10-31-2023 02:59 PM
Hello all, I want to cleanup my ACL's by using object-groups. I've been trying to create one on our core, 9404R and 9407R switches using IOS-XE 17.6.X.
So far I keep getting errors when reaching various parts of the configuration. I've done some research and using nested objects I've come up with this. the idea is to have the smtp server talk to our switches, VMservers and printers using port 25 in a bidirectional setup. I've got it working in he old school manner for testing so I know the path is working properly.
11-18-2023 03:43 PM
This issue solved ?
11-19-2023 01:00 PM
Unfortunately no. I have looked around for examples of Object-groups within ACL's but haven't had any luck getting it to work.
11-19-2023 01:09 PM
Command is little not correct
object group service/network
This how we can add object in ios xe.
Try this
MHM
11-19-2023 03:54 PM
Example:
Network object group smtp_server
host <IP Address>
Service object group hp_jet_tcp_ports
tcp eq smtp
Line number permit "protocol" object group type "service-object-group name" object-group type "network-object-group name" log
11 permit tcp object-group hp_jet_tcp_ports object-group smtp_server
11-20-2023 07:17 AM - edited 11-20-2023 07:18 AM
object group network smtp_server
host <IP Address>
object group service hp_jet_tcp_ports
tcp eq smtp
11 permit object-group hp_jet_tcp_ports object-group smtp_server object-group (this last object group for destiantion if you want you can select ANY)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide