Login
- Table of Contents
-
- 10-Security Configuration Guide
- 00-Preface
- 01-AAA configuration
- 02-Password control configuration
- 03-Public key management configuration
- 04-PKI configuration
- 05-IPsec configuration
- 06-SSH configuration
- 07-IP source guard configuration
- 08-ARP attack protection configuration
- 09-uRPF configuration
- 10-SSL configuration
- 11-Crypto engine configuration
- 12-FIPS configuration
- 13-Portal configuration
- 14-MACsec configuration
- 15-Attack detection and prevention configuration
- 16-Object group configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 16-Object group configuration | 83.28 KB |
Contents
Configuring an IPv4 address object group
Configuring an IPv6 address object group
Configuring a port object group
Displaying and maintaining object groups
Overview
An object group is a group of objects that can be referenced by an ACL to identify packets. Object groups are divided into the following types:
· IPv4 address object group—A group of IPv4 address objects used to match the IPv4 address in a packet.
· IPv6 address object group—A group of IPv6 address objects used to match the IPv6 address in a packet.
· Port object group—A group of port objects used to match the protocol port number in a packet.
Configuring an IPv4 address object group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure an IPv4 address object group and enter its view. |
object-group ip address object-group-name |
The system has one default IPv4 address object group. |
|
3. (Optional.) Configure a description for the IPv4 address object group. |
description text |
By default, an object group does not have a description. |
|
4. Configure an IPv4 address object. |
[ object-id ] network { host { address ip-address | name host-name } | subnet ip-address { mask-length | mask } } |
By default, no object exists. |
Configuring an IPv6 address object group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure an IPv6 address object group and enter its view. |
object-group ipv6 address object-group-name |
The system has one default IPv6 address object group. |
|
3. (Optional.) Configure a description for the IPv6 address object group. |
description text |
By default, an object group does not have a description. |
|
4. Configure an IPv6 address object. |
[ object-id ] network { host { address ipv6-address | name host-name } | subnet ipv6-address prefix-length } |
By default, no object exists. |
Configuring a port object group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure a port object group and enter its view. |
object-group port object-group-name |
The system has one default port object group. |
|
3. (Optional.) Configure a description for the port object group. |
description text |
By default, an object group does not have a description. |
|
4. Configure a port object. |
[ object-id ] port { { eq | lt | gt } port | range port1 port2 } |
By default, no object exists. |
Displaying and maintaining object groups
Execute display commands in any view.
|
Task |
Command |
|
Display information about object groups. |
display object-group [ { { ip | ipv6 } address | port } [ default ] [ name object-group-name ] | name object-group-name ] |
