IOS Object Groups

Posted on August 18, 2010. Filed under: cisco ios | Tags: , |

The feature is first available in IOS version 12.4.20T, more information can be found here http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_object_group_acl.html

Simplifies ACL configuration (and QoS, or other features), by grouping networks or services, e.g.

permit tcp object-group source-networks host 10.1.1.1 eq www 8080
!
object-group network source-networks
 host 10.1.99.1
 network 192.168.1.0 /24
 range 172.16.1.1 172.16.1.5

Object-groups can also be used to group services (protocols), e.g.

permit tcp object-group service-ip-telephony object-group source-networks host 10.1.1.1 eq www 8080
!
object-group service service-ip-telephony
permit udp eq tftp
permit tcp eq www 2000
Advertisements
Read Full Post | Make a Comment ( None so far )

Liked it here?
Why not try sites on the blogroll...