Displaying Object Groups; Removing Object Groups; Manually Committing Access Control Lists And Rules - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Manually Committing Access Control Lists and Rules
FWSM/contexta(config-network)# network-object host 209.165.201.16
FWSM/contexta(config-network)# network-object host 209.165.201.78
FWSM/contexta(config-network)# access-list ACL_IN extended deny tcp object-group denied
object-group web eq www
FWSM/contexta(config)# access-list ACL_IN extended permit ip any any
FWSM/contexta(config)# access-group ACL_IN in interface inside
Displaying Object Groups
To display a list of the currently configured object groups, enter the following command:
FWSM/contexta(config)# show object-group [protocol | network | service | icmp-type |
id grp_id ]
If you enter the command without any parameters, the system displays all configured object groups.
The following example shows sample output from the show object-group command.
FWSM/contexta# show object-group
object-group network ftp_servers
description: This is a group of FTP servers
network-object host 209.165.201.3
network-object host 209.165.201.4
object-group network TrustedHosts
network-object host 209.165.201.1
network-object 192.168.1.0 255.255.255.0
group-object ftp_servers
Removing Object Groups
To remove an object group, enter one of the following commands.
You cannot remove an object group or make an object group empty if it is used in an ACL.
Note
•
•
Manually Committing Access Control Lists and Rules
By default, the FWSM automatically commits ACLs as you enter them; the FWSM waits a short period
of time after you last entered an access-list command before committing the ACL. See the
Control List Commit" section on page 10-6
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
10-24
To remove a specific object group, enter the following command:
FWSM/contexta(config)# no object-group grp_id
To remove all object groups of the specified type, enter the following command:
FWSM/contexta(config)# clear object-group [protocol | network | services | icmp-type]
If you do not enter a type, all object groups are removed.
Chapter 10
Controlling Network Access with Access Control Lists
for more information about committing ACLs.
"Access
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
