HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

• MAC address object—A MAC address object comprises one or more MAC addresses.

• MAC address group object—A MAC address group object comprises MAC address objects, MAC

address group objects, or both.

At the CLI, address objects also include service objects and service group objects. For more information,

see "Configuring service resources."

IP address objects support only IPv4 addresses.

One group object can comprise other group objects, and a member group object can also comprise

other group objects. However, no further iteration is allowed and a group object cannot be a member of

itself. For example, if object object3 is a member of group object object2, which is a member of group

object object1, object3 cannot be a group object and object1 cannot be a member of object2.

On a VD, you can configure different categories of objects, and configure multiple objects for each

category. Each object on a VD is uniquely identified by its name. For more information about VDs, see

"Configuring VDs." For more information about the switchto vd command, see System Management and

Maintenance Configuration Guide.

Configuring an IP address object

IP address objects fall in to three sub-categories: host address object, address range object, and subnet

address object. The device can have these sub-categories of objects at the same time.

Configuring a host address object

A host address object can comprise host IP addresses or a host name, but only one type. To add a host

name to a host address object with a host IP address member, for example, you must remove the host IP

address member first.

A host address object can comprise multiple host IP addresses. To add multiple host IP addresses to a host

address object, execute the host address command multiple times.

A host address object can comprise only one host name. If you execute the host name command multiple

times, the most recent configuration takes effect.

To configure a host address object:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter VD system view.

switchto vd vd-name

Required only when you are first

logged in to the system view of

the default VD and want to

configure an object for a

non-default VD.

3. Create a host address

object and enter host

address object view.

object network host name

By default, no host address object

is configured.

If the object already exists, you

enter its view.

4. Configure a description for

the object.

description description-string

Optional.

By default, no description is

configured for an object.