Simplifying Access Control Lists with Object Groups
Configuring Service Object Groups
Creating a Service Object Group
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
1-24
The ip_address specifies the IP address of the host. Use this argument to specify
a single IP address. Enter an IP address in dotted-decimal notation (for example,
192.168.12.15).
For example, to create a network object group that includes three host addresses,
enter:
host1/Admin(config)# object-group network NET_OBJ_GROUP1
host1/Admin(config-objgrp-netw)# description Administrator Addresses
host1/Admin(config-objgrp-netw)# host 192.168.12.15
host1/Admin(config-objgrp-netw)# host 192.168.12.21
host1/Admin(config-objgrp-netw)# host 192.168.12.27
This section describes how to configure service object groups to streamline the
creation of ACL entries that include protocol names and port names in an ACL. It
includes the following sections:
Creating a Service Object Group
•
Adding a Description to a Service Object Group
•
Defining Protocol Parameters for a Service Object Group
•
To create a service object group, use the object-group command in configuration
mode. The syntax of this command is as follows:
object-group service name
The keywords and arguments are as follows:
service—Specifies a group of IP protocol and port specifications.
•
name—Unique identifier of the object group. Enter an unquoted text string
•
with no spaces and a maximum of 64 alphanumeric characters.
For example, to create a service object group, enter:
host1/Admin(config)# object-group service SERV_OBJ_GROUP1
host1/Admin(config-objgrp-serv)#
Chapter 1
Configuring Security Access Control Lists
OL-16202-01