RE: [fw-wiz] Cisco acls

From: Mark Teicher (mht3_at_earthlink.net)
Date: 03/08/05

  • Next message: Andrew Yourtchenko: "RE: [fw-wiz] Cisco acls"
    To: "Bruce Smith" <bruce_the_loon@worldonline.co.za>
    Date: Tue, 08 Mar 2005 07:06:23 -0500
    
    

    Has anyone seen or heard of a Cisco ACL lint checker to validate whether a
    certain acl is being utilized or at all. What about old acls that have
    been around for a while, and no one understands why they were inserted in
    the first place.

    At 01:47 PM 3/1/2005, Bruce Smith wrote:
    >Hi Eric
    >
    >Yep, that's what we've experienced. What our network engineer does is edit
    >the acl in notepad or similar, first line the no access-list xxx line, and
    >then pastes the whole thing into the telnet client. The acl is regenerated
    >very rapidly and the open time is a minimum. We use QVTTerm and the normal
    >paste option. Also, make sure there's a blank line at the end of the acl
    >before you copy and paste or the last command doesn't get run automatically.
    >
    >Regards
    >
    >Bruce Smith
    >Consultent Engineer - NMMU
    >
    >-----Original Message-----
    >From: firewall-wizards-admin@honor.icsalabs.com
    >[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Eric
    >Appelboom
    >Sent: Tuesday, March 01, 2005 05:53 PM
    >To: firewall-wizards@honor.icsalabs.com
    >Subject: [fw-wiz] Cisco acls
    >
    >
    >
    >Hi,
    >
    >I would appreciate some comments with regard to the extensive use of
    >cisco routers acls
    >To protect numerous networks.
    >
    >My concern is that when someone amends an access-list one generally
    >enters, no access-list 177 and
    >Then pastes in the new access list. Does this mean that for a period of
    >time there is no protection on the
    >Network that the acls applies?
    >
    >Best Regards
    >Eric
    >MWEB: S.A.'s trusted Internet Service Provider. Just Like that.
    >To join, click here or call 08600 32000.
    >_______________________________________________
    >firewall-wizards mailing list
    >firewall-wizards@honor.icsalabs.com
    >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    >_______________________________________________
    >firewall-wizards mailing list
    >firewall-wizards@honor.icsalabs.com
    >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Andrew Yourtchenko: "RE: [fw-wiz] Cisco acls"

    Relevant Pages

    • Re: [fw-wiz] Cisco acls
      ... > Then pastes in the new access list. ... Each ACL has an un-written "deny all" ... In our case, we would login to the router, do a "show acess-list 177", ... "I do not fear computer, ...
      (Firewall-Wizards)
    • RE: [fw-wiz] Cisco acls
      ... What our network engineer does is edit ... The acl is regenerated ... Then pastes in the new access list. ...
      (Firewall-Wizards)
    • RE: [fw-wiz] Cisco acls
      ... no access-list 177 and Then pastes in the new access list. ... And then you reapply the newly pasted ACL onto the interface...;-) ... My understanding is that there is no protection while ...
      (Firewall-Wizards)
    • Re: Automation of Administrative Tasks on an RHEL Box
      ... RHEL 5 works well with ACL (it is part of default ... Add user or group in ACL ... Network information accordingly and restart the Network Services. ... user or a user with some root privileges can issue. ...
      (RedHat)
    • Re: Error 403 - Access denied by access control list
      ... check the ACL on the file - ... >OR if you wish to include a script sample in your post ... >> I have a network of computers, ... >> internet connection sharing. ...
      (microsoft.public.windowsxp.security_admin)