This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

7100-Series / ACL / Access Control List / Limitations

7100-Series / ACL / Access Control List / Limitations

networks
New Contributor

‎01-31-2017 04:06 PM

We want to transfer a large ACL from a DFE module (with Advanced Licence) to an 7100 (about 300 entries). We can only enter 171 lines, then we're done.

The "show limits" command displays:

Chassis limits:
Application Limit In use Entry size Total Memory
-------------------------------- --------- --------- ------------ ------------
access-lists 256 9 125K 31.3M
access-list-entries 1000 171 160B 156.4K
access-list-entries-per-list 1000 - - -
applied-access-lists 1552 0 110B 165.5K
applied-ipv4-in 256 0 - -
applied-ipv4-out 256 0 - -
applied-ipv6-in 256 0 - -
applied-ipv6-out 256 0 - -
applied-l2-in 256 0 - -
applied-l2-out 256 0 - -

The "show limits resource-profile -verbose" command displays:

Resource Profile: router1
Authenticated Users = 512
MAC Rules = 0
IPV6 Rules = 0
IPV4 Rules = 249
L2 Rules = 175
IPV6 Ingress ACL = 128
IPV6 PBR = 0
IPV4 Ingress ACL = 128
IPV4 PBR = 128
L2 Ingress ACL = 0
IPV6 Egress ACL = 256
IPV4 Egress ACL = 256
L2 Egress ACL = 0

How can we solve the problem (more accepted entries in the ACL)?
0 Kudos
26 REPLIES 26

networks
New Contributor

‎01-31-2017 04:42 PM

But why the "show" commands displays 249/1000 possible IPV4 rules and the configuration accepts only 171 rules?

Helps to use an profile other than router1?
0 Kudos

Daniel_Coughlin
Extreme Employee

‎01-31-2017 04:27 PM

I would suggest consolidating the rule base as much as possible. There are limited resources allowed for acl's even with the router1 profile selected. The 7100 was intended as a top of rack switch.
0 Kudos
GTM-P2G8KFN