Good day!
Our company has /22 subnet which range between 192.168.16.0 - 192.168.19.255. I try to use "object-group network" to specify a range to deny set of IPs to a set of IPs. It looks good in the command but that doesn't have effect. I still able to PING and remote from source IP range to destination IP range.
===========================================================
object-group network SRC_Range
range 192.168.17.1 192.168.17.254
object-group network DST_Range
range 192.168.19.1 192.168.19.200
access-list 109 deny ip object-group SRC_Range object-group DST_Range
access-list 109 permit ip any any
interface GigabitEthernet0/1
ip address 192.168.16.1 255.255.252.0
ip access-group 109 in
===========================================================
Please help. Appreciate any response.
Regards,
Chris