RE: Cisco acls

[MHawkins () TULLIB COM]

Sorry but Paul but your first statement is definitely incorrect.

Changes made to ACl's in config mode on Cisco routers become part of the
running config immediately upon hitting the enter key in config.

MH

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Paul Melson
Sent: Wednesday, March 02, 2005 3:07 PM
To: firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] Cisco acls

Eric,

As long as you don't leave configure mode, it is my understanding that the
change is not acted upon by the router.  So, copying a router's access-list
to, say, Notepad, modifying it as needed, copying it into the c&p buffer,
and then issuing:

config term
no access-list 177
[now paste buffer into terminal program] int e0/0 ip access-group 177 in
exit exit write mem

The changes go into effect after the 'exit' commands (the first exit leaves
interface mode, the second leaves configure mode) and before you type 'write
mem'.

If you are paranoid about traffic getting through, you might think about
using an automated config tool like Kiwi CatTools to apply configuration
changes to routers.  (I mention CatTools over SolarWinds and some of the
other fine Cisco tools out there because CatTools will use SSH, Telnet, or
whatever terminal connection you use now to manage your devices, where many
of the other tools require SNMP, TFTP, etc.  That, and it's cheap enough you
can expense yourself a copy.)

PaulM

-----Original Message-----
Subject: [fw-wiz] Cisco acls

Hi,

I would appreciate some comments with regard to the extensive use of cisco
routers acls To protect numerous networks.

My concern is that when someone amends an access-list one generally enters,
no access-list 177 and Then pastes in the new access list. Does this mean
that for a period of time there is no protection on the Network that the
acls applies?

Best Regards
Eric

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


----------------------------------------------------------------------------
----------------------------------------------------------------------------
-------------------------
The information contained in this email is confidential and may also contain
privileged information. Sender does not waive confidentiality or legal
privilege. If you are not the intended recipient please notify the sender
immediately; you should not retain this message or disclose its content to
anyone.
Internet communications are not secure or error free and the sender does not
accept any liability for the content of the email. Although emails are
routinely screened for viruses, the sender does not accept responsibility
for any damage caused. Replies to this email may be monitored.
For more information about the Collins Stewart Tullett group of companies
please visit the following web site: www.cstplc.com
----------------------------------------------------------------------------
----------------------------------------------------------------------------
--------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards