I have a few hundred routers and switches being onboarded and I need to go through and clean up some dead access-lists that are no longer in use. Lot's of them.
So, how could I automate this? How can access-lists be used? Where do I find if they are in use? Here's the thought process I came up with.
is it applied on an interface? is it used for snmp acl? nat overload? prefix-list for bgp? statements for QoS policy-maps? ipsec/dialer interesting traffic? line vty access control?
What else can they be used for? How would you logically go about finding dead acl's?
No comments:
Post a Comment