Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
0
Helpful
2
Replies

To identify the object groups that are not being used in ACLs

mohsin.khan
Level 3
Level 3

‎02-25-2010 11:04 PM - edited ‎03-11-2019 10:15 AM

Hi, I have a 200 pages of configuration of ASA , and i have to map the existing configuration to the new setup. There are around 100 pages of network objects that were created during last 2-3 years. Not all of these network objects are being used in the ACLs. I don't want to use these network objects in my new configuration, but how can i identify (smartly ) that which specific network objects should i skip?

regards,

Mohsin

Labels:
0 Helpful
2 Replies 2

Panos Kampanakis
Cisco Employee
Cisco Employee

‎02-26-2010 12:27 PM

you can do "sh run | i " to check the ACLs it is used.

Also you can use ASDM that has a "where used" option in the object groups.

I hope it helps.

PK

0 Helpful

ssocsupport
Level 1
Level 1
In response to Panos Kampanakis

‎03-01-2010 12:59 AM

It require manual validation using CLI

- issues the command sh run object-group network or sh run object-group service to knw the list of object group configured

- issue the command "sh run | i " to kwn the object group used in ACL

- if you have no ACL listed, while using the above command; then there is no ACL configured

However, this is not the smartest way..!!

regards,

ssoc support

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card