-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alan Young wrote:
> All,
>
> What products out there can I use to automate/simplify ACL management?
For IOS-like boxes, we've found that a tftp server works very well.
You edit the command file (which contains the set of commands to
install the acl) on the tftp server (where you have version control,
etc) and then pull it into the router via tftp when you're done
editing it.
If you have to push a given list out to many routers, I could
envision a perl Net::Telnet script to install an acl bound to a
given interface in a given direction. You could also put together a
make infrastructure that created the acls and then your perl script
would only pull them down to the appropriate router. I've not had
the need to build such a beast, but it feels fairly straightforward.
--eli
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCVwkfLTFEeF+CsrMRAu4BAKCdgG2LIWLuPeLIhQYRO2v+ji03ZQCgzkpy
YvQjwM4vCBI281tbMzph8Cw=
=kBdI
-----END PGP SIGNATURE-----
Follow-Ups:
References:
|
|
