To identify the object groups that are not being used in ACLs

Unanswered Question

Hi, I have a 200 pages of configuration of ASA , and i have to map the existing configuration to the new setup. There are around 100 pages of network objects that were created during last 2-3 years. Not all of these network objects are being used in the ACLs. I don't want to use these network objects in my new configuration, but how can i identify (smartly ) that which specific network objects should i skip?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Fri, 02/26/2010 - 12:27

you can do "sh run | i " to check the ACLs it is used.

Also you can use ASDM that has a "where used" option in the object groups.

I hope it helps.


ssocsupport Mon, 03/01/2010 - 00:59

It require manual validation using CLI

- issues the command sh run object-group network or sh run object-group service to knw the list of object group configured

- issue the command "sh run | i " to kwn the object group used in ACL

- if you have no ACL listed, while using the above command; then there is no ACL configured

However, this is not the smartest way..!!


ssoc support


This Discussion