Restrictions for Object Groups for ACLs
•
You can use object groups only in extended named and numbered ACLs.
You can use object groups only in extended named and numbered ACLs.
•Object group-based ACLs support only IPv4 addresses.
Object group-based ACLs support only IPv4 addresses.
•Object
group-based ACLs support only Layer 3 interfaces (such as routed
interfaces and VLAN interfaces). Object group-based ACLs do not support
Layer 2 features such as VLAN ACLs (VACLs) or port ACLs (PACLs).
Object
group-based ACLs support only Layer 3 interfaces (such as routed
interfaces and VLAN interfaces). Object group-based ACLs do not support
Layer 2 features such as VLAN ACLs (VACLs) or port ACLs (PACLs).
•Object group-based ACLs are not supported with IPsec.
Object group-based ACLs are not supported with IPsec.
•The highest number of object group-based ACEs supported in an ACL is 2048.
The highest number of object group-based ACEs supported in an ACL is 2048.
http://www.cisco.com/c/en/us/td/docs/ios/sec_data_plane/configuration/guide/15_1/sec_data_plane_15_1_book/sec_object_group_acl.html#wp1132617
