My Netops section runs huge groups and huge numbers of groups and I often receive tickets relating to specific IP addresses that are part of larger groups, the names of which I need to begin troubleshooting.
Is there a pipe command I can use to quickly sort which object groups a given network object or port belongs to?
At this point I have to run a search for all access-list references to a given network, then cross-reference. I'd rather just have the given host or network and type a single command that will give me the names of all the object-groups this network is associated with.
"| i " obviously doesn't do it because it'll only show me the actual line of the network inside the object-group without the name of the group itself (though this does tell me how many times that line appears, and so how many groups exist that include that line specifically, though not necessarily the network if I'm working with a host). There's no "| s " and there's no stop at version of the | command on an ASA, so I'm at something of a loss here.
Any help would be most appreciated.
Solved! Go to Solution.
I run into the same issue all the time. What is do is just to paste the config on notepad++ and highlight the IP address and check the object group where it belogs. It is easy to check what IP addresses are on an object group, but not so easy to find an object group name where the IP address belongs to.
I've had to do that on occasion but it has "workaround" written all over it. I've also given up and used the ASDM. I was hoping for a more elegant solution but if there isn't one then... there isn't one.
Im sure if many people request to their account manager on Cisco, maybe they can include a way to sort the object groups in a better way.
Digging around turned up this command string, which will identify the object group I'm looking for:
sh run ob ne | i ^[^ ]|x.x.x.x
It lists all the network groups but those groups that include x.x.x.x will have it listed as a subheading. Silly to answer my own question but I figured I'd post up in case anyone wanted to know the answer.
Yep, your command returns exactly the same output as the one I posted, albeit by using a different method. The string ^[^ ] indicates a line that does not begin with a space (which includes all object-group names) and the |x.x.x.x lists the line that contains the relevant address.