[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Altering Cisco router ACLs remotely



On Fri, 7 Aug 1998, guy keren wrote:

> 
> On Wed, 5 Aug 1998, Alexander Indenbaum wrote:
> 
> > We are developing network monitoring software.
> > We are looking for way to manipulate Cisco router ACLs
> > from our program running on some host inside the network.
> > 
> > Is there any API for altering ACLs?
> > What is the way to go?
> 
> did you try checking possibilities using snmp?
> 

Yes I did, but Cisco does not give access to ACLs in their MIB for some
reason. 

I also asked around and it looks like only two ways to alter Cisco ACLs 
are:
1. Telnet session
2. TFTP upload of configuration - they also give access to it in MIB, so I
   can control it via SNMP 

Both ways can not be implemented in software "cleanly" and do not provide
no way for locking, etc..  It looks like Cisco does not want no third
party software to manage their routers.

This situation looks very strange, since Checkpoint for example tries to
promote opsec protocol for remote managing of Firewall-1 and
firewalls/routers at general. Is not Cisco concerned?

> guy
> 

  Alexander Indenbaum
  baum@actcom.co.il