data:image/s3,"s3://crabby-images/81549/815498fda95d3d578c1d69fddd1361bbed86b0de" alt="Cisco 6500 - Catalyst Series 10 Gigabit EN Interface Module Expansion Configuration Manual Download Page 239"
13-13
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Chapter 13 Identifying Traffic with Access Lists
Simplifying Access Lists with Object Grouping
The
protocol
is the numeric identifier of the specific IP protocol (1 to 254) or a keyword identifier (for
example,
icmp
,
tcp
, or
udp
). To include all IP protocols, use the keyword
ip
. For a list of protocols you
can specify, see the
“Protocols and Applications” section on page E-11
.
For example, to create a protocol group for TCP, UDP, and ICMP, enter the following commands:
hostname(config)#
object-group protocol
tcp_udp_icmp
hostname(config-protocol)#
protocol-object
tcp
hostname(config-protocol)#
protocol-object
udp
hostname(config-protocol)#
protocol-object
icmp
Adding a Network Object Group
To add or change a network object group, perform the following steps. After you add the group, you can
add more objects as required by following this procedure again for the same group name and specifying
additional objects. You do not need to reenter existing objects; the commands you already set remain in
place unless you remove them with the
no
form of the command.
Note
A network object group supports IPv4 and IPv6 addresses, depending on the type of access list. For more
information about IPv6 access lists, see
“Configuring IPv6 Access Lists” section on page 10-5
.
To add a network group, perform the following steps:
Step 1
To add a network group, enter the following command:
hostname(config)#
object-group network
grp_id
The
grp_id
is a text string up to 64 characters in length.
The prompt changes to network configuration mode.
Step 2
(Optional) To add a description, enter the following command:
hostname(config-network)#
description
text
The description can be up to 200 characters.
Step 3
To define the networks in the group, enter the following command for each network or address:
hostname(config-network)#
network-object
{
host
ip_address
|
ip_address mask
}
For example, to create network group that includes the IP addresses of three administrators, enter the
following commands:
hostname(config)#
object-group network
admins
hostname(config-network)#
description Administrator Addresses
hostname(config-network)#
network-object
host 10.1.1.4
hostname(config-network)#
network-object
host 10.1.1.78
hostname(config-network)#
network-object
host 10.1.1.34
Summary of Contents for 6500 - Catalyst Series 10 Gigabit EN Interface Module Expansion
Page 35: ...P A R T 1 Getting Started and General Information ...
Page 36: ......
Page 297: ...P A R T 2 Configuring the Security Policy ...
Page 298: ......
Page 521: ...P A R T 3 System Administration ...
Page 522: ......
Page 613: ...P A R T 4 Reference ...
Page 614: ......