EasyManuals Logo

Cisco Catalyst 6500 Series User Manual

Cisco Catalyst 6500 Series
392 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #202 background imageLoading...
Page #202 background image
10-22
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 10 Controlling Network Access with Access Control Lists
Simplifying Access Control Lists with Object Grouping
Step 2 (Optional) To add a description, enter the following command:
FWSM/contexta(config-icmp-type)# description
text
The description can be up to 200 characters.
Step 3 To define the ICMP types in the group, enter the following command for each type:
FWSM/contexta(config-icmp-type)# icmp-object
icmp_type
See the “ICMP Types” section on page D-9 for a list of ICMP types.
For example, to create an ICMP type group that includes echo-reply and echo (for controlling ping),
enter the following commands:
FWSM/contexta(config)# object-group icmp-type ping
FWSM/contexta(config-service)# description Ping Group
FWSM/contexta(config-icmp-type)# icmp-object echo
FWSM/contexta(config-icmp-type)# icmp-object echo-reply
Nesting Object Groups
To nest an object group within another object group of the same type, first create the group that you want
to nest according to the Adding Object Groups” section on page 10-19. Then follow these steps:
Step 1 To add or edit an object group under which you want to nest another object group, enter the following
command:
FWSM/contexta(config)# object-group {{protocol | network | icmp-type}
grp_id
|
service
grp_id
{tcp | udp | tcp-udp}}
Step 2 To add the specified group under the object group you specified in step 1, enter the following command:
FWSM/contexta(config-
group_type
)# group-object
grp_id
The nested group must be of the same type.
You can mix and match nested group objects and regular objects within an object group.
For example, you create network object groups for privileged users from various departments:
FWSM/contexta(config)# object-group network eng
FWSM/contexta(config-network)# network-object host 10.1.1.5
FWSM/contexta(config-network)# network-object host 10.1.1.9
FWSM/contexta(config-network)# network-object host 10.1.1.89
FWSM/contexta(config-network)# object-group network hr
FWSM/contexta(config-network)# network-object host 10.1.2.8
FWSM/contexta(config-network)# network-object host 10.1.2.12
FWSM/contexta(config-network)# object-group network finance
FWSM/contexta(config-network)# network-object host 10.1.4.89
FWSM/contexta(config-network)# network-object host 10.1.4.100
You then nest all three groups together as follows:
FWSM/contexta(config)# object-group network admin

Table of Contents

Other manuals for Cisco Catalyst 6500 Series

Preview: Command Reference
Command Reference160 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Configuration Note
Configuration Note212 pages
Preview: Installation Note
Installation Note36 pages
Preview: Hardware Installation Guide
Hardware Installation Guide134 pages
Preview: Troubleshooting
Troubleshooting10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 6500 Series and is the answer not in the manual?

Cisco Catalyst 6500 Series Specifications

General IconGeneral
BrandCisco
ModelCatalyst 6500 Series
CategorySwitch
LanguageEnglish

Related product manuals