All scripts
isp
Advanced
4–9 min

T-ISP-035 · Infrastructure ACL Compliance

Audit edge/core infrastructure ACLs and control-plane policers against a golden baseline: missing anti-spoofing (BCP38/uRPF), exposed management protocols, and absent CoPP classes.

Cisco IOS-XR
Cisco IOS/XE
Juniper Junos
Open in GeneratorOpen in Platform
You're viewing a preview

The full script, parameters, and execution console are available with a free account.

Already have access? Sign in →

Capabilities

  • Anti-spoofing (BCP38) check
  • uRPF presence audit
  • Management exposure scan
  • CoPP / LPTS coverage
  • Golden-baseline diff
  • Severity-ranked findings

Required inputs

Parameters the script accepts. Defaults shown; some are vendor- or context-gated.

ParameterTypeDefaultNotes
Strict mode (fail on warn)
strict
boolfalse
Baseline profile name
baseline
stringedge-default

Hint 1Name your vendors and OS versions

Mention the exact platforms you run (Cisco IOS-XR, Cisco IOS/XE, Juniper Junos) so the generated isp & peering logic uses the right CLI/NETCONF syntax.

Hint 2State your real thresholds

Provide concrete values for Strict mode (fail on warn), Baseline profile name instead of the defaults — they shape what counts as a fault.

Hint 3Prioritize the checks you need

This tool can anti-spoofing (BCP38) check and uRPF presence audit. Ask for the subset relevant to your incident to keep output focused.

Hint 4Describe your inventory format

Tell the assistant whether your device list is CSV, YAML, or JSON and which columns it has, so parsing matches your data.

Sample inventory schema

Authoritative shape of the device/policy data this script consumes.

No bundled inventory sample. The script accepts standard device lists (CSV/YAML) with hostname, mgmt IP, vendor, and credentials.

Expected output

Reference terminal output the script should produce — used as a stylistic and structural target.

terminal
2026-06-15 18:30:00 INFO  Audited 12 devices against baseline edge-default
2026-06-15 18:30:01 WARN  pe-02: uRPF missing on Gi0/0/0/3
2026-06-15 18:30:01 CRIT  cr-01: telnet exposed on mgmt ACL
2026-06-15 18:30:01 INFO  Report written to iacl-compliance.json (1 crit, 1 warn)