1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Software
  5. 4700M
  6. Configuration manual

Cisco 4700M Configuration Manual page 54

Application control engine appliance security
Hide thumbs Also See for 4700M:
Table of Contents

Advertisement

Simplifying Access Control Lists with Object Groups
Example of How an Object Group Expands into Multiple ACL Entries
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
1-30
The following examples of show command output demonstrate how the ACE
expands the single ACL entry that has an object group (see the
Configuring the Equivalent Extended ACL Using Object Groups"
multiple ACL entries. The output of the show running-config access-list
command displays the unexpanded object-group configuration of the ACL_IN
ACL. The output of the show access-list ACL_IN command displays the
expanded ACL entries.
host1/Admin# show running-config access-list
Generating configuration....
access-list ACL_IN remark "object group acl to deny specific hosts"
access-list ACL_IN line 8 extended deny tcp object-group DENIED
object-group WEB eq www
access-list ACL_IN line 16 extended permit ip any any
host1/Admin# show access-list ACL_IN
access-list:ACL_IN, elements: 10, status: ACTIVE
remark : "object group acl to deny specific hosts"
access-list ACL_IN line 8 extended deny tcp object-group DENIED
object-group WEB eq www
access-list ACL_IN line 8 extended deny tcp host 10.1.1.4 host
209.165.201.29 eq www (hitcount=0)
access-list ACL_IN line 8 extended deny tcp host 10.1.1.4 host
209.165.201.16 eq www (hitcount=0)
access-list ACL_IN line 8 extended deny tcp host 10.1.1.4 host
209.165.201.78 eq www (hitcount=0)
access-list ACL_IN line 8 extended deny tcp host 10.1.1.78 host
209.165.201.29 eq www (hitcount=0)
access-list ACL_IN line 8 extended deny tcp host 10.1.1.78 host
209.165.201.16 eq www (hitcount=0)
access-list ACL_IN line 8 extended deny tcp host 10.1.1.78 host
209.165.201.78 eq www (hitcount=0)
access-list ACL_IN line 8 extended deny tcp host 10.1.1.89 host
209.165.201.29 eq www (hitcount=0)
access-list ACL_IN line 8 extended deny tcp host 10.1.1.89 host
209.165.201.16 eq www (hitcount=0)
access-list ACL_IN line 8 extended deny tcp host 10.1.1.89 host
209.165.201.78 eq www (hitcount=0)
access-list ACL_IN line 16 extended permit ip any any (hitcount=0)
Chapter 1
Configuring Security Access Control Lists
"Example of
section) into
OL-16202-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco 4700M

Related Products for Cisco 4700M

This manual is also suitable for:

4700 series

Table of Contents