Cisco - Naming Services/Ports in PixOS

10-21-2005, 07:22 PM

I am trying to go through and clean up my configuration. I have been
using the `name` command to assign names to IPs. This really
simplifies how ACLs look. It has been a great first step. In the end,
I will start implementing some object groups. Right now, however, I
would like to be able to name services... for instance RDP is tcp/3389,
and TFTP is tcp/69. Most of the services have names, but not these.
For consistency's sake, I would like to give them a name. Is there a
way to do this?

Thanks,
Dustin

Dustin

10-21-2005, 08:30 PM

In article < .com>,
Dustin <> wrote:
:I am trying to go through and clean up my configuration. I have been
:using the `name` command to assign names to IPs. This really
:simplifies how ACLs look. It has been a great first step. In the end,
:I will start implementing some object groups. Right now, however, I
:would like to be able to name services... for instance RDP is tcp/3389,
:and TFTP is tcp/69. Most of the services have names, but not these.
:For consistency's sake, I would like to give them a name. Is there a
:way to do this?

Not directly. You can, though, create a service object-group

object-group service TFTP udp
description the UDP port used for TFTP
port-object eq 69

access-list Out2In permit udp any host MyServer object-group TFTP

[Note: you indicated tftp as tcp/69 but it is udp that is used.]
--
Many food scientists have reported chocolate to be the single most
craved food. -- Northwestern University, 2001

Walter Roberson

10-21-2005, 09:20 PM

Thanks for that, and thanks for correcting me... udp/69 for tftp

Dustin

10-21-2005, 11:51 PM

Walter Roberson a écrit :
> Not directly. You can, though, create a service object-group
>
> object-group service TFTP udp
> description the UDP port used for TFTP
> port-object eq 69

To expand on Walter's comment, you can also have groups being members of
other groups.

For example:

object-group service Cisco-Mgmt udp
description stuff that you need to manage your routers and switches
port-object eq snmptrap
port-object eq syslog
group-object TFTP

--
Francois Labreque | Unfortunately, there's no such thing as a snooze
flabreque | button on a cat who wants breakfast.
@ | - Unattributed quote from rec.humor.funny
videotron.ca

Francois Labreque

10-21-2005, 08:30 PM	#2
Walter Roberson Posts: n/a	Re: Naming Services/Ports in PixOS In article < .com>, Dustin <> wrote: :I am trying to go through and clean up my configuration. I have been :using the `name` command to assign names to IPs. This really :simplifies how ACLs look. It has been a great first step. In the end, :I will start implementing some object groups. Right now, however, I :would like to be able to name services... for instance RDP is tcp/3389, :and TFTP is tcp/69. Most of the services have names, but not these. :For consistency's sake, I would like to give them a name. Is there a :way to do this? Not directly. You can, though, create a service object-group object-group service TFTP udp description the UDP port used for TFTP port-object eq 69 access-list Out2In permit udp any host MyServer object-group TFTP [Note: you indicated tftp as tcp/69 but it is udp that is used.] -- Many food scientists have reported chocolate to be the single most craved food. -- Northwestern University, 2001 Walter Roberson

10-21-2005, 09:20 PM	#3
Dustin Posts: n/a	Re: Naming Services/Ports in PixOS Thanks for that, and thanks for correcting me... udp/69 for tftp Dustin

10-21-2005, 11:51 PM	#4
Francois Labreque Posts: n/a	Re: Naming Services/Ports in PixOS Walter Roberson a écrit : > Not directly. You can, though, create a service object-group > > object-group service TFTP udp > description the UDP port used for TFTP > port-object eq 69 To expand on Walter's comment, you can also have groups being members of other groups. For example: object-group service Cisco-Mgmt udp description stuff that you need to manage your routers and switches port-object eq snmptrap port-object eq syslog group-object TFTP -- Francois Labreque \| Unfortunately, there's no such thing as a snooze flabreque \| button on a cat who wants breakfast. @ \| - Unattributed quote from rec.humor.funny videotron.ca Francois Labreque

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Naming DVD Titles?	John	DVD Video	0	02-05-2005 11:27 PM
Inserting and naming chapters	Carl	DVD Video	0	05-30-2004 05:43 AM
Re: comptia naming conventions.	Tony Sivori	A+ Certification	8	07-07-2003 02:48 PM
Re: comptia naming conventions.	JimW±	A+ Certification	3	06-30-2003 02:36 AM
Re: comptia naming conventions.	Rick Blythin	A+ Certification	0	06-29-2003 04:31 AM

10-21-2005, 07:22 PM	#1
	Naming Services/Ports in PixOS I am trying to go through and clean up my configuration. I have been using the `name` command to assign names to IPs. This really simplifies how ACLs look. It has been a great first step. In the end, I will start implementing some object groups. Right now, however, I would like to be able to name services... for instance RDP is tcp/3389, and TFTP is tcp/69. Most of the services have names, but not these. For consistency's sake, I would like to give them a name. Is there a way to do this? Thanks, Dustin Dustin