About address and port object groups

Object groups are useful for defining groups of IP addresses and Layer 4 ports for use exclusively in the two ACL-defining commandsaccess-list ipandaccess-list ipv6.

通常,常见的组地址和港口或运动t ranges are used repeatedly in many ACL definitions. Without address and port object groups, the same addresses and ports must be repeated in each ACL definition that uses them.

With address and port object groups, the IP addresses and ports can be defined once, using any of these commands:

object-group ip address
object-group ipv6 address
object-group port

Once an object group is defined, the group is available for inclusion by name as theandparameters in theaccess-list ipandaccess-list ipv6ACL-definition commands.

Object groups simplify the ACL definition process and help ensure consistent address and port specification across many ACLs.

NOTE:

Keep in mind that it is possible to consume many hardware resource entries when using the object group commands. For example, in a typical situation, an ACE that uses object groups with 3 source addresses, 3 source L4 ports, 3 destination addresses, and 3 destination L4 ports, a total of 81 hardware entries are consumed (3 * 3 * 3 * 3 = 81).