Managing and auditing existing Cisco firewall access control and routing rules [closed]

I'd like to perform audit and maintenance of the existing Cisco router and switch configuration before changing to the new ISP and implementing new VLAN features,

How do you manage and audit your existing Cisco firewall access control and routing rules?

Is there any special tools or just use Excel to sort it out and make comparisons?


Personally I use TFTP, RCS and diff but there are plenty of tools out there. For example WinAgents IOS Config Editor

I'm not sure what you mean by auditing. I use a visual inspection and lots of comments in the config file to make sure I understand what every IOS command is doing there. The comments are lost when loaded into the router but I always make changes on the TFTP server, not on the router. That way I can upload a revised config, load, test and backout to prior config if needed. I do this out of hours as I only have one router - so a test-rig would be overkill for me (but perhaps not in your case).

Before I make non-routine changes, I download the running config, I fire up SDM, make changes using it, download the new running config, revert to the standard config, use diff on the running configs to see what SDM changed, apply diffs to my commented master config and add comments to the changed parts.

After making any change I check in the change to a revision control system with appropriate log entry. In my case RCS because it's there, has zero setup, I know RCS and nothing more complex is needed.

Here's an interesting article on a related topic.

Here's Cisco's take.