Cisco Nexus 7000 Series NX-OS Security Command Reference, Release 4.0
H Commands
Download this chapter
H CommandsH Commands
Download the complete book
Cisco Nexus 7000 Series NX-OS Security Command Reference, Release 4.0Cisco Nexus 7000 Series NX-OS Security Command Reference, Release 4.0 (PDF - 6 MB)
give_us_feedback

Table Of Contents

H Commands

host (IPv4)

host (IPv6)


H Commands

This chapter describes the Cisco NX-OS security commands that begin with H.

host (IPv4)

To specify a host or a subnet as a member of an IPv4-address object group, use the host command. To remove a group member from an IPv4-address object group, use the no form of this command.

[sequence-number] host IPv4-address

no {sequence-number | host IPv4-address}

[sequence-number] IPv4-address network-wildcard

no IPv4-address network-wildcard

[sequence-number] IPv4-address/prefix-len

no IPv4-address/prefix-len

Syntax Description

sequence-number

(Optional) Sequence number for this group member. Sequence numbers maintain the order of group members within an object group. Valid sequence numbers are from 1 to 4294967295. If you do not specify a sequence number, the device assigns a number that is 10 greater than the largest sequence number in the current object group.

host IPv4-address

Specifies that the group member is a single IPv4 address. Enter IPv4-address in dotted-decimal format.

IPv4-address network-wildcard

IPv4 address and network wildcard. Enter IPv4-address and network-wildcard in dotted-decimal format. Use network-wildcard to specify which bits of IPv4-address are the network portion of the address, as follows: 

switch(config-ipaddr-ogroup)# 10.23.176.0 0.0.0.255

A network-wildcard value of 0.0.0.0 indicates that the group member is a specific IPv4 address.

IPv4-address/prefix-len

IPv4 address and variable-length subnet mask. Enter IPv4-address in dotted-decimal format. Use prefix-len to specify how many bits of IPv4-address are the network portion of the address, as follows: 

switch(config-ipaddr-ogroup)# 10.23.176.0/24

A prefix-len value of 32 indicates that the group member is a specific IP address.


Defaults

None

Command Modes

IPv4 address object group configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

To specify a subnet as a group member, use either of the following forms of this command:

[sequence-number] IPv4-address network-wildcard

[sequence-number] IPv4-address/prefix-len

Regardless of the command form that you use to specify a subnet, the device shows the IP-address/prefix-len form of the group member when you use the show object-group command.

To specify a single IPv4 address as a group member, use any of the following forms of this command:

[sequence-number] host IPv4-address

[sequence-number] IPv4-address 0.0.0.0

[sequence-number] IPv4-address/32

Regardless of the command form that you use to specify a single IPv4 address, the device shows the host IP-address form of the group member when you use the show object-group command.

This command does not require a license.

Examples

This example shows how to configure an IPv4-address object group named ipv4-addr-group-13 with two group members that are specific IPv4 addresses and one group member that is the 10.23.176.0 subnet: 

switch# config t

switch(config)# object-group ip address ipv4-addr-group-13

switch(config-ipaddr-ogroup)# host 10.121.57.102

switch(config-ipaddr-ogroup)# 10.121.57.234/32

switch(config-ipaddr-ogroup)# 10.23.176.0 0.0.0.255

switch(config-ipaddr-ogroup)# show object-group ipv4-addr-group-13

        10 host 10.121.57.102

        20 host 10.121.57.234

        30 10.23.176.0/24

switch(config-ipaddr-ogroup)#

Related Commands

Command
Description

object-group ip address

Configures an IPv4 address group.

show object-group

Displays object groups.


host (IPv6)

To specify a host or a subnet as a member of an IPv6-address object group, use the host command. To remove a group member from an IPv6-address object group, use the no form of this command.

[sequence-number] host IPv6-address

no {sequence-number | host IPv6-address}

[sequence-number] IPv6-address/network-prefix

no IPv6-address/network-prefix

Syntax Description

sequence-number

(Optional) Sequence number for this group member. Sequence numbers maintain the order of group members within an object group. Valid sequence numbers are from 1 to 4294967295. If you do not specify a sequence number, the device assigns a number that is 10 greater than the largest sequence number in the current object group.

host IPv6-address

Specifies that the group member is a single IPv6 address. Enter IPv6-address in colon-separated, hexadecimal format.

IPv6-address/network-prefix

IPv6 address and a variable-length subnet mask. Enter IPv6-address in colon-separated, hexadecimal format. Use network-prefix to specify how many bits of IPv6-address are the network portion of the address, as follows: 

switch(config-ipv6addr-ogroup)# 2001:db8:0:3ab7::/96

A network-prefix value of 128 indicates that the group member is a specific IPv6 address.


Defaults

None

Command Modes

IPv6 address object group configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

To specify a subnet as a group member, use the following form of this command:

[sequence-number] IPv6-address/network-prefix

To specify a single IP address as a group member, use any of the following forms of this command:

[sequence-number] host IPv6-address

[sequence-number] IPv6-address/128

Regardless of the command form that you use to specify a single IPv6 address, the device shows the host IPv6-address form of the group member when you use the show object-group command.

This command does not require a license.

Examples

This example shows how to configure an IPv6-address object group named ipv6-addr-group-A7 with two group members that are specific IPv6 addresses and one group member that is the 2001:db8:0:3ab7:: subnet: 

switch# config t

switch(config)# object-group ipv6 address ipv6-addr-group-A7

switch(config-ipv6addr-ogroup)# host 2001:db8:0:3ab0::1

switch(config-ipv6addr-ogroup)# 2001:db8:0:3ab0::2/128

switch(config-ipv6addr-ogroup)# 2001:db8:0:3ab7::/96

switch(config-ipv6addr-ogroup)# show object-group ipv6-addr-group-A7

        10 host 2001:db8:0:3ab0::1

        20 host 2001:db8:0:3ab0::2

        30 2001:db8:0:3ab7::/96

switch(config-ipv6addr-ogroup)#

Related Commands

Command
Description

object-group ipv6 address

Configures an IPv6 address group.

show object-group

Displays object groups.