Contents

Configuring object groups· 1

About object groups· 1

Restrictions: Hardware compatibility with object group· 1

Configuring an IPv4 address object group· 1

Configuring an IPv6 address object group· 2

Configuring a port object group· 2

Configuring a service object group· 3

Renaming an object group· 3

Display and maintenance commands for object groups· 3

 

Configuring object groups

About object groups

An object group is a group of objects that can be used by an ACL, object policy, or object group to identify packets. Object groups are divided into the following types:

·     IPv4 address object group—A group of IPv4 address objects used to match the IPv4 address in a packet or match the user from whom a packet comes.

·     IPv6 address object group—A group of IPv6 address objects used to match the IPv6 address in a packet or match the user from whom a packet comes.

·     Port object group—A group of port objects used to match the protocol port number in a packet.

·     Service object group—A group of service objects used to match the upper-layer service in a packet.

Restrictions: Hardware compatibility with object group

Hardware	Object group compatibility
MSR810, MSR810-W, MSR810-W-DB, MSR810-LM, MSR810-W-LM, MSR810-10-PoE, MSR810-LM-HK, MSR810-W-LM-HK, MSR810-LMS-EA	MSR810, MSR810-W, MSR810-W-DB, MSR810-LM, MSR810-W-LM, MSR810-10-PoE, MSR810-LM-HK, MSR810-W-LM-HK: Yes MSR810-LMS-EA: No
MSR810-LMS, MSR810-LUS	No
MSR2600-6-X1, MSR2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28, MSR3600-51	Yes
MSR3600-28-SI, MSR3600-51-SI	Yes
MSR3600-28-X1, MSR3600-28-X1-DP, MSR3600-51-X1, MSR3600-51-X1-DP	Yes
MSR3610-I-DP, MSR3610-IE-DP	Yes
MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC	Yes
MSR 3610, MSR 3620, MSR 3620-DP, MSR 3640, MSR 3660	Yes
MSR3610-G, MSR3620-G	Yes

‌

Configuring an IPv4 address object group

1.     Enter system view.

system-view

2.     Create an IPv4 address object group and enter its view.

object-group ip address object-group-name

The system has one default IPv4 address object group named any.

3.     (Optional.) Configure a description for the IPv4 address object group.

description text

By default, an object group does not have a description.

4.     Configure an IPv4 address object.

[ object-id ] network { host { address ip-address | name host-name } | subnet ip-address { mask-length | mask } | range ip-address1 ip-address2 | group-object object-group-name }

By default, an IPv4 address object group does not contain IPv4 address objects.

5.     Exclude an IPv4 address from the IPv4 address object.

object-id network exclude ip-address

By default, no IPv4 address in an IPv4 address object is excluded.

6.     (Optional.) Specify a security zone for the IPv4 address object group.

security-zone security-zone-name

By default, no security zone is specified for an IPv4 address object group.

Configuring an IPv6 address object group

1.     Enter system view.

system-view

2.     Create an IPv6 address object group and enter its view.

object-group ipv6 address object-group-name

The system has one default IPv6 address object group named any.

3.     (Optional.) Configure a description for the IPv6 address object group.

description text

By default, an object group does not have a description.

4.     Configure an IPv6 address object.

[ object-id ] network { host { address ipv6-address | name host-name } | subnet ipv6-address prefix-length | range ipv6-address1 ipv6-address2 | group-object object-group-name }

By default, an IPv6 address object group does not contain IPv6 address objects.

5.     Exclude an IPv6 address from the IPv6 address object.

object-id network exclude ip-address

By default, no IPv6 address in an IPv6 address object is excluded.

6.     (Optional.) Specify a security zone for the IPv6 address object group.

security-zone security-zone-name

By default, no security zone is specified for an IPv6 address object group.

Configuring a port object group

1.     Enter system view.

system-view

2.     Create a port object group and enter its view.

object-group port object-group-name

The system has one default port object group named any.

3.     (Optional.) Configure a description for the port object group.

description text

By default, an object group does not have a description.

4.     Configure a port object.

[ object-id ] port { { eq | lt | gt } port | range port1 port2 | group-object object-group-name }

By default, a port object group does not contain port objects.

Configuring a service object group

1.     Enter system view.

system-view

2.     Create a service object group and enter its view.

object-group service object-group-name

The system has multiple default service object groups.

3.     (Optional.) Configure a description for the service object group.

description text

By default, an object group does not have a description.

4.     Configure a service object.

[ object-id ] service { protocol [ { source { { eq | lt | gt } port | range port1 port2 } | destination { { eq | lt | gt } port | range port1 port2 } } * | icmp-type icmp-code | icmpv6-type icmpv6-code ] | group-object object-group-name }

By default, a service object group does not contain service objects.

Renaming an object group

1.     Enter system view.

system-view

2.     Rename an object group.

object-group rename old-object-group-name new-object-group-name

You can only rename non-default object groups.

Display and maintenance commands for object groups

Execute display commands in any view.

 

Task	Command
Display information about object groups.	display object-group [ { { ip | ipv6 } address | service | port } [ default ] [ name object-group-name ] | name object-group-name ]