1. Home
  2. Cisco Systems
  3. Cisco IP Access List search

Cisco IP Access List search

I have done tons of google'ing and asked the top Cisco guru I know. Does anyone know of a program or command that I can use to find if something is blocked or already in an access list, what lines it shows up on and if it falls into any of the ranges. Here is an example: (Oh and BTW: I have a huge list that is just not optimal for someone to search through it visually) Search for 192.168.0.10 on all access lists Found 2: ACL: Outbound: 10 permit any tcp 80 192.168.0.10 any ACL: Inbound: 555 deny any udp 1337 192.168.0.0

0.0.3.255 any Search for tcp 80 on Outboud access list Found 10: ACL: Outbound: 10 permit 192.168.0.10 tcp 80 [etc....]

I don't care what the program is made in. I am a programmer myself and would really not like to have to program this.

Thanks, jd.

Reply to
jd.mubix
Loading thread data ...

grep is my current solution, however it misses ranges as in my second example.

Reply to
jd.mubix

Looks like a job for grep. grep is a unix tool but there are windows versions too.

Reply to
Drake

I have started some code to do something similar to this and was just thinking about having another look at it to try and make some progress on it. It's actually doing more than just searching and it *may* be that I can get just searching working in a reasonable time frame. I will mail you when I've had time to have another look at it. One small thing you probably need is to know what interface/IP range the ACL may be applied to so that "any" etc. can be properly handled.

Eddie

Reply to
Eddie Corns

Did you try to combine it with awk & sed.

Reply to
Drake

The Cisco-centric Open Source Exchange Community (COSI):

formatting link
has many useful utlities including some related to ACL's

Reply to
Drake

Also look at

formatting link
Eddie

Reply to
Eddie Corns

Re: Eddie -> Thanks! The python scripts on the site you found work. Beggers can't be choosers, but you have to have a linux box to run these, which isn't a problem, I would just like it GUI'fied for Windows. That is my holy grail right at the moment. If you get something programmed up a little more GUI'd or something that will work CLi on windows, shoot me an email.

Re: Drake -> I haven't tried out the programs on SF yet from your link. And awk/sed doesn't work so well on ip network ranges.

Reply to
jd.mubix

If you take a copy of /etc/services to your windows machine and change the single reference in the source then it should work. If you have problems mail me.

I'll be thinking about the other stuff over the next couple of weeks. I'll let you know.

Eddie

Reply to
Eddie Corns

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.