Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3084
Views
20
Helpful
4
Replies

Object Groups ACL on Catalyst switches C9300

Go to solution
Nisterio
Level 1
Level 1

‎05-22-2019 12:15 PM

Hi there, 

 

I was wondering if the object-group feature is not available in the Cat 9300 Switches as I couldn't get it to work on mine. Interestingly enough, I am able to run the command "show object-group" but cannot type any of the related config in the global config mode. I am running Everest Cisco IOS XE Software, Version 16.06.05 on the boxes.   Any input on this will be much appreciated. Thanks

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-22-2019 01:55 PM

Hello Nisterio,

I cannot see object groups mentioned even in latest configuration guide

 

see

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-11/configuration_guide/sec/b_1611_sec_9300_cg/configuring_ipv4_acls.html#topic_B499C01B0A4F4F6E9DADCDF51BDE99F8

 

I suppose they are not supported in this platform like in other switches

 

Hope to help

Giuseppe

 

View solution in original post

Go to solution
Nisterio
Level 1
Level 1
In response to Giuseppe Larosa

‎05-22-2019 02:37 PM - edited ‎05-22-2019 02:43 PM

I was suspecting this answer but needed someone to confirm as I saw in the bug search tool that it was not supported on the 3850 as well. however, the configuration guide does not mention anywhere that the feature is not supported though. Maybe one of the things Cisco TAC may have a hack for ?! Thanks for the quick reply.


View solution in original post

0 Helpful
4 Replies 4

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-22-2019 01:55 PM

Hello Nisterio,

I cannot see object groups mentioned even in latest configuration guide

 

see

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-11/configuration_guide/sec/b_1611_sec_9300_cg/configuring_ipv4_acls.html#topic_B499C01B0A4F4F6E9DADCDF51BDE99F8

 

I suppose they are not supported in this platform like in other switches

 

Hope to help

Giuseppe

 

Go to solution
Nisterio
Level 1
Level 1
In response to Giuseppe Larosa

‎05-22-2019 02:37 PM - edited ‎05-22-2019 02:43 PM

I was suspecting this answer but needed someone to confirm as I saw in the bug search tool that it was not supported on the 3850 as well. however, the configuration guide does not mention anywhere that the feature is not supported though. Maybe one of the things Cisco TAC may have a hack for ?! Thanks for the quick reply.


0 Helpful

Go to solution
seymourbrown
Level 1
Level 1
In response to Nisterio

‎10-15-2019 02:09 PM

Nisterio -

 

It is indeed supported on 3850s running 16.3.7, and possibly earlier and later. I've done it.

 

One cannot tell from the documentation, because it is often generically named:

Even if it does have a version in the name of the document for 3850s, the text is sometimes wrong in regard to objects - and has been so for several years, as far as I can tell. I have left feedback a few times on it.

 

The Feature Navigator only lists Object-Groups for Catalyst 6500. Even so, IOS 15.6(1)T1 on 2951s supports it. Is it possible there's never been an object-group bug on other platforms? I doubt it.

 

As far as 9300's, I found this document that says object-groups are supported, but I don't have a 9300 yet to try it on:

Security Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9300 Switches)

 

This is a feature that almost everyone who maintains enterprise switches wants badly.

 

0 Helpful

Go to solution
jayshar
Cisco Employee
Cisco Employee

‎10-15-2019 03:53 PM

Support for OGACLs in C9K, except 9200 came in with 16.12.1 release. Link: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-12/release_notes/ol-16-12-9300.html

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card