Kevin
I have written a quick perl script that may help you, it is attached as a doc. It should run fine on Linux/Unix/MAC and probably windows but you can never be sure :-)
If you just run the script from the command line with no arguments it will tell you what to enter. Basically it takes an IP address, a file name and checks the IP against each line of the acl to see if it matches. It can understand simple wildcard masks eg.
0.0.0.255, 0.3.255.255, 0.0.7.255 etc.. but it hasn't been written to deal with complex wildcard masks eg 0.3.255.7 for example. However the vast majority of acl entries are simply reverse subnet masks so it may still be of use.
It should work fine against both types of acl ie.
access-list 101 permit ip 192.168.5.0 0.0.0.255 172.16.0.0 0.0.255.255
and
ip access-list extended ACL
10 permit 192.168.5.0 0.0.0.255 172.16.0.0 0.0.255.255
I say should as i have limited means of testing so there are no guarantees with it but if you run against your acl and it comes back with the same line that should give you some confidence.
You need to download the acl into a text file for the script to be able to read in the file. As a side note, perl does have a Cisco::Telnet module so it would be relatively easy to have the script login into the actual router and check the acl dynamically rather than have to download the acl.
Like i say, no guarantees but would be worth trying out. Let me know how it goes if you do decide to try it.
Edit - should also point out that the script needs tidying up if it proves useful ie. use strict, better var names etc.. so again let me know.
Jon
