Object Grouping
Manage object groups

Once object groups have been put in place, it is important for network administrators to be able to monitor and modify them as necessary. This section will look at the following three commands that are used for these purposes:

  • show object-group
  • no object-group
  • clear object-group

Viewing Object Groups
The show object-group command gives a network administrator the ability to easily review object groups that are currently configured on a PIX Security Appliance . This enables the administrator to view the object groups based on several criteria. The PIX displays defined object groups by their grp_id when the show object-group id grp_id command is entered. The PIX also displays defined object groups by group type when the show object-group command is entered with the protocol, service, icmp-type, or network option. When the show object-group is entered without a parameter, all defined object groups are shown.

Removing Object Groups
Two commands that are used to maintain object groups on a PIX Security Appliance are the no object-group and clear object-group commands . The no object-group command removes a single object group from the configuration, whereas the clear object-group command is used to erase all object groups from the PIX.


Lab Activity

Lab Exercise: Configure Object Groups and Nested Object Groups using CLI

In this lab, students will learn to configure a service, ICMP-Type, and nested server object group. Students will also learn to configure an inbound access control list (ACL) with object groups. Students will then configure web and ICMP access to the inside host. Finally, students will test and verify the inbound ACL.