Object Grouping

Object Grouping
Object grouping allows you to group objects such as hosts (servers and clients), services, and
networks and apply security policies and rules to the group. Object grouping lets you apply access
rules to logical groups of objects. When you apply an access list to an object group, the command
affects all objects defined in the group. Object grouping provides a way to reduce the number of
access rules required to describe complex security policies. This in turn reduces the time spent
configuring and troubleshooting access rules in large or complex networks.
The syntax for creating object groups is as follows:
[no] object-group object-type grp-id
Use the first parameter, object-type, to identify the type of object group you want to
configure. There are four options:
■ network
■ protocol
■ service
■ icmp-type
Replace grp-id with a descriptive name for the group.