Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
186
Views
0
Helpful
2
Replies

Reuse Object Group in a single ACL line

johnlloyd_13
Level 9
Level 9

‎06-25-2025 04:32 PM

hi,

i'm trying to configure a global ACL and reuse the same object group in a single ACL line.

i got a warning saying 'config is redundant' but when i checked, it was accepted.

my question is, can i ignore the warning and my ACL would still work? i don't want to create another object group referring to the same subnets, i.e. create an object 'CORPORATE-SUBNET-2'.

ciscoasa(config)# access-list GLOBAL_ACL extended permit object-group UDP_16384-32767 object-group CORPORATE-SUBNET object-group CORPORATE-SUBNET
WARNING: Same object-group is used more than once in one config line. This config is redundant. Please use separate object-groups
ciscoasa(config)#
ciscoasa(config)# sh run access-list GLOBAL_ACL
access-list GLOBAL_ACL extended permit object-group UDP_16384-32767 object-group CORPORATE-SUBNET object-group CORPORATE-SUBNET

 

 

0 Helpful
2 Replies 2

wajidhassan
Level 1
Level 1

‎07-01-2025 09:03 AM

Yes — as long as the configuration is accepted, it will be applied.

  • Redundancy warnings don’t prevent the ACL from functioning.

  • ACL lines are still evaluated top-down, and packet matches will occur according to those rules.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎07-01-2025 09:53 AM

what  is the use case, what does the group contain ? why do you need to use twice ?

you can also group them and use only one object-group.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card