Cisco IOS allows you to use aliases and groups to simplify the configuration and management of network devices. This makes the commands more readable and easier to use.
#Aliases and groups in Cisco IOS
#Aliases and groups can simplify the configuration and management
#This makes the commands more readable and easier to use.
enable
alias exec shint show ip interface brief
alias exec clrconf clear ip route *
alias exec pconfig ping 8.8.8.8
alias exec <alias> <command> #creates an alias shint for EXEC mode for show ip interface brief
show alias #to show all aliases
unalias exec shint #to delete an alias shint
#OBJECT GROUPS
#Groups types
# - IP Address Group β to combine IP addresses or networks into a group
# - Protocol Group β to combine protocols into a group (TCP, UDP, ICMP etc).
# - Service Group β to combine Services (ports) into a group (HTTP, FTP etc)
#Example: IP address group
#Create a group BRANCHES
object-group network BRANCHES
description Branch offices
network-object 192.168.1.0 255.255.255.0
network-object 192.168.2.0 255.255.255.0
#Use the group in the ACL
ip access-list extended ALLOW-BRANCHES
permit ip object-group BRANCHES any
#Example: Service group
#Create a group for HTTP and HTTPS
object-group service WEB-PORTS tcp
port-object eq 80
port-object eq 443
#Use the group in the ACL
ip access-list extended ALLOW-WEB
permit tcp any any object-group WEB-PORTS
#Example: Protocol group
#Create a group for protocols ICMP ΠΈ OSPF
object-group protocol ROUTING
protocol-object ospf
protocol-object icmp
#Use the group in the ACL
ip access-list extended ROUTING-FILTER
permit object-group ROUTING any any
#Advantages
#Readability: Configurations become easier to understand
#Ease of management: Changes in the group are immediately applied to all related policies
#Enhanced security: Eliminates errors when manually entering IP addresses or ports
#Shortening the configuration: Instead of repeating identical commands, you use group references
object-group network SUPPORT_IP
network-object 192.1.1.10
network-object 192.1.2.20
network-object 95.18.3.30
ip access-list extended SUPPORT_WAN
permit tcp object-group SUPPORT_IP any eq 990 ! FTPS
permit ip object-group SUPPORT_IP any gre ! GRE
permit tcp object-group SUPPORT_IP any eq 80 ! HTTP
permit tcp object-group SUPPORT_IP any eq 443 ! HTTPS
permit udp object-group SUPPORT_IP any eq 500 ! IKE
permit icmp object-group SUPPORT_IP any echo ! PING
permit tcp object-group SUPPORT_IP any eq 22 ! SSH_TCP
permit udp object-group SUPPORT_IP any eq 22 ! SSH_UDP
permit tcp object-group SUPPORT_IP any eq 23 ! TELNET
permit ip object-group SUPPORT_IP any ahp ! AH
permit ip object-group SUPPORT_IP any esp ! ESP
permit udp object-group SUPPORT_IP any eq 4500 ! NAT-T
ip access-list extended SUPPORT_WAN
permit tcp any any eq 990 ! FTPS
permit ip any any gre ! GRE
permit tcp any any eq 80 ! HTTP
permit tcp any any eq 443 ! HTTPS
permit udp any any eq 500 ! IKE
permit icmp any any echo ! PING
permit tcp any any eq 22 ! SSH_TCP
permit udp any any eq 22 ! SSH_UDP
permit tcp any any eq 23 ! TELNET
permit ip any any ahp ! AH
permit ip any any esp ! ESP
permit udp any any eq 4500 ! NAT-T