05-22-2019 12:15 PM
Hi there,
I was wondering if the object-group feature is not available in the Cat 9300 Switches as I couldn't get it to work on mine. Interestingly enough, I am able to run the command "show object-group" but cannot type any of the related config in the global config mode. I am running Everest Cisco IOS XE Software, Version 16.06.05 on the boxes. Any input on this will be much appreciated. Thanks
Solved! Go to Solution.
05-22-2019 01:55 PM
Hello Nisterio,
I cannot see object groups mentioned even in latest configuration guide
see
I suppose they are not supported in this platform like in other switches
Hope to help
Giuseppe
05-22-2019 02:37 PM - edited 05-22-2019 02:43 PM
I was suspecting this answer but needed someone to confirm as I saw in the bug search tool that it was not supported on the 3850 as well. however, the configuration guide does not mention anywhere that the feature is not supported though. Maybe one of the things Cisco TAC may have a hack for ?! Thanks for the quick reply.
05-22-2019 01:55 PM
Hello Nisterio,
I cannot see object groups mentioned even in latest configuration guide
see
I suppose they are not supported in this platform like in other switches
Hope to help
Giuseppe
05-22-2019 02:37 PM - edited 05-22-2019 02:43 PM
I was suspecting this answer but needed someone to confirm as I saw in the bug search tool that it was not supported on the 3850 as well. however, the configuration guide does not mention anywhere that the feature is not supported though. Maybe one of the things Cisco TAC may have a hack for ?! Thanks for the quick reply.
10-15-2019 02:09 PM
Nisterio -
It is indeed supported on 3850s running 16.3.7, and possibly earlier and later. I've done it.
One cannot tell from the documentation, because it is often generically named:
Even if it does have a version in the name of the document for 3850s, the text is sometimes wrong in regard to objects - and has been so for several years, as far as I can tell. I have left feedback a few times on it.
The Feature Navigator only lists Object-Groups for Catalyst 6500. Even so, IOS 15.6(1)T1 on 2951s supports it. Is it possible there's never been an object-group bug on other platforms? I doubt it.
As far as 9300's, I found this document that says object-groups are supported, but I don't have a 9300 yet to try it on:
Security Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9300 Switches)
This is a feature that almost everyone who maintains enterprise switches wants badly.
10-15-2019 03:53 PM
Support for OGACLs in C9K, except 9200 came in with 16.12.1 release. Link: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-12/release_notes/ol-16-12-9300.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide