02-02-2009 03:30 AM - edited 03-09-2019 10:00 PM
Is possible to see the specific match in IOS ACL with object group?
sh ip access-lists ACL-LOCALE (olso sh access-lists ACL-LOCALE)
Extended IP access list ACL-ACCESS in
10 permit ip 0.0.0.176 255.255.255.15 object-group MNG-CASHIN
20 deny ip 0.0.0.176 255.255.255.15 any
30 permit ip object-group NET-VoIP-Suc object-group NET-VoIP-Suc (69 matches)
40 permit ip object-group NET-VoIP-Suc object-group NET-VoIP-Cent
50 deny ip any object-group NET-VoIP-Cent
60 permit ip object-group NET-Dati-Succursali object-group NET-Dat (12 matches)
70 deny ip object-group NET-Suc object-group NET-Suc (103 matches)
80 deny ip object-group NET-Suc object-group KEY-Server
90 permit ip any any (1069 matches)
Thanks
02-06-2009 11:57 AM
To use object groups in an ACL, replace the normal protocol (protocol), network (source_address mask, etc.), service (operator port), or ICMP type (icmp_type) parameter with object-group grp_id.
For example, to use object groups for all available parameters in the access-list {tcp | udp} command,
06-07-2018 10:43 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide