Adding a network object group – Cisco ASA 5505 User Manual

13-7

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 13 Configuring Objects

Configuring Objects and Groups

hostname (config-protocol)# protocol-object icmp

Adding a Network Object Group

A network object group supports IPv4 and IPv6 addresses.

To add or change a network object group, perform the steps in this section. After you add the group, you
can add more objects as required by following this procedure again for the same group name and
specifying additional objects. You do not need to reenter existing objects; the commands you already set
remain in place unless you remove them with the no form of the command.

Detailed Steps

Example

To create a network group that includes the IP addresses of three administrators, enter the following
commands:

hostname (config)# object-group network admins

hostname (config-protocol)# description Administrator Addresses

hostname (config-protocol)# network-object host 10.2.2.4

hostname (config-protocol)# network-object host 10.2.2.78

hostname (config-protocol)# network-object host 10.2.2.34

Command

Purpose

Step 1

object-group network

grp_id

Example:

hostname(config)# object-group network

admins

Adds a network group.

The grp_id is a text string up to 64 characters in
length and can be any combination of letters, digits,
and the following characters:

•

underscore “_”

•

dash “-”

•

period “.”

The prompt changes to protocol configuration mode.

Step 2

description

text

Example:

hostname(config-network)# Administrator

Addresses

(Optional) Adds a description. The description can
be up to 200 characters.

Step 3

network-object

{object name | host

ip_address | ip_address mask}

Example:

hostname(config-network)# network-object

host 10.2.2.4

The object keyword adds an additional object to the
network object group.

Defines the networks in the group. Enter the
command for each network or address.