Giter VIP home page Giter VIP logo

cisco-ios-to-nxos-acl-converter's Introduction

Cisco IOS to NX-OS ACL converter

A very simple script to convert ACL from IOS to NX-OS format. Probably implemented not in the most graceful way, but does its job.

If you ever had to migrate a lot of ACLs from Cisco Catalyst switches to Nexus, you probably found out that unlike IOS, NX-OS doesn't allow you to define a sequence of ports divided by whitespace. Instead, you'll have to make a separate line for each port. For instance, this IOS ACL entry

permit tcp host 10.54.60.34 10.54.51.12 0.0.0.3 eq 8080 8082

has to be converted to the following for NX-OS to accept it:

permit tcp host 10.54.60.34 10.54.51.12 0.0.0.3 eq 8080
permit tcp host 10.54.60.34 10.54.51.12 0.0.0.3 eq 8082

It can easily turn into a nightmare if you have a lot of ACLs to migrate, especially if some entries contain both source and destination ports. This line would require 16 ACL entries on NX-OS:

permit tcp 10.154.1.176 0.0.0.15 eq 50615 50620 50625 50630 10.54.60.32 0.0.0.31 eq 10615 10620 10625 10630

This script covers all the scenarios: entries with only source/destination ports, both source and destination ports, source/destination ports and range of ports. It also works with port mnemonics (like 'www', 'telnet', 'ftp' etc).

Here's few examples of convertings it does:

ip access-list ports_and_range
 permit tcp host 10.54.60.84 range 1000 2000 10.54.51.12 0.0.0.3 eq 8080 8081 8082 8083
!
ip access-list johnny
 permit tcp host 10.54.201.145 eq irc 1288 host 10.54.201.241 eq cmd sunrpc telnet

to

ip access-list ports_and_range
 permit tcp host 10.54.60.84 range 1000 2000 10.54.51.12 0.0.0.3 eq 8080
 permit tcp host 10.54.60.84 range 1000 2000 10.54.51.12 0.0.0.3 eq 8081
 permit tcp host 10.54.60.84 range 1000 2000 10.54.51.12 0.0.0.3 eq 8082
 permit tcp host 10.54.60.84 range 1000 2000 10.54.51.12 0.0.0.3 eq 8083
!
ip access-list johnny
 permit tcp host 10.54.201.145 eq irc host 10.54.201.241 eq cmd
 permit tcp host 10.54.201.145 eq irc host 10.54.201.241 eq sunrpc
 permit tcp host 10.54.201.145 eq irc host 10.54.201.241 eq telnet
 permit tcp host 10.54.201.145 eq 1288 host 10.54.201.241 eq cmd
 permit tcp host 10.54.201.145 eq 1288 host 10.54.201.241 eq sunrpc
 permit tcp host 10.54.201.145 eq 1288 host 10.54.201.241 eq telnet

Usage: ./acl_converter.py x.txt y.txt, where x.txt is source file you have all your ACLs in and y.txt is where the converted ACLs would be written.

cisco-ios-to-nxos-acl-converter's People

Contributors

grindelwaldus avatar

Stargazers

avatar

Forkers

ryanguycode sulaiman410

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.