Login
- Table of Contents
-
- 11-Security Command Reference
- 00-Preface
- 01-AAA commands
- 02-802.1X commands
- 03-MAC authentication commands
- 04-Portal commands
- 05-Web authentication commands
- 06-Port security commands
- 07-User profile commands
- 08-Password control commands
- 09-Keychain commands
- 10-Public key management commands
- 11-PKI commands
- 12-IPsec commands
- 13-SSH commands
- 14-SSL commands
- 15-Object group commands
- 16-Attack detection and prevention commands
- 17-TCP attack prevention commands
- 18-IP source guard commands
- 19-ARP attack protection commands
- 20-ND attack defense commands
- 21-uRPF commands
- 22-SAVI commands
- 23-SAVA commands
- 24-MFF commands
- 25-Crypto engine commands
- 26-FIPS commands
- 27-MACsec commands
- 28-Microsegmentation commands
- 29-IP-SGT mapping commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 15-Object group commands | 82.50 KB |
Object group commands
description
Use description to configure a description for an object group.
Use undo description to restore the default.
Syntax
description text
undo description
Default
No description is configured for an object group.
Views
Object group view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 127 characters.
Examples
# Configure the description as This is an IPv4 object-group for an IPv4 address object group.
<Sysname> system-view
[Sysname] object-group ip address ipgroup
[Sysname-obj-grp-ip-ipgroup] description This is an IPv4 object-group
display object-group
Use display object-group to display information about object groups.
Syntax
display object-group [ ip address [ default ] [ name object-group-name ] | name object-group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip address: Specifies the IPv4 address object groups.
default: Specifies the default object groups.
name object-group-name: Specifies an object group by its name, a case-insensitive string of 1 to 31 characters.
Examples
# Display information about all object groups.
<Sysname> display object-group
IP address object group obj1: 0 object(in use)
IP address object group obj2: 4 objects(out of use)
0 network host address 1.1.1.1
10 network host name host
20 network subnet 1.1.1.1 255.255.255.0
60 network host name host vpn-instance vpn1
# Display information about object group obj2.
<Sysname> display object-group name obj2
IP address object-group obj2: 4 objects(out of use)
0 network host address 1.1.1.1
10 network host name host
20 network subnet 1.1.1.1 255.255.255.0
50 network host name host vpn-instance vpn1
# Display information about all IPv4 address object groups.
<Sysname> display object-group ip address
IP address object-group obj1: 0 object(in use)
IP address object-group obj2: 4 objects(out of use)
0 network host address 1.1.1.1
10 network host name host
20 network subnet 1.1.1.1 255.255.255.0
50 network host name host vpn-instance vpn1
Table 1 Command output
|
Field |
Description |
|
in use |
The object group is used by an ACL or object group. |
|
out of use |
The object group is not used. |
display object-group host
Use display object-group host to display IPv4 or IPv6 addresses for host names.
Syntax
display object-group { ip | ipv6 } host { object-group-name object-group-name | name host-name [ vpn-instance vpn-instance-name ] } * [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
object-group-name object-group-name: Specifies an object group by its name, a case-insensitive string of 1 to 31 characters. If you do not specify this option, the command displays information about the specified host name.
name host-name: Specifies a host by its name, a case-insensitive string of 1 to 60 characters. If you do not specify this option, the command displays information about all the included and excluded host names in the specified object group.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the host belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If the host resides on the public network, do not specify this option.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all member devices.
Examples
# Display IPv4 addresses for host name www.a.example.com in object group group1.
<Sysname> display object-group ip host object-group-name group1 name www.a.example.com
Object group : group1
Object ID : 0
Host name : www.a.example.com
Updated at : 2019-05-20 11:04:24
IP addresses :
169.0.0.10
169.0.0.11
# Display IPv6 addresses for all host names in object group group1.
<Sysname> display object-group ipv6 host object-group-name group1
Object group : group1
Object ID : 0
Host name : www.a.example.com
Updated at : 2019-05-20 11:04:24
IP addresses :
169:0::0:10
169:0::0:11
Object ID : 10
Host name : www.b.example.com
Updated at : 2019-05-20 11:04:24
IP addresses :
169:0::0:11
169:0::0:12
Table 2 Command output
|
Field |
Description |
|
Object group |
Object group name. |
|
Object ID |
Object ID. |
|
Updated at |
Time at which the IP address for the host name was last updated. |
|
IP addresses |
IP address corresponding to the host name. |
Related commands
object-group
display object-group kernel
Use display object-group kernel to display information about the IP address corresponding to the kernel host name.
Syntax
display object-group kernel { ip | ipv6 } host { object-group-name object-group-name | name host-name [ vpn-instance vpn-instance-name ] } * [ slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
object-group-name object-group-name: Specifies an object group by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays the IP address corresponding to the specified or excluded host name in any object group.
name host-name: Specifies the host name, a case-insensitive string of 1 to 60 characters. If you do not specify this option, the command displays the IP addresses corresponding to all host names and excluded host names in the specified object group.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the host belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If the host resides on the public network, do not specify this option.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays packet statistics for all member devices.
Usage guidelines
Non-default vSystems do not support this command.
Examples
# Display information about the IP address corresponding to the kernel host name.
<Sysname> display object-group kernel ip host object-group-name group1 name a.example.com
Object group : group1
Object ID : 0
Host name : a.example.com
VPN instance : -
Updated at : 2019-05-20 11:04:24
IP addresses :
169.0.0.10
169.0.0.11
Table 3 Command output
|
Field |
Description |
|
Object group |
Object group name. |
|
Object ID |
Object ID. |
|
Host name |
Host name. |
|
VPN instance |
VPN instance to which the host belongs. |
|
Updated at |
Time at which the IP address for the host name was last updated. |
|
IP addresses |
IP address corresponding to the host name. |
Related commands
object-group
network (IPv4 address object group view)
Use network to configure an IPv4 address object.
Use undo network to delete an IPv4 address object.
Syntax
[ object-id ] network { host { address ip-address | name host-name [ vpn-instance vpn-instance-name ] } | subnet ip-address { mask-length | mask } }
undo network { host { address ip-address | name host-name [ vpn-instance vpn-instance-name ] } | subnet ip-address { mask-length | mask } }
undo object-id
Default
No IPv4 address objects exist.
Views
IPv4 address object group view
Predefined user roles
network-admin
Parameters
object-id: Specifies an object ID in the range of 0 to 4294967294. If you do not specify an object ID, the system automatically assigns the object a multiple of 10 next to the greatest ID being used. For example, if the greatest ID is 22, the system automatically assigns 30.
host: Configures an IPv4 address object with the host address or name.
address ip-address: Specifies an IPv4 host address.
name host-name: Specifies a host name, a case-insensitive string of 1 to 60 characters.
vpn-instance vpn-instance-name: Specifies a VPN instance name, a case-sensitive string of 1 to 31 characters.
subnet ip-address { mask-length | mask }: Configures an IPv4 address object with the subnet address followed by a mask length in the range of 0 to 32 or a mask in dotted decimal notation.
Usage guidelines
This command fails if you use it to configure or change an IPv4 address object to be identical with an existing object.
This command creates an IPv4 address object if the specified object ID does not exist. Otherwise, the command overwrites the configuration of the specified object.
If you configure a subnet with the mask length of 32 or the mask of 255.255.255.255, the system configures the object with a host address.
Examples
# Configure an IPv4 address object with the host address of 192.168.0.1.
<Sysname> system-view
[Sysname] object-group ip address ipgroup
[Sysname-obj-grp-ip-ipgroup] network host address 192.168.0.1
# Configure an IPv4 address object with the host name of pc3.
<Sysname> system-view
[Sysname] object-group ip address ipgroup
[Sysname-obj-grp-ip-ipgroup] network host name pc3
# Configure an IPv4 address object with the host name of pc1 and the VPN instance name of vpn1.
<Sysname> system-view
[Sysname] object-group ip address ipgroup
[Sysname-obj-grp-ip-ipgroup] network host name pc1 vpn-instance vpn1
# Configure an IPv4 address object with the IPv4 address of 192.167.0.0 and mask length of 24.
<Sysname> system-view
[Sysname] object-group ip address ipgroup
[Sysname-obj-grp-ip-ipgroup] network subnet 192.167.0.0 24
# Configure an IPv4 address object with the IPv4 address of 192.166.0.0 and mask of 255.255.0.0.
<Sysname> system-view
[Sysname] object-group ip address ipgroup
[Sysname-obj-grp-ip-ipgroup] network subnet 192.166.0.0 255.255.0.0
object-group
Use object-group to configure an object group and enter its view, or enter the view of an existing object group.
Use undo object-group to delete an object group.
Syntax
object-group ip address object-group-name
undo object-group ip address object-group-name
Default
Default object groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
ip address: Configures an IPv4 address object group.
object-group-name: Specifies an object group name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
The object-group command execution results vary with the specified object group.
· If the specified group does not exist, the system creates a new object group and enters the object group view.
The undo object-group command execution results vary with the specified object group.
· If the specified group does not exist, the system executes the command without any system prompt.
· If the specified object group is being used by an ACL, the command fails.
Default object groups cannot be deleted.
Examples
# Configure an IPv4 address object group named ipgroup.
<Sysname> system-view
[Sysname] object-group ip address ipgroup
