www

20 permit tcp any any eq ftp

30 permit tcp any any eq smtp

View solution in original post

3 REPLIES 3
Highlighted
Enthusiast

Re: ACL maker

Wireshark has the ability to create an ACL from a captured packet. Navigate as follows: Wireshark | Analyze menu | Firewall ACL Rules.

http://www.wireshark.org/

With regard to the addition of an Access Control Entry (ACE) to an existing ACL:

Let's assume you had an ACL named ACL-Example. Do a "show ip access-list ACL-Example"

Note the sequence numbers beside the ACEs (they probably start at 10, and increment by 10's).

Lets assume you saw this:

10 permit tcp any any eq www

20 permit tcp any any eq smtp

You might decide that you wanted to place a new ACE between these two ACEs. You would specify a sequence number between 10 and 20.

e.g.:

devicename(config) # ip access-list extended ACL-Example

devicename(config-ext-nacl) # 15 permit tcp any any eq ftp

devicename(config-ext-nacl) # ex

devicename(config) # ip access-list resequence ACL-Example 10 10

This would resequence the ACEs, starting at 10, and incrementing by 10.

Exit configuration mode, do a "show ip access-list ACL-Example", and verify the result:

e.g.:

10 permit tcp any any eq www

20 permit tcp any any eq ftp

30 permit tcp any any eq smtp

View solution in original post

Highlighted
Beginner

Re: ACL maker

Excellent !

Thanks for the reply, I did not know about this numbering ACL lines...

Beginner

ACL maker

here we go I found a site that creates ACL for PIX/ASA and FWSM

http://freeacl.com/

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards