取消
显示结果 
搜索替代 
您的意思是: 
cancel
公告

December 2020

745
查看次数
0
有帮助
3
回复
YutongZhang
Beginner

思科4506-E没有object命令

求助,在使用4506-E交换机时发现configure terminal模式下没有object,无法配置对象组。版本是15.2(2)E8。

1 个已接受解答

已接受的解答
ilay
Rising star

你是指的object-group 用于配置Object-group ACL ???

不是所有的4500都支持object-group,引擎需要时Supervisor Engines 7-E, 7L-E, and 8-E或者更高版本

 

1. 检查引擎是否满足条件

2. 确认镜像是否支持该Feature,通过Cisco Feature Navigator检查feature条件是否满足,查询object或者OGACL

- 确认镜像是IOS 还是IOS-XE (show version)

TEST-45-1#sh ver  //sup6L-E
Cisco IOS Software, Catalyst 4500 L3 Switch  Software (cat4500e-ENTSERVICESK9-M), Version 15.2(2)E8, RELEASE SOFTWARE (fc1)
/*
	IOS 镜像 15.2.2E8 不支持object-group
*/
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Mon 22-Jan-18 05:37 by prod_rel_team

ROM: 12.2(44r)SG10
BJYZ-45B uptime is 9 weeks, 5 days, 12 hours, 24 minutes
System returned to ROM by reload
System restarted at 09:05:59 CST Fri Apr 2 2021
System image file is "bootflash:cat4500e-entservicesk9-mz.152-2.E8.bin"   <--- 镜像文件
Darkside Revision 4, Nexu Revision 14, Fortooine Revision 1.40

Last reload reason: Reload command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C4506-E (MPC8548) processor (revision 12) with 524288K bytes of memory.
Processor board ID FXXXXXXX
MPC8548 CPU at 1GHz, Supervisor 6L-E       <---引擎
Last reset from Reload
18 Virtual Ethernet interfaces
28 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2102

=============================================================================
TEST-45-2#show version //sup8E
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch  Software (cat4500es8-UNIVERSALK9-M), Version 03.11.03a.E RELEASE SOFTWARE (fc1)
/*
	IOS-XE的 镜像, 03.11.03a版本
*/
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Fri 18-Sep-20 14:42 by prod_rel_team

Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.



ROM: 15.1(1r)SG5
SDC4506B uptime is 5 weeks, 4 days, 13 hours, 56 minutes
System returned to ROM by reload
System restarted at 07:40:04 CST Sat May 1 2021
System image file is "bootflash:cat4500es8-universalk9.SPA.03.11.03a.E.152-7.E3a.bin" <--- 镜像文件
Jawa Revision 3, RadTrooper Revision 0x0.0x41, Conan Revision 0x1658


Last reload reason: Reload command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.


License Information for 'WS-X45-SUP8-E'
    License Level: entservices   Type: Permanent Right-To-Use
    Next reboot license Level: entservices

cisco WS-C4506-E (P5040) processor (revision 2) with 4194304K bytes of physical memory.
Processor board ID FOXXXXXXX
P5040 CPU at 2.2GHz, Supervisor 8-E  <--- sup8E引擎
Last reset from Reload
71 Virtual Ethernet interfaces
72 Gigabit Ethernet interfaces
8 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2102

- CFN 确认feature信息

cfn.pngcfn-2.png

 

Final ,show version中第一个恰好是一台SUP6L-E的4506-E,版本号也和你的一致,不支持object,按照前面的判断方法,引擎型号以及镜像feature均不满足

在原帖中查看解决方案

3 条回复3
ilay
Rising star

你是指的object-group 用于配置Object-group ACL ???

不是所有的4500都支持object-group,引擎需要时Supervisor Engines 7-E, 7L-E, and 8-E或者更高版本

 

1. 检查引擎是否满足条件

2. 确认镜像是否支持该Feature,通过Cisco Feature Navigator检查feature条件是否满足,查询object或者OGACL

- 确认镜像是IOS 还是IOS-XE (show version)

TEST-45-1#sh ver  //sup6L-E
Cisco IOS Software, Catalyst 4500 L3 Switch  Software (cat4500e-ENTSERVICESK9-M), Version 15.2(2)E8, RELEASE SOFTWARE (fc1)
/*
	IOS 镜像 15.2.2E8 不支持object-group
*/
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Mon 22-Jan-18 05:37 by prod_rel_team

ROM: 12.2(44r)SG10
BJYZ-45B uptime is 9 weeks, 5 days, 12 hours, 24 minutes
System returned to ROM by reload
System restarted at 09:05:59 CST Fri Apr 2 2021
System image file is "bootflash:cat4500e-entservicesk9-mz.152-2.E8.bin"   <--- 镜像文件
Darkside Revision 4, Nexu Revision 14, Fortooine Revision 1.40

Last reload reason: Reload command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C4506-E (MPC8548) processor (revision 12) with 524288K bytes of memory.
Processor board ID FXXXXXXX
MPC8548 CPU at 1GHz, Supervisor 6L-E       <---引擎
Last reset from Reload
18 Virtual Ethernet interfaces
28 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2102

=============================================================================
TEST-45-2#show version //sup8E
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch  Software (cat4500es8-UNIVERSALK9-M), Version 03.11.03a.E RELEASE SOFTWARE (fc1)
/*
	IOS-XE的 镜像, 03.11.03a版本
*/
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Fri 18-Sep-20 14:42 by prod_rel_team

Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.



ROM: 15.1(1r)SG5
SDC4506B uptime is 5 weeks, 4 days, 13 hours, 56 minutes
System returned to ROM by reload
System restarted at 07:40:04 CST Sat May 1 2021
System image file is "bootflash:cat4500es8-universalk9.SPA.03.11.03a.E.152-7.E3a.bin" <--- 镜像文件
Jawa Revision 3, RadTrooper Revision 0x0.0x41, Conan Revision 0x1658


Last reload reason: Reload command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.


License Information for 'WS-X45-SUP8-E'
    License Level: entservices   Type: Permanent Right-To-Use
    Next reboot license Level: entservices

cisco WS-C4506-E (P5040) processor (revision 2) with 4194304K bytes of physical memory.
Processor board ID FOXXXXXXX
P5040 CPU at 2.2GHz, Supervisor 8-E  <--- sup8E引擎
Last reset from Reload
71 Virtual Ethernet interfaces
72 Gigabit Ethernet interfaces
8 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2102

- CFN 确认feature信息

cfn.pngcfn-2.png

 

Final ,show version中第一个恰好是一台SUP6L-E的4506-E,版本号也和你的一致,不支持object,按照前面的判断方法,引擎型号以及镜像feature均不满足

在原帖中查看解决方案

谢谢!再请教下是引擎型号以及IOS镜像都满足的情况下才支持配置“object-group”吗;目前引擎型号和IOS镜像都不满足的情况下是否有别的配置可以代替“object-group”?

ilay
Rising star

是的,需要同时满足,针对IOS-XE来说,应该是从3.7.xE以及之后的版本才支持object-group命令,如果引擎支持,IOS版本过低的话,需要做一个升级才能使用。

两者都不支持的话,貌似没有可代替的方法吧,写acl如果是端口的话还能写个range,ip地址范围的话应该是没法写的。

Content for Community-Ad