Restrictions for Object Groups for ACLs
-
You can use object groups only in extended named and numbered ACLs.
-
Object group-based ACLs support only IPv4 or IPv6 addresses.
-
Object group-based ACLs support only Layer 3 interfaces (such as routed interfaces and VLAN interfaces) and sub-interfaces.
-
Object group-based ACLs are not supported with IPsec.
-
ACL statements using object groups will be ignored on packets that are sent to RP for processing.
-
The number of object group-based ACEs supported in an ACL varies depending on platform, subject to TCAM availability.