Object group expand command

Unanswered Question
Feb 2nd, 2009

Is possible to see the specific match in IOS ACL with object group?

sh ip access-lists ACL-LOCALE (olso sh access-lists ACL-LOCALE)

Extended IP access list ACL-ACCESS in

10 permit ip 0.0.0.176 255.255.255.15 object-group MNG-CASHIN

20 deny ip 0.0.0.176 255.255.255.15 any

30 permit ip object-group NET-VoIP-Suc object-group NET-VoIP-Suc (69 matches)

40 permit ip object-group NET-VoIP-Suc object-group NET-VoIP-Cent

50 deny ip any object-group NET-VoIP-Cent

60 permit ip object-group NET-Dati-Succursali object-group NET-Dat (12 matches)

70 deny ip object-group NET-Suc object-group NET-Suc (103 matches)

80 deny ip object-group NET-Suc object-group KEY-Server

90 permit ip any any (1069 matches)

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Fri, 02/06/2009 - 11:57

To use object groups in an ACL, replace the normal protocol (protocol), network (source_address mask, etc.), service (operator port), or ICMP type (icmp_type) parameter with object-group grp_id.

For example, to use object groups for all available parameters in the access-list {tcp | udp} command,

Actions

This Discussion