Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
0
Replies

Deny IP using object-group network in ACL

chrislgicale
Level 1
Level 1

‎04-25-2016 07:50 PM

Good day!

Our company has /22 subnet which range between 192.168.16.0 - 192.168.19.255. I try to use "object-group network" to specify a range to deny set of IPs to a set of IPs. It looks good in the command but that doesn't have effect. I still able to PING and remote from source IP range to destination IP range.

===========================================================

object-group network SRC_Range
range 192.168.17.1 192.168.17.254

object-group network DST_Range
range 192.168.19.1 192.168.19.200

access-list 109 deny ip object-group SRC_Range object-group DST_Range
access-list 109 permit ip any any

interface GigabitEthernet0/1
ip address 192.168.16.1 255.255.252.0
ip access-group 109 in

===========================================================

Please help. Appreciate any response.

Regards,

Chris

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents