Preview Tool

Cisco Bug: CSCsz31103 - Need enhancement in Service Object Group to support L4 dest. keyword

Last Modified

Mar 14, 2019

Products (1)

  • Cisco IOS

Known Affected Releases


Description (partial)

Options to specify the L4 destination port numbers need to be developed with a 'destination' keyword in Service Object Group, to make it more user-friendly.

Currently, we do see the feasibility in service object groups that  identifies the destination port numbers and filters traffic accordingly, but it is confusing to use it without a relative keyword.
As in the case of specifying source L4 port no, we have space to say - source tcp. Similar keyword needs to be developed for destination also.

But there is no 'destination' keyword to make its usage crystal clear..

ACL-DC-72a(config)#object-group se
ACL-DC-72a(config)#object-group service test

ACL-DC-72a(config-service-group)#udp s?
snmp    snmptrap  source  sunrpc

ACL-DC-72a(config-service-group)#udp d?
discard  dnsix  domain  

ACL-DC-72a(config-service-group)#udp s

There is no option called - 'destination'

In the 'config-service-group' mode, the keyword -'source' makes the specified port to be taken as the source port
While the port number/name that is specified without the keyword 'source' becomes the destination port.
There is no 'destination' keyword available. So end -users get confused on how to use the l4-dest-port in the OG.
Object-group service srv-obj
   Tcp source 53                                            ------- source port - 53
   tcp 23                                                            ------ destination port - 23
Normal ACL - 
permit tcp any eq 53 any eq 23
Equivalent OG ACL - 
permit object-group srv-obj any any

It would be great if we could have 'destination' keyword supported.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.