Object group commands 1

description· 1

display object-group· 1

network (IPv4 address object group view) 3

network (IPv6 address object group view) 4

object-group· 5

port (port object group view) 6

 

description

Use description to configure a description for an object group.

Use undo description to delete the description for an object group.

Syntax

description text

undo description

Default

An object group does not have a description.

Views

Object group view

Predefined user roles

network-admin

mdc-admin

Parameters

text: Configures an object group description, a case-sensitive string of 1 to 127 characters.

Examples

# Configure a description for IPv4 address object group ipgroup.

<Sysname> system-view

[Sysname] object-group ip address ipgroup

[Sysname-obj-grp-ip-ipgroup] description This is an IPv4 object-group

display object-group

Use display object-group to display information about object groups.

Syntax

display object-group [ { { ip | ipv6 } address | port } [ default ] [ name object-group-name ] | name object-group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

ip address: Specifies the IPv4 address object groups.

ipv6 address: Specifies the IPv6 address object groups.

port: Specifies the port object groups.

default: Specifies the default object group.

name object-group-name: Specifies an object group by its name, a case-insensitive string of 1 to 31 characters.

Examples

# Display information about all object groups.

<Sysname> display object-group

IP address object group obj1: 0 object(in use)

 

IP address object group obj2: 3 objects(out of use)

  0 network host address 1.1.1.1

  10 network host name host

  20 network subnet 1.1.1.1 255.255.255.0

 

Ipv6 address object-group obj3: 0 object(in use)

 

Ipv6 address object-group obj4: 3 objects(out of use)

  0 network host address 1::1:1

  10 network host name host

  20 network subnet 1::1:0 112

 

Port object-group obj5: 0 object(in use)

 

Port object-group obj6: 2 objects(out of use)

  0 port lt 20

  10 port range 20 30

# Display information about object group obj2.

<Sysname> display object-group name obj2

Ip address object-group obj2: 3 objects(out of use)

  0 network host address 1.1.1.1

  10 network host name host

  20 network subnet 1.1.1.1 255.255.255.0

# Display information about all IPv4 object groups.

<Sysname> display object-group ip address

Ip address object-group obj1: 0 object(in use)

 

Ip address object-group obj2: 3 objects(out of use)

  0 network host address 1.1.1.1

  10 network host name host

  20 network subnet 1.1.1.1 255.255.255.0

# Display information about IPv6 object group obj4.

<Sysname> display object-group ipv6 address name obj4

Ipv6 address object-group obj4: 3 objects(out of use)

  0 network host address 1::1:1

  10 network host name host

  20 network subnet 1::1:0 112

Table 1 Command output

Field	Description
in use	The object group is referenced by an ACL.
out of use	The object group is not referenced.

 

network (IPv4 address object group view)

Use network to configure an IPv4 address object.

Use undo network to delete an IPv4 address object.

Syntax

[ object-id ] network { host { address ip-address | name host-name } | subnet ip-address { mask-length | mask } }

undo network { host { address ip-address | name host-name } | subnet ip-address { mask-length | mask } }

undo object-id

Default

No IPv4 address object exists.

Views

IPv4 address object group view

Predefined user roles

network-admin

mdc-admin

Parameters

object-id: Specifies an object ID in the range of 0 to 4294967294. If you do not specify an object ID, the system automatically assigns the object a multiple of 10 next to the greatest ID being used. For example, if the greatest ID is 22, the system automatically assigns 30.

host: Configures an IPv4 address object with the host address or name.

address ip-address: Specifies an IPv4 host address.

name host-name: Specifies a host name, a case-insensitive string of 1 to 60 characters.

subnet ip-address { mask-length | mask }: Configures an IPv4 address object with the subnet address followed by a mask length in the range of 0 to 32 or a mask in dotted decimal notation.

Usage guidelines

This command fails if you use it to configure or change an IPv4 address object to be identical with an existing object.

This command creates an IPv4 address object if the specified object ID does not exist. Otherwise, the command overwrites the configuration of the specified object.

If you configure a subnet with the mask length of 32 or the mask of 255.255.255.255, the system configures the object with a host address.

Examples

# Configure an IPv4 address object with the host address of 192.168.0.1.

<Sysname> system-view

[Sysname] object-group ip address ipgroup

[Sysname-obj-grp-ip-ipgroup] network host address 192.168.0.1

# Configure an IPv4 address object with the host name of pc3.

<Sysname> system-view

[Sysname] object-group ip address ipgroup

[Sysname-obj-grp-ip-ipgroup] network host name pc3

# Configure an IPv4 address object with the IPv4 address of 192.167.0.0 and mask length of 24.

<Sysname> system-view

[Sysname] object-group ip address ipgroup

[Sysname-obj-grp-ip-ipgroup] network subnet 192.167.0.0 24

# Configure an IPv4 address object with the IPv4 address of 192.166.0.0 and mask of 255.255.0.0.

<Sysname> system-view

[Sysname] object-group ip address ipgroup

[Sysname-obj-grp-ip-ipgroup] network subnet 192.166.0.0 255.255.0.0

network (IPv6 address object group view)

Use network to configure an IPv6 address object.

Use undo network to delete an IPv6 address object.

Syntax

[ object-id ] network { host { address ipv6-address | name host-name } | subnet ipv6-address prefix-length }

undo network { host { address ipv6-address | name host-name } | subnet ipv6-address prefix-length }

undo object-id

Default

No IPv6 address object exists.

Views

IPv6 address object group view

Predefined user roles

network-admin

mdc-admin

Parameters

object-id: Specifies an object ID in the range of 0 to 4294967294. If you do not configure an object ID, the system automatically assigns the object a multiple of 10 next to the greatest ID being used. For example, if the greatest ID is 22, the system automatically assigns 30.

host: Configures an IPv6 address object with the host address or name.

address ipv6-address: Specifies an IPv6 host address.

name host-name: Specifies a host name, a case-insensitive string of 1 to 60 characters.

subnet ipv6-address prefix-length: Configures an IPv6 address object with the subnet address followed by the prefix length in the range of 1 to 128.

Usage guidelines

This command fails if you use it to configure or change an IPv6 address object to be identical with an existing object.

This command creates an IPv6 address object if the specified object ID does not exist. Otherwise, the command overwrites the configuration of the specified object.

If you configure a subnet address with the prefix length of 128, the system configures the object with a host address.

Examples

# Configure an IPv6 address object with the host address of 1::1.

<Sysname> system-view

[Sysname] object-group ipv6 address ipv6group

[Sysname-obj-grp-ipv6-ipv6group] network host address 1::1

# Configure an IPv6 address object with the host name of pc3.

<Sysname> system-view

[Sysname] object-group ipv6 address ipv6group

[Sysname-obj-grp-ipv6-ipv6group] network host name pc3

# Configure an IPv6 address object with the IPv6 address of 1:1:1::1 and prefix length of 24.

<Sysname> system-view

[Sysname] object-group ipv6 address ipv6group

[Sysname-obj-grp-ipv6-ip v6group] network subnet 1:1:1::1 24

object-group

Use object-group to configure an object group and enter the object group view.

Use undo object-group to delete an object group.

Syntax

object-group { { ip | ipv6 } address | port } object-group-name

undo object-group { { ip | ipv6 } address | port } object-group-name

Default

Each type of object group has a default object group named any, which cannot be deleted.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip address: Configures an IPv4 address object group.

ipv6 address: Configures an IPv6 address object group.

port: Configures a port object group.

object-group-name: Specifies an object group name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

The object-group command execution results vary with the specified object group.

·     If the specified group does not exist, the system creates a new object group and enters the object group view.

·     If the specified group exists and the group type is the same as that in the command, the system enters the object group view.

·     If the specified group exists but the group type is different from that in the command, the command fails.

The undo object-group command execution results vary with the specified object group.

·     If the specified group does not exist, the system executes the command without any system prompt.

·     If the specified group exists and the group type is the same as that in the command, the system deletes the group.

·     If the specified group exists but the group type is different from that in the command, the command fails.

·     If the specified object group is being referenced by an ACL, the command fails.

Examples

# Configure an IPv4 address object group named ipgroup.

<Sysname> system-view

[Sysname] object-group ip address ipgroup

# Configure an IPv6 address object group named ipv6group.

<Sysname> system-view

[Sysname] object-group ipv6 address ipv6group

# Configure a port object group named portgroup.

<Sysname> system-view

[Sysname] object-group port portgroup

port (port object group view)

Use port to configure a port object.

Use undo port to delete a port object.

Syntax

[ object-id ] port { { eq | lt | gt } port | range port1 port2 }

undo port { { eq | lt | gt } port | range port1 port2 }

undo object-id

Default

No port object exists.

Views

Port object group view

Predefined user roles

network-admin

mdc-admin

Parameters

object-id: Specifies an object ID in the range of 0 to 4294967294. If you do not specify an object ID, the system automatically assigns the object a multiple of 10 next to the greatest ID being used. For example, if the greatest ID is 22, the system automatically assigns 30.

eq: Configures a port object with a port number equal to the specified port.

lt: Configures a port object with a port number smaller than the specified port.

gt: Configures a port object with a port number greater than the specified port.

port: Specifies a port number in the range of 0 to 65535.

range port1 port2: Configures a port object with a port range starting with port1 and ending with port2. The value range for the port1 and port2 arguments is 0 to 65535.

Usage guidelines

This command fails if you use it to configure or change a port object to be identical with an existing object.

This command creates a port object if the specified object ID does not exist. Otherwise, the command overwrites the configuration of the specified object.

When you use the lt port option, follow these guidelines:

·     The value of port cannot be 0.

·     If the value of port is 1, the system configures the object with a port number of 0.

·     If the value of port is in the range of 2 to 65535, the system configures the object with a port number range of [0, port–1].

When you use the gt port option, follow these guidelines:

·     The value of port cannot be 65535.

·     If the value of port is 65534, the system configures the object with a port number of 65535.

·     If the value of port is in the range of 0 to 65533, the system configures the object with a port number range of [port+1, 65535].

When you use the range port1 port2 option, follow these guidelines:

·     If port1 is equal to port2, the system configures the object with the port number port1.

·     If port1 is smaller than port2, the system configures the object with the port number range.

·     If port1 is greater than port2, the system changes the range to [port2, port1] and configures the object with the changed port number range.

Examples

# Configure a port object with a port number of 100.

<Sysname> system-view

[Sysname] object-group port portgroup

[Sysname-obj-grp-port-portgroup] port eq 100

# Configure a port object with a port number smaller than 20.

<Sysname> system-view

[Sysname] object-group port portgroup

[Sysname-obj-grp-port-portgroup] port lt 20

# Configure a port object with a port number greater than 60000.

<Sysname> system-view

[Sysname] object-group port portgroup

[Sysname-obj-grp-port-portgroup] port gt 60000

# Configure a port object with a port number in the range of 1000 to 2000.

<Sysname> system-view

[Sysname] object-group port portgroup

[Sysname-obj-grp-port-portgroup] port range 1000 2000