10-15-2006 10:19 AM
I eed to push one line to my ACLs on all of my routers. It is an allow. Does anyone know if I need to rewrite the entire ACL or will CW push the one line into place on the existing one?
Thanks in advance.
10-15-2006 10:30 AM
The Access List Manager application (part of RWAN 1.x and VMS 2.3) can do this. Within LMS, there is not an application geared to this kind of ACL editing. However, you can make use of Config Editor and the order-sensitive feature of Baseline Templates to do basic editing. However, the ACL must be removed to change it, and this can leave you vulnerable for a short time, and may lock you out mid-edit.
To get around the lock out problem, you could deploy the ACL using SNMP and TFTP instead of a line-by-line method like SSH or telnet. Alternatively, you could create another ACL with all of the ACE rules you want, then switch the access-class or access-group to that new ACL number. Or, you could apply a temporary ACL that locks out all put the CiscoWorks server, and switch your access-class or access-group to that new number. then execute another job that makes the desired changes to your real ACL. Then switch your access-class or access-group back when it's done.
10-15-2006 10:51 AM
Thanks for the quick reply.
I am looking to do a deploy during one of our Maintenence Windows. I was thinking of using Netconfig also. So, it looks like I've got some rewriting to do?
Thanks.
10-15-2006 10:59 AM
You could use Netconfig for the other options I presented, but if your job simply consists of:
access-list 101 permit tcp any host x.x.x.x eq 80
It will just tack that ACE to the end of ACL 101 (which does not sound like what you want).
10-15-2006 11:06 AM
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide