Security Security General Modifying Access list and Prefix list
Sunday, 24 May 2009 22:34 | 
Written by ip Balance | 
| 
Question:
Modifying Access list and Prefix list
Any one knows how to modify and update a HUGE access list and prefix list on Cisco router ?
I have about 2000 new IP blocks to add to current prefix list.
I am looking for fastest way to do it.
Any trick and tips would be help.
Thanks
Answer:
Modifying "Huge" access list & prefix list ?
Probably, there are multiple way to achieve your goal.
Here is one of simple way that I knew and used in my work. (using vi editor)
For example, you have IP blocks below. Current prefix list name = Hello
-- Raw list --
1.1.1.1/24
2.2.2.2/23
3.3.3.3/22
4.4.4.4/21
5.5.5.5/20
6.6.6.6/19
:
:
:
1. Create new file with vi editor = from prompt "vi acl" (on unix or linux)
2. Copy and paste entire list of new IP blocks into the new file just created
3. To add "ip prefix-list Hello permit" in front of raw IP blocks, follow below steps
:%s/^/ip prefix-list Hello permit /g <Enter>
(If you are not familiar with vi editor, search 'vi editor' on Internet)
Now, you will see the below
ip prefix-list Hello permit 1.1.1.1/24
ip prefix-list Hello permit 2.2.2.2/23
ip prefix-list Hello permit 3.3.3.3/22
ip prefix-list Hello permit 4.4.4.4/21
ip prefix-list Hello permit 5.5.5.5/20
ip prefix-list Hello permit 6.6.6.6/19
:
:
4. To add "le 32" or any option, follow below steps
:%s/\/24/\/24 le 32/g <------- it will modify /24 IP block
ip prefix-list Hello permit 1.1.1.1/24 le 32
ip prefix-list Hello permit 2.2.2.2/23
ip prefix-list Hello permit 3.3.3.3/22
ip prefix-list Hello permit 4.4.4.4/21
ip prefix-list Hello permit 5.5.5.5/20
ip prefix-list Hello permit 6.6.6.6/19
5. Using the blow commands, complete modifying entire IP blocks.
:%s/\/32/\/32 orlonger;/g
:%s/\/30/\/30 orlonger;/g
:%s/\/29/\/29 orlonger;/g
:%s/\/28/\/28 orlonger;/g
:%s/\/27/\/27 orlonger;/g
:%s/\/26/\/26 orlonger;/g
:%s/\/25/\/25 orlonger;/g
:%s/\/24/\/24 orlonger;/g
:%s/\/23/\/23 orlonger;/g
:%s/\/22/\/22 orlonger;/g
:%s/\/21/\/21 orlonger;/g
:%s/\/20/\/20 orlonger;/g
:%s/\/19/\/19 orlonger;/g
:%s/\/18/\/18 orlonger;/g
:%s/\/17/\/17 orlonger;/g
:%s/\/16/\/16 orlonger;/g
:%s/\/15/\/15 orlonger;/g
:%s/\/14/\/14 orlonger;/g
:%s/\/13/\/13 orlonger;/g
:%s/\/12/\/12 orlonger;/g
:%s/\/11/\/11 orlonger;/g
:%s/\/10/\/10 orlonger;/g
Final IP blocks look like below
ip prefix-list Hello permit 1.1.1.1/24 le 32
ip prefix-list Hello permit 2.2.2.2/23 le 32
ip prefix-list Hello permit 3.3.3.3/22 le 32
ip prefix-list Hello permit 4.4.4.4/21 le 32
ip prefix-list Hello permit 5.5.5.5/20 le 32
ip prefix-list Hello permit 6.6.6.6/19 le 32
It is help only huge huge huge list of access list or prefix list.
After modifed raw IP list, add it to current access list or prefix
| < Prev | Next > |
|---|
