General discussion


Cisco ACL's, Vlan Access-Maps, and what NOT to do

By pvogelsang ·
I thought I would share an experience I had here at work while working with ACL's and vlan access-maps.

I was updating an ACL on our Cisco core router and in the process of doing so deleted what I thought was an old outdated and un-used ACL. Minutes later I had two developers in my office and multiple emails from our development team stating they could not reach their development machines, all of which were located on a separate development vlan. Great! I just deleted the ACL that allowed traffic to and from that development vlan, hopefully I made a copy of it. Doh! No copy, I wasn't editing the ACL so I didn't copy/paste it into a text file, I simply removed it from the router via the 'no ip access-list...' command.

I couldn't even remember what that context of the ACL was and where it was being used, it wasn't applied to any interface or to the VTY lines and the vlan access-map looked fine to me. What was I going to do? I don't back up config files manually, we have a Netcordia NetMRI that does it for me, ah-hah! I logged into our NetMRI and navigated to Network Explorer > Core Router > Configuration Management > Config Explorer and downloaded the last saved config. I was then able to decipher that the ACL in question was applied to a vlan access-map, of which when there is no ACL applied all traffic is blocked. I quickly re-created the ACL and applied it to the corresponding map and connectivity was restored.

Without NetMRI I could have deleted the vlan access-map and restored connectivity, however that would have been counter productive to why it was there in the first place, it was there for a reason and I had to get it back. NetMRI is a great tool that allowed me to do that by backing up my Cisco config files.

Here's to not deleting ACL's unless you are absolutely sure they are not in use anymore!

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Comments

Back to Networks Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums