Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

To identify the object groups that are not being used in ACLs

Hi, I have a 200 pages of configuration of ASA , and i have to map the existing configuration to the new setup. There are around 100 pages of network objects that were created during last 2-3 years. Not all of these network objects are being used in the ACLs. I don't want to use these network objects in my new configuration, but how can i identify (smartly ) that which specific network objects should i skip?

regards,

Mohsin

2 REPLIES
Cisco Employee

Re: To identify the object groups that are not being used in ACL

you can do "sh run | i " to check the ACLs it is used.

Also you can use ASDM that has a "where used" option in the object groups.

I hope it helps.

PK

New Member

Re: To identify the object groups that are not being used in ACL

It require manual validation using CLI

- issues the command sh run object-group network or sh run object-group service to knw the list of object group configured

- issue the command "sh run | i " to kwn the object group used in ACL

- if you have no ACL listed, while using the above command; then there is no ACL configured

However, this is not the smartest way..!!

regards,

ssoc support

249
Views
0
Helpful
2
Replies
CreatePlease to create content