Task 6.5 Object Group Approach

Hello Guys;

i can see here we did used object group to group all the sources we wanted and then used one ACE to permit all the traffic from these Sources.

My question was that i always face Questions that were asking for an access list with the minimal ammount of entries , so can i always use this approach or tis would be graded as wrong answer.

Thanks Much in advance.

Ahmed

Comments

  • relativitydriverelativitydrive ✭✭ ✭✭

    Great question.  No anser as such, pity as it looks like a solution to many complex requirements.

    I'd have to have a guess that you should only use this sort of solution when the simpler verison i.e. the one-lined ACL isn't available?

  • JoeMJoeM ✭✭✭ ✭✭✭

    Reviewing WB-2 labs.   Somehow, I have gotten this far, without a good understanding of object-groups.  Good task.  Object-groups seem to simplify the use of ACL's (more flexibility).      In this task, it is not possible to do an ACL one-liner while using only a wildcard mask -- without including other addresses.  So, I looked at the solution.  ;-)

    Notes to self: a couple of links for the subject:

    Routing-Bits:  ACL Object-groups now on Cisco IOS  -- 12.4(20)T

    Cisco Docs:  Object Groups for ACLs

    --------------

    DocCD navigation:

    12.4T >>  Configure

           Security, Services, and VPN  >>  Securing the Data Plane......

                          >> Access Control Lists

                                >> Object Groups for ACLs

Sign In or Register to comment.