All scripts
isp
Advanced
4–9 min
T-ISP-035 · Infrastructure ACL Compliance
Audit edge/core infrastructure ACLs and control-plane policers against a golden baseline: missing anti-spoofing (BCP38/uRPF), exposed management protocols, and absent CoPP classes.
Cisco IOS-XR
Cisco IOS/XE
Juniper Junos
You're viewing a preview
The full script, parameters, and execution console are available with a free account.
Already have access? Sign in →
Capabilities
- Anti-spoofing (BCP38) check
- uRPF presence audit
- Management exposure scan
- CoPP / LPTS coverage
- Golden-baseline diff
- Severity-ranked findings
Required inputs
Parameters the script accepts. Defaults shown; some are vendor- or context-gated.
| Parameter | Type | Default | Notes |
|---|---|---|---|
Strict mode (fail on warn) strict | bool | false | — |
Baseline profile name baseline | string | edge-default | — |
Sample inventory schema
Authoritative shape of the device/policy data this script consumes.
No bundled inventory sample. The script accepts standard device lists (CSV/YAML) with hostname, mgmt IP, vendor, and credentials.
Expected output
Reference terminal output the script should produce — used as a stylistic and structural target.
terminal
2026-06-15 18:30:00 INFO Audited 12 devices against baseline edge-default 2026-06-15 18:30:01 WARN pe-02: uRPF missing on Gi0/0/0/3 2026-06-15 18:30:01 CRIT cr-01: telnet exposed on mgmt ACL 2026-06-15 18:30:01 INFO Report written to iacl-compliance.json (1 crit, 1 warn)