Filter
Top Products
6-82
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Understanding Networks/Hosts Objects
–
IPv6 representation of an IPv4 address. When dealing in mixed IPv4/IPv6 environments, you
can represent the IPv4 addresses in an alternate IPv6 format: x:x:x:x:x:x:d.d.d.d, where the Xs
are the hexadecimal values of the first 6 fields, and the Ds are the IPv4 address with the octets
separated by periods. The first 6 fields are either all zeros, ::FFFF, or 2001:DB8::. For example,
0:0:0:0:0:0:10.1.68.3, which in compressed format is ::10.1.68.3, or 0:0:0:0:0:FFFF:10.1.68.3,
or 2001:DB8::10.1.68.3.
• Network address, in either IPv4 or IPv6 format:
–
IPv4 address, including subnet mask, in either CIDR format (10.10.10.0/24), or dotted decimal
format (10.10.10.0/255.255.255.0).
–
IPv6 address, including the prefix length in decimal format in a manner similar to CIDR
notation for IPv4, for example, /64. The number specifies the number of the left-most
contiguous bit of the address that comprise the prefix. For example, 2001:DB8:0:CD30::/60.
Note You could also enter 2001:DB8:0:CD30::/60 as 2001::CD30:0:0:0:0/60. However,
compressing the trailing zeros is the preferred method, and Security Manager will
translate the address to 2001:DB8:0:CD30::/60.
For more detailed information on IPv6 addressing, see the IETF RFC 4291, IP Version 6
Addressing Architecture, at http://www.ietf.org/rfc/rfc4291.txt.
• A range of IP addresses. Separate the beginning and ending addresses with a hyphen. The range does
not need to be within a single subnet unless the policy requires it.
You can also include a prefix or subnet mask in CIDR format; for example, 2001:db8::1 -
2001:db8::2/64, or 10.10.10.100-10.10.10.200/24.
• An IPv4 address pattern in the format 10.10.0.10/255.255.0.255, where the mask is a discontiguous
bit mask (see Contiguous and Discontiguous Network Masks for IPv4 Addresses, page 6-75).
• Interface role object (in rare cases). Enter the name of the object or click Select to select it from a
list (you must select Interface Role as the object type). When you use an interface role, the rule
behaves as if you supplied the IP address of the selected interface. This is useful for interfaces that
get their address through DHCP, because you do not know what IP address will be assigned to the
device. For more information, see Understanding Interface Role Objects, page 6-67.
When you create a network/host object or define IP addresses as part of a policy, Security Manager
verifies that the syntax of the address is correct and that a mask or prefix was entered when required. For
example, when you define a policy that requires a host, you do not need to enter a mask/prefix. However,
when you define a policy that requires a subnet, you must enter the address with the mask/prefix, or
select a network/host object that has a mask/prefix defined.
Related Topics
• Creating Networks/Hosts Objects, page 6-76
• Contiguous and Discontiguous Network Masks for IPv4 Addresses, page 6-75
• Using Unspecified Networks/Hosts Objects, page 6-80
• Policy Object Manager, page 6-4
• Understanding Networks/Hosts Objects, page 6-74