09-Security Configuration Guide

HomeSupportResource CenterSwitchesS12500X-AF SeriesS12500X-AF SeriesTechnical DocumentsConfigure & DeployConfiguration GuidesH3C S12500X-AF Switch Series Configuration Guides(R28xx)-6W10009-Security Configuration Guide
09-Object group configuration
Title Size Download
09-Object group configuration 52.25 KB

Configuring object groups

About object groups

An object group is a group of objects that can be used by an ACL or object group to identify packets. Object groups are divided into the following types:

·     IPv4 address object group—A group of IPv4 address objects used to match the IPv4 address in a packet.

·     IPv6 address object group—A group of IPv6 address objects used to match the IPv6 address in a packet.

·     Port object group—A group of port objects used to match the protocol port number in a packet.

Configuring an IPv4 address object group

1.     Enter system view.

system-view

2.     Configure an IPv4 address object group and enter its view.

object-group ip address object-group-name

The system has one default IPv4 address object group named any.

3.     (Optional.) Configure a description for the IPv4 address object group.

description text

By default, an object group does not have a description.

4.     Configure an IPv4 address object.

[ object-id ] network { host { address ip-address | name host-name [ vpn-instance vpn-instance-name ] } | subnet ip-address { mask-length | mask } | group-object object-group-name }

Configuring an IPv6 address object group

1.     Enter system view.

system-view

2.     Configure an IPv6 address object group and enter its view.

object-group ipv6 address object-group-name

The system has one default IPv6 address object group named any.

3.     (Optional.) Configure a description for the IPv6 address object group.

description text

By default, an object group does not have a description.

4.     Configure an IPv6 address object.

[ object-id ] network { host { address ipv6-address | name host-name } | subnet ipv6-address prefix-length | group-object object-group-name }

Configuring a port object group

1.     Enter system view.

system-view

2.     Configure a port object group and enter its view.

object-group port object-group-name

The system has one default port object group named any.

3.     (Optional.) Configure a description for the port object group.

description text

By default, an object group does not have a description.

4.     Configure a port object.

[ object-id ] port { { eq | lt | gt } port | range port1 port2 | group-object object-group-name }

Display and maintenance commands for object groups

Execute display commands in any view.

 

Task

Command

Display information about object groups.

display object-group [ { { ip | ipv6 } address | port }[ default ] [ name object-group-name ] | name object-group-name ]

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网