My Netops section runs huge groups and huge numbers of groups and I often receive tickets relating to specific IP addresses that are part of larger groups, the names of which I need to begin troubleshooting.
Is there a pipe command I can use to quickly sort which object groups a given network object or port belongs to?
At this point I have to run a search for all access-list references to a given network, then cross-reference. I'd rather just have the given host or network and type a single command that will give me the names of all the object-groups this network is associated with.
"| i " obviously doesn't do it because it'll only show me the actual line of the network inside the object-group without the name of the group itself (though this does tell me how many times that line appears, and so how many groups exist that include that line specifically, though not necessarily the network if I'm working with a host). There's no "| s " and there's no stop at version of the | command on an ASA, so I'm at something of a loss here.
I run into the same issue all the time. What is do is just to paste the config on notepad++ and highlight the IP address and check the object group where it belogs. It is easy to check what IP addresses are on an object group, but not so easy to find an object group name where the IP address belongs to.
I've had to do that on occasion but it has "workaround" written all over it. I've also given up and used the ASDM. I was hoping for a more elegant solution but if there isn't one then... there isn't one.
Digging around turned up this command string, which will identify the object group I'm looking for:
sh run ob ne | i ^[^ ]|x.x.x.x
It lists all the network groups but those groups that include x.x.x.x will have it listed as a subheading. Silly to answer my own question but I figured I'd post up in case anyone wanted to know the answer.
Yep, your command returns exactly the same output as the one I posted, albeit by using a different method. The string ^[^ ] indicates a line that does not begin with a space (which includes all object-group names) and the |x.x.x.x lists the line that contains the relevant address.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :