The ip address-set command creates an address object or address group and displays the address or address group view.
The undo ip address-set command deletes an address object or address group.
ip address-set address-set-name [ type { object | group } | vpn-instance vpn-instance-name ] *
undo ip address-set { address-set-name | unreferenced { object | group | all } } [ vpn-instance vpn-instance-name ]
| Parameter | Description | Value |
|---|---|---|
address-set-name |
Specifies the name of an address object or address group. |
The value is a case-sensitive character string. The length of a name without spaces ranges from 1 to 63 characters. The length of a name with spaces ranges from 3 to 65 characters. If a name contains spaces, the name must be enclosed with quotation marks (for example, "user for test"). The name cannot contain question marks (?). If the name does not contain any space, it also cannot have any double quotation marks ("). In addition, the name cannot be any or all. If the name contains special characters, only special characters on the keyboard are supported. |
type |
Indicates the type of the address object or address group. |
- |
unreferenced |
Indicates an unreferenced address object or address group. |
- |
object |
Indicates the address set of the object type. An address object can contain only addresses or address ranges as its items. You can add IPv4 addresses or IPv6 addresses or both of IPv4 and IPv6 addresses as address object's items. |
- |
group |
Indicates the address set of the group type. An address group can contain addresses, address ranges, or address sets whose type is object or group as its items. |
- |
all |
Indicates all unreferenced address objects and groups. |
- |
vpn-instance vpn-instance-name |
Specifies the name of a VPN instance. |
It is the name of an existing VPN instance. |
To create an address set, specify the type of the address set. To display the view of an existing address set, you do not need to specify the type of the address set.
Address sets that are referenced by ACLs, firewall policies, NAT policy, or SACG interworking policy cannot be deleted.
The address set whose vpn-instance-name is specified can only be bound to the ACL of the specific VPN instance.
In an IPSec scenario, the address object or address group created using the ip address-set command can be used only by IKEv2.
# Create address set group set2 and set its type to group.
<sysname> system-view [sysname] ip address-set set2 type group
# Delete all unreferenced address objects and address groups.
<sysname> system-view [sysname] undo ip address-set unreferenced all Warning: This command will delete all unreferenced address-set. Continue?[Y/N]