address-port pair
The command is used to set the bundle of IP addresses and TCP/UDP port.
The use of a negative form (no) of the command removes an entry from a configured profile.
Syntax
[no] address-port pair < ADRR >:< PORT >
Parameters
<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];
<PORT> – port number, takes values of [1..65535].
Required privilege level
10
Command mode
CONFIG-OBJECT-GROUP-ADDRESS-PORT
Example
esr(config-object-group-address-port)# address-port pair 192.168.1.1:23
application
The command specifies the applications that are covered by the profile.
The use of a negative form (no) of the command removes an application from the current profile.
Syntax
[no] application < APPLICATION >
Parameters
<APPLICATION> – specifies the application covered by this profile.
May take the following values:
- afp – Apple Filing Protocol;
- amazon – Amazon Data Services;
- amqp – Advanced Message Queuing Protocol;
- apple – Apple Inc.;
- apple-icloud – Apple iCloud;
- apple-itunes – Apple iTunes;
- applejuice – Applejuice P2P;
- avi – AVI content in HTTP payload;
- ayiya – Anything In Anything;
- battlefield – Battlefield;
- bgp – Border Gateway Protocol;
- bittorrent – BitTorrent;
- bjnp – Canon BJNP protocol;
- cisco-skinny – Cisco Skinny;
- cisco-vpn – Cisco VPN;
- citrix – Citrix;
- citrix-online – Citrix-online;
- cloudflare – Cloudflare Inc.;
- coap – Constrained Application Protocol;
- collectd – Collectd;
- corba – Common Object Request Broker Architecture;
- dce-rpc – Distributed Computing Environment / Remote Procedure Calls;
- deezer – Deezer (music streaming service);
- dhcp – Dynamic Host Configuration Protocol;
- dhcpv6 – IPv6 Dynamic Host Configuration Protocol;
- directconnect – Direct Connect;
- dns – Domain Name System;
- dnscrypt – DNSCrypt;
- drda – Distributed Relational Database Architecture;
- dropbox – Dropbox;
- ebay – eBay;
- edonkey – eDonkey;
- egp – Exterior Gateway Protocol;
- epp – Extensible Provisioning Protocol.
Required privilege level
10
Command mode
CONFIG-OBJECT-GROUP-APPLICATION
Example
Set the description for IP addresses profile:
esr(config-object-group-application)# application egp
description
The command changes the description of IP addresses profile, port profile and URL profile.
The use of a negative form (no) of the command removes a profile description.
Syntax
description <DESCRIPTION>
no description
Parameters
<DESCRIPTION> – profile description, set by the string of up to 255 characters.
Required privilege level
10
Command mode
CONFIG-OBJECT-GROUP-NETWORK
CONFIG-OBJECT-GROUP-SERVICE
CONFIG-OBJECT-GROUP-MAC
CONFIG-OBJECT-GROUP-APPLICATION
CONFIG-OBJECT-GROUP-URL
CONFIG-OBJECT-GROUP-ADDRESS-PORT
Example
Set the description for IP addresses profile:
esr(config-object-group-network)# description "Internal addresses"
ip address-range
The command specifies IP addresses range.
The use of a negative form (no) of the command removes an entry from a configured profile.
Syntax
[no] ip address-range <FROM-ADDR>[-<TO-ADDR>]
Parameters
<FROM-ADDR> – range starting IP address;
<TO-ADDR> – range ending IP address, optional parameter; If the parameter is not specified, a single IP address is set by the command.
The addresses are defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
You can specify up to 64 different IP ranges within one address group for ESR-20/21/100/200/1000/1200/1500/1510/1700
You can specify up to 6 different IP ranges within one address group for ESR-10/12V/12VF/14VF
Required privilege level
10
Command mode
CONFIG-OBJECT-GROUP-NETWORK
Example
esr(config-object-group-network)# ip address 192.168.1.1 192.168.1.25
ip prefix
The command specifies a subnet.
The use of a negative form (no) of the command removes a specified subnet.
Syntax
[no] ip prefix <ADDR/LEN>
Parameters
<ADDR/LEN> – IP subnet, defined as AAA.BBB.CCC.DDD/EE where each part AAA-DDD takes values of [0..255] and EE takes values of [1..32].
Required privilege level
10
Command mode
CONFIG-OBJECT-GROUP-NETWORK
Example
esr(config-object-group-network)# ip prefix 10.10.10.0/24
ipv6 address-range
The command specifies IPv6 addresses range. The use of a negative form (no) of the command removes an entry from a configured profile.
Syntax
[no] ipv6 address-range <FROM-ADDR>[-<TO-ADDR>]
Parameters
<FROM-ADDR> – range starting IPv6 address.
<TO-ADDR> – range ending IPv6 address, optional parameter. If the parameter is not specified, a single IPv6 address is set by the command.
The addresses are defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].
You can specify up to 64 different IP ranges within one address group for ESR-20/21/100/200/1000/1200/1500/1510/1700.
You can specify up to 6 different IP ranges within one address group for ESR-10/12V/12VF/14VF.
Required privilege level
10
Command mode
CONFIG-OBJECT-GROUP-NETWORK
Example
esr(config-object-group-network)# ipv6 address-range fc00::1:1-fc00:1::32
ipv6 prefix
The command specifies IPv6 subnet.
The use of a negative form (no) of the command removes a specified subnet.
Syntax
[no] ipv6 prefix <IPV6-ADDR/LEN>
Parameters
<IPV6-ADDR/LEN> – IP address and mask of a subnet, defined as X:X:X:X::X/EE where each X part takes values in hexadecimal format [0..FFFF] and EE takes values of [1..128].
Required privilege level
10
Command mode
CONFIG-OBJECT-GROUP-NETWORK
Example
esr(config-object-group-network)# ipv6 prefix fc00::/126
object-group address-port
This command creates a profile of bundles of IP addresses and TCP/UDP ports. Profiles are used to configure services that work with pools of IP addresses and TCP/UDP ports – NAT, Firewall.
The use of a negative form (no) of the command removes IP address profile.
Syntax
[no] object-group address-port <NAME>
Parameters
<NAME> – the name of the configured profile of IP address bundles and TCP/UDP ports is specified by a string of up to 31 characters. The use of a negative form (no) of the command with ‘all’ parameter removes all IP address profiles.
Required privilege level
10
Command mode
CONFIG
Example
To create IP addresses profile with name remote and to switch to profile configuration mode:
esr(config)# object-group address-port WEB
object-group application
The command is used to create application profile. The profile is used for filtration on the basis of applications (DPI).
The use of a negative form (no) of the command removes the profile.
Syntax
[no] object-group application <NAME>
Parameters
<NAME> – application profile name, set by the string of up to 31 characters. When removing, you can use ‘all’ key instead of the name. When using the ‘all’ key, all application profiles will be removed.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# object-group application OGA045
object-group mac
The command is used to create MAC address profile. The profile is used in MAC-based VLAN.
The use of a negative form (no) of the command removes the profile.
Syntax
[no] object-group mac <NAME>
Parameters
<NAME> – MAC addresses profile name, set by the string of up to 31 characters. When removing, you can use ‘all’ key instead of the name. When using the ‘all’ key, all MAC address profiles will be removed.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# object-group mac OGM007
object-group network
The command is used to create IP address profile. The profiles are used to configure services operating with IP address pools – for example, NAT, Firewall, Remote-Access – as well as to create prefix list.
The use of a negative form (no) of the command removes IP address profile.
Syntax
[no] object-group network <NAME>
Parameters
<NAME> – configured IP addresses profile, set by the string of up to 31 characters. The use of a negative form (no) of the command with ‘all’ parameter removes all IP address profiles.
Required privilege level
10
Command mode
CONFIG
Example
To create IP addresses profile with name remote and to switch to profile configuration mode:
esr(config)# object-group network remote
object-group service
The command creates TCP/UDP ports profile. The profile is used in NAT and Firewall services rules.
The use of a negative form (no) of the command removes the profile.
Syntax
[no] object-group service <NAME>
Parameters
<NAME> – port profile name, set by the string of up to 31 characters. The use of a negative form (no) of the command with ‘all’ parameter removes all TCP/UDP ports profiles.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# object-group service ssh
object-group url
The command is used to create URL link profile.
The use of a negative form (no) of the command removes the profile.
Syntax
[no] object-group url <NAME>
Parameters
<NAME> – port profile name, set by the string of up to 31 characters. The use of a negative form (no) of the command with ‘all’ parameter removes all URL links profiles.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# object-group url vk
port-range
The command specifies the range of TCP/UDP ports related to the profile.
The use of a negative form (no) of the command removes an entry from a configured profile.
Syntax
port-range <PORT>
no port-range [<PORT> | all]
Parameters
<PORT> – port number, takes values of [1..65535].
You can specify several ports separated by commas ',' or you can specify the range of ports with '-'. Example of the record: <PORT>, <PORT> or <PORT>-<PORT> or <PORT>-<PORT>, <PORT>-<PORT>.
Required privilege level
10
Command mode
CONFIG-OBJECT-GROUP-SERVICE
Example
esr(config-object-group-service)# port-range 22
regexp
This command describes a URL link pattern.
The use of a negative form (no) of the command removes a URL link pattern.
Syntax
regexp <REGEXP>
no regexp {<REGEXP>|all}
Parameters
<REGEXP> – regular expression. Described by the string of up to 255 characters. The character '\' must be shielded.
all — the key used to delete all created rules.
Default value
Pattern is not created.
Required privilege level
10
Command mode
CONFIG-OBJECT-GROUP-URL
Example
esr(config-object-group-url)# '^http:\/\/site\.ru'
show object-group
The command displays information on IP addresses and TCP/UDP ports profiles.
Syntax
show object-group <PROFILE_TYPE> [<NAME>]
Parameters
<PROFILE_TYPE> – profile type:
- network – IP addresses profile;
- service – TCP/UDP ports profile;
<NAME> – profile name, set by the string of up to 31 characters, optional parameter. If profile name is not specified, information on all IP addresses and TCP/UDP ports profiles will be displayed.
Required privilege level
1
Command mode
ROOT
Example
esr# show object-group network Network Description -------------------------------- -------------------------------- remote -- local -- tunnel -- esr# show object-group network remote IP Addresses -------------------------------- 10.102.0.0/16 esr# show object-group service Service Description -------------------------------- -------------------------------- telnet -- ssh -- dhcp_server -- dhcp_client -- ntp -- esr# show object-group service ssh Port ranges -------------------------------- 22
url
The command specifies URL link.
The use of a negative form (no) of the command removes a link from a configured profile.
Syntax
url <URL>
no url [ <URL> | all ]
Parameters
<URL> – text field containing URL link of 8-255 characters length.
When removing it with ‘all’ key, all previously added URL links will be removed.
Required privilege level
10
Command mode
CONFIG-OBJECT-GROUP-URL
Example
esr(config-object-group-url)# url https://vk.com