http://www.netcordia.com/community/blogs/drews_blog/default.aspx<a href="http://connection.netcordia.com/blogs/drews_blog/rss.aspx"><img src="http://connection.netcordia.com/img/rss40.png" alt="RSS Feed" /></a>enCommunityServer 2007.1 SP2 (Build: 31113.47)http://www.netcordia.com/community/blogs/drews_blog/archive/2009/06/30/how-netmri-helped-me-acl-s-and-vlan-access-maps.aspxTue, 30 Jun 2009 19:47:00 GMT5d983763-db35-4d57-ab7d-8a0a48ffcea2:1500dpatten1http://www.netcordia.com/community/blogs/drews_blog/rsscomments.aspx?PostID=1500http://www.netcordia.com/community/blogs/drews_blog/archive/2009/06/30/how-netmri-helped-me-acl-s-and-vlan-access-maps.aspx#comments<p>Greetings from Annapolis, my name is Drew and I am the System Administrator here at Netcordia.&nbsp; I am relatively new to blogging, actually this blog entry is my first.&nbsp; So to start it off I thought I would share an experience I had here at work while working with ACL&#39;s, vlan access-maps and our in-house NetMRI. </p><p>I was updating an ACL on our core router and in the process of doing so deleted what I thought was an old outdated and un-used ACL.&nbsp; Minutes later I had two developers in my office and multiple emails from our development team stating they could not reach their development machines, all of which were located on a separate development vlan.&nbsp; Great! I just deleted the ACL that allowed traffic to and from that development vlan, hopefully I made a copy of it.&nbsp; Doh!&nbsp; No copy, I wasn&#39;t editing the ACL so I didn&#39;t copy/paste it into a text file, I simply removed it from the router via the &#39;no ip access-list...&#39; command.&nbsp;&nbsp; </p><p>I couldn&#39;t even remember what that context of the ACL was and where it was being used, it wasn&#39;t applied to any interface or to the VTY lines and the vlan access-map looked fine to me.&nbsp; What was I going to do?&nbsp; I don&#39;t back up config files manually, we have a NetMRI that does it for me, ah-hah!&nbsp; I logged into our NetMRI and navigated to Network Explorer &gt;&nbsp; Core Router &gt; Configuration Management &gt; Config Explorer and downloaded the last saved config.&nbsp; I was then able to decipher that the ACL in question was applied to a vlan access-map, of which when there is no ACL applied all traffic is blocked.&nbsp; I quickly re-created the ACL and applied it to the corresponding map and connectivity was restored.&nbsp;&nbsp; &nbsp; </p><p>Without NetMRI I could have easily deleted the vlan access-map and restored connectivity, however that would have been counterproductive to why it was there in the first place, it was there for a reason and I had to get it back.&nbsp; NetMRI is a great tool that allowed me to do that by backing up my Cisco config files.<br /></p><p>Here&#39;s to not deleting ACL&#39;s unless you are absolutely sure they are not in use anymore!</p><p>Drew <br /></p><p>&nbsp;</p><p> &nbsp;&nbsp; </p><img src="http://www.netcordia.com/community/aggbug.aspx?PostID=1500" width="1" height="1">featured