Simplifying Access Control Lists with Object Groups
Defining Protocol Parameters for a Service Object Group
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
1-26
To define protocol parameters for a service object group, use the protocol
argument in object group service configuration mode. For TCP or UDP, the syntax
of this command is as follows:
protocol [source {{operator} port1 | port1 port2}] [{{operator} port3 | port3
port4}]
For ICMP, the syntax of this command is:
icmp [icmp-type] [code {{operator} icmp-code1 | range icmp-code1
icmp-code2}]
The keywords, arguments, and options are as follows:
protocol—Name or number of an IP protocol. Enter a protocol name or an
•
integer from 1 to 255 that represents an IP protocol number. See
source—(Optional) Specifies a source port for TCP, TCP-UDP, or UDP.
•
To specify a destination port for TCP or UDP, use the operator
Note
argument with no preceding keyword. The destination keyword is
implied.
operator—Operand used to compare source and destination port numbers for
•
TCP and UDP protocols or ICMP code numbers for the ICMP protocol. The
operators are as follows:
lt—Less than.
–
gt—Greater than.
–
eq—Equal to.
–
neq—Not equal to.
–
range—An inclusive range of port values or ICMP message codes. If you
–
enter this operator, enter a second port number value or a second ICMP
message code to define the upper limit of the range.
Chapter 1
Configuring Security Access Control Lists
Table
1-2.
OL-16202-01