Modifying multiple ACE's of ACL 's containing object groups

Unanswered Question
Apr 24th, 2007

How do you modify an ACE whose line numbers don't increment because they are a part of the same object-group expansion?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Patrick Iseli Tue, 04/24/2007 - 09:51

You change the objetct group.

But take care if the same object group is usesd in multiple ACLs then this will add or delete in all the ACLs.

Reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml

example:

(config)# object-group network host_grp_2

(config-network)# network-object host 172.16.10.1

(config-network)# network-object host 172.16.10.2

(config-network)# no network-object host 172.16.10.2

(config-network)# exit

sincerely

Patrick

Patrick Iseli Wed, 04/25/2007 - 06:13

Bu the way if you are doing < show access-list > you will see the expanded version of the access-list with the hitcounts.

Actions

This Discussion