4510 w/SUP7-E ACL Limitations?

wpalumbo06 · ‎12-04-2015

Hello,

I have a quick question regarding access lists with multiple non-contiguous ports per ACE - for example:

permit tcp any any eq 80 443

This works fine on 3750s, 3850s and 6509s but doesn't appear to be supported on 4510s with SUP-7 or SUP-8. Not sure why this is the case so I am wondering of this will be fixed/enabled in a future software release???

Also,

I have noticed an 'object-group' option in the ACL syntax but have found very little info on how to configure the object-groups themselves, so any info on this woulld also be greatly appreciated.

Basically - I am looking for a way to condense ACLs on 4510s.

Thank you,

Bill

Ben Samayoa · ‎12-06-2015

hi there,

Sup 7's are not IOS based but Licensed based.

It is almost certain you do not have the features needed for it.

See below related information:

Features at a Glance

Cisco IOS XE Software LAN Base: This feature set on the Supervisor 7-E-based bundles provides Layer 2 features for access.

Cisco IOS XE Software IP Base: This feature set is upgradable with a software activation license (SAL). It includes all Layer 2 features and some basic Layer 3 features. ISSU/SSO is supported in this package.

Cisco IOS XE Software Enterprise Services: This feature set is upgradable with a SAL; it supports full Layer 3 protocols and advanced features such as complete routing scalability (256,000), BGP, VRF, Policy-Based Routing, and so on.

These features can be enabled using the software-licensing mechanism. For details about software licensing, refer to the “Licensing” section later in this document or visit http://www.cisco.com/go/sa.

http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/data_sheet_c78-612364.html

regards,

Ben

wpalumbo06 · ‎12-07-2015

Hello,

Thank you for the response. We are using the entservices license, so I don't thknk this a licensing issue.

Bill