Object Groups
title: Object Groups sidebar: order: 6
You can use object groups to specify source and destination addresses in IPv4 ACL and IPv6 ACL rules.
Diagram
Classes
route_control (vxlan.overlay_extensions)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ipv4_object_groups | List | [ipv4_object_groups] | No | |
| ipv6_object_groups | List | [ipv6_object_groups] | No |
ipv4_object_groups (vxlan.overlay_extensions.route_control)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[A-Za-z0-9-_]{1,63}$ | Yes | |
| entries | List | [entries] | No |
ipv6_object_groups (vxlan.overlay_extensions.route_control)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[A-Za-z0-9-_]{1,63}$ | Yes | |
| entries | List | [entries] | No |
entries (vxlan.overlay_extensions.route_control.ipv4_object_groups)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| seq_number | Integer | min: 1, max: 4294967295 | Yes | |
| host | IP | No | ||
| ip | IP | No |
entries (vxlan.overlay_extensions.route_control.ipv6_object_groups)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| seq_number | Integer | min: 1, max: 4294967295 | Yes | |
| host | IP | No | ||
| ip | IP | No |
Examples
Example-1
In this example, we will create an IPv4 object-group named: web_server. This group has three entries. The entry in the sequence number 10 defined one host 10.0.0.1. The second entry in sequence 20 defined other host 10.0.0.2. The last entry 30 defined a subnet 10.0.0.4/30
This object-group is used in group objgrps_RCtrlGrp, which is used in the switch netascode-leaf1.
object-group ip address web_server 10 host 10.0.0.1 20 host 10.0.0.2 30 10.0.0.4/30---vxlan: overlay_extensions: route_control: ipv4_object_groups: - name: web_server entries: - seq_number: 10 host: 10.0.0.1 - seq_number: 20 host: 10.0.0.2 - seq_number: 30 ip: 10.0.0.4/30 groups: - name: objgrps_RCtrlGrp ipv4_object_groups: - name: web_server switches: - name: netascode-leaf1 groups: - objgrps_RCtrlGrpThen this object-group could be used in an ACL.
ip access-list acl-addgroup 10 permit ip addrgroup web_server anyExample-2
In this example, we will create an IPv6 object-group named: web_server6. This group has three entries. The entry in the sequence number 10 defined one host 2001:db8::1. The second entry in sequence 20 defined other host 2001:db8::2. The last entry 30 defined a subnet 2001:db8::4/126
This object-group is used in group objgrps_RCtrlGrp, which is used in the switch netascode-leaf1.
object-group ipv6 address web_server6 10 host 2001:db8::1 20 host 2001:db8::2 30 2001:db8::4/126---vxlan: overlay_extensions: route_control: ipv6_object_groups: - name: web_server6 entries: - seq_number: 10 host: 2001:db8::1 - seq_number: 20 host: 2001:db8::2 - seq_number: 30 ip: 2001:db8::4/126 groups: - name: objgrps_RCtrlGrp ipv6_object_groups: - name: web_server6 switches: - name: netascode-leaf1 groups: - objgrps_RCtrlGrp