Cisco IP Access List search

Discussion in 'Cisco' started by jd.mubix@gmail.com, Jan 9, 2007.

  1. Guest

    I have done tons of google'ing and asked the top Cisco guru I know.
    Does anyone know of a program or command that I can use to find if
    something is blocked or already in an access list, what lines it shows
    up on and if it falls into any of the ranges. Here is an example: (Oh
    and BTW: I have a huge list that is just not optimal for someone to
    search through it visually)
    Search for 192.168.0.10 on all access lists
    Found 2:
    ACL: Outbound: 10 permit any tcp 80 192.168.0.10 any
    ACL: Inbound: 555 deny any udp 1337 192.168.0.0
    0.0.3.255 any
    Search for tcp 80 on Outboud access list
    Found 10:
    ACL: Outbound: 10 permit 192.168.0.10 tcp 80
    [etc....]

    I don't care what the program is made in. I am a programmer myself and
    would really not like to have to program this.

    Thanks,
    jd.
    , Jan 9, 2007
    #1
    1. Advertising

  2. Guest

    Drake wrote:
    > <> wrote in message
    > news:...
    > >I have done tons of google'ing and asked the top Cisco guru I know.
    > > Does anyone know of a program or command that I can use to find if
    > > something is blocked or already in an access list, what lines it shows
    > > up on and if it falls into any of the ranges. Here is an example: (Oh
    > > and BTW: I have a huge list that is just not optimal for someone to
    > > search through it visually)
    > > Search for 192.168.0.10 on all access lists
    > > Found 2:
    > > ACL: Outbound: 10 permit any tcp 80 192.168.0.10 any
    > > ACL: Inbound: 555 deny any udp 1337 192.168.0.0
    > > 0.0.3.255 any
    > > Search for tcp 80 on Outboud access list
    > > Found 10:
    > > ACL: Outbound: 10 permit 192.168.0.10 tcp 80
    > > [etc....]
    > >
    > > I don't care what the program is made in. I am a programmer myself and
    > > would really not like to have to program this.
    > >

    > Looks like a job for grep. grep is a unix tool but there are windows
    > versions too.
    >
    >
    >
    >
    > --
    > Posted via a free Usenet account from http://www.teranews.com


    grep is my current solution, however it misses ranges as in my second
    example.
    , Jan 9, 2007
    #2
    1. Advertising

  3. Drake Guest

    <> wrote in message
    news:...
    >I have done tons of google'ing and asked the top Cisco guru I know.
    > Does anyone know of a program or command that I can use to find if
    > something is blocked or already in an access list, what lines it shows
    > up on and if it falls into any of the ranges. Here is an example: (Oh
    > and BTW: I have a huge list that is just not optimal for someone to
    > search through it visually)
    > Search for 192.168.0.10 on all access lists
    > Found 2:
    > ACL: Outbound: 10 permit any tcp 80 192.168.0.10 any
    > ACL: Inbound: 555 deny any udp 1337 192.168.0.0
    > 0.0.3.255 any
    > Search for tcp 80 on Outboud access list
    > Found 10:
    > ACL: Outbound: 10 permit 192.168.0.10 tcp 80
    > [etc....]
    >
    > I don't care what the program is made in. I am a programmer myself and
    > would really not like to have to program this.
    >

    Looks like a job for grep. grep is a unix tool but there are windows
    versions too.




    --
    Posted via a free Usenet account from http://www.teranews.com
    Drake, Jan 9, 2007
    #3
  4. Eddie Corns Guest

    writes:

    >I have done tons of google'ing and asked the top Cisco guru I know.
    >Does anyone know of a program or command that I can use to find if
    >something is blocked or already in an access list, what lines it shows
    >up on and if it falls into any of the ranges. Here is an example: (Oh
    >and BTW: I have a huge list that is just not optimal for someone to
    >search through it visually)
    >Search for 192.168.0.10 on all access lists
    > Found 2:
    > ACL: Outbound: 10 permit any tcp 80 192.168.0.10 any
    > ACL: Inbound: 555 deny any udp 1337 192.168.0.0
    >0.0.3.255 any
    >Search for tcp 80 on Outboud access list
    > Found 10:
    > ACL: Outbound: 10 permit 192.168.0.10 tcp 80
    > [etc....]


    >I don't care what the program is made in. I am a programmer myself and
    >would really not like to have to program this.


    I have started some code to do something similar to this and was just thinking
    about having another look at it to try and make some progress on it. It's
    actually doing more than just searching and it *may* be that I can get just
    searching working in a reasonable time frame. I will mail you when I've had
    time to have another look at it. One small thing you probably need is to know
    what interface/IP range the ACL may be applied to so that "any" etc. can be
    properly handled.

    Eddie
    Eddie Corns, Jan 9, 2007
    #4
  5. Drake Guest

    <> wrote in message
    news:...
    >
    > Drake wrote:
    >> <> wrote in message
    >> news:...
    >> >I have done tons of google'ing and asked the top Cisco guru I know.
    >> > Does anyone know of a program or command that I can use to find if
    >> > something is blocked or already in an access list, what lines it shows
    >> > up on and if it falls into any of the ranges. Here is an example: (Oh
    >> > and BTW: I have a huge list that is just not optimal for someone to
    >> > search through it visually)
    >> > Search for 192.168.0.10 on all access lists
    >> > Found 2:
    >> > ACL: Outbound: 10 permit any tcp 80 192.168.0.10 any
    >> > ACL: Inbound: 555 deny any udp 1337 192.168.0.0
    >> > 0.0.3.255 any
    >> > Search for tcp 80 on Outboud access list
    >> > Found 10:
    >> > ACL: Outbound: 10 permit 192.168.0.10 tcp 80
    >> > [etc....]
    >> >

    >> Looks like a job for grep. grep is a unix tool but there are windows
    >> versions too.
    >>

    > grep is my current solution, however it misses ranges as in my second
    > example.
    >

    Did you try to combine it with awk & sed.



    --
    Posted via a free Usenet account from http://www.teranews.com
    Drake, Jan 9, 2007
    #5
  6. Drake Guest

    Drake, Jan 9, 2007
    #6
  7. Eddie Corns Guest

    Eddie Corns, Jan 10, 2007
    #7
  8. Guest

    Eddie Corns wrote:
    > Also look at http://oldfield.wattle.id.au/programs/cisco/
    >
    > Eddie


    Re: Eddie -> Thanks! The python scripts on the site you found work.
    Beggers can't be choosers, but you have to have a linux box to run
    these, which isn't a problem, I would just like it GUI'fied for
    Windows. That is my holy grail right at the moment. If you get
    something programmed up a little more GUI'd or something that will work
    CLi on windows, shoot me an email.

    Re: Drake -> I haven't tried out the programs on SF yet from your link.
    And awk/sed doesn't work so well on ip network ranges.
    , Jan 10, 2007
    #8
  9. Eddie Corns Guest

    writes:


    >Eddie Corns wrote:
    >> Also look at http://oldfield.wattle.id.au/programs/cisco/
    >>
    >> Eddie


    >Re: Eddie -> Thanks! The python scripts on the site you found work.
    >Beggers can't be choosers, but you have to have a linux box to run
    >these, which isn't a problem, I would just like it GUI'fied for
    >Windows. That is my holy grail right at the moment. If you get
    >something programmed up a little more GUI'd or something that will work
    >CLi on windows, shoot me an email.


    If you take a copy of /etc/services to your windows machine and change the
    single reference in the source then it should work. If you have problems mail
    me.

    I'll be thinking about the other stuff over the next couple of weeks. I'll
    let you know.

    Eddie
    Eddie Corns, Jan 10, 2007
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. J Bard
    Replies:
    2
    Views:
    4,012
    J Bard
    Jan 10, 2004
  2. PS2 gamer
    Replies:
    6
    Views:
    6,788
    Hansang Bae
    Jun 9, 2004
  3. Yehavi Bourvine
    Replies:
    1
    Views:
    1,077
    Hansang Bae
    Aug 26, 2004
  4. paeengi8
    Replies:
    0
    Views:
    808
    paeengi8
    Jun 25, 2007
  5. Southern Kiwi
    Replies:
    6
    Views:
    2,156
    Southern Kiwi
    Mar 19, 2006
Loading...

Share This Page