cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
981
Views
25
Helpful
6
Replies

How do you manage your accesslists in your enviroment?

Andreas Falk
Level 1
Level 1

Hi,

We have changed our core routers from a pair of 6509 in VSS mode to two N7K.
Before we had our acl's in a wiki with versioning, and just pasted in the new acl's in to the router.

But now when we try to use the same way on our N7K, things goes haywire,
Long acl's (I know, we shouldn't have them) stops in the middle of the pasted content.

And because it's a vPC pair, I don't want to edit the acl's directly. Then I think that we have a forked acl on each router.

How do you manage your acl's?
Any tips and ideas are welcome.

--

Regards Falk

6 Replies 6

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi,

We have changed our core routers from a pair of 6509 in VSS mode to two N7K.
Before we had our acl's in a wiki with versioning, and just pasted in the new acl's in to the router.

But now when we try to use the same way on our N7K, things goes haywire,
Long acl's (I know, we shouldn't have them) stops in the middle of the pasted content.

And because it's a vPC pair, I don't want to edit the acl's directly. Then I think that we have a forked acl on each router.

How do you manage your acl's?
Any tips and ideas are welcome.

--

Regards Falk

Hi Falk,

Genrally it depends how you follow the process to maintain the database for any change,In our project what we follow  a change request is created, the recommended configuration change documented, reviewed and approved (by panel), then the change is implemented in an appropriate change window.

Tools Like Voyence and Manage Engine (Device Expert) are designed for these purpose like Voyence work quite well in being a configuration change management tool for networking. It does keeps track of all configurations in the network, all software ios versions, having complience checks to see that all configs is complient and all stuff and ManageEngine called Device Expert that is designed for change management, it will allow you to add/delete configuration data to multiple devices at once, you can setup rules to ensure certain configurations are/are not setup on the devices. It will show reports of devices, firmware inventory, running vs. startup configs, etc

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

ganeshh.iyer wrote:

Hi Falk,

Genrally it depends how you follow the process to maintain the database for any change,In our project what we follow  a change request is created, the recommended configuration change documented, reviewed and approved (by panel), then the change is implemented in an appropriate change window.

Tools Like Voyence and Manage Engine (Device Expert) are designed for these purpose like Voyence work quite well in being a configuration change management tool for networking. It does keeps track of all configurations in the network, all software ios versions, having complience checks to see that all configs is complient and all stuff and ManageEngine called Device Expert that is designed for change management, it will allow you to add/delete configuration data to multiple devices at once, you can setup rules to ensure certain configurations are/are not setup on the devices. It will show reports of devices, firmware inventory, running vs. startup configs, etc

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Hi, thanks for the answers.

We use CiscoWorks 4.0 today to handle our configs and network management.

But it does not handle access-list so good, imho.
Well, to be honest, CiscoWorks really can be a beast to administrate in it self


So I guess there isn't an universal access-lists "gui with syntax check and alot of icons, that will make our Microsoft managers show their happy face"?

--

Regardas Falk
Sweden

Message was edited by: Andreas Falk  Problem with multiple quotes.

Edison Ortiz
Hall of Fame
Hall of Fame

I usually do the copy and paste routine but if you are having issues with long pasting (usually attributed to the client you are using - never had a problem with SecureCRT), you can use 'copy tftp running-config'

Regards,

Edison

ediortiz wrote:

I usually do the copy and paste routine but if you are having issues with long pasting (usually attributed to the client you are using - never had a problem with SecureCRT), you can use 'copy tftp running-config'

Regards,

Edison

Hi, thanks for the answers.

Nice tip, I didn't know that there were "problems" with buffers on different clients.
I  use native terminal in Ubuntu, so perhaps something goes wrong there. I  will try pUtty or SecureCRT and see if the problem persists.
Then only the problem to get  my colleges to paste on both the N7K boxes.

--

Regards Falk
Sweden

Andreas Falk
Level 1
Level 1

Well,

The solution was to use (for the moment) SecureCRT on Windows.
When I use a virtual terminal over ssh, it seems like the input buffer gets full?

But when on Windows and SecureCRT, things works smooth?

So the solution for the moment is:

VmWare Workstation -> Windows XP -> SecureCRT -> Nexus 7000 = win

--

Regards Falk

Sweden

Yup, client problem is often the issue with copy and paste. That's the reason I never ran into any problems (Windows User with SecureCRT

)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco