Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

object-group command for udp and tcp ports

Just checking on this command:

object-group service grp_id {tcp | udp | tcp-udp}

and the description of tcp-udp

Specifies that service group can be used for TCP and UDP.

Is there a way to use this or some other combination to add UDP and TCP ports to the same service group vs. opening up both UDP and TCP to the ports listed.

For example you may want to have UDP 88 and TCP 445 in the same group but not UDP 88, TCP 445 AND TCP 88 and UDP 445.


Re: object-group command for udp and tcp ports

in cases where you want both udp 88 and tcp 88 and tcp 445 and udp 445, you can go for the tcp-udp clause

otherwise you should specifically define them with tcp or udp clauses

for ex:

config)# object-group service test tcp-udp

(config-service)# port-object range 1024 65535

(config-service)# exit

This helps in defining a object group by name test, which specifies a range of Tcp and UDPports, which can be used in ACLs or conduits.

CreatePlease to create content