Download Latest Version
ACLopti.pl (37.9 kB)
Get an email when there's a new version of ACLopti
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| ACLopti.pl | 2010-03-21 | 37.9 kB | |
| readme.txt | 2010-02-05 | 1.7 kB | |
| Totals: 2 Items | 39.6 kB | 0 |
ACLopti is a perl script that finds not necessary lines (lines that are subsets of other lines) in Cisco IOS or PIX ACLs and tries to optimize it. It suggests lines recommended to be removed in "no line" form. It can be run from any OS with Perl installed or from Windows copiled with Perl2Exe. Usage: To find duplicities in ACL copy it in the file named acl_in.txt (by default in the same directory as ACLopti executable). The location and name can be changed by using -c parameter. Do not include ACL definition or general rule (like: permit any any) because all other lines would be recommended to be removed. You can keep hit counts. These will be removed automatically. The output is spitted in two parts. The first part is "Reason for removal" which I strongly recommend to check before ACL lines removal!! The second part is typical "no form" config for lines to be removed. Both parts are printed into the console and written to log file (the same directory as ACLopti executable). -e process cisco ip named access-list extended format -p process cisco pix access-list format -d debug logging level (increases log file dramaticaly!) -c change default input file. Example: -ec C:\temp\input.txt If the path includes spaces (e.g Documents and Settings) put all the path in the quotation marks. -h this help Limitations: This version ignores any oposit permit/deny statements (like a more specific deny statement before a more general permit statement). It has to be done manually. Also icmp types are not covered yet. The lines that use icmp type have to be removed before running this soft, otherwise it would end up with an error stating which line it was not able to process.