Cisco Catalyst 6500 Series Configuration Manual page 200
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Simplifying Access Control Lists with Object Grouping
The protocol is the numeric identifier of the specific IP protocol (1 to 254) or a keyword identifier (for
example, icmp, tcp, or udp). To include all IP protocols, use the keyword ip. For a list of protocols you
can specify, see the
For example, to create a protocol group for TCP, UDP, and ICMP, enter the following commands:
FWSM/contexta(config)# object-group protocol tcp_udp_icmp
FWSM/contexta(config-protocol)# protocol-object tcp
FWSM/contexta(config-protocol)# protocol-object udp
FWSM/contexta(config-protocol)# protocol-object icmp
Adding a Network Object Group
To add or change a network object group, follow these steps. After you add the group, you can add more
objects as required by following this procedure again for the same group name and specifying additional
objects. You do not need to reenter existing objects; the commands you already set remain in place unless
you remove them with the no form of the command.
To add a network group, follow these steps:
Step 1
To add a network group, enter the following command:
FWSM/contexta(config)# object-group network grp_id
The grp_id is a text string up to 64 characters in length.
The prompt changes to the network subcommand mode.
(Optional) To add a description, enter the following command:
Step 2
FWSM/contexta(config-network)# description text
The description can be up to 200 characters.
To define the networks in the group, enter the following command for each network or address:
Step 3
FWSM/contexta(config-network)# network-object {host ip_address | ip_address mask }
For example, to create network group that includes the IP addresses of three administrators, enter the
following commands:
FWSM/contexta(config)# object-group network admins
FWSM/contexta(config-network)# description Administrator Addresses
FWSM/contexta(config-network)# network-object host 10.1.1.4
FWSM/contexta(config-network)# network-object host 10.1.1.78
FWSM/contexta(config-network)# network-object host 10.1.1.34
Adding a Service Object Group
To add or change a service object group, follow these steps. After you add the group, you can add more
objects as required by following this procedure again for the same group name and specifying additional
objects. You do not need to reenter existing objects; the commands you already set remain in place unless
you remove them with the no form of the command.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
10-20
"Protocols and Applications" section on page
Chapter 10
Controlling Network Access with Access Control Lists
D-5.
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Cisco Catalyst 6500 Series
Related Products for Cisco Catalyst 6500 Series
- Cisco 6503 - Catalyst Firewall Security Sys
- Cisco 6503-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6504-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6506 - Catalyst Chassis Switch
- Cisco 6513 - Catalyst Switch
- Cisco Catalyst 6509
- Cisco Catalyst 6513-E
- Cisco Catalyst 6500-E Series