Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco IP Access List search

Reply
Thread Tools

Cisco IP Access List search

 
 
jd.mubix@gmail.com
Guest
Posts: n/a
 
      01-09-2007
I have done tons of google'ing and asked the top Cisco guru I know.
Does anyone know of a program or command that I can use to find if
something is blocked or already in an access list, what lines it shows
up on and if it falls into any of the ranges. Here is an example: (Oh
and BTW: I have a huge list that is just not optimal for someone to
search through it visually)
Search for 192.168.0.10 on all access lists
Found 2:
ACL: Outbound: 10 permit any tcp 80 192.168.0.10 any
ACL: Inbound: 555 deny any udp 1337 192.168.0.0
0.0.3.255 any
Search for tcp 80 on Outboud access list
Found 10:
ACL: Outbound: 10 permit 192.168.0.10 tcp 80
[etc....]

I don't care what the program is made in. I am a programmer myself and
would really not like to have to program this.

Thanks,
jd.

 
Reply With Quote
 
 
 
 
jd.mubix@gmail.com
Guest
Posts: n/a
 
      01-09-2007

Drake wrote:
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> >I have done tons of google'ing and asked the top Cisco guru I know.
> > Does anyone know of a program or command that I can use to find if
> > something is blocked or already in an access list, what lines it shows
> > up on and if it falls into any of the ranges. Here is an example: (Oh
> > and BTW: I have a huge list that is just not optimal for someone to
> > search through it visually)
> > Search for 192.168.0.10 on all access lists
> > Found 2:
> > ACL: Outbound: 10 permit any tcp 80 192.168.0.10 any
> > ACL: Inbound: 555 deny any udp 1337 192.168.0.0
> > 0.0.3.255 any
> > Search for tcp 80 on Outboud access list
> > Found 10:
> > ACL: Outbound: 10 permit 192.168.0.10 tcp 80
> > [etc....]
> >
> > I don't care what the program is made in. I am a programmer myself and
> > would really not like to have to program this.
> >

> Looks like a job for grep. grep is a unix tool but there are windows
> versions too.
>
>
>
>
> --
> Posted via a free Usenet account from http://www.teranews.com


grep is my current solution, however it misses ranges as in my second
example.

 
Reply With Quote
 
 
 
 
Drake
Guest
Posts: n/a
 
      01-09-2007

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>I have done tons of google'ing and asked the top Cisco guru I know.
> Does anyone know of a program or command that I can use to find if
> something is blocked or already in an access list, what lines it shows
> up on and if it falls into any of the ranges. Here is an example: (Oh
> and BTW: I have a huge list that is just not optimal for someone to
> search through it visually)
> Search for 192.168.0.10 on all access lists
> Found 2:
> ACL: Outbound: 10 permit any tcp 80 192.168.0.10 any
> ACL: Inbound: 555 deny any udp 1337 192.168.0.0
> 0.0.3.255 any
> Search for tcp 80 on Outboud access list
> Found 10:
> ACL: Outbound: 10 permit 192.168.0.10 tcp 80
> [etc....]
>
> I don't care what the program is made in. I am a programmer myself and
> would really not like to have to program this.
>

Looks like a job for grep. grep is a unix tool but there are windows
versions too.




--
Posted via a free Usenet account from http://www.teranews.com

 
Reply With Quote
 
Eddie Corns
Guest
Posts: n/a
 
      01-09-2007
http://www.velocityreviews.com/forums/(E-Mail Removed) writes:

>I have done tons of google'ing and asked the top Cisco guru I know.
>Does anyone know of a program or command that I can use to find if
>something is blocked or already in an access list, what lines it shows
>up on and if it falls into any of the ranges. Here is an example: (Oh
>and BTW: I have a huge list that is just not optimal for someone to
>search through it visually)
>Search for 192.168.0.10 on all access lists
> Found 2:
> ACL: Outbound: 10 permit any tcp 80 192.168.0.10 any
> ACL: Inbound: 555 deny any udp 1337 192.168.0.0
>0.0.3.255 any
>Search for tcp 80 on Outboud access list
> Found 10:
> ACL: Outbound: 10 permit 192.168.0.10 tcp 80
> [etc....]


>I don't care what the program is made in. I am a programmer myself and
>would really not like to have to program this.


I have started some code to do something similar to this and was just thinking
about having another look at it to try and make some progress on it. It's
actually doing more than just searching and it *may* be that I can get just
searching working in a reasonable time frame. I will mail you when I've had
time to have another look at it. One small thing you probably need is to know
what interface/IP range the ACL may be applied to so that "any" etc. can be
properly handled.

Eddie
 
Reply With Quote
 
Drake
Guest
Posts: n/a
 
      01-09-2007

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
>
> Drake wrote:
>> <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) ups.com...
>> >I have done tons of google'ing and asked the top Cisco guru I know.
>> > Does anyone know of a program or command that I can use to find if
>> > something is blocked or already in an access list, what lines it shows
>> > up on and if it falls into any of the ranges. Here is an example: (Oh
>> > and BTW: I have a huge list that is just not optimal for someone to
>> > search through it visually)
>> > Search for 192.168.0.10 on all access lists
>> > Found 2:
>> > ACL: Outbound: 10 permit any tcp 80 192.168.0.10 any
>> > ACL: Inbound: 555 deny any udp 1337 192.168.0.0
>> > 0.0.3.255 any
>> > Search for tcp 80 on Outboud access list
>> > Found 10:
>> > ACL: Outbound: 10 permit 192.168.0.10 tcp 80
>> > [etc....]
>> >

>> Looks like a job for grep. grep is a unix tool but there are windows
>> versions too.
>>

> grep is my current solution, however it misses ranges as in my second
> example.
>

Did you try to combine it with awk & sed.



--
Posted via a free Usenet account from http://www.teranews.com

 
Reply With Quote
 
Drake
Guest
Posts: n/a
 
      01-09-2007


The Cisco-centric Open Source Exchange Community (COSI):

http://cosi-nms.sourceforge.net/alpha-progs.html

has many useful utlities including some related to ACL's





--
Posted via a free Usenet account from http://www.teranews.com

 
Reply With Quote
 
Eddie Corns
Guest
Posts: n/a
 
      01-10-2007
Also look at http://oldfield.wattle.id.au/programs/cisco/

Eddie
 
Reply With Quote
 
jd.mubix@gmail.com
Guest
Posts: n/a
 
      01-10-2007

Eddie Corns wrote:
> Also look at http://oldfield.wattle.id.au/programs/cisco/
>
> Eddie


Re: Eddie -> Thanks! The python scripts on the site you found work.
Beggers can't be choosers, but you have to have a linux box to run
these, which isn't a problem, I would just like it GUI'fied for
Windows. That is my holy grail right at the moment. If you get
something programmed up a little more GUI'd or something that will work
CLi on windows, shoot me an email.

Re: Drake -> I haven't tried out the programs on SF yet from your link.
And awk/sed doesn't work so well on ip network ranges.

 
Reply With Quote
 
Eddie Corns
Guest
Posts: n/a
 
      01-10-2007
(E-Mail Removed) writes:


>Eddie Corns wrote:
>> Also look at http://oldfield.wattle.id.au/programs/cisco/
>>
>> Eddie


>Re: Eddie -> Thanks! The python scripts on the site you found work.
>Beggers can't be choosers, but you have to have a linux box to run
>these, which isn't a problem, I would just like it GUI'fied for
>Windows. That is my holy grail right at the moment. If you get
>something programmed up a little more GUI'd or something that will work
>CLi on windows, shoot me an email.


If you take a copy of /etc/services to your windows machine and change the
single reference in the source then it should work. If you have problems mail
me.

I'll be thinking about the other stuff over the next couple of weeks. I'll
let you know.

Eddie
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
403 Forbidden: You were denied access because: Access denied by access control list Southern Kiwi NZ Computing 6 03-19-2006 05:19 AM
Difference Between List x; and List x(); , if 'List' is a Class? roopa C++ 6 08-27-2004 06:18 PM
search within a search within a search - looking for better way...my script times out Abby Lee ASP General 5 08-02-2004 04:01 PM
I'd like to know about the difference of between access-list and ip access -list. PS2 gamer Cisco 6 06-09-2004 01:37 PM



Advertisments