Object group expand command

Unanswered Question
Feb 2nd, 2009
User Badges:

Is possible to see the specific match in IOS ACL with object group?


sh ip access-lists ACL-LOCALE (olso sh access-lists ACL-LOCALE)

Extended IP access list ACL-ACCESS in

10 permit ip 0.0.0.176 255.255.255.15 object-group MNG-CASHIN

20 deny ip 0.0.0.176 255.255.255.15 any

30 permit ip object-group NET-VoIP-Suc object-group NET-VoIP-Suc (69 matches)

40 permit ip object-group NET-VoIP-Suc object-group NET-VoIP-Cent

50 deny ip any object-group NET-VoIP-Cent

60 permit ip object-group NET-Dati-Succursali object-group NET-Dat (12 matches)

70 deny ip object-group NET-Suc object-group NET-Suc (103 matches)

80 deny ip object-group NET-Suc object-group KEY-Server

90 permit ip any any (1069 matches)


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Fri, 02/06/2009 - 11:57
User Badges:
  • Silver, 250 points or more

To use object groups in an ACL, replace the normal protocol (protocol), network (source_address mask, etc.), service (operator port), or ICMP type (icmp_type) parameter with object-group grp_id.

For example, to use object groups for all available parameters in the access-list {tcp | udp} command,


Actions

This Discussion