object-group service

Description                                                    Create a service object group, for specifying match criteria using Layer 4 - Layer 7 parameters. An object group is a named set of IP addresses or protocol values.

Usage                                                                  [no] object-group service group-name

This command changes the CLI to the configuration level for the service object group, where the following commands are available:

Command

Description

description

Description of this service object group instance.

[no] icmp 
[
type {type-option}
[
code {any-code | code-num}]]

Matches on ICMP traffic.

The type type-option parameter matches based on the specified ICMP type. You can specify one of the following ICMP types (enter either the number or the name):

  any-type – Matches on any ICMP type.

  dest-unreachable | 3 – Type 3, destination unreachable

  echo-reply | 0 – Type 0, echo reply

  echo-request | 8 – Type 8, echo request

  info-reply | 16 – Type 16, information reply

  info-request | 15 – Type 15, information request

  mask-reply | 18 – Type 18, address mask reply

  mask-request | 17 – Type 17, address mask request

  parameter-problem | 12 – Type 12, parameter problem

  redirect | 5 – Type 5, redirect message

  source-quench | 4 – Type 4, source quench

  time-exceeded | 11 – Type 11, time exceeded

  timestamp | 13 – Type 13, timestamp

  timestamp-reply | 14 – Type 14, timestamp reply

The code code-num option is applicable if the protocol type is icmp. You can specify:

  any-code – Matches on any ICMP code.

  code-num – ICMP code number, 0-254

[no] icmpv6 
[
type {type-option}
[
code {any-code | code-num}]]

Matches on ICMPv6 traffic.

The type type-option parameter matches based on the specified ICMPv6 type. You can specify one of the following types (enter either the number or the name):

  any-type – Matches on any ICMPv6 type.

  dest-unreachable – Matches on type 1, destination unreachable messages.

  echo-reply – Matches on type 129, echo reply messages.

  echo-request – Matches on type 128, echo request messages.

  packet-too-big – Matches on type 2, packet too big messages.

  param-prob – Matches on type 4, parameter problem messages.

  time-exceeded – Matches on type 3, time exceeded messages.

{tcp | udp}
eq src-port |
gt src-port |
lt src-port |
range start-src-port end-src-port

Specifies the protocol ports on which to match:

  eq src-port – The ACL matches on traffic on the specified port.

  gt src-port – The ACL matches on traffic on any port with a higher number than the specified port.

  lt src-port – The ACL matches on traffic on any port with a lower number than the specified port.

  range start-src-port end-src-port – The ACL matches on traffic on any port within the specified range.

Default                                                                Not set

Mode                                                                   Configuration mode

Example                                                            The following commands configure service object group WEB_SERVICES and display the configuration:

ACOS(config)# object-group service WEB-SERVICES

ACOS(config-service-group:WEB-SERVICES)# tcp eq 80

ACOS(config-service-group:WEB-SERVICES)# tcp source range 1025 65535 eq 8080

ACOS(config-service-group:WEB-SERVICES)# tcp source range 1025 65535 eq 443

ACOS(config-service-group:WEB-SERVICES)# exit

ACOS(config)# show object-group

object-group service WEB-SERVICES

tcp eq 80

tcp source range 1025 65535 eq 8080

tcp source range 1025 65535 eq 443

 

Example                                                            The following command configures an ACL that uses service object group configured above:

ACOS(config)# access-list 111 permit object-group WEB-SERVICES any any

Table of Contents

Index

Glossary

-Search-

Back