is "object-group ACL CLI" supported at 3850

ansator2 · ‎02-20-2018

Hi,

My English is bad.

I have 3 switches WS-C3850-24T with sw version " 03.06.06E0"with license permanet/lifetime of ipbase and lanbase.

I tried use "object-group ACL CLI" but it does not work.

I found this article bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw51380/?referring_site=bugquickviewclick

I have seen some other item with the same problem. But they do not clarify anything.

I'm not clear if it is a functionality that fails in the version I have and will be corrected in future. It does not work because of my IOS version or license.

Could someone help me and could I clarify it?

If it is not possible to use this command, how can I make groups? If I have to put a line in the acl for each IP or host there is going to be a very long and complicated acl to manage.

Thank you

Seb Rupik · ‎02-20-2018

Hi there,

Works in 16.3.5b :

!
object-group network FOO
 host 8.8.8.8
!
ip access-list extended BAR
 permit ip any object-group FOO
!

switch#sh object-group name FOO
Network object group FOO
 host 8.8.8.8
switch#sh access-lists BAR
Extended IP access list BAR
    10 permit ip any object-group FOO

cheers,

Seb.

ansator2 · ‎02-20-2018

Hi,

it did not work.

host(config)#object-group network FOO
^
% Invalid input detected at '^' marker.

Reza Sharifi · ‎02-20-2018

It should work with "IP base" license.

What is the output of:

sh license right-to-use

HTH

andres.salesa1 · ‎02-26-2018

Hi,

License is Ipbase.

Slot# License name   Type     Count   Period left
----------------------------------------------------------
1      ipbase       permanent     N/A   Lifetime
1      lanbase      permanent     N/A   Lifetime

Regards

License Level on Reboot: ipbase

pauljbeard · ‎11-06-2018

I have same issue with 16.6.4 and IP services