Re: Is it possible to create an Object-group in the Cisco C3750E?

omegaauto · ‎04-07-2020

Hi all,
Is it possible to create an Object-group in Cisco C3750E and use Object-group in the access-list?
If possible, how can this be done? I do not have commands for creating object-group in the list of commands.

Firmware Version Software (C3750E-UNIVERSALK9-M), Version 15.0 (2) SE5.

Reza Sharifi · ‎04-07-2020

Hi,

It appears to be supported with some restrictions:

Restrictions for Object Groups for ACLs

link:

https://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-object-group-acl.html#GUID-02520858-7907-4EB8-AE64-85643BDC53FF

You can use object groups only in extended named and numbered ACLs.
Object group-based ACLs support only IPv4 addresses.
Object group-based ACLs support only Layer 3 interfaces (such as routed interfaces and VLAN interfaces). Object group-based ACLs do not support Layer 2 features such as VLAN ACLs (VACLs) or port ACLs (PACLs).
Object group-based ACLs are not supported with IPsec.
The highest number of object group-based ACEs supported in an ACL is 2048.
HTH

marce1000 · ‎04-07-2020

https://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-object-group-acl.html

M,

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

omegaauto · ‎04-07-2020

Thank you, but I do not have commands for creating object-group in the list of commands

Cristian Matei · ‎04-08-2020

Hi,

Usually the object-groups where available as an option on the routers, not on the switches.

Regards,

Cristian Matei.