62-45
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 62 Configuring Network Security with ACLs
Configuring Object Group ACLs
Verifying IPv4 OG ACLs
Enter the show object-group [object-group-name] command, to display the configuration in the named
or numbered object group (or in all object groups if no name is entered). For example:
Switch# show object-group
Network object group auth-proxy-acl-deny-dest
host 209.165.200.235
Service object group auth-proxy-acl-deny-services
tcp eq www
tcp eq 443
Network object group auth-proxy-acl-permit-dest
209.165.200.226 255.255.255.224
209.165.200.227 255.255.255.224
209.165.200.228 255.255.255.224
209.165.200.229 255.255.255.224
209.165.200.246 255.255.255.224
209.165.200.230 255.255.255.224
209.165.200.231 255.255.255.224
209.165.200.232 255.255.255.224
209.165.200.233 255.255.255.224
209.165.200.234 255.255.255.224
Service object group auth-proxy-acl-permit-services
tcp eq www
tcp eq 443
Enter the show ip access-list [access-list-name] command, to display the contents of the named or
numbered access list or object group ACL (or for all access lists and object group ACLs if no name is
entered). For example:
Switch# show ip access-list my-ogacl-policy
Extended IP access list my-ogacl-policy
10 permit object-group my-service-object-group my-network-object-group any
Command or Action Purpose
Step 1
configure terminal
Example:
Switch# configure terminal
Enters the global configuration mode.
Step 2
interface type number
Example:
Switch(config)# interface vlan 100
Specifies the interface and enters interface configuration
mode.
Step 3
ip access-group {access-list-name |
access-list-number} {in | out}
Example:
Switch(config-if)# ip access-group
my-ogacl-policy in
Applies the ACL to the interface and specifies whether to
filter inbound or outbound packets.
Step 4
end
Example:
Device(config-ext-nacl)# end
Exits interface configuration mode and returns to
privileged EXEC mode.