Simplifying Access Control Lists with Object Groups
Simplifying Access Control Lists with Object Groups
Overview of Object Groups
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
1-20
The keywords, options, and arguments are as follows:
name—Unique identifier of the ACL. Enter an unquoted text string with a
•
maximum of 64 alphanumeric characters.
resequence—Specifies the renumbering of the entries in an ACL.
•
number1—(Optional) Number assigned to the first entry in the ACL. Enter
•
any integer. The default is 10.
number2—(Optional) Number added to each entry in the ACL after the first
•
entry. Enter any integer. The default is 10.
For example, enter:
host1/Admin(config)# access-list INBOUND resequence 5 15
This section describes how to use object groups to simplify ACL creation and
maintenance. It contains the following topics:
Overview of Object Groups
•
Configuring Network Object Groups
•
Configuring Service Object Groups
•
Using Object Groups in an ACL
•
•
Applying an ACL to an Interface
Applying an ACL Globally to All Interfaces in a Context
•
•
Filtering Traffic with an ACL
Object groups allow you to streamline the configuration of multiple ACL entries
in an ACL. By grouping like objects together, you can use an object group in an
ACL entry instead of having to enter an ACL entry for each object separately. You
can create the following types of object groups:
Network object groups
•
Service object groups
•
Chapter 1
Configuring Security Access Control Lists
OL-16202-01