Community discussions

 
sver
just joined
Topic Author
Posts: 3
Joined: Sat Dec 17, 2011 11:53 am

automation of ACL modification

Sat Dec 17, 2011 12:06 pm

Hi everybody,

I'm network administrator. My company has 200 computers which are connected through a network. We use Mikrotiks as routers in our network. Very often, due to my boss' request, I need to update Miktoriks ACL's to grant or deny access to specific ip addresses. The latest consumes a lot of my time.
Does anybody know a program which can automate the ACL modification process?

Thanks!
 
User avatar
alexandro
just joined
Posts: 24
Joined: Mon Jun 06, 2011 11:03 am
Location: Lebanon
Contact:

Re: automation of ACL modification

Sat Dec 17, 2011 1:11 pm

please give us more information for what do you want.
Don't Give the man a fish but learn the man how to fish
 
User avatar
cybercoder
Member Candidate
Member Candidate
Posts: 176
Joined: Tue Dec 07, 2010 11:20 pm
Location: Guilan, Iran
Contact:

Re: automation of ACL modification

Sat Dec 17, 2011 1:35 pm

and which method you are still using?
Any sufficiently advanced technology is indistinguishable from magic. ( Arthur C Clarke )
Mikrotik certified consultant
Microsoft Certified Technology Specialist, Microsoft Certified IT Proffessional
http://www.netd.ir
 
User avatar
martini
Member Candidate
Member Candidate
Posts: 296
Joined: Tue Dec 21, 2004 12:13 am

Re: automation of ACL modification

Sat Dec 17, 2011 4:55 pm

php-api + ftp ??
 
sver
just joined
Topic Author
Posts: 3
Joined: Sat Dec 17, 2011 11:53 am

Re: automation of ACL modification

Sun Dec 18, 2011 9:50 am

Currently I'm logging to each routers using telnet, go to "/ip firewall address-list" and add/remove ip address from the "Allowed_IP_Addresses" list. The list is used in firewall rules.
I'm wondering if there is a program, where can I add my 200 ip addresses, be able to set the state for each ip address (to be included in "Allowed_IP_Addresses" or not) and finally, the program automatically login to each mikrotik router and issue the corresponding commands.
 
sver
just joined
Topic Author
Posts: 3
Joined: Sat Dec 17, 2011 11:53 am

Re: automation of ACL modification

Thu Dec 22, 2011 2:32 pm

I have found a startup project called IPControl (ipcontrol.lug.am) which solved my problem.
IPControl stores all ip addresses and their states in the DB. The states of ip addresses are possible to change from the web interface (the access is allowed or denied). After changes made IPControl generates ACLs using predefined ACL templates and upload it to the Mikrotik routers.
Very nice project.
 
lainry
just joined
Posts: 1
Joined: Tue Dec 27, 2011 2:38 pm

Re: automation of ACL modification

Tue Dec 27, 2011 2:45 pm

Hi!
I have a similar problem in a bit more complex network where I have different brand routers and devices, not only MikroTik and I'm overboard with manually modifying the ACLs. Besides the time and the energy spent on that routine, the job is also extremely error prone and human-factor dependent, which makes me verify the configuration every time I update it.
Now I'm also looking for a automated tool which can handle my situation but my case is way more complex. I have many cascaded routers and situations, when I have to let one router pass the traffic from a specific IP and the other router block it, thus allow the IP access some part of the network while deny the remaining. Will look into the startup you mentioned, not sure if it will work for me, however, this is better than nothing. May be I can achieve the result with some customizations!
Have a great day!

Who is online

Users browsing this forum: No registered users and 90 guests