Solved: Re: Egress ACL: Object groups not supported on this LC

Lyphiard · ‎11-02-2018

I currently have an ASR 9010 running IOS-XR 5.1.3 with a A9K-RSP440-SE, A9K-8T-L, and A9K-40GE-L. I'm attempting to create an egress ACL for IPv4 and IPv6 traffic exiting my network.

object-group network ipv4 ipv4-permit-smtp
  1.1.1.1/32
!

ipv4 access-list ipv4-transit-egress
  100 permit tcp net-group ipv4-permit-smtp any eq smtp counter IPV4_SMTP_EGRESS_PERMIT
  200 deny tcp any any eq smtp counter IPV4_SMTP_EGRESS_DENY
  2147483643 permit ipv4 any any counter IPV4_ANY_EGRESS_PERMIT
!

interface GigabitEthernet0/2/0/0
  ipv4 access-group ipv4-transit-egress egress hardware-count interface-statistics
!

However, when committing the changes, I receive the following error:

interface GigabitEthernet0/2/0/0
  ipv4 access-group ipv4-transit-egress egress hardware-count interface-statistics
!!% 'pfilter-ea' detected the 'warning' condition 'Object groups not supported on this LC'
!

Would this be due to me having the low queue (-L) version of the line cards, or do Trident-based cards simply not support this feature?

Would something such as an A9K-24X10GE-TR (Typhoon) support this instead?

tkarnani · ‎11-03-2018

you are correct, it is not supported on Trident based LC or Sip-700 cards, only typhoon and higher

From Release 4.3.1, object group is only supported on ASR 9000 Enhanced Ethernet Line Card.

link to doc

Thanks

View solution in original post

tkarnani · ‎11-03-2018

you are correct, it is not supported on Trident based LC or Sip-700 cards, only typhoon and higher

From Release 4.3.1, object group is only supported on ASR 9000 Enhanced Ethernet Line Card.

link to doc

Thanks