+ Post New Thread
Results 1 to 10 of 10
How do you do....it? Thread, the best practice of editing and managing CISCO switch and router access control list in Technical; ...
  1. #1

    Join Date
    May 2009
    Location
    Sydney
    Posts
    282
    Thank Post
    322
    Thanked 3 Times in 3 Posts
    Rep Power
    11

    Question the best practice of editing and managing CISCO switch and router access control list

    Hi All,

    I’d like to know what is the best practice of editing and managing CISCO switch and router access control list (ACL)?

    I’m now connecting using the blue console cable into the device and then use putty to connect to the console COM1.

    1. I enable logging then “show run”
    2. Keeps pressing the keyboard to go ahead the “- - more- - “ delimiter
    3. Open Notepad then edit the log to remove the “- - more - - “ keyword
    4. Make necessary changes
    5. Quickly Select 15 lines then Copy paste into the conf-t prompt (to reduce the input buffer limit and avoid timeout)
    6. Make sure that there is no spacing or copy paste error in the step above then “write mem”.

    I wonder if there is a smarter or safest way in doing this to manage large scale network because copy pasting hundreds of line and verifying it one by one through putty and pressing the keyboard is too cumbersome.

    Any kind of help would be greatly appreciated.

    Thanks,
    AWT

  2. #2
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    38
    You can use VanDyke SecureCRT and script things. We have good experience with this program.
    SecureCRT - The Usable, Flexible SSH Client

    bio..

  3. Thanks to bio from:

    albertwt (24th August 2010)

  4. #3
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,506
    Thank Post
    4
    Thanked 98 Times in 94 Posts
    Blog Entries
    1
    Rep Power
    52
    Make sure you have a dated backed up config file.

  5. Thanks to nicholab from:

    albertwt (24th August 2010)

  6. #4


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,649
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Rancid (Shrubbery Networks, Inc. - RANCID) in conjunction with subversion (Apache Subversion).

  7. Thanks to pete from:

    albertwt (24th August 2010)

  8. #5

    Join Date
    May 2009
    Location
    Sydney
    Posts
    282
    Thank Post
    322
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    thanks for all of your reply guys, so for the long ACL list, is there any better way in doing this ? rather than copy paste the whole lot ?

  9. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,225
    Thank Post
    874
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    With regard to the buffer overrun I know that I used to use either terminal program built in with XP/2003 because you could set a delay between lines in the options, this way you could paste in the whole lot at once and the program would add whatever delay you wanted between each line meaning that there were no overruns.

  10. Thanks to SYNACK from:

    albertwt (25th August 2010)

  11. #7


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,053
    Thank Post
    231
    Thanked 2,712 Times in 2,002 Posts
    Rep Power
    794
    The command you need to use to disable the "more" prompt is terminal length 0. This will display the entire config all at once. I did this one of our Cisco switches recently and used the following steps to backup its configuration via PuTTY.

    1. Enable the "All session output" logging option in PuTTY, connect to the router/switch and login as normal.
    2. Next, enter the commands below and press Enter after each one.
      Code:
      enable
      terminal length 0
      show running-config
      exit


    You should now have a text file which contains the configuration. You will have to edit it slightly though (to remove the PuTTY commands you typed above).

    Edit. You can also backup the config via TFTP or FTP too...
    http://www.cisco.com/en/US/products/...8020260d.shtml
    Last edited by Arthur; 24th August 2010 at 06:20 PM.

  12. Thanks to Arthur from:

    albertwt (25th August 2010)

  13. #8

    Join Date
    May 2009
    Location
    Sydney
    Posts
    282
    Thank Post
    322
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    Arthur, thanks for the reply and suggestion, I'm using IOS 12 and 12.4, based on your suggestion it does make sense,
    so i can just

    1. export the config.
    2. make necessary changes
    3. import the config
    4. in the conf-t apply the rule using write mem
    5. test the connectivity.

    please correct me if I'm wrong but that does make sense and easy after all by using filezilla (for tFTP).

  14. #9


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,053
    Thank Post
    231
    Thanked 2,712 Times in 2,002 Posts
    Rep Power
    794
    I can't see why that shouldn't work.

  15. #10

    Join Date
    Aug 2010
    Location
    Melbourne, Australia
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by pete View Post
    Rancid (Shrubbery Networks, Inc. - RANCID) in conjunction with subversion (Apache Subversion).
    I second this - and it leaves less potential for human error than other options.

SHARE:
+ Post New Thread

Similar Threads

  1. 10 dumb things you can do with your cisco router
    By NewOrder in forum General Chat
    Replies: 0
    Last Post: 10th April 2009, 09:18 AM
  2. [Wanted] netgear mini router/switch/access point stands
    By RabbieBurns in forum Classified Adverts
    Replies: 5
    Last Post: 30th June 2008, 05:04 PM
  3. Advice on buying a Cisco Router
    By Steven in forum Wireless Networks
    Replies: 4
    Last Post: 9th June 2008, 06:59 PM
  4. Cisco 1800 Series Router
    By TronXP in forum Wireless Networks
    Replies: 6
    Last Post: 7th May 2008, 02:26 PM
  5. cisco router
    By Uraken in forum Hardware
    Replies: 9
    Last Post: 17th March 2008, 04:05 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •