Configuring Object Groups
You can use object groups to specify source and destination addresses in IPv4 ACL and IPv6 ACL rules.
Diagram
Classes
route_control (vxlan.overlay_extensions)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ipv4_object_groups | List | [ipv4_object_groups] | No | |
| ipv6_object_groups | List | [ipv6_object_groups] | No |
ipv4_object_groups (vxlan.overlay_extensions.route_control)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[A-Za-z0-9-_]{1,63}$ | Yes | |
| entries | List | [entries] | No |
ipv6_object_groups (vxlan.overlay_extensions.route_control)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[A-Za-z0-9-_]{1,63}$ | Yes | |
| entries | List | [entries] | No |
entries (vxlan.overlay_extensions.route_control.ipv4_object_groups)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| seq_number | Integer | min: 1, max: 4294967295 | Yes | |
| host | IP | No | ||
| ip | IP | No |
entries (vxlan.overlay_extensions.route_control.ipv6_object_groups)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| seq_number | Integer | min: 1, max: 4294967295 | Yes | |
| host | IP | No | ||
| ip | IP | No |
Examples
Example-1
In this example, we will create an IPv4 object-group named: web_server.
This group has three entries. The entry in the sequence number 10 defined one host 10.0.0.1. The second entry in sequence 20 defined other host 10.0.0.2. The last entry 30 defined a subnet 10.0.0.4/30
This object-group is used in group objgrps_RCtrlGrp, which is used in the switch netascode-leaf1.
object-group ip address web_server
10 host 10.0.0.1
20 host 10.0.0.2
30 10.0.0.4/30
---
vxlan:
overlay_extensions:
route_control:
ipv4_object_groups:
- name: web_server
entries:
- seq_number: 10
host: 10.0.0.1
- seq_number: 20
host: 10.0.0.2
- seq_number: 30
ip: 10.0.0.4/30
groups:
- name: objgrps_RCtrlGrp
ipv4_object_groups:
- name: web_server
switches:
- name: netascode-leaf1
groups:
- objgrps_RCtrlGrp
Then this object-group could be used in an ACL.
ip access-list acl-addgroup
10 permit ip addrgroup web_server any
Example-2
In this example, we will create an IPv6 object-group named: web_server6.
This group has three entries. The entry in the sequence number 10 defined one host 2001:db8::1. The second entry in sequence 20 defined other host 2001:db8::2. The last entry 30 defined a subnet 2001:db8::4/126
This object-group is used in group objgrps_RCtrlGrp, which is used in the switch netascode-leaf1.
object-group ipv6 address web_server6
10 host 2001:db8::1
20 host 2001:db8::2
30 2001:db8::4/126
---
vxlan:
overlay_extensions:
route_control:
ipv6_object_groups:
- name: web_server6
entries:
- seq_number: 10
host: 2001:db8::1
- seq_number: 20
host: 2001:db8::2
- seq_number: 30
ip: 2001:db8::4/126
groups:
- name: objgrps_RCtrlGrp
ipv6_object_groups:
- name: web_server6
switches:
- name: netascode-leaf1
groups:
- objgrps_RCtrlGrp