Removing object groups, Monitoring objects and groups – Cisco ASA 5505 User Manual

13-11

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 13 Configuring Objects

Configuring Objects and Groups

You only need to specify the admin object group in your ACE as follows:

hostname (config)# access-list ACL_IN extended permit ip object-group admin host

209.165.201.29

Removing Object Groups

You can remove a specific object group or remove all object groups of a specified type; however, you
cannot remove an object group or make an object group empty if it is used in an access list.

Detailed Step

Monitoring Objects and Groups

To monitor objects and groups, enter the following commands:

Step 1

Do one of the following:

no object-group

grp_id

Example:

hostname(config)# no object-group

Engineering_host

Removes the specified object group. The grp_id is a text string up
to 64 characters in length and can be any combination of letters,
digits, and the following characters:

•

underscore “_”

•

dash “-”

•

period “.”

clear object-group

[protocol | network |

services

| icmp-type]

Example:

hostname(config)# clear-object group

network

Removes all object groups of the specified type.

Note

If you do not enter a type, all object groups are removed.

Command

Purpose

show access-list

Displays the access list entries that are expanded
out into individual entries without their object
groupings.

show running-config object-group

Displays all current object groups.

show running-config object-group

grp_id

Displays the current object groups by their group
ID.

show running-config object-group

grp_type

Displays the current object groups by their group
type.