4 Replies Latest reply on Jan 3, 2018 12:56 PM by cahunt

    Change ACL

    wilson seven


      I would like to know how I can update the ACL on multiple in the network.

      I want to introduce an ACL block in a specific position but in some devices the ACL

      is a bit different. Is there a config change template that allows you to insert a block

      of code in all of the network's nodes using NCM.

        • Re: Change ACL
          Mark Roberts



          You can use the Config Change template feature and in the code section have the necessary If statements that changes the config statements dependant on a filter rule. For example using the machinetype or firmware version as the If filter.

          • Re: Change ACL

            This is very easy to do with NCM. If you are cleaning up, consider the different setups/amount of mess that you have. You can build in all the NO's you need to, to dump the bad or non conforming ACL's and then setup your baseline. Separate a second script for additions to specific area's like data centers or some special/remote sites where you might need a few additions beyond your base ACL. You should have no issue selecting 500+ nodes to perform the script on if you have a large network - just note what m_roberts said above so you do not have to click so many check boxes.



            • Re: Change ACL
              wilson seven

              I'm new to NCM and I want to write an ACL script using config change template

              but I'm having problems because I do not know what function / command I can

              write something like:


              if (condition) {

                             CLI {

                                       conf t
                                        ip access-list extended 100
                                        number_of_line rule 1
                                        number_of_line rule 2
                                        number_of_line rule 3

              , where number_of_line is variable from node to node.

              I have to put the block ACL before blocking the private IP's of class A, B, and C.