ANALYSIS, VERIFICATION, TESTING OF CISCO ACCESS LISTS IN ONE TOOL

ACLcheck utility is intended for network specialists working with network access-lists on Cisco equipment. Checks, reorders, analyzes for redundancy, tests the permission or blocking of certain packets. The program is useful for students, as well as instructors, when testing the skills of setting up access lists.

Don’t look for something to ask about

If you have come across large access lists or object groups that are part of them more than once, then you probably already wondered if there is a tool that allows you to determine whether an access list will skip a certain package and which lines will be work.

Parsing the access list with regular expressions directly from the device console will not display the access of the host that matches the netmask or port that falls within the range. Moreover, in this way it is impossible to display all existing accesses between two given nodes or networks.

The proposed small utility was created for this very purpose: find the lines of the access list that allow or deny certain network traffic, and also identify all rules related to access between the given points.

Utility features

Checking if rules are triggered

Checking the response of access list rows to certain traffic.

Rule redundancy analysis

Analysis of conflicting and redundant rules in the access list.

Sorting of rules

Ordering the rows of the access list according to several criteria.

The program runs on Windows x32, x64 and does not require installation. Use command-line options to automatically enable parameters.

Have questions or need help optimizing your access-list?
Leave a comment. Comments will not be published if explicitly requested.