Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Object group expand command

Is possible to see the specific match in IOS ACL with object group?

sh ip access-lists ACL-LOCALE (olso sh access-lists ACL-LOCALE)

Extended IP access list ACL-ACCESS in

10 permit ip 0.0.0.176 255.255.255.15 object-group MNG-CASHIN

20 deny ip 0.0.0.176 255.255.255.15 any

30 permit ip object-group NET-VoIP-Suc object-group NET-VoIP-Suc (69 matches)

40 permit ip object-group NET-VoIP-Suc object-group NET-VoIP-Cent

50 deny ip any object-group NET-VoIP-Cent

60 permit ip object-group NET-Dati-Succursali object-group NET-Dat (12 matches)

70 deny ip object-group NET-Suc object-group NET-Suc (103 matches)

80 deny ip object-group NET-Suc object-group KEY-Server

90 permit ip any any (1069 matches)

Thanks

1 REPLY
Silver

Re: Object group expand command

To use object groups in an ACL, replace the normal protocol (protocol), network (source_address mask, etc.), service (operator port), or ICMP type (icmp_type) parameter with object-group grp_id.

For example, to use object groups for all available parameters in the access-list {tcp | udp} command,

136
Views
0
Helpful
1
Replies
CreatePlease to create content