Object-group editing/deleting

Answered Question
Mar 27th, 2007

Hi,

I need to edit or delete and recreate an service object-group to extend a port range. Deleting the object-group says it will 'leave the object-group empty'.

When I try to delete the access-list, it says 'access-list not found'. I can delete the range.

Is there an order that this is accomplished?

Delete-

1. Range

2. Access-list

3. Object-group

Or, is there a better way to extend the port range that is already established?

thanks,

Vince

I have this problem too.
0 votes
Correct Answer by rmeans about 9 years 8 months ago

I am assuming you currently have something configured like:

object-group service some_random_name tcp-udp

port-object range 15100 15300

and you really need the port range to 15000 to 16000

Have you tried:

object-group service some_random_name tcp-udp

port-object range 15000 16000

no port-object range 15100 15300

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
rmeans Tue, 03/27/2007 - 13:45

I am assuming you currently have something configured like:

object-group service some_random_name tcp-udp

port-object range 15100 15300

and you really need the port range to 15000 to 16000

Have you tried:

object-group service some_random_name tcp-udp

port-object range 15000 16000

no port-object range 15100 15300

vdinenna71 Tue, 03/27/2007 - 15:57

Thank you for the reply.

Yes, there is a object-group estabilshed.

I have not tried what you suggested yet.

What your saying is create a new range and delete the old one. Ok, good. I will try this. But what if I wanted the entire object-group delete?

I'll try this and get back.

thanks,

V~

BTW- the link didn't work.

rmeans Tue, 03/27/2007 - 18:40

If you want to add a new object-group and remove the current/old object-group, I would follow these steps.

show access-list random_name

access-list random_name line 20 permit tcp any any object-group old_object_group

define new object-group with new port ranges

add new line to acl random_name with new object-group. notice line number

access-list random_name line 19 permit tcp any any object-group new_object_group

Add any new acl lines in front/before the current/old acl lines. Test your changes, make sure the new acl lines show increasing hit count. Once you feel confident that the new acl lines are being used and not the current/old acl lines, remove the old acl lines.

no access-list random_name permit tcp any any object-group old_object_group

hope this helps

vdinenna71 Thu, 03/29/2007 - 07:55

That's so much for your help! I got the object-groups and access-lists in. Once we test the new H323 equipment, I'll take out the old object-groups and access-lists.

Gratefully,

Vince

Actions

This Discussion