Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

a problem with ACL in the class-map on the ACE module

                  Hi all,

I configured the following on the ACE module:

object-group network test
  host 192.168.1.21
  host 192.168.1.22
  host 192.168.1.23
object-group service port
  tcp eq www
  tcp eq 8080

access-list T line 8 extended permit object-group port object-group test any

I tried to configure a class-map for matching this ACL:

ACE-4710-2/Lab-OPT-11(config)# class-map match-any TEST_C

ACE-4710-2/Lab-OPT-11(config-cmap)# match access-list T

Error: Cannot associate acl having object-group ACEs in class-map.

So couldn't I  configure the class-map by using ACL with object-groups involved? Is it the bug or the normal behaviour? Because the customer uses object-groups in ACLs and he has to configure ACL without object-groups for the traffic classification. It is horrible.

Thank you

Roman

Everyone's tags (5)
1 REPLY
Cisco Employee

a problem with ACL in the class-map on the ACE module

Hi Roman,

I'm afraid it's the expected behavior. You cannot use an ACL with object-groups inside a class-map.

Regards

Daniel

473
Views
0
Helpful
1
Replies
CreatePlease to create content