Wired Intelligent Edge

 View Only

  • 1.  maximum number of dynamic ACLs on a switch

    Posted Jan 29, 2017 09:23 AM

    working with portbased access with dynamic / downloable ACLs on a 2530 type switch, it seems it doesn't like the ammount of dynamic / downloadable ACLs we put on it per port. we get errors like "ACL error - insufficient policy engine resources"

    the # show qos resources command should give some information about what the maximum ammount should be, i assume they fall under the IDM section? but the result is kinda confusing. over similar switches i see different maximum values.

    how can i determine what a switch should be able to handle here?



  • 2.  RE: maximum number of dynamic ACLs on a switch

    Posted Feb 06, 2017 03:18 PM

    Greetings!

     

    The number of ACLs supported by the 2530 series switches are listed in Chapter 13 of the Management and Configuration Guide for YA/YB.16.03 (page 245); for quick reference, here are the noted IPv4 ACL limits:

     

    • 2048 named ACLs (both standard and extended)
    • 99 numbered standard ACLs
    • 100 numbered extended ACLs
    • 3072 combined ACEs in all ACLs

    For monitoring available ACL resources, you also have the show access-list resources command, which may prove useful in troubleshooting resource availability on the switch.

     

     



  • 3.  RE: maximum number of dynamic ACLs on a switch

    Posted Feb 19, 2017 07:59 AM

    thank you Matthew, a couple of questions

     

    that seems a general ArubaOS switch document, there are no specific platform limits?

     

    the document has a )1 behind the ACL section on page 245, but on the next page there is no information about 1, is this the same for you? what should it say?



Related Content