object-group port

Syntax

语法来创建一个层4端口对象组和enter its context:

object-group portno object-group port

Syntax (within the port object-group context) for creating or removing Layer 4 port entries:

[] { {eq|gt|lt}|range} no

Description

Creates a Layer 4 port object group comprised of one or more port entries. Port groups are used solely as a shorthand way of specifying groups of ports in the ACEs that make up ACLs. Layer 4 port groups can be used only in theaccess-list ipandaccess-list ipv6commands. Enteringobject-group portwith an existing port group name, enables you to modify an existing port group.

Thenoform of this command deletes the entire port group or deletes a particular port group entry identified by sequence number.

Command context

config

Theobject-group ip portcommand takes you into the named port group context (with promptswitch(config-portgroup)#) where you specify the ports.

Parameters

Specifies the port object group name.

Specifies a sequence number for the port entry. Range: 1 to 4294967295. When omitted, a sequence number 10 larger than the current highest sequence number is auto-assigned. Default auto-assigned sequence numbers are 10, 20, 30, and so on.

{ {eq|gt|lt}|range}
Specifies the port or port range. Port numbers are in the range of 0 to 65535.

  • eq- specifies the Layer 4 port.

  • gt- specifies any Layer 4 port greater than the indicated port.

  • lt- specifies any Layer 4 port less than the indicated port.

  • range- specifies the Layer 4 port range.

NOTE:

When ACLs using ACEs defined with port groups are applied, the same number of hardware resources are consumed as when the ports are specified directly in the ACEs and not in a group. Keep this in mind when creating port groups that include many ports. Although hardware resource consumption is the same, with or without port groups used, it may not be immediately obvious that some port groups that you have defined, include many ports. It is recommended that you name port groups in a manner that reminds you that a group includes many ports.

Authority

Administrators or local user group members with execution rights for this command.

Examples

Creating a port group with two entries to cover port 80 plus ports 0 through 50:

switch(config)#object-group port my_port_groupswitch(config-portgroup)#10 eq 80switch(config-portgroup)#20 range 0 50switch(config-portgroup)#exitswitch(config)#show object-groupType Name Sequence L4 Port(s)/IP Address ------------------------------------------------------------------------------- Port my_port_group 10 eq 80 20 range 0 50

Adding an entry for ports greater than 65525 (covers ports 65526 through 65535):

switch(config)#object-group port my_port_groupswitch(config-portgroup)#30 gt 65525switch(config-portgroup)#exitswitch(config)#show object-groupType Name Sequence L4 Port(s)/IP Address ------------------------------------------------------------------------------- Port my_port_group 10 eq 80 20 range 0 50 30 gt 65525

Removing an entry (#20) from the port group:

switch(config)#object-group port my_port_groupswitch(config-portgroup)#no 20switch(config-portgroup)#exitswitch(config)#show object-groupType Name Sequence L4 Port(s)/IP Address ------------------------------------------------------------------------------- Port my_port_group 10 eq 80 30 gt 65525

Removing the port group:

switch(config)#no object-group port my_port_groupswitch(config)#show object-groupNo object group found.