cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

221
Views
0
Helpful
8
Replies
Beginner

Add more than 5 hundred access-list at same time

Hi,

I 've a file (blacklist ip file ). Which is the fastest way add the ips to the router?

Is there any script to add them or maybe one by one added to the router?

Best regards

8 REPLIES 8
Rising star

Re: Add more than 5 hundred access-list at same time

Edgar,

I don't know of a scripted method to apply a large access list. I would recommend breaking the ACL into many pieces and paste them in a section at a time to prevent errors. Then after you validate the ACL made it into the router accurately then apply it to the interface.

HTH,

Mark

Beginner

Re: Add more than 5 hundred access-list at same time

Hi,

ofcourse, this access-list is not a very big list... they are 400 or 500 access-list blocking networks.

I do not want to enter those lines manually even using sdm

Rising star

Re: Add more than 5 hundred access-list at same time

So you just have a list of networks that you would like to block? I've used excel to create large ACL's and it made things a lot easier than using wordpad.

Mark

Highlighted
Beginner

Re: Add more than 5 hundred access-list at same time

Hi,

Yes,

I've a file with ips in this format 58.29.0.0/16

to block

Do you use excel? How?

Rising star

Re: Add more than 5 hundred access-list at same time

There will definitely need to be alot of typing and conversion involved. Quite time consuming but when you get your spread sheet all done it will be much easier to make changes to your ACL. If you make each row an ACL and each column a different piece of an ACL. such as permit/deny |protocol | source IP/network |wildcard | destination ip/network | wildcard | port.

HTH,

Mark

Mark

Beginner

Re: Add more than 5 hundred access-list at same time

Hi,

after that, how do you submit this information to the router?

Best regards

Rising star

Re: Add more than 5 hundred access-list at same time

After you create the spread sheet you can merge the lines then you can copy and paste them into the router and then apply the ACL to the interface.

HTH,

Mark

PS: Don't forget a permit statement after your

deny statements.

Frequent Contributor

Re: Add more than 5 hundred access-list at same time

This is very easy to accomplish. What you're

asking can be done with EXPECT scripts. With

expect scritps, you can control the flow input

of the ACLs. I've add about 50,000 of ACLs into

a Pix firewall using Expect script.

Easy right?

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here