the best practice of editing and managing CISCO switch and router access control list

[albertwt]

Hi All,

I’d like to know what is the best practice of editing and managing CISCO switch and router access control list (ACL)?

I’m now connecting using the blue console cable into the device and then use putty to connect to the console COM1.

1. I enable logging then “show run”
2. Keeps pressing the keyboard to go ahead the “- - more- - “ delimiter
3. Open Notepad then edit the log to remove the “- - more - - “ keyword
4. Make necessary changes
5. Quickly Select 15 lines then Copy paste into the conf-t prompt (to reduce the input buffer limit and avoid timeout)
6. Make sure that there is no spacing or copy paste error in the step above then “write mem”.

I wonder if there is a smarter or safest way in doing this to manage large scale network because copy pasting hundreds of line and verifying it one by one through putty and pressing the keyboard is too cumbersome.

Any kind of help would be greatly appreciated.

Thanks,
AWT

[bio]

You can use VanDyke SecureCRT and script things. We have good experience with this program.
SecureCRT - The Usable, Flexible SSH Client

bio..

[nicholab]

Make sure you have a dated backed up config file.

[pete]

Rancid (Shrubbery Networks, Inc. - RANCID) in conjunction with subversion (Apache Subversion).

[albertwt]

thanks for all of your reply guys, so for the long ACL list, is there any better way in doing this ? rather than copy paste the whole lot ?

[SYNACK]

With regard to the buffer overrun I know that I used to use either terminal program built in with XP/2003 because you could set a delay between lines in the options, this way you could paste in the whole lot at once and the program would add whatever delay you wanted between each line meaning that there were no overruns.

[Arthur]

The command you need to use to disable the "more" prompt is terminal length 0. This will display the entire config all at once. I did this one of our Cisco switches recently and used the following steps to backup its configuration via PuTTY.

1. Enable the "All session output" logging option in PuTTY, connect to the router/switch and login as normal.
2. Next, enter the commands below and press Enter after each one.
   
   Code:

   enable
   terminal length 0
   show running-config
   exit

You should now have a text file which contains the configuration. You will have to edit it slightly though (to remove the PuTTY commands you typed above).

Edit. You can also backup the config via TFTP or FTP too...
http://www.cisco.com/en/US/products/...8020260d.shtml

[albertwt]

Arthur, thanks for the reply and suggestion, I'm using IOS 12 and 12.4, based on your suggestion it does make sense,
so i can just

1. export the config.
2. make necessary changes
3. import the config
4. in the conf-t apply the rule using write mem
5. test the connectivity.

please correct me if I'm wrong but that does make sense and easy after all by using filezilla (for tFTP).

[Arthur]

I can't see why that shouldn't work.

[EduAussie]

Rancid (Shrubbery Networks, Inc. - RANCID) in conjunction with subversion (Apache Subversion).

I second this - and it leaves less potential for human error than other options.