cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4459
Views
5
Helpful
9
Replies

Does Cisco Switch 3850 can create Object group?

rechard_david
Level 1
Level 1

Dear all,

Do you cisco switch 3850 , Is it possible for configure object-group and apply to access-list?

i try to add object-groups and apply to access-list but my access-list not work.

Thanks.

9 Replies 9

Mark Malone
VIP Alumni
VIP Alumni
This bug would suggest its not supposed to be supported only released this month
Checking my 38s as well on ipservices I don't see the syntax available either on any of them
*************************************************************************************
object-group ACL CLI should not be supported at 3850
CSCuw51380

Description
Symptom:
object-group ACL CLI should not be supported at 3850

Conditions:
none

Workaround:
none

Further Problem Description:

Customer Visible
Add Notification
Save Bug
Open Support Case
Was the description about this Bug Helpful?
(0)

Details
Last Modified:
Aug 8,2016
Status:
Open
Severity:
4 Minor
Product:
(1)
Cisco Catalyst 3850 Series Switches

Dear Mark,

Noted with thanks.

Thanks.

Hi

object groups are supported in IOS-XE ASRs but I don't see anywhere there supported in 3850s

on 3850 i saw it support command but when we apply to access-list it not work.

Where did you see this ? I cant find the syntax at all on 3850s and I am on the latest IOS-XE versions 3.6.2 and 3.7

Why the command object group available to use ?

That maybe why the bug notice was released its not supposed to be supported in 3850s as per that bug anyway

from Docs

In Cisco IOS XE Release 3.12S, only expanded object-group ACLs are supported with firewalls.

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-16/sec-data-zbf-xe-16-book/sec-zbf-ogacl.html#reference_407867C7240F4559A022AB5100B7375C

Dear Mark,

i'm using 3850-x

as below for command that i added on 3850-x and i apply to access-list but it not work.

object-group network Server-Group
10.10.10.0 255.255.255.0
!
object-group network Inside-group
192.168.0.0 255.255.252.0
192.168.1.0 255.255.0.0

!

as below for version that i'm using

Image : cat3k_caa-universalk9

HW:     WS-C3850-24S

Ok so you have it in cli but would that not explain the bug I posted earlier that was only released last week  , its showing as it should not be supported ?

That's most likely why its not working ...

it mean not working when we apply to access-list , the hit count not show when we show access-list and and we deny my client still can access also.

but if we use without object-group it is working/.

i would like to make sure does Cisco 3850 is working with object groups or not ?

thanks.

I would call in into TAC  the docs don't specify exactly that it is supported and the bug notice says it should not be supported in 3850s which to me would suggest even if it shows in cli it wont work even if your able to configure it . wouldn't eb the first time you can configure something in the switch or router but its actually not supported in that platform

other option see if its in the software navigator as supported

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

dear Mark,

Could i ask you , Do we need to upgrade the latest IOS for support object group?

on 3850 i saw it support command but when we apply to access-list it not work.

Why the command object group available to use ?

Thanks.

Hi
You are right, the object-group ACL is not supported in the 3850 platform.
The fix IOS version is doing reference to remove the command from the CLI.
Review Cisco Networking for a $25 gift card