RE: Cisco acls

["Paul Melson" <psmelson () comcast net>]

Eric,

As long as you don't leave configure mode, it is my understanding that the
change is not acted upon by the router.  So, copying a router's access-list
to, say, Notepad, modifying it as needed, copying it into the c&p buffer,
and then issuing:

config term
no access-list 177
[now paste buffer into terminal program] int e0/0 ip access-group 177 in
exit exit write mem

The changes go into effect after the 'exit' commands (the first exit leaves
interface mode, the second leaves configure mode) and before you type 'write
mem'.

If you are paranoid about traffic getting through, you might think about
using an automated config tool like Kiwi CatTools to apply configuration
changes to routers.  (I mention CatTools over SolarWinds and some of the
other fine Cisco tools out there because CatTools will use SSH, Telnet, or
whatever terminal connection you use now to manage your devices, where many
of the other tools require SNMP, TFTP, etc.  That, and it's cheap enough you
can expense yourself a copy.)

PaulM

-----Original Message-----
Subject: [fw-wiz] Cisco acls

Hi,

I would appreciate some comments with regard to the extensive use of cisco
routers acls To protect numerous networks.

My concern is that when someone amends an access-list one generally enters,
no access-list 177 and Then pastes in the new access list. Does this mean
that for a period of time there is no protection on the Network that the
acls applies?

Best Regards
Eric

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards