cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

200
Views
0
Helpful
2
Replies
Highlighted
Beginner

No cookie option for deny acl?

This is on a 4500X running 03.08.06.E

There doesn't seem to be a cookie option under the deny statements in an extended ip access-list.

 

ip access-list extended FOO
switch01(config-ext-nacl)#permit ip any object-group BLOCKED log ?
  WORD        User defined cookie (max of 64 char)
  dscp        Match packets with given dscp value
  fragments   Check non-initial fragments
  option      Match packets with given IP Options value
  precedence  Match packets with given precedence value
  reflect     Create reflexive access list entry
  time-range  Specify a time-range
  tos         Match packets with given TOS value
  <cr>

switch01(config-ext-nacl)#deny ip any object-group BLOCKED log ? 
  dscp        Match packets with given dscp value
  fragments   Check non-initial fragments
  option      Match packets with given IP Options value
  precedence  Match packets with given precedence value
  time-range  Specify a time-range
  tos         Match packets with given TOS value
  <cr>

No "WORD" option shown.

 

Is this intentional or some sort of bug?

Everyone's tags (4)
2 REPLIES 2
VIP Mentor

Re: No cookie option for deny acl?

Beginner

Re: No cookie option for deny acl?

Thanks, I saw those before I posted. They don't really say if it should be there on the deny or not. Not mentioned in 4500X docs either.

 

I opened a case with TAC too. I'll update here.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards