Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Modifying multiple ACE's of ACL 's containing object groups

How do you modify an ACE whose line numbers don't increment because they are a part of the same object-group expansion?

2 REPLIES

Re: Modifying multiple ACE's of ACL 's containing object groups

You change the objetct group.

But take care if the same object group is usesd in multiple ACLs then this will add or delete in all the ACLs.

Reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml

example:

(config)# object-group network host_grp_2

(config-network)# network-object host 172.16.10.1

(config-network)# network-object host 172.16.10.2

(config-network)# no network-object host 172.16.10.2

(config-network)# exit

sincerely

Patrick

Re: Modifying multiple ACE's of ACL 's containing object groups

Bu the way if you are doing < show access-list > you will see the expanded version of the access-list with the hitcounts.

123
Views
3
Helpful
2
Replies