Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
4752
Views
5
Helpful
9
Replies

Does Cisco Switch 3850 can create Object group?

rechard_david
Level 1
Level 1

‎08-15-2016 12:46 AM - edited ‎03-08-2019 06:59 AM

Dear all,

Do you cisco switch 3850 , Is it possible for configure object-group and apply to access-list?

i try to add object-groups and apply to access-list but my access-list not work.

Thanks.

4 people had this problem
Labels:
0 Helpful
9 Replies 9

Mark Malone
VIP Alumni
VIP Alumni

‎08-15-2016 12:57 AM

This bug would suggest its not supposed to be supported only released this month
Checking my 38s as well on ipservices I don't see the syntax available either on any of them
*************************************************************************************
object-group ACL CLI should not be supported at 3850
CSCuw51380

Description
Symptom:
object-group ACL CLI should not be supported at 3850

Conditions:
none

Workaround:
none

Further Problem Description:

Customer Visible
Add Notification
Save Bug
Open Support Case
Was the description about this Bug Helpful?
(0)

Details
Last Modified:
Aug 8,2016
Status:
Open
Severity:
4 Minor
Product:
(1)
Cisco Catalyst 3850 Series Switches

rechard_david
Level 1
Level 1
In response to Mark Malone

‎08-15-2016 01:31 AM

Dear Mark,

Noted with thanks.

Thanks.

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to rechard_david

‎08-15-2016 02:05 AM

Hi

object groups are supported in IOS-XE ASRs but I don't see anywhere there supported in 3850s

on 3850 i saw it support command but when we apply to access-list it not work.

Where did you see this ? I cant find the syntax at all on 3850s and I am on the latest IOS-XE versions 3.6.2 and 3.7

Why the command object group available to use ?

That maybe why the bug notice was released its not supposed to be supported in 3850s as per that bug anyway

from Docs

In Cisco IOS XE Release 3.12S, only expanded object-group ACLs are supported with firewalls.

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-16/sec-data-zbf-xe-16-book/sec-zbf-ogacl.html#reference_407867C7240F4559A022AB5100B7375C

0 Helpful

rechard_david
Level 1
Level 1
In response to Mark Malone

‎08-15-2016 02:30 AM

Dear Mark,

i'm using 3850-x

as below for command that i added on 3850-x and i apply to access-list but it not work.

object-group network Server-Group
10.10.10.0 255.255.255.0
!
object-group network Inside-group
192.168.0.0 255.255.252.0
192.168.1.0 255.255.0.0

!

as below for version that i'm using

Image : cat3k_caa-universalk9

HW:     WS-C3850-24S

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to rechard_david

‎08-15-2016 02:34 AM

Ok so you have it in cli but would that not explain the bug I posted earlier that was only released last week  , its showing as it should not be supported ?

That's most likely why its not working ...

0 Helpful

rechard_david
Level 1
Level 1
In response to Mark Malone

‎08-15-2016 03:51 AM

it mean not working when we apply to access-list , the hit count not show when we show access-list and and we deny my client still can access also.

but if we use without object-group it is working/.

i would like to make sure does Cisco 3850 is working with object groups or not ?

thanks.

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to rechard_david

‎08-15-2016 03:59 AM

I would call in into TAC  the docs don't specify exactly that it is supported and the bug notice says it should not be supported in 3850s which to me would suggest even if it shows in cli it wont work even if your able to configure it . wouldn't eb the first time you can configure something in the switch or router but its actually not supported in that platform

other option see if its in the software navigator as supported

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

0 Helpful

rechard_david
Level 1
Level 1
In response to Mark Malone

‎08-15-2016 01:58 AM

dear Mark,

Could i ask you , Do we need to upgrade the latest IOS for support object group?

on 3850 i saw it support command but when we apply to access-list it not work.

Why the command object group available to use ?

Thanks.

0 Helpful

gcasadoh
Cisco Employee
Cisco Employee
In response to Mark Malone

‎05-17-2019 07:40 AM

Hi
You are right, the object-group ACL is not supported in the 3850 platform.
The fix IOS version is doing reference to remove the command from the CLI.
0 Helpful
Customers Also Viewed These Support Documents
li.common.scroll-to.top