Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
683
Views
0
Helpful
1
Replies

a problem with ACL in the class-map on the ACE module

ROMAN TOMASEK
Level 1
Level 1

‎06-04-2012 01:12 AM

                  Hi all,

I configured the following on the ACE module:

object-group network test
  host 192.168.1.21
  host 192.168.1.22
  host 192.168.1.23
object-group service port
  tcp eq www
  tcp eq 8080

access-list T line 8 extended permit object-group port object-group test any

I tried to configure a class-map for matching this ACL:

ACE-4710-2/Lab-OPT-11(config)# class-map match-any TEST_C

ACE-4710-2/Lab-OPT-11(config-cmap)# match access-list T

Error: Cannot associate acl having object-group ACEs in class-map.

So couldn't I  configure the class-map by using ACL with object-groups involved? Is it the bug or the normal behaviour? Because the customer uses object-groups in ACLs and he has to configure ACL without object-groups for the traffic classification. It is horrible.

Thank you

Roman

Labels:
0 Helpful
1 Reply 1

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎06-04-2012 04:03 AM

Hi Roman,

I'm afraid it's the expected behavior. You cannot use an ACL with object-groups inside a class-map.

Regards

Daniel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents