03-10-2010 02:39 AM - edited 03-11-2019 10:19 AM
How can i find the object-group or object-groups an ip address belongs to/is part of in an ASA running conf ?
eg. sh run | i ip address or sh run object-group | i <ip add> gives me the below output
network-object <ip add>
network-object <ip add>
network-object <ip add>
is there a command option that lists the ip address alongwith the object-group names that it belongs to ? as of now i have to look through the output of
"sh run object-group net" manually or save the running config to a text file and use the find function.
Regards,
Shiva
Solved! Go to Solution.
08-23-2011 06:58 AM
Maybe not exactly what you were looking for but this is as close as I was ever able to get w/o ASDM.
no names
sho run object-group network | i object-group|1.2.3.4
you'll get the object-group names and 1.2.3.4 is the IP address.
Brad
03-10-2010 09:42 AM
Hi,
You can do the command:
sh run | i x.x.x.x
This will show all part of the configuration where the x.x.x.x IP belongs to.
For instance, if x.x.x.x is part of a static command, and ACL, and object-group, etc, it will prompt at the output of that command.
If your using names, you can disable that temporarily with the ''no names'' command.
Let me know if this does not help, because you're mentioning this command already.
Federico.
03-10-2010 09:45 AM
Can someone please tell me where the link to Netypro is these days?? It used to be an option, but can no longer find it
03-10-2010 09:52 AM
Ooopsss...
You did not like the answer, I'm sorry.
The best I can find is to do:
sh run | begin x.x.x.x
That will show all parts of the running-config where the IP address belongs along with the object-group names.
Edit- Sorry, this is not what you're looking for, I apologize for the misleading information. I'll try and see if I find an answer for you.
Federico.
03-10-2010 10:25 AM
Not the answer you were looking for...
But can't find a command that shows you just the name of the object-group and the IP to which it belongs.
Think you're stucked with the ''sh run'' or two show commands (one for the IP and one for the object-group)
Perhaps somebody else can correct me if I'm wrong.
Federico.
03-10-2010 02:35 PM
I think we are stuck with limited command options in the asa, but such a feature is available in cisco router IOS as per info from a friend of mine. It is something like that shown below, i am yet to try that on a router if someone is very curious you can try and let us all know.
sh run object-group | section
Regards,
Shiva
03-10-2010 08:00 PM
Shiva,
You are correct. There is no | s command in the ASA.
But, you can issue the following. sh run said that it is in the network object-group so, I issued a sh object-group network
ASA# sh run | i 3.3.3.3
network-object host 3.3.3.3
ASA# sh run object-group network
object-group network 4080
network-object host 1.1.1.1
network-object host 2.2.2.2
network-object host 3.3.3.3
-KS
03-11-2010 12:47 AM
Hi KS,
i think you missed parts of my initial query, the commands that you used would be perefctly fine if you had only one network object group defined in the configuration and if the ip was part of only that one group, i was looking for a command that would list all the object groups an object is part of.
I think this would be a handy feature to have in future releases of the ASA SW, is someone from the product development listening ?
Regards,
Shiva
05-31-2011 09:36 AM
Maybe not for ASAs, but for routers/switches...
sh object-group | inc object|x.x.x.x
07-07-2011 03:58 AM
07-07-2011 06:53 AM
There is an even easier way to do this in ASDM. If you look at the screenshot posted by UST_GLOBAL, and right click on the content of one of the groups, you will be able to select "where used". This will show you a list of all the places this address is used.
07-07-2011 07:36 AM
it was described under the impression that we know only the IP address details and not the object group name. Consider there is a large number of object-groups present if we give the IP address in the filter of the "Addresses" will give all the object-group
SPK
08-23-2011 06:58 AM
Maybe not exactly what you were looking for but this is as close as I was ever able to get w/o ASDM.
no names
sho run object-group network | i object-group|1.2.3.4
you'll get the object-group names and 1.2.3.4 is the IP address.
Brad
08-03-2015 07:00 AM
BEST ANSWER.... thanks, this helped me out greatly.
12-22-2016 04:52 AM
encountered recently the same task - find object by its IP and I found simple and easy way:
#show running-config object network in-line | i x.x.x.x
and one can see name and IP address in one line
object network HOST-1 host 10.1.y.y
object network HOST-2 host 10.1.y.y
object network HOST-3 host 10.1.y.y
no need to use double grep
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide