Adding A Service Object Group; Adding An Icmp Type Object Group - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Simplifying Access Lists with Object Grouping
Adding a Service Object Group
To add or change a service object group, perform the following steps. After you add the group, you can
add more objects as required by following this procedure again for the same group name and specifying
additional objects. You do not need to reenter existing objects; the commands you already set remain in
place unless you remove them with the no form of the command.
To add a service group, perform the following steps:
To add a service group, enter the following command:
Step 1
hostname(config)# object-group service grp_id {tcp | udp | tcp-udp}
The grp_id is a text string up to 64 characters in length.
Specify the protocol for the services (ports) you want to add, either tcp, udp, or tcp-udp keywords.
Enter tcp-udp keyword if your service uses both TCP and UDP with the same port number, for example,
DNS (port 53).
The prompt changes to service configuration mode.
(Optional) To add a description, enter the following command:
Step 2
hostname(config-service)# description text
The description can be up to 200 characters.
To define the ports in the group, enter the following command for each port or range of ports:
Step 3
hostname(config-service)# port-object {eq port | range begin_port end_port}
For a list of permitted keywords and well-known port assignments, see the
section on page
For example, to create service groups that include DNS (TCP/UDP), LDAP (TCP), and RADIUS (UDP),
enter the following commands:
hostname(config)# object-group service services1 tcp-udp
hostname(config-service)# description DNS Group
hostname(config-service)# port-object eq domain
hostname(config-service)# object-group service services2 udp
hostname(config-service)# description RADIUS Group
hostname(config-service)# port-object eq radius
hostname(config-service)# port-object eq radius-acct
hostname(config-service)# object-group service services3 tcp
hostname(config-service)# description LDAP Group
hostname(config-service)# port-object eq ldap
Adding an ICMP Type Object Group
To add or change an ICMP type object group, perform the following steps. After you add the group, you
can add more objects as required by following this procedure again for the same group name and
specifying additional objects. You do not need to reenter existing objects; the commands you already set
remain in place unless you remove them with the no form of the command.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
13-14
E-11.
Chapter 13
Identifying Traffic with Access Lists
"Protocols and Applications"
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
