cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
539
Views
0
Helpful
1
Replies
Highlighted
Beginner

a problem with ACL in the class-map on the ACE module

                  Hi all,

I configured the following on the ACE module:

object-group network test
  host 192.168.1.21
  host 192.168.1.22
  host 192.168.1.23
object-group service port
  tcp eq www
  tcp eq 8080

access-list T line 8 extended permit object-group port object-group test any

I tried to configure a class-map for matching this ACL:

ACE-4710-2/Lab-OPT-11(config)# class-map match-any TEST_C

ACE-4710-2/Lab-OPT-11(config-cmap)# match access-list T

Error: Cannot associate acl having object-group ACEs in class-map.

So couldn't I  configure the class-map by using ACL with object-groups involved? Is it the bug or the normal behaviour? Because the customer uses object-groups in ACLs and he has to configure ACL without object-groups for the traffic classification. It is horrible.

Thank you

Roman

1 REPLY 1
Highlighted
Cisco Employee

Hi Roman,

I'm afraid it's the expected behavior. You cannot use an ACL with object-groups inside a class-map.

Regards

Daniel

Content for Community-Ad
This widget could not be displayed.