This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EOS)
- RE: 7100-Series / ACL / Access Control List / Lim...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
7100-Series / ACL / Access Control List / Limitations
7100-Series / ACL / Access Control List / Limitations
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-31-2017 04:06 PM
We want to transfer a large ACL from a DFE module (with Advanced Licence) to an 7100 (about 300 entries). We can only enter 171 lines, then we're done.
The "show limits" command displays:
Chassis limits:
Application Limit In use Entry size Total Memory
-------------------------------- --------- --------- ------------ ------------
access-lists 256 9 125K 31.3M
access-list-entries 1000 171 160B 156.4K
access-list-entries-per-list 1000 - - -
applied-access-lists 1552 0 110B 165.5K
applied-ipv4-in 256 0 - -
applied-ipv4-out 256 0 - -
applied-ipv6-in 256 0 - -
applied-ipv6-out 256 0 - -
applied-l2-in 256 0 - -
applied-l2-out 256 0 - -
The "show limits resource-profile -verbose" command displays:
Resource Profile: router1
Authenticated Users = 512
MAC Rules = 0
IPV6 Rules = 0
IPV4 Rules = 249
L2 Rules = 175
IPV6 Ingress ACL = 128
IPV6 PBR = 0
IPV4 Ingress ACL = 128
IPV4 PBR = 128
L2 Ingress ACL = 0
IPV6 Egress ACL = 256
IPV4 Egress ACL = 256
L2 Egress ACL = 0
How can we solve the problem (more accepted entries in the ACL)?
The "show limits" command displays:
Chassis limits:
Application Limit In use Entry size Total Memory
-------------------------------- --------- --------- ------------ ------------
access-lists 256 9 125K 31.3M
access-list-entries 1000 171 160B 156.4K
access-list-entries-per-list 1000 - - -
applied-access-lists 1552 0 110B 165.5K
applied-ipv4-in 256 0 - -
applied-ipv4-out 256 0 - -
applied-ipv6-in 256 0 - -
applied-ipv6-out 256 0 - -
applied-l2-in 256 0 - -
applied-l2-out 256 0 - -
The "show limits resource-profile -verbose" command displays:
Resource Profile: router1
Authenticated Users = 512
MAC Rules = 0
IPV6 Rules = 0
IPV4 Rules = 249
L2 Rules = 175
IPV6 Ingress ACL = 128
IPV6 PBR = 0
IPV4 Ingress ACL = 128
IPV4 PBR = 128
L2 Ingress ACL = 0
IPV6 Egress ACL = 256
IPV4 Egress ACL = 256
L2 Egress ACL = 0
How can we solve the problem (more accepted entries in the ACL)?
26 REPLIES 26
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-31-2017 05:15 PM
But why the "show" commands displays 249/1000 possible IPV4 rules and the configuration accepts only 171 rules?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-31-2017 05:15 PM
That error is in the article I posted and caused by using an ACL with UDP port ranges.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-31-2017 05:15 PM
these is the error message:
TOR(rw-config-intf-vlan.0.1001)->ip access-group 101 out
Apply access-group failed: Insufficient resources to apply access-group
TOR(rw-config-intf-vlan.0.1001)->ip access-group 101 out
Apply access-group failed: Insufficient resources to apply access-group
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-31-2017 05:15 PM
Sorry for the issue, you might be encountering a limmitation other than the number of acl. I have one below as an example and am not saying it is your issue but it is an example.
https://gtacknowledge.extremenetworks.com/articles/Solution/7100-Series-Error-Apply-access-group-fai...
Do you get an error message or see an error inthe show logging buffer about the ACL?
https://gtacknowledge.extremenetworks.com/articles/Solution/7100-Series-Error-Apply-access-group-fai...
Do you get an error message or see an error inthe show logging buffer about the ACL?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-31-2017 04:53 PM
there is only the default and router1 profiles.
