cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1314
Views
10
Helpful
4
Replies

Exclude one IP or Port from Object Group on Access List

aliabuklam
Level 1
Level 1

Hey guys, 

 

I have a simple question. I do have an object-group with 4 IP's in it, and on access list I'm allowing these IP's (object-group) to access 4 different servers. 

On one server I need access from only 2 of the 4 IP's. Is there a way on access-list to exclude 2 IP's or something like that. I know I can just add an access-list specifically for these IP's, I was just wondering if there is an easier way. 

 

Thanks

1 Accepted Solution

Accepted Solutions

Agree. If you need them in a different rule, is better split the object group so that you avoid permit unnecessary traffic to host. 

 

-If I helped you somehow, please, rate it as useful.-

View solution in original post

4 Replies 4

Hi @aliabuklam

You should edit your object group and rip off those hosts you don't need anymore.

 

object-group network object-group-name 

no  host {host-address | host-name}

 

-If I helped you somehow, please, rate it as useful.-

Thanks for your response Flavio. 

I still need this all the hosts for other servers though. I guess I will just create a new object-group and use it specifically for this that one server.

 

Thank you.

Agree. If you need them in a different rule, is better split the object group so that you avoid permit unnecessary traffic to host. 

 

-If I helped you somehow, please, rate it as useful.-

Thank you

Review Cisco Networking for a $25 gift card