(cisco, or any) acl *reducers* out there?

Randy Bush randy at psg.com
Thu Aug 19 03:00:48 UTC 2010


> something which can take a couple of hundred basic and extended ACLs and tell you
>  these <ten> don't work
>  these <twenty> conflict
>  the remaining <x> have a sequence and can reduce to this basic <x-y> set

maybe you could go the other direction.  as opposed to trying to digest
and correct cruft, generate the acls from something reasonable so that
they are canonic by construction.

randy




More information about the NANOG mailing list