Cisco Nexus 5500 Series NX-OS Security Command Reference

hardware profile tcam resource service-template
host (IPv4)
host (IPv6)

H Commands

This chapter describes the Cisco NX-OS security commands that begin with H.

hardware profile tcam resource service-template

To commit a template in the running image, use the hardware profile tcam resource service-template command. To commit a default template, use the no form of this command.

hardware profile tcam resource service-template user-defined-template

no hardware profile tcam resource service-template currently-committed- template

Syntax Description

user-defined-template	Name of the user defined template.
currently-committed- template	Name of the currently committed template.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
7.0(0)N1(1)	This command was introduced.
7.1(4)N1(1)	The output of the command was modified to include the system prompt that provides an option to proceed with copying the running configuration to the startup configuration and rebooting the switch.

Usage Guidelines

Use the show hardware profile tcam resource template command to list the template names to use in this command.

Examples

This example shows how to commit a user defined template:

switch# configure terminal

switch(config)# hardware profile tcam resource service-template temp1

Details of the temp1 template you are trying to commit are as follows:

-------------------------------------------------------------------------------

Template name: temp1

Committing a User-Defined Template

REVIEW DRAFT - CISCO CONFIDENTIAL

Current state: Created

Region Features Size-allocated Current-size Current-usage Available/free

-------------------------------------------------------------------------------

Vacl Vacl 1024 1024 15 1009

Ifacl Ifacl 1152 1152 209 943

Rbacl Rbacl 1152 1152 3 1149

Qos Qos 448 448 30 418

Span Span 64 64 2 62

Sup Sup 256 256 58 198

-------------------------------------------------------------------------------

To finish committing the template, the system will do the following:

1> Save running config : "copy running-config startup-config"

2> Reboot the switch : "reload"

-------------------------------------------------------------------------------

Do you really want to continue with RELOAD ? (y/n) [no] yes

System is still initializing

Configuration mode is blocked until system is ready

switch(config)# [16152.925385] Shutdown Ports..

[16152.959744] writing reset reason 9

[snip]

Related Commands

Command	Description
show hardware profile tcam resource template	Displays all templates.

host (IPv4)

To specify a host or a subnet as a member of an IPv4-address object group, use the host command. To remove a group member from an IPv4-address object group, use the no form of this command.

[ sequence-number ] host IPv4-address

no { sequence-number | host IPv4-address }

[ sequence-number ] IPv4-address network-wildcard

no IPv4-address network-wildcard

[ sequence-number ] IPv4-address / prefix-len

no IPv4-address / prefix-len

Syntax Description

sequence-number	(Optional) Sequence number for this group member. Sequence numbers maintain the order of group members within an object group. Valid sequence numbers are from 1 to 4294967295. If you do not specify a sequence number, the device assigns a number that is 10 greater than the largest sequence number in the current object group.
host IPv4-address	Specifies that the group member is a single IPv4 address. Enter IPv4-address in dotted-decimal format.
IPv4-address network-wildcard	IPv4 address and network wildcard. Enter IPv4-address and network-wildcard in dotted-decimal format. Use network-wildcard to specify which bits of IPv4-address are the network portion of the address, as follows: switch(config-ipaddr-ogroup)# 10.23.176.0 0.0.0.255 A network-wildcard value of 0.0.0.0 indicates that the group member is a specific IPv4 address.
IPv4-address / prefix-len	IPv4 address and variable-length subnet mask. Enter IPv4-address in dotted-decimal format. Use prefix-len to specify how many bits of IPv4-address are the network portion of the address, as follows: switch(config-ipaddr-ogroup)# 10.23.176.0/24 A prefix-len value of 32 indicates that the group member is a specific IP address.

Defaults

None

Command Modes

IPv4 address object group configuration

Command History

Release	Modification
7.3(0)N1(1)	This command was introduced.

Usage Guidelines

To specify a subnet as a group member, use either of the following forms of this command:

[ sequence-number ] IPv4-address network-wildcard

[ sequence-number ] IPv4-address / prefix-len

Regardless of the command form that you use to specify a subnet, the device shows the IP-address / prefix-len form of the group member when you use the show object-group command.

To specify a single IPv4 address as a group member, use any of the following forms of this command:

[ sequence-number ] host IPv4-address

[ sequence-number ] IPv4-address 0.0.0.0

[ sequence-number ] IPv4-address /32

Regardless of the command form that you use to specify a single IPv4 address, the device shows the host IP-address form of the group member when you use the show object-group command.

This command does not require a license.

Examples

This example shows how to configure an IPv4-address object group named ipv4-addr-group-13 with two group members that are specific IPv4 addresses and one group member that is the 10.23.176.0 subnet:

switch# config t

switch(config)# object-group ip address ipv4-addr-group-13

switch(config-ipaddr-ogroup)# host 10.121.57.102

switch(config-ipaddr-ogroup)# 10.121.57.234/32

switch(config-ipaddr-ogroup)# 10.23.176.0 0.0.0.255

switch(config-ipaddr-ogroup)# show object-group ipv4-addr-group-13

10 host 10.121.57.102

20 host 10.121.57.234

30 10.23.176.0/24

switch(config-ipaddr-ogroup)#

Related Commands

Command	Description
object-group ip address	Configures an IPv4 address group.
show object-group	Displays object groups.

host (IPv6)

To specify a host or a subnet as a member of an IPv6-address object group, use the host command. To remove a group member from an IPv6-address object group, use the no form of this command.

[ sequence-number ] host IPv6-address

no { sequence-number | host IPv6-address }

[ sequence-number ] IPv6-address / network-prefix

no IPv6-address / network-prefix

Syntax Description

sequence-number

(Optional) Sequence number for this group member. Sequence numbers maintain the order of group members within an object group. Valid sequence numbers are from 1 to 4294967295. If you do not specify a sequence number, the device assigns a number that is 10 greater than the largest sequence number in the current object group.

host IPv6-address

Specifies that the group member is a single IPv6 address. Enter IPv6-address in colon-separated, hexadecimal format.

IPv6-address / network-prefix

IPv6 address and a variable-length subnet mask. Enter IPv6-address in colon-separated, hexadecimal format. Use network-prefix to specify how many bits of IPv6-address are the network portion of the address, as follows:

switch(config-ipv6addr-ogroup)# 2001:db8:0:3ab7::/96

A network-prefix value of 128 indicates that the group member is a specific IPv6 address.

Defaults

None

Command Modes

IPv6 address object group configuration

Command History

Release	Modification
7.3(0)N1(1)	This command was introduced.

Usage Guidelines

To specify a subnet as a group member, use the following form of this command:

[ sequence-number ] IPv6-address / network-prefix

To specify a single IP address as a group member, use any of the following forms of this command:

[ sequence-number ] host IPv6-address

[ sequence-number ] IPv6-address /128

Regardless of the command form that you use to specify a single IPv6 address, the device shows the host IPv6-address form of the group member when you use the show object-group command.

This command does not require a license.

Examples

This example shows how to configure an IPv6-address object group named ipv6-addr-group-A7 with two group members that are specific IPv6 addresses and one group member that is the 2001:db8:0:3ab7:: subnet:

switch# config t

switch(config)# object-group ipv6 address ipv6-addr-group-A7

switch(config-ipv6addr-ogroup)# host 2001:db8:0:3ab0::1

switch(config-ipv6addr-ogroup)# 2001:db8:0:3ab0::2/128

switch(config-ipv6addr-ogroup)# 2001:db8:0:3ab7::/96

switch(config-ipv6addr-ogroup)# show object-group ipv6-addr-group-A7

10 host 2001:db8:0:3ab0::1

20 host 2001:db8:0:3ab0::2

30 2001:db8:0:3ab7::/96

switch(config-ipv6addr-ogroup)#

Related Commands

Command	Description
object-group ipv6 address	Configures an IPv6 address group.
show object-group	Displays object groups.

Bias-Free Language

Book Title

Cisco Nexus 5500 Series NX-OS Security Command Reference

Chapter Title

H Commands

Results

Chapter: H Commands

H Commands

hardware profile tcam resource service-template

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

host (IPv4)

Syntax Description

Defaults

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

host (IPv6)

Syntax Description

Defaults

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

Was this Document Helpful?

Contact Cisco