Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Network Configuration Manager (NCM) > NCM Documentation > NCM 7.9 Administrator Guide > Manage access control lists > Manage ACLs on Cisco ASA and Nexus devices

Manage ACLs on Cisco ASA and Nexus devices

Created by Melanie Boyd, last modified by Melanie Boyd on Jun 02, 2018

Views: 1,239 Votes: 0 Revisions: 2

Updated: May 31, 2018

Use SolarWinds NCM to help you manage the access control lists (ACLs) for your Cisco ASA and Cisco Nexus devices. Find rules that are not being applied as intended, and identify unnecessary or redundant rules that can be removed. Streamlining ACLs makes them easier to manage and saves CPU and memory on your devices.

Display the access control lists on a device

Before you can complete other management tasks, you must display a list of the ACLs on a device.

  1. Choose My Dashboards > Network Configuration > Configuration Management.
  2. Double-click the name of a Cisco ASA or Cisco Nexus device.

    The Node Details page opens.

  3. From the menu on the left, choose Access Lists.

    The Access Lists page lists the ACLs configured for that device. If an ACL has changed, click the arrow to display a list of previous versions.

    A warning icon icon_warn.png indicates that the ACL contains overlapping rules. You can display the ACL rules to find out which rules overlap.


Compare ACLs

Use NCM to quickly locate the differences between ACLs or ACL versions. For example, you can compare two versions of the same ACL to determine what changed, or to verify that changes were implemented correctly. You can compare ACLs on different nodes to verify that the same rules are being applied on both devices.

Compare ACLs on the same device

  1. Display the list of ACLs on a device.
  2. Select the ACLs or ACL versions to compare.

    To compare the current version to a previous version, expand the node to list previous versions.

  3. At the top of the page, click Compare ACL.

    The rules from both ACLs are displayed beside each other. The line number of rules with differences are highlighted.

Compare ACLs on different devices

To compare ACLs on different devices, first select two ACLs on the same device, and then change one of the ACLs being compared.

  1. Display the list of ACLs on a device.
  2. Select the ACL that you want to compare, and any other ACL on that node. (You will change the second selection later.)

  3. At the top of the page, click Compare ACL.

    The rules from both ACLs are displayed beside each other. The line number of rules with differences are highlighted.

  4. Change the second ACL to an ACL on a different device:
    1. Near the top of the page, click Change ACLs Compared.
    2. Select the node, interface, name, and version of the ACL you want to compare.
    3. Click Change.

Display ACL rules

When you display ACL rules, also known as Access Control Entries (ACEs), SolarWinds NCM identifies overlapping rules, which might require additional investigation.

  1. Display the list of ACLs on a device.
  2. Click an ACL name.

    The rules (or ACEs) are listed on the Rules of This Access List page. The right column shows the number of hits, and a warning icon indicates that the rule overlaps another rule.

Use the search and filter options to find a specific rule quickly. Or use filters to display all rules that meet certain criteria.

Click Edit Filter Properties to change the options available for filtering.

Identify rules that have not been applied

  1. Display ACL rules.

    On the right side of each line, the ACL browser displays the hit count for the rule. The hit count indicates the number of times the rule has been applied.

    By default, rules are sorted by line number.

  2. To sort the list by hit count, click the down-arrow on the sort menu and choose Hit Count.

    Rules that have never been applied (0 hits) are at the top of the list.


Investigate overlapping rules

  1. Display ACL rules.

  2. Point to the warning icon that identifies a rule that overlaps another rule.

    A message describes the issue.


  3. Click Show the details.

    A dialog box displays the preceding rules that shadow the rule or make it redundant.

Display information about objects or object groups

  1. Display ACL rules.

  2. If an object or object group is listed as the source or destination of a rule, click the name of an object or object group.

    Information about the current version of the object or object group is shown on the right.

  3. To view information about a previous version of the object or object group, select a version from the drop-down menu.

  4. To compare another version to the currently selected version, click Compare Diff and select the version.


Last modified