Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 17-Object group configuration | 45.17 KB |
Contents
Configuring an IPv4 address object group
Configuring an IPv6 address object group
Configuring a port object group
Configuring a service object group
Displaying and maintaining object groups
Configuring object groups
Overview
An object group is a group of objects that can be used by an ACL, object policy, or object group to identify packets. Object groups are divided into the following types:
· IPv4 address object group—A group of IPv4 address objects used to match the IPv4 address in a packet or match the user from whom a packet comes.
· IPv6 address object group—A group of IPv6 address objects used to match the IPv6 address in a packet or match the user from whom a packet comes.
· Port object group—A group of port objects used to match the protocol port number in a packet.
· Service object group—A group of service objects used to match the upper-layer service in a packet.
Configuring an IPv4 address object group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure an IPv4 address object group and enter its view. |
object-group ip address object-group-name |
The system has one default IPv4 address object group. |
|
3. (Optional.) Configure a description for the IPv4 address object group. |
description text |
By default, an object group does not have a description. |
|
4. Configure an IPv4 address object. |
[ object-id ] network { host { address ip-address | name host-name } | subnet ip-address { mask-length | mask | wildcard wildcard } | range ip-address1 ip-address2 | group-object object-group-name | user user-name [ domain domain-name ] | user-group user-group-name [ domain domain-name ] } |
By default, no objects exist. |
|
5. Exclude an IPv4 address from the IPv4 address object. |
object-id network exclude ipv4-address |
By default, no IPv4 address in an IPv4 address object is excluded. |
Configuring an IPv6 address object group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure an IPv6 address object group and enter its view. |
object-group ipv6 address object-group-name |
The system has one default IPv6 address object group. |
|
3. (Optional.) Configure a description for the IPv6 address object group. |
description text |
By default, an object group does not have a description. |
|
4. Configure an IPv6 address object. |
[ object-id ] network { host { address ipv6-address | name host-name } | subnet ipv6-address prefix-length | range ipv6-address1 ipv6-address2 | group-object object-group-name | user user-name [ domain domain-name ] | user-group user-group-name [ domain domain-name ] } |
By default, no objects exist. |
|
5. Exclude an IPv6 address from the IPv6 address object. |
object-id network exclude ipv6-address |
By default, no IPv6 address in an IPv6 address object is excluded. |
Configuring a port object group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure a port object group and enter its view. |
object-group port object-group-name |
The system has one default port object group. |
|
3. (Optional.) Configure a description for the port object group. |
description text |
By default, an object group does not have a description. |
|
4. Configure a port object. |
[ object-id ] port { { eq | lt | gt } port | range port1 port2 | group-object object-group-name } |
By default, no objects exist. |
Configuring a service object group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure a service object group and enter its view. |
object-group service object-group-name |
The system has multiple default service object groups. |
|
3. (Optional.) Configure a description for the service object group. |
description text |
By default, an object group does not have a description. |
|
4. Configure a service object. |
[ object-id ] service { protocol [ { source { { eq | lt | gt } port | range port1 port2 } | destination { { eq | lt | gt } port | range port1 port2 } } * | icmp-type icmp-code | icmpv6-type icmpv6-code ] | group-object object-group-name } |
By default, no objects exist. |
Renaming an object group
To rename an object group:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Rename an object group. |
object-group rename old-object-group-name new-object-group-name |
You can only rename non-default object groups. |
Displaying and maintaining object groups
Execute display commands in any view.
|
Task |
Command |
|
Display information about object groups. |
display object-group [ { { ip | ipv6 } address | service | port } [ default ] [ name object-group-name ] | name object-group-name ] |
