Hi,
I'm trying to create a remediation script to correct ACLs on cisco devices. Updating the ACL is pretty easy, but I need to unapply the ACL first, make the change and reapply. Is there a way to iterate through the config, find the interfaces that have it applied, record that information and perform the change?
For example, something like the following
--SAMPLE CONFIG--
Interface Tunnel0
access-group 10 in
Interface Tunnel2
access-group 10 in
. . . .
access-list 10 permit 10.10.10.1
access-list 10 permit 10.20.10.1
...
--PSEUDO CODE--
@InterfaceList = []
foreach @Line in @interfaces {
if @Line contains 'access-group 10 in'
@interfaceList.push(@interfacename)
}
CLI {
no access-list 10
access-list 10 permit 10.10.10.1
access-list 10 permit 10.20.10.1
access-list 10 permit 10.30.10.1
}
foreach @interface in @interfacelist {
CLI {
access-group 10 in
}
}