Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1735
Views
0
Helpful
7
Replies

Find in access-list a indicated address

SupportAC
Level 1
Level 1

‎05-17-2019 05:52 AM

Hi,

 

We have a doubt:

 

We are trying to get all the "Access-list" in which an IP 192.1xx.xxx.xxx appears and we are not able to list them in the ASDM, but neither in CLI, it seems that when configuring the rules from the asdm appear as objects of this type (DM_INLINE_NETWORK_XXXX) to which an index number (XXXX) is assigned, so we do not see them either, and this index does not correlate with the list of applied rules.

Can we know the optimal procedure if there is one to obtain these records, or, if there is any architectural drawback in these teams to obtain such data?

Labels:
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎05-17-2019 06:34 AM

what is this this output shows .

 

show access-list | incl ip (ip)

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

SupportAC
Level 1
Level 1

‎05-20-2019 08:36 AM - edited ‎05-20-2019 08:41 AM

We need to filter the segment: 10.202.X.X a 10.251.X.X

 

sh access-list | i ip 10.2                   this command is not showing anything

 

# sh access-list | i ip 10.20*

# sh access-list | i ip 10.25*

# sh access-list | i ip 10.251.*

# sh access-list | i ip 10.251.31.20

 

-------------------------------------------------------------------------------------

 

sh access-list | i ip 10.2*

  access-list 2 line 7 extended permit ip 10.0.0.0 255.0.0.0 10.153.0.0 255.255.252.0 (hitcnt=0) 0x12624e22

  access-list 1 line 17 extended permit ip 10.128.0.0 255.255.0.0 host 10.0.32.35 (hitcnt=0) 0xeb3e3699

 

This would be an definided object but its not find it: sh access-list | i ip 10.251.31.20

 

the point it would be to find objects / hosts within a network segment, specifically the one we add in the command. is that possible?

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to SupportAC

‎05-20-2019 11:42 AM

in the orginal post you looking to get ip range of 192.X now you looking for 10.X object.

 

what is the requirement, if you have wide range of address space, you can not find the object inside the network, until you have object created.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

SupportAC
Level 1
Level 1
In response to balaji.bandi

‎05-21-2019 12:53 AM

We need to filter in ACL in order to find where a created host should be match.

 

sh access-list | i ip 10.251.31.20 -> This command is not showing anything

 

So is there any way to find a host and what ACL should be applying? or just if the ACL has the same host ip?

0 Helpful

Sheraz.Salim
VIP Alumni
VIP Alumni
In response to SupportAC

‎05-21-2019 01:07 AM

there is another way too. I  use this way more often. what you can do is, if you using putty. than cli (ssh/telnet) to the firewall. and follow this link https://my.kualo.com/knowledgebase/?kbcat=0&article=888

please do not forget to rate.
0 Helpful

SupportAC
Level 1
Level 1
In response to Sheraz.Salim

‎05-21-2019 03:51 AM

i dont understand what you mean with that

0 Helpful

SupportAC
Level 1
Level 1
In response to SupportAC

‎05-22-2019 02:00 AM

any idea to find a host within ACLs applied to this host?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card