Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
61626364656667686970
61
32B
Configuring address resources at the CLI
At the CLI, address resources are called "address objects" falling into the following categories:
IP address object—An IP address object comprises one host name or one or more IP addresses.
Only IPv4 addresses are supported.
IP address group object—An IP address group object comprises IP address objects, IP address
group objects, or both.
MAC address object—A MAC address object comprises one or more MAC addresses.
MAC address group object—A MAC address group object comprises MAC address objects, MAC
address group objects, or both.
At the CLI, address objects also include service objects and service group objects. For more information,
see "Configuring service resources."
IP address objects support only IPv4 addresses. Support for IPv6 addresses depends on the device model.
For more information, see Network Management Configuration Guide.
One group object can comprise other group objects, and a member group object can also comprise
other group objects. However, no further iteration is allowed and a group object cannot be a member of
itself. For example, if object object3 is a member of group object object2, which is a member of group
object object1, object3 cannot be a group object and object1 cannot be a member of object2.
On a VD, you can configure different categories of objects, and configure multiple objects for each
category. Each object on a VD is uniquely identified by its name. For more information about VDs, see
"Configuring VDs." For more information about the switchto vd command, see System Management and
Maintenance Configuration Guide.
144BConfiguring an IP address object
IP address objects fall in to three sub-categories: host address object, address range object, and subnet
address object. The device can have these sub-categories of objects at the same time.
301BConfiguring a host address object
A host address object can comprise host IP addresses or a host name, but only one type. To add a host
name to a host address object with a host IP address member, for example, you must remove the host IP
address member first.
A host address object can comprise multiple host IP addresses. To add multiple host IP addresses to a host
address object, execute the host address command multiple times.
A host address object can comprise only one host name. If you execute the host name command multiple
times, the most recent configuration takes effect.
To configure a host address object:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD system view.
switchto vd vd-name
Required only when you are first
logged in to the system view of
the default VD and want to
configure an object for a
non-default VD.