IOS XE 16.12.1(Gibraltar) object-group v6-network does not work

luizdeluca · ‎08-14-2019

Hello,

I'm testing IOS XE 16.12.1 in a WS-C3850-24XS. When I tried to use object-group, it does not accept IPv6 network addresses. IPv4 works as expected:

object-group network netA-4 
  10.1.0.0 255.255.254.0
  10.1.20.0 255.255.254.0
  host 10.1.10.1

But if fails to accept IPv6 networks:

object-group v6-network netA-6
switch1(config-v6network-group)#fdca:aaaa:aaaa:aaaa::/64
^
% Invalid input detected at '^' marker.

switch1(config-v6network-group)#host fdca:aaaa:aaaa:aaaa::1
switch1(config-v6network-group)#

I can only add hosts to object-group v6-network. I tried both ULA and global addresses, different mask and nothing seems to be accepted.

Reza Sharifi · ‎08-14-2019

Hi,

What is your license? For IPv6 features, you usually need IP Services license.

HTH

luizdeluca · ‎08-15-2019

I'm using IP Base. However, AFAIK, IP Base lacks stuff like dynamic routing and other enterprise features.

IPv6 seems to be now a "standard feature" and not an "add-on feature", not something to buy as extra.

It does not make sense to avoid using object-group IPv6 network but allow the same result using individual ACEs.

object-group only simplifies ACL management, not a final feature. If it were something that we need to "buy", I would expect it to offer IPv6 prefix/network match before it allows individual IPv6 host match, as the later uses more resources.