Login
- Table of Contents
-
- 09-Security Configuration Guide
- 00-Preface
- 01-AAA configuration
- 02-Password control configuration
- 03-Keychain configuration
- 04-Public key management
- 05-PKI configuration
- 06-IPsec configuration
- 07-SSH configuration
- 08-SSL configuration
- 09-Object group configuration
- 10-Attack detection and prevention configuration
- 11-TCP attack prevention configuration
- 12-IP source guard configuration
- 13-ARP attack protection configuration
- 14-ND attack defense configuration
- 15-uRPF configuration
- 16-SAVI configuration
- 17-SAVA configuration
- 18-Crypto engine configuration
- 19-FIPS configuration
- 20-MACsec configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 09-Object group configuration | 52.25 KB |
Contents
Configuring an IPv4 address object group
Configuring an IPv6 address object group
Configuring a port object group
Display and maintenance commands for object groups
Configuring object groups
About object groups
An object group is a group of objects that can be used by an ACL or object group to identify packets. Object groups are divided into the following types:
· IPv4 address object group—A group of IPv4 address objects used to match the IPv4 address in a packet.
· IPv6 address object group—A group of IPv6 address objects used to match the IPv6 address in a packet.
· Port object group—A group of port objects used to match the protocol port number in a packet.
Configuring an IPv4 address object group
1. Enter system view.
system-view
2. Configure an IPv4 address object group and enter its view.
object-group ip address object-group-name
The system has one default IPv4 address object group named any.
3. (Optional.) Configure a description for the IPv4 address object group.
description text
By default, an object group does not have a description.
4. Configure an IPv4 address object.
[ object-id ] network { host { address ip-address | name host-name [ vpn-instance vpn-instance-name ] } | subnet ip-address { mask-length | mask } | group-object object-group-name }
Configuring an IPv6 address object group
1. Enter system view.
system-view
2. Configure an IPv6 address object group and enter its view.
object-group ipv6 address object-group-name
The system has one default IPv6 address object group named any.
3. (Optional.) Configure a description for the IPv6 address object group.
description text
By default, an object group does not have a description.
4. Configure an IPv6 address object.
[ object-id ] network { host { address ipv6-address | name host-name } | subnet ipv6-address prefix-length | group-object object-group-name}
Configuring a port object group
1. Enter system view.
system-view
2. Configure a port object group and enter its view.
object-group port object-group-name
The system has one default port object group named any.
3. (Optional.) Configure a description for the port object group.
description text
By default, an object group does not have a description.
4. Configure a port object.
[ object-id ] port { { eq | lt | gt } port | range port1 port2 | group-object object-group-name }
Display and maintenance commands for object groups
Execute display commands in any view.
|
Task |
Command |
|
Display information about object groups. |
display object-group [ { { ip | ipv6 } address | port }[ default ] [ name object-group-name ] | name object-group-name ] |
