I've recently started taking on more network management tasks to help our short staffed networking team. I'm very comfortable with network theory and have configured an number of IOS devices, but am hardly a IOS guru.
One of the first large tasks I was assigned was to add some ACL rules to a hundred plus ACLs we have. Coming from the sys admin side of things, I was baffled to find out that these changes are all made by hand.
Is there not a way to automate these types of configuration issues? What tools should I be learning to use for changing configurations in a scripted fashion across many devices/ACLs? So far my Googlefu has only pointed to Python with pexpect. Just seems like this is such a common task that there would be better tools already setup for it.
I understand that this could be a fairly broad question, but I'm just looking for a starting place to work from.
Note: If there is a commercial tool that is a perfect fit for this case, just assume that we didn't pay for it. That is normally how it goes.
Best Answer
On the commercial side there's Cisco Security Manager that can handle ACL's on IOS boxes, ASA, etc. There's a 90 day free eval and it runs in a VM. That might be worth looking at. There's also fwbuilder that offers multi-platform ACL management (including IOS), but I haven't spent much time with it.