Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
13016
Views
26
Helpful
3
Replies

Difference between object and object group

Go to solution
mahesh18
Level 6
Level 6

‎05-18-2014 08:49 AM - edited ‎03-11-2019 09:12 PM

 

Hi Everyone,

 

ASA1#                             sh run object
object network Sales
 subnet 10.12.12.0 255.255.255.0




ASA1# sh run object-group
object-group service 123
 service-object udp source eq 1900
object-group service 1900 udp
 port-object eq 1900
object-group network sales
 network-object 10.12.12.0 255.255.255.0
object-group network vpn_pool_ip
 network-object 10.10.10.0 255.255.255.0
object-group network inside
 network-object 10.0.0.0 255.255.255.0
 network-object 192.168.50.0 255.255.255.0
 network-object 10.1.0.0 255.255.0.0
object-group network VPN_Access
 network-object 10.10.10.0 255.255.255.0
object-group service DNS_servers
 service-object udp destination eq domain
object-group network DNS_SERVERS
 network-object host 64.59.144.19
 network-object host 4.2.2.2
object-group network FTP_EPSON
 network-object host 63.73.69.140
 network-object host 69.164.87.20
 network-object host 69.164.87.37

Need to understand what is difference between object and object group here?

as under object network we can have host,subnet or range of IP addresses  but object group can also have IP addresses under it.

 

Regards

MAhesh

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎05-18-2014 06:41 PM

- object just contains a single type of object, whether it's network object (single IP address or subnet), or service object (tcp port(s), protocol, udp port(s)).

- object group contains a group of objects, so you can combine all the same type of objects into a group, eg: a single IP, subnets, different subnets, different IP into one network object-group.

View solution in original post

3 Replies 3

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎05-18-2014 06:41 PM

- object just contains a single type of object, whether it's network object (single IP address or subnet), or service object (tcp port(s), protocol, udp port(s)).

- object group contains a group of objects, so you can combine all the same type of objects into a group, eg: a single IP, subnets, different subnets, different IP into one network object-group.

Go to solution
mahesh18
Level 6
Level 6
In response to Jennifer Halim

‎05-18-2014 07:18 PM

 

Hi Jennifer,

 

i tested and found that object contains single variable it can be either IP,subnet or range.

i tested it as below

 

ASA1#                                     sh run object
object network Test1
 host 8.8.8.8
ASA1#  config t
ASA1(config)# obj
ASA1(config)# object net
ASA1(config)# object network Test1
ASA1(config-network-object)# host 3.3.3.3
ASA1(config-network-object)# sub
ASA1(config-network-object)# subnet ?

network-object mode commands/options:
  A.B.C.D             Enter an IPV4 network address
  X:X:X:X::X/<0-128>  Enter an IPv6 prefix
ASA1(config-network-object)# subnet 2.2.2.0 255.255.255.0
ASA1(config-network-object)# end
ASA1# sh run obh
ASA1# sh run obj
ASA1# sh run object
object network Test1
 subnet 2.2.2.0 255.255.255.0

 

I understand it now.

Best Regards

MAhesh

Go to solution
Eddy.Cuevas
Level 1
Level 1
In response to Jennifer Halim

‎06-12-2018 07:17 AM

Nice explanation, thank you Jennifer!
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top