корректное_изменение_access-list_роутера [Teh Hermit]

Корректное изменение access-list роутера

Чтобы избежать перебоя в работе во время изменения активного access-list, либо потери доступа к маршрутизатору, вместо правки и пересоздания текущего ACL следует сделать следующее:

1. Выполнить в привелигированном режиме

sh runn

2. Найти и скопировать нужный ACL 3. Выполнить требуемое редактирование 4. Заменить номер ACL на новый, не использующийся на маршрутизаторе нигде 5. Создать (скопировать в маршрутизатор) новый ACL в режиме конфигурирования (написать после enable

conf t

5. Войти в режиме конфигурирования на интерфейс, где используется ACL. К примеру:

int GigabitEthernet0/0/0

6. Удалить старый ACL. Пример:

no ip access-group 152 in

7. Назначить новый ACL интерфейсу. Пример:

ip access-group 153 in

8. В случае, если всё успешно, скопировать конфигурацию из текущей памяти роутера в загрузку:

copy start runn

ПРИМЕР

 
sentry1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#access-list 168 permit udp any eq bootpc any
sentry1(config)#access-list 168 permit udp any eq bootps any
sentry1(config)#$ 168 permit ip host 10.10.10.8 192.168.0.0 0.0.1.255
sentry1(config)#access-list 168 permit ip host 10.10.10.11 host 192.168.0.65
sentry1(config)#access-list 168 permit ip host 10.10.10.11 host 192.168.0.239
sentry1(config)#access-list 168 permit ip host 10.10.10.11 host 192.168.0.51
sentry1(config)#access-list 168 permit ip host 10.10.10.11 host 192.168.0.61
sentry1(config)#access-list 168 permit ip host 10.10.10.12 host 192.168.0.152
sentry1(config)#access-list 168 permit ip host 10.10.10.12 host 192.168.0.61
sentry1(config)#access-list 168 permit ip host 10.10.10.12 host 192.168.0.98
sentry1(config)#access-list 168 permit ip host 10.10.10.12 host 192.168.0.108
sentry1(config)#access-list 168 permit ip host 10.10.10.12 host 192.168.0.187
sentry1(config)#access-list 168 permit ip host 10.10.10.12 host 192.168.0.169
sentry1(config)#access-list 168 permit ip host 10.10.10.12 host 192.168.0.50
sentry1(config)#access-list 168 permit ip host 10.10.10.12 host 192.168.0.76
sentry1(config)#access-list 168 permit ip host 10.10.10.12 host 192.168.0.15
sentry1(config)#access-list 168 permit ip host 10.10.10.12 host 192.168.0.183
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.0.239
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.0.152
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.0.20
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.0.169
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.0.187
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.1.72
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.0.76
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.0.79
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.0.30
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.0.98
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.0.50
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.0.15
sentry1(config)#access-list 168 permit ip host 10.10.10.19 host 192.168.0.50
sentry1(config)#access-list 168 permit ip host 10.10.10.19 host 192.168.0.15
sentry1(config)#access-list 168 permit ip host 10.10.10.19 host 192.168.0.101
sentry1(config)#access-list 168 permit ip host 10.10.10.17 host 192.168.0.101
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.50
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.95
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.238
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.15
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.184
sentry1(config)#access-list 168 permit ip host 10.10.10.58 host 192.168.0.50
sentry1(config)#access-list 168 permit ip host 10.10.10.58 host 192.168.0.15
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.16
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.244
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.64
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.114
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.115
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.183
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.126
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.61
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.189
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.72
sentry1(config)#access-list 168 permit ip host 10.10.10.59 host 192.168.0.19
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.50
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.15
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.16
sentry1(config)#access-list 168 permit ip host 10.10.10.28 host 192.168.0.50
sentry1(config)#access-list 168 permit ip host 10.10.10.28 host 192.168.0.15
sentry1(config)#access-list 168 permit ip host 10.10.10.28 host 192.168.0.59
sentry1(config)#access-list 168 permit ip host 10.10.10.28 host 192.168.0.115
sentry1(config)#access-list 168 permit ip host 10.10.10.28 host 192.168.1.68
sentry1(config)#access-list 168 permit ip host 10.10.10.29 host 192.168.0.50
sentry1(config)#access-list 168 permit ip host 10.10.10.29 host 192.168.0.15
sentry1(config)#access-list 168 permit ip host 10.10.10.29 host 192.168.0.59
sentry1(config)#access-list 168 permit ip host 10.10.10.29 host 192.168.0.115
sentry1(config)#access-list 168 permit ip host 10.10.10.29 host 192.168.1.68
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.244
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.64
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.114
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.115
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.183
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.126
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.61
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.189
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.72
sentry1(config)#access-list 168 permit ip host 10.10.10.23 host 192.168.0.19
sentry1(config)#access-list 168 permit ip host 10.10.10.64 host 192.168.0.50
sentry1(config)#access-list 168 permit ip host 10.10.10.80 host 192.168.0.50
sentry1(config)#access-list 168 permit ip host 10.10.10.80 host 192.168.0.15
sentry1(config)#access-list 168 permit ip host 10.10.10.80 host 192.168.0.59
sentry1(config)#access-list 168 permit ip host 10.10.10.80 host 192.168.0.115
sentry1(config)#access-list 168 permit ip host 10.10.10.80 host 192.168.0.183
sentry1(config)#access-list 168 permit ip host 10.10.10.64 host 192.168.0.15
sentry1(config)#access-list 168 permit ip host 10.10.10.64 host 192.168.0.16
sentry1(config)#access-list 168 permit ip host 10.10.10.64 host 192.168.0.61
sentry1(config)#access-list 168 permit ip host 10.10.10.64 host 192.168.0.153
sentry1(config)#access-list 168 permit ip host 10.10.10.64 host 192.168.1.102
sentry1(config)#access-list 168 permit ip host 10.10.10.64 host 192.168.1.72
sentry1(config)#access-list 168 permit ip host 10.10.10.64 host 192.168.0.244
sentry1(config)#access-list 168 permit ip host 10.10.10.64 host 192.168.0.238
sentry1(config)#access-list 168 permit ip host 10.10.10.64 host 192.168.0.95
sentry1(config)#access-list 168 permit ip host 10.10.10.67 host 192.168.0.50
sentry1(config)#access-list 168 permit ip host 10.10.10.67 host 192.168.0.15
sentry1(config)#access-list 168 permit ip host 10.10.10.67 host 192.168.0.16
sentry1(config)#$ 168 permit ip 10.10.10.0 0.0.0.127 host 192.168.0.59
sentry1(config)#$ 168 permit ip 10.10.10.0 0.0.0.127 host 192.168.0.8
sentry1(config)#$ 168 permit ip 10.10.10.0 0.0.0.127 host 192.168.1.68
sentry1(config)#$ 168 permit ip 10.10.10.0 0.0.0.127 host 192.168.0.228
sentry1(config)#$ 168 permit ip 10.10.10.0 0.0.0.127 host 192.168.0.12
sentry1(config)#$ 168 permit tcp host 10.10.10.44 host 192.168.0.15 eq domain
sentry1(config)#$ 168 permit tcp host 10.10.10.45 host 192.168.0.15 eq domain
sentry1(config)#access-list 168 permit ip host 10.10.10.44 host 192.168.0.5
sentry1(config)#access-list 168 permit ip host 10.10.10.45 host 192.168.0.5
sentry1(config)#$ 168 permit ip 10.10.10.0 0.0.0.127 host 192.168.0.244
sentry1(config)#$ 168 permit ip 10.10.10.0 0.0.0.127 host 192.168.0.58
sentry1(config)#$ 168 permit ip 10.10.10.0 0.0.0.127 host 192.168.0.101
sentry1(config)#$t udp 10.10.10.0 0.0.0.128 host 192.168.0.15 eq ntp
sentry1(config)#$t udp 10.10.10.0 0.0.0.128 host 192.168.0.50 eq ntp
sentry1(config)#$t udp 10.10.10.0 0.0.0.127 host 192.168.0.15 eq ntp
sentry1(config)#$t udp 10.10.10.0 0.0.0.127 host 192.168.0.50 eq ntp
sentry1(config)#access-list 168 permit ip host 10.10.10.40 host 192.168.0.20
sentry1(config)#access-list 168 permit ip host 10.10.10.40 host 192.168.0.15
sentry1(config)#access-list 168 permit ip host 10.10.10.40 host 192.168.0.50
sentry1(config)#access-list 168 permit ip host 10.10.10.40 host 192.168.0.16
sentry1(config)#access-list 168 permit ip host 10.10.10.40 host 192.168.0.12
sentry1(config)#access-list 168 permit ip host 10.10.10.40 host 192.168.0.105
sentry1(config)#access-list 168 permit ip host 10.10.10.40 host 192.168.0.17
sentry1(config)#access-list 168 permit ip host 10.10.10.40 host 192.168.0.195
sentry1(config)#access-list 168 permit ip host 10.10.10.40 host 192.168.1.16
sentry1(config)#$ 168 permit ip 10.10.10.0 0.0.0.127 host 192.168.0.115
sentry1(config)#$ 168 permit ip 10.10.10.0 0.0.0.127 host 172.16.20.3
sentry1(config)#$ 168 permit ip 10.10.10.0 0.0.0.127 host 172.16.20.4
sentry1(config)#access-list 168 permit ip host 10.10.10.64 host 172.16.20.12
sentry1(config)#access-list 168 permit ip host 10.10.10.44 host 172.16.20.13
sentry1(config)#access-list 168 permit ip host 10.10.10.45 host 172.16.20.13
sentry1(config)#access-list 168 permit ip host 10.10.10.11 host 172.16.20.14
sentry1(config)#$ 168 permit ip 10.10.10.0 0.0.0.127 host 192.168.0.183
sentry1(config)#access-list 168 deny   ip any any
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#
sentry1(config)#interface GigabitEthernet0/0/1
sentry1(config-if)#no ip access-group 158 in
sentry1(config-if)#ip access-group 168 in
sentry1(config-if)#
sentry1(config-if)#exit
sentry1(config)#no acc
sentry1(config)#no acce
sentry1(config)#no access-li
sentry1(config)#no access-list 158
sentry1(config)#exit
sentry1#copy runn
sentry1#copy running-config start
sentry1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

[OK]

Cisco, Networking, Firewall