Cisco 4700M Configuration Manual page 46

Simplifying Access Control Lists with Object Groups
Creating a Network Object Group
Note
Adding a Description to a Network Object Group
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
1-22
To create an object group, use the object-group command in configuration mode.
The syntax of this command is as follows:
object-group network name
The keywords and arguments are as follows:
network—Specifies a group of hosts or subnet IP addresses.
•
name—Unique identifier of the object group. Enter an unquoted text string
•
with no spaces and a maximum of 64 alphanumeric characters.
For example, to create a network object group, enter:
host1/Admin(config)# object-group network NET_OBJ_GROUP1
host1/Admin(config-objgrp-netw)#
To remove the network object group from the configuration, enter:
host1/Admin(config)# no object-group network NET_OBJ_GROUP1
If you add new elements to an existing object group that is already in use by an
entry in a large ACL, recommitting the ACL can take a long time, depending on
the size of the ACL and the number of elements in the object group. In extreme
cases, recommitting this ACL may cause the ACE to respond to commands slowly
or even to become temporarily unresponsive. We recommend that you first
remove the ACL entry that refers to the object group, make your modifications to
the relevant object group, and then add the ACL entry back into the ACL.
To add an optional description to a network object group, use the description
command in object group network configuration mode. The syntax of this
command is as follows:
description text
The text argument is an unquoted text string with a maximum of 240 alphanumeric
characters.
Chapter 1 Configuring Security Access Control Lists
OL-16202-01