How to specify target host in Access-list on 1700 router
I want to be able to specify the target host on an access list and when I try to enter the IP and sub-net mask I get wierd result. This is on a 1700 router. I type: access-list 100 permit tcp any XXX.XXX.XXX.XXX 255.255.255.248 eq smtp where XXX.XXX.XXX.XXX is a public IP of a virtual email server on my inside.
I get:
access-list 100 permit tcp any 0.0.0.2 255.255.255.248 eq smtp
Why does XXX.XXX.XXX.XXX get interpreted as 0.0.0.2?
Thanks,
Dave
Dave,
The address got converted to 0.0.0.2 because you used a subnet mask (255.255.255.248) where you should have used a wildcard mask (0.0.0.7).
Regardless of what the network portion of the address was, when the router sees "255" in any position in the wildcard mask, it interprets that as "it really doesn't matter what number is in this part of the IP address". So it corrects your notation and replaces that part of the IP address with the placeholder "0".
The fact that it put a ".2" at the end of the address indicates that the binary pattern of whatever XXX.XXX.XXX.XXX was ended in "010". The last octet was one of the numbers in this sequence: .2, .10, .18, ... (increments of 8), .114, or .122. The "248" in the last part of your wildcard mask told the router "it doesn't matter what number's here, as long as the last three binary bits match". The router just simplified the last .XXX you entered to the smallest number that had a matching binary pattern; in this case it was ".2".
Something to remember: Use subnet masks for static routes and interface addressing; and wildcard masks for ACLs.
The easiest way to calculate the wildcard mask you want, if you're used to seeing things in subnet mask format, is to subtract the subnet mask from 255.255.255.255. For example:
255.255.255.255
-255.255.255.248 (subnet mask)
0.0.0.7 (wildcard mask)
If you want to specify a single host address rather than a masked range of addresses, use the notation "host XXX.XXX.XXX.XXX". If you use the notation "XXX.XXX.XXX.XXX 0.0.0.0" where 0.0.0.0 is the wildcard mask, the router will convert it to "host XXX.XXX.XXX.XXX". (Go ahead, try it and see.)
Similarly, if you want to specify all host addresses, use "any" as you have already done; or you can try "0.0.0.0 255.255.255.255" and the router will convert it to "any" for you. (Try this one too.)
Check out the useful IP Subnet Calculator download at http://www.Boson.com -- it's free:
Wildcard Mask Checker & Decimal-to-IP Calculator
a neat little utility to check what your wildcard mask actually matches, and, converts from Decimal to IP address format.
http://www.boson.com/promo/utilities.htm
Hope this helps.
Similar Messages
-
IP address is not on the target's allowable access list.
when trying to deploy a lvlib or downloading code from a PC to a FP controller I get this error message "Access denied: This host computer's IP address is not on the target's allowable access list.". I have added the PC's IP address from within Max on the access list of the FP target (althoug default is full access to everyone). This did not help, I still get the same error message. Both systems are on the same IP segment.
sincerely
søren h. jensenHello,
Short of time right now, but I had the same problem: Here is a dump of my own notes on how I solved the pbolem (not necessary to reinstall software):
I attempted to update these data with Measurement & Automation Explorer (MAX) using the "FieldPoint Access Control" panel in MAX: I set "*" and Read/Write and pressed "Apply": MAX Claims it has updated the Access Rightsm, but we are still unable to Deploy the CFP from the Project Explorer.
SOLUTION:
Use WS_FTP-PRO (or any FTP Client) and access the IP Address of the FieldPoint using anonymous login.
Transfer the file ni-rt.ini from the root of c:\ on the Fieldpoint to the local PC and edit the settings as shown below.
FTP the file back to the Fieldpoint.
Set the following settings in "server.tcp.access" and "RTTarget.IPAccess":
server.tcp.access=""+*""
NOTE: Double Quotes here
RTTarget.IPAccess="+*"
NOTE: Single Quotes here
+* means every IP address can access.
It turned out that MAX had left the following (probably illegal) values in the fields:
"""" and ""
Geir Ove -
How to specify target="_parent" in a branch
I want to use a branch to navigate to a page which is being called through an iframe. I need to specify the target of the branch is parent so it will open in the parent window and not the iframe. Does anyone know how to specify the parent on a branch?
Did you find a solution to your problem?
I'm having a similar problem.
Thanks
Max -
How to specify target when using RequestDispatcher !
Can anybody tell me where do i specify target while using requestDispatcher ?
I belive that what you want is @
http://java.sun.com/products/servlet/2.2/javadoc/javax/servlet/ServletRequest.html#getRequestDispatcher(java.lang.String)
Best of luck. -
How to delete target host credentials
Hi,
I have manually cloned a oracle 8i DB @ machine A to a 10g server @ machine B. It is working fine.
After that I have configured OEM. But it is showing 2 target host credential shows both machine-A and machine-B.
Whenever I try to login to the database via enterprise manager console@ machine-B, it chooses the machine-A' as the host credentials and fails to login.
I wanna change/delete the machine-A host credentials from the machine-B. Pls advise me.Windows alone is not an OS,but a Microsoft marketing label.
I have forgotton the admin passwordReinstall your Windows version or google for 'Windows password lost'. If your Windows installation is insecure (that's true for the most installations) you could be lucky.
Werner -
How to config Time capsule remote access with Motorola SVG1202 router?
I'm having difficulty trying to congif Time capsule remote acces. I have a router Motorola SVG1202 and Time capsule config to Bridge mode, when I change Time capsule config to "DHCP and NAT", an error of "Double NAT" happens. How to correct this? Tried to search what to do exactly but no luck, appreciate anyone support.
Method 3 will work if you have a modem/router or gateway device, as it appears that the SVG1202 is......with the Time Capsule in Bridge Mode.
The method 3 has some differences from my Airport Utility options (v6.3.2), please if there are any image of the screen options would be helpfull.
You will not be using AirPort Utility to set up port forwarding for the Time Capsule, so as long as you can get the Time Capsule back to Bridge Mode, you should not need any additional help on AirPort Utiltiy 6.3.2.
Basically, all the setup will be on the Motorola device.
The first order of business is that you have a Static Internet IP address from your service provider. It is not practical to consider Method 3 unless you have this in place.
Then, the Motorola must be able to assign a fixed IP address to the Time Capsule on your network......probably something like 192.168.1.4.....for example only.
If the first two conditions can be met, the Motorola still needs to have the capability to set up Port Forwarding. If it does, then you would set up Port 548 for both Private UDP and Private TCP.
Then set up a port number....example 8888.....for Public UDP and Public TCP.
Then, from your Mac, you would click the Finder Go menu and click Connect to Server
Enter the following:
afp://12.345.678.910:8888
The 12.345.679.910 is an example of the IP address that your provider furnished to you for your Internet connection with their service.
Then, click Connect -
Access-list block range of hosts
cisco 2600 router with wic1-adsl card
I'm having difficulty creating an access-list that will block a range of specified internet ip's but allow evrything else. Google finds loads of acl's showing how to permit a range but nothing about how to deny.
In the past I've been able to deny a host using:
access-list 105 deny ip any host A.B.C.D. but that only blocks one host and not a range (unless you have loads of entries)
My reason for this is to block baiduspider.com from accessing my server. Baidu uses a large range of ip's but so far they're confined to 123.125.*.*, 61.135.*.* and 220.181.*.*
I tried:
access-list 10 deny 123.125.0.0 0.0.0.255
access-list 10 deny 220.181.0.0 0.0.0.255
access-list 10 deny 61.135.0.0 0.0.0.255
access-list 10 permit any
all web traffic comes via the adsl-wic card in the router so I put:
ip access-group 10 out
into the dialer0 config but this didn't work.
thanks for any help.it looks like I've done it. I was using the wrong subnet mask.
I changed the access list to:
access-list 10 deny A.B.0.0 0.0.255.255 and from that moment baidu disappeared from the web log. -
How to access Access List information through SNMP?
Hi,
I wonder if it is possible to access a router's access lsit info (acl type, name, entries, stats) through SNMP.
Using the SNMP Object Navigator I have found a MIB and OIDs that should allow me to do just that:
Object
ciscoACLMIB
OID
1.3.6.1.4.1.9.9.808
MIB
CISCO-ACL-MIB ; - View Supporting Images
Description
"This MIB module defines objects that describe Cisco Access
Control Lists (ACL).
But clicking on the "Supported Images" link shows that this MIB is not supported in any IOS release? I have tested with an snmpwalk on a few routers with different IOS versions and I don't get any results:
SNMPv2-SMI::enterprises.9.9.808 = No Such Object available on this agent at this OID
Is there anyway to read the ACL info through SNMP? Can anybody explain me how to do this?
Thanks in advance.
AlbertoHi Alberto,
Unfortunately ,it is not possible to get ACL information via SNMP.
there is an Enhancement BUG already been filed for the same.
CSCdu44167 no corresponding MIB for show access-list on a router .
Thanks-
Afroz
***Ratings Encourages Contributors *** -
Hostname(with wildcards) based access-list or policy.
Is there any way in cisco to use hostnames with wildcards either in ACL, or Policy, class map etc, for example I want to identify following devices with one keyword..for blocking/permit etc
UKlondon001
UKlondon002
UKlondon003
Uklondon004
UKlondon005
I want to capture all these with wildcard UKlondon*
something like regular expressions...You can group them in object-groups. You'll need to configure their names and then create an object group:
name 10.5.5.5 uklondon001
name 10.5.5.6 uklondon002
object-group network UKLONDONS
network-object host uklondon001
network-object host uklondon002
access-list permit tcp any object-group UKLONDONS eq 80
The above (from memory so don't quote me) will allow any traffic to hit any of those servers on port 80.
If you're wanting to do this for certain websites like youtube.com or google.com, you'll need to use regex and class-maps.
HTH,
John -
Hello all,
I am trying to apply this extended access-list to my router to permit the selected ports and deny the rest but my emails are not sending outside, all emails are stuck in the queue. If I remove the access-list, all emails goes freely. Whats left in my configuration?
access-list 101 permit tcp host 192.168.111.30 eq 53 any
access-list 101 permit udp host 192.168.111.30 eq 53 any
access-list 101 permit tcp host 192.168.111.30 eq 25 any
access-list 101 permit tcp host 192.168.111.30 eq 443 any
access-list 101 permit tcp host 192.168.111.30 eq 587 any
access-list 101 permit tcp host 192.168.111.30 eq 995 any
access-list 101 deny ip any any
Interface Dialer 0
ip access-group 101 outHere is the complete configuration.
Router#sh run
Building configuration...
Current configuration : 3665 bytes
! Last configuration change at 09:23:31 UTC Wed May 28 2014 by admin
! NVRAM config last updated at 06:42:17 UTC Wed May 28 2014 by admin
! NVRAM config last updated at 06:42:17 UTC Wed May 28 2014 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no aaa new-model
crypto pki token default removal timeout 0
ip source-route
ip cef
no ipv6 cef
license udi pid C887VA-W-E-K9 sn FCZ1624C30K
username admin privilege 15 password 7 045A0F0B062F
controller VDSL 0
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key xxxxxx address 0.0.0.0 0.0.0.0
crypto ipsec transform-set TS esp-3des esp-md5-hmac
crypto ipsec profile protect-gre
set security-association lifetime seconds 86400
set transform-set TS
interface Loopback0
ip address 10.10.10.1 255.255.255.255
interface Tunnel4120
ip address 10.0.0.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 123
ip tcp adjust-mss 1360
tunnel source Dialer0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile protect-gre
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
interface Ethernet0
no ip address
shutdown
no fair-queue
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
ip unnumbered Vlan1
interface Vlan1
ip address 192.168.111.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1360
interface Dialer0
ip address negotiated
ip access-group 101 out
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname xxxxxxxxxxxxxxxxx
ppp chap password 7 03077313552D0F411E512D
router rip
version 2
network 10.0.0.0
network 192.168.111.0
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.111.30 25 xxx.xxx.xxx.xxx 25 extendable
ip nat inside source static tcp 192.168.111.30 443 xxx.xxx.xxx.xxx 443 extendable
ip nat inside source static tcp 192.168.111.30 587 xxx.xxx.xxx.xxx 587 extendable
ip nat inside source static tcp 192.168.111.30 995 xxx.xxx.xxx.xxx 995 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 permit 192.168.111.30
access-list 10 permit 192.168.111.0 0.0.0.255
access-list 101 permit tcp host 192.168.111.30 eq 53 any
access-list 101 permit udp host 192.168.111.30 eq 53 any
access-list 101 permit tcp host 192.168.111.30 eq 25 any
access-list 101 permit tcp host 192.168.111.30 eq 443 any
access-list 101 permit tcp host 192.168.111.30 eq 587 any
access-list 101 permit tcp host 192.168.111.30 eq 995 any
access-list 101 deny ip any any
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
access-class 10 in
login local
transport input all
scheduler allocate 20000 1000
end
Router# -
Inherent Deny at End of Access-list 700 ?
If I specify the following configuration:
access-list 700 permit 5c59.4812.35fb
access-list 700 permit 0024.d71b.de64
dot11 association mac-list 700
Is there an inherent DENY to all other MAC addresses at the end of access-list 700? This configuration is going into an Aironet AP801. I'd like to use this to specify what I permit in my home and deny any other device that attempts to connect to the AP. I think this is a workable solution to keep out intruders that might crack my WPA2.
Thanks for the feedback!!!
James EYes, there is an inherent deny all at the end of a 700-series ACL just like there is in all ACLs.
-
Hello,
Can someone explain to me why we use access lists in a mpls cloud that uses IBGP. I thought for the most part access lists were used on firewalls not routers running BGP. Do we even need access lists with bgp can't bgp work without access lists. What are the reasons for having access lists on a router for IBGP on a mpls cloud?
Thanks,The only way to get access to your network is if the ISP misconfigures so that another company gets access to your IP networks by mistake or that someone gets access to a PC on the inside and can reach the networks from there. It could happen if someone accidentally downloads an e-mail attachment or something like that.
It all depends on how critical the traffic is. If it's a bank there could be regulations in place that demands that all traffic is encrypted even if it is supposed to be private. If you compare it to a leased line, it's also secure as long as someone doesn't get access to it. So MPLS is like a virtual leased line in comparison.
Daniel Dib
CCIE #37149
Please rate helpful posts. -
Access provisioning through Access List
I have Inter Vlan Routing done on my Core Switch, through which subnets are restricted to access each other, Example subnet of 10.1.23.0 cannot have access to subnet of 10.1.24.0.
Due to certain requirement i want that 10.1.23.19(Users Worskstain IP) can access 10.1.24.41 (Users Workstation IP)
Is it possible to do that, without disturbing my InterVlan Routing? Please suggestBelow is the Configuration of Intervlan Routign on my core Switch, please suggest
interface Vlan2
description IAS
ip address 10.1.14.2 255.255.254.0
ip access-group IAS out
vrrp 2 ip 10.1.14.5
vrrp 2 priority 99
interface Vlan3
description MKT
no ip address
ip access-group MKT out
vrrp 3 ip 10.1.6.5
vrrp 3 priority 99
interface Vlan4
description ESG
ip address 10.1.16.2 255.255.255.128
ip access-group ESS out
vrrp 4 ip 10.1.16.5
vrrp 4 priority 99
interface Vlan5
description NMSG
ip address 10.1.24.2 255.255.255.128
vrrp 5 ip 10.1.24.5
vrrp 5 priority 99
interface Vlan6
description OAG
ip address 10.1.26.2 255.255.255.128
vrrp 6 ip 10.1.26.5
vrrp 6 priority 99
interface Vlan7
description SMG
ip address 10.1.28.2 255.255.255.128
ip access-group SMG out
vrrp 7 ip 10.1.28.5
vrrp 7 priority 99
interface Vlan8
description DMG
ip address 10.1.30.2 255.255.255.128
ip access-group DMG out
vrrp 8 ip 10.1.30.5
vrrp 8 priority 99
interface Vlan9
description DMS_UAT
ip address 10.1.32.2 255.255.255.128
ip access-group DMS_UAT out
vrrp 9 ip 10.1.32.5
vrrp 9 priority 99
interface Vlan10
description SEG
ip address 10.1.34.2 255.255.254.0
vrrp 10 ip 10.1.34.5
vrrp 10 priority 99
interface Vlan11
description SEG-2
ip address 10.1.33.2 255.255.255.128
vrrp 11 ip 10.1.33.5
vrrp 11 priority 99
interface Vlan12
description Finance_F2
ip address 10.1.2.2 255.255.255.0
vrrp 12 ip 10.1.2.5
vrrp 12 priority 99
interface Vlan13
description Operations
ip address 10.1.10.2 255.255.255.128
ip access-group OPS out
vrrp 13 ip 10.1.10.5
vrrp 13 priority 99
interface Vlan17
description PD&T
ip address 10.1.36.2 255.255.255.128
ip access-group PDT out
vrrp 17 ip 10.1.36.5
vrrp 17 priority 99
interface Vlan18
description HR&Admin
ip address 10.1.8.2 255.255.255.0
ip access-group HR&Admin out
vrrp 18 ip 10.1.8.5
vrrp 18 priority 99
interface Vlan19
no ip address
interface Vlan20
no ip address
interface Vlan21
no ip address
interface Vlan22
description SEG3
ip address 10.1.44.2 255.255.255.128
ip access-group SEG3 out
vrrp 22 ip 10.1.44.5
vrrp 22 priority 99
interface Vlan23
description Call_Center
ip address 10.1.42.2 255.255.255.0
ip access-group CC out
vrrp 23 ip 10.1.42.5
vrrp 23 priority 99
interface Vlan24
description IT_Sec
ip address 10.1.23.2 255.255.255.0
vrrp 23 ip 10.1.23.5
vrrp 23 priority 99
interface Vlan25
description Q-mgmt
ip address 10.1.9.2 255.255.255.0
ip access-group ACESSCONTROL out
vrrp 25 ip 10.1.9.5
vrrp 25 priority 99
interface Vlan26
description RTA
ip address 10.1.150.2 255.255.254.0
ip access-group RTA out
vrrp 26 ip 10.1.150.5
vrrp 26 priority 99
interface Vlan27
description P&D
ip address 10.1.45.2 255.255.255.0
ip access-group PD out
vrrp 27 ip 10.1.45.5
vrrp 27 priority 99
interface Vlan28
description Trustee
ip address 10.1.18.2 255.255.255.0
ip access-group TRUSTEE out
vrrp 28 ip 10.1.18.5
vrrp 28 priority 99
ip access-list standard CC
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard CEO
deny 10.1.2.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard CS
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
ip access-list standard DMG
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard DMSSCAN
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard DMS_UAT
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard ESS
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard FIN
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard HRADMIN
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard IAD
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard IAS
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard ITSEC
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
ip access-list standard MKT
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard NMSG
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard OAG
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
ip access-list standard OPS
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard PD
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard PDT
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard Q-mgmt
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
permit any
ip access-list standard RTA
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
permit any
ip access-list standard SEG
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard SEG2
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard SEG3
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard SMG
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.18.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard TRUSTEE
deny 10.1.2.0 0.0.0.255
deny 10.1.4.0 0.0.0.255
deny 10.1.6.0 0.0.0.255
deny 10.1.8.0 0.0.0.255
deny 10.1.9.0 0.0.0.255
deny 10.1.10.0 0.0.0.255
deny 10.1.12.0 0.0.0.255
deny 10.1.14.0 0.0.0.255
deny 10.1.23.0 0.0.0.255
deny 10.1.24.0 0.0.0.255
deny 10.1.26.0 0.0.0.255
deny 10.1.28.0 0.0.0.255
deny 10.1.30.0 0.0.0.255
deny 10.1.32.0 0.0.0.255
deny 10.1.33.0 0.0.0.255
deny 10.1.34.0 0.0.0.255
deny 10.1.35.0 0.0.0.255
deny 10.1.36.0 0.0.0.255
deny 10.1.38.0 0.0.0.255
deny 10.1.42.0 0.0.0.255
deny 10.1.44.0 0.0.0.255
deny 10.1.45.0 0.0.0.255
deny 10.1.48.0 0.0.0.255
deny 10.1.50.0 0.0.0.255
deny 10.1.150.0 0.0.0.255
permit any
ip access-list standard static-routes
permit 10.1.136.0 0.0.1.255
permit 10.1.138.0 0.0.1.255
permit 10.1.142.0 0.0.0.255
permit 10.1.144.0 0.0.1.255
permit 10.1.160.0 0.0.1.255
permit 10.1.200.0 0.0.1.255
permit 10.1.204.0 0.0.1.255
permit 10.1.210.0 0.0.0.255
permit 10.1.222.0 0.0.1.255
permit 172.18.100.0 0.0.0.255
permit 172.18.101.0 0.0.0.255
permit 172.18.102.0 0.0.0.255
permit 172.18.103.0 0.0.0.255
permit 172.18.104.0 0.0.0.255
permit 172.18.105.0 0.0.0.255
permit 172.18.106.0 0.0.0.255
permit 10.1.146.0 0.0.0.255
permit 192.168.1.0 0.0.0.255
permit 10.1.145.0 0.0.0.255 -
How to get list of approved MSU for specified target group
Hello guys,
I have question about WSUS on windows server 2008 r2 sp1.
I need to get list of approved MSU for specified target group only for windows server 2008 r2 sp1, but I don't know whole syntax.
I can get list of approved updates for w2k8r2sp1:
$Title_r2='R2'
$Itanium='Itanium'
$wsus.GetUpdates() | Select Title | Where {
$_.Title -match $Title_r2 -and $_.Title -notmatch $Itanium -and $_.IsApproved -eq 'True'
But how can I get it for specified target group?
Please, help :)But how can I get it for specified target group?
Is there some reason you're not just using the native console reporting to do this?
Testing for 'R2' in the title will not guarantee getting all of the applicable updates, you need to query by Product Category to get all of them.
From my quick research, it appears that GetUpdates() does not return target group information, just a flag state on whether the update has been approved, or not. I don't have a working PS WSUS instance available to me at the moment, but my guess would be
that GetUpdateApprovals() (or something like it) is what you'll need to use to filter by Target Group.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds. -
Hellp Everyone,
I am trying to create a Access-List on my Core Switch, in which I want to allow few internet website & block the rest of them.
I want to allow the whole Intranet but few intranet websites also needs access to the internet.
Can we create such Access-List with the above requirement.
I tried to create the ACL on the switch but it blocks the whole internet access.
i want to do it for a subnet not for a specific IP.
Can someone help me in creating such access list.
Thanks in AdvanceThe exact syntax depends on your subnets and how they connect to the Internet. If you can share a simple diagram that would be much more informative.
In general just remember that access-lists are parsed from the top down and as soon as a match is found, the processing stops. So you put the most specific rules at the top. also, once you add an access-list, there is an implicit "deny any any" at the end.
The best approach is to create some network object-groups and then refer to them in your access list. From your description, that would be something like three object-groups - one for the Intranet (Intranet), one for the allowed servers that can use Internet (allowed_servers), and a third for the permitted Internet sites (allowed_sites).
You would then use them as follows:
ip access-list extended main_acl
permit any object-group intranet any
permit object-group allowed_servers object-group allowed_sites any
interface vlan
ip access-group main_acl in
More details on the syntax and examples can be found here:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-object-group-acl.html#GUID-BE5C124C-CCE0-423A-B147-96C33FA18C66
Maybe you are looking for
-
Small 'i's instead of Capital 'I's
A small thing but ir drives me potty! How do i get an I to come up automatically? Jackie
-
Windows 7 Supplicant Configuration - ISE PEAP w Machine Auth
Can anyone tell me the settings for the Windows 7 supplicant that works with ISE and PEAP using machine authentication? I have an authorization profile that permits the user login only after machine 'WasAuthenticated'. I have only found this to wor
-
Syncing photos from my Imac to my Ipad
Hi - I am trying to sync photos from iphoto onto my ipad. A message keep coming up that says photos from other libraries/folders will be removed and photos from this location synced. Photos on my Ipad will not be effected. Can someone please tell me
-
Frames causing an Error on Page when compiled and viewed
First off, I am using RoboHelp 10 and WebHelp. I am trying to click on a certain Topic in the ToC, and have it open in the window with two frames.I get an Error on Page when I click the link, but it seems to load up the page properly, as I can't see
-
Want to disable the password while running rsh command on solaris 10
Hi, After executing rsh command it is asking for a password. I want to login to a target machine with rsh command through the scripts which it shouldnot ask for a password. It will be appreciated if anyone can help me in solving out this issue?