Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
31891
Views
82
Helpful
20
Replies

Finding what object groups an ip address belongs to ?

Go to solution
Shiva Prasad
Level 1
Level 1

‎03-10-2010 02:39 AM - edited ‎03-11-2019 10:19 AM

How can i find the object-group or object-groups an ip address belongs to/is part of in an ASA running conf ?

eg. sh run | i ip address or sh run object-group | i <ip add> gives me  the below output

network-object <ip add>

network-object <ip add>

network-object <ip add>

is there a command option that lists the ip address alongwith the object-group names that it belongs to ? as of now i have to look through the output of

"sh run object-group net" manually or save the running config to a text file and use the find function.

Regards,

Shiva

2 people had this problem
Labels:
0 Helpful
20 Replies 20

Go to solution
zbrewer-cco
Level 1
Level 1
In response to Ruslan Moldaliev

‎09-19-2018 06:41 AM

That's only for objects and doesn't work with object-groups.
0 Helpful

Go to solution
brfrankl
Level 1
Level 1
In response to zbrewer-cco

‎10-01-2018 07:11 AM

This is close but what about if I want to find an object/object group that "would" match?

 

Example:   I have an object-group with 192.168.64.0/24.  I want to search for 192.168.64.10 and it show me all the object-groups what this IP would get a match without .10 being explicitly defined.

0 Helpful

Go to solution
zbrewer-cco
Level 1
Level 1
In response to brfrankl

‎10-19-2018 02:03 PM

I have this problem occasionally too. What I usually do is, if I know the IP I'm looking for might be defined within a larger network:

show run | include 192.168.64

and manually parse the results. If this isn't feasible, sometime packet-tracer will give you the answer you're looking for.

0 Helpful

Go to solution
chris.dale
Level 1
Level 1
In response to Ruslan Moldaliev

‎03-15-2022 04:32 AM

Hi Ruslan

 

Thank you, that is the correct format which relates the object and or object-group to the IP address

 

Regards

0 Helpful

Go to solution
golive999
Level 1
Level 1

‎05-05-2015 04:16 AM

Hi Shiva,

There is no direct way of finding what object group does an IP belong to. However if the IP is specified in the configuration, then

you can do a

 

packet-tracer input inside tcp <source Ip< <port number> <destination ip> <destination port>

This will pull the ACL with the object-group and display.

now execute

sh run object-group id <object-group name> | include IP address

Hope this helps :)

Please rate.

Thanks
ABD

 

0 Helpful

Go to solution
pavitpalsingh
Level 1
Level 1

‎06-24-2015 12:29 AM

you can Log the session and  Issue : show running-config object-group network 

 

Open in notepad.

 

FIND  (ctrl + f) the IP 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card