Firewall Wizards mailing list archives
RE: Cisco acls
From: MHawkins () TULLIB COM
Date: Sat, 5 Mar 2005 12:29:16 -0500
Sorry but Paul but your first statement is definitely incorrect. Changes made to ACl's in config mode on Cisco routers become part of the running config immediately upon hitting the enter key in config. MH -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Paul Melson Sent: Wednesday, March 02, 2005 3:07 PM To: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Cisco acls Eric, As long as you don't leave configure mode, it is my understanding that the change is not acted upon by the router. So, copying a router's access-list to, say, Notepad, modifying it as needed, copying it into the c&p buffer, and then issuing: config term no access-list 177 [now paste buffer into terminal program] int e0/0 ip access-group 177 in exit exit write mem The changes go into effect after the 'exit' commands (the first exit leaves interface mode, the second leaves configure mode) and before you type 'write mem'. If you are paranoid about traffic getting through, you might think about using an automated config tool like Kiwi CatTools to apply configuration changes to routers. (I mention CatTools over SolarWinds and some of the other fine Cisco tools out there because CatTools will use SSH, Telnet, or whatever terminal connection you use now to manage your devices, where many of the other tools require SNMP, TFTP, etc. That, and it's cheap enough you can expense yourself a copy.) PaulM -----Original Message----- Subject: [fw-wiz] Cisco acls Hi, I would appreciate some comments with regard to the extensive use of cisco routers acls To protect numerous networks. My concern is that when someone amends an access-list one generally enters, no access-list 177 and Then pastes in the new access list. Does this mean that for a period of time there is no protection on the Network that the acls applies? Best Regards Eric _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ------------------------- The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal privilege. If you are not the intended recipient please notify the sender immediately; you should not retain this message or disclose its content to anyone. Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored. For more information about the Collins Stewart Tullett group of companies please visit the following web site: www.cstplc.com ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- -------------------------- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Cisco acls, (continued)
- RE: Cisco acls Ben Nagy (Mar 04)
- Re: Cisco acls Stephane (Mar 04)
- Re: Cisco acls Miha Vitorovic (Mar 24)
- RE: Cisco acls Behm, Jeffrey L. (Mar 04)
- RE: Cisco acls Matthew.Harvey () usdoj gov (Mar 04)
- RE: Cisco acls Paul Melson (Mar 04)
- Re: Cisco acls Luca Berra (Mar 07)
- RE: Cisco acls Luke Butcher (Mar 06)
- RE: Cisco acls Luke Butcher (Mar 07)
- RE: Cisco acls Andrew Yourtchenko (Mar 12)
- RE: Cisco acls MHawkins (Mar 07)
- RE: Cisco acls Scott Stursa (Mar 12)
- Re: Cisco acls Mark Teicher (Mar 24)
- RE: Cisco acls Luke Butcher (Mar 24)
- RE: Cisco acls Scott Stursa (Mar 24)
- Fwd: Re: Cisco acls Mark Teicher (Mar 24)
- RE: Cisco acls Luke Butcher (Mar 30)
- RE: Cisco acls MHawkins (Mar 31)