05-07-2019 12:32 PM
This is on a 4500X running 03.08.06.E
There doesn't seem to be a cookie option under the deny statements in an extended ip access-list.
ip access-list extended FOO switch01(config-ext-nacl)#permit ip any object-group BLOCKED log ? WORD User defined cookie (max of 64 char) dscp Match packets with given dscp value fragments Check non-initial fragments option Match packets with given IP Options value precedence Match packets with given precedence value reflect Create reflexive access list entry time-range Specify a time-range tos Match packets with given TOS value <cr> switch01(config-ext-nacl)#deny ip any object-group BLOCKED log ? dscp Match packets with given dscp value fragments Check non-initial fragments option Match packets with given IP Options value precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value <cr>
No "WORD" option shown.
Is this intentional or some sort of bug?
05-07-2019 01:45 PM
05-07-2019 02:25 PM
Thanks, I saw those before I posted. They don't really say if it should be there on the deny or not. Not mentioned in 4500X docs either.
I opened a case with TAC too. I'll update here.
09-28-2023 03:52 AM
Is this absence of "User defined cookie" a global feature missing from IOS-XE ?
09-28-2023 07:09 AM
If not defined in documentation, likely a feature not supported.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide