Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
0
Helpful
2
Replies

Manage/Change large pix ACLs - best practices?

jroyster
Level 1
Level 1

‎08-21-2003 05:28 AM - edited ‎02-20-2020 10:56 PM

Its becoming incredibly difficult to manage our access lists. Some are thousands of lines long. I'm curious as to some recommended practices for changing and managing them without disrupting service.

Some of our current challenges:

1) Changing ACL through PDM demolishes the access list because during the re-write of the ACL you wind up denying access to your PDM session.

2) Copying and pasting is incredibly slow and difficult to manage. The ACLs are so big even windows notepad won't hold them...you have to use a different editor.

3) Removing ACL from interface to copy/paste disrupts service.

Any ideas? I was thinking:

1) Copy ACL to text editor, change name to "temp" and past to pix.

2) Change access-group command to use "temp" ACL

3) Copy ACL being edited, edit and paste to pix

4) Change access-group command to use edite ACL.

Seems like a lot of hassle to simply add a rule which actually happens quite frequently.

Thanks in advanced!

0 Helpful
2 Replies 2

itnetwork
Level 1
Level 1

‎08-21-2003 08:57 AM

I would upgrade to version 6.3(1) or a version that support the access-list "line" command. I change/modify rules on our production PIX's without a problem. And no more copyiny/pasting to text editor.

0 Helpful

jroyster
Level 1
Level 1
In response to itnetwork

‎08-21-2003 10:07 AM

Thanks for the reply!

Unfortunately that isn't an option. Some specific bugs affect our implementation.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card