This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EOS)
- 7100-Series / ACL / Access Control List / Limitat...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
7100-Series / ACL / Access Control List / Limitations
7100-Series / ACL / Access Control List / Limitations
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-31-2017 04:06 PM
We want to transfer a large ACL from a DFE module (with Advanced Licence) to an 7100 (about 300 entries). We can only enter 171 lines, then we're done.
The "show limits" command displays:
Chassis limits:
Application Limit In use Entry size Total Memory
-------------------------------- --------- --------- ------------ ------------
access-lists 256 9 125K 31.3M
access-list-entries 1000 171 160B 156.4K
access-list-entries-per-list 1000 - - -
applied-access-lists 1552 0 110B 165.5K
applied-ipv4-in 256 0 - -
applied-ipv4-out 256 0 - -
applied-ipv6-in 256 0 - -
applied-ipv6-out 256 0 - -
applied-l2-in 256 0 - -
applied-l2-out 256 0 - -
The "show limits resource-profile -verbose" command displays:
Resource Profile: router1
Authenticated Users = 512
MAC Rules = 0
IPV6 Rules = 0
IPV4 Rules = 249
L2 Rules = 175
IPV6 Ingress ACL = 128
IPV6 PBR = 0
IPV4 Ingress ACL = 128
IPV4 PBR = 128
L2 Ingress ACL = 0
IPV6 Egress ACL = 256
IPV4 Egress ACL = 256
L2 Egress ACL = 0
How can we solve the problem (more accepted entries in the ACL)?
The "show limits" command displays:
Chassis limits:
Application Limit In use Entry size Total Memory
-------------------------------- --------- --------- ------------ ------------
access-lists 256 9 125K 31.3M
access-list-entries 1000 171 160B 156.4K
access-list-entries-per-list 1000 - - -
applied-access-lists 1552 0 110B 165.5K
applied-ipv4-in 256 0 - -
applied-ipv4-out 256 0 - -
applied-ipv6-in 256 0 - -
applied-ipv6-out 256 0 - -
applied-l2-in 256 0 - -
applied-l2-out 256 0 - -
The "show limits resource-profile -verbose" command displays:
Resource Profile: router1
Authenticated Users = 512
MAC Rules = 0
IPV6 Rules = 0
IPV4 Rules = 249
L2 Rules = 175
IPV6 Ingress ACL = 128
IPV6 PBR = 0
IPV4 Ingress ACL = 128
IPV4 PBR = 128
L2 Ingress ACL = 0
IPV6 Egress ACL = 256
IPV4 Egress ACL = 256
L2 Egress ACL = 0
How can we solve the problem (more accepted entries in the ACL)?
26 REPLIES 26
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-28-2017 04:35 PM
Hello,
The output from "show limits" on 7100-series is not going to be accurate, but more of a place holder as our "theoretical maximum". The values change based on limited hardware resources, and depending on which resource profile is chosen, you are limited to the specifications that are listed in the output "show limits resource-profile -verbose" which will state your limitations. For example, router1 profile:
TOR(su)->show limits resource-profile -verbose
Resource Profile: configured (router1), operational (router1)
Resource Profile: router1
Authenticated Users = 512
MAC Rules = 0
IPV6 Rules = 0
IPV4 Rules = 249
L2 Rules = 175
IPV6 Ingress ACL = 128
IPV6 PBR = 0
IPV4 Ingress ACL = 128
IPV4 PBR = 128
L2 Ingress ACL = 0
IPV6 Egress ACL = 256
IPV4 Egress ACL = 256
L2 Egress ACL = 0
Here would be the default setup if you have not changed the resource profile:
TOR(su)->show limits resource-profile -verboseResource Profile: configured (default), operational (default) Resource Profile: default Authenticated Users = 512 MAC Rules = 128 IPV6 Rules = 127 IPV4 Rules = 249 L2 Rules = 175 IPV6 Ingress ACL = 0 IPV6 PBR = 0 IPV4 Ingress ACL = 0 IPV4 PBR = 0 L2 Ingress ACL = 0 IPV6 Egress ACL = 256 IPV4 Egress ACL = 256 L2 Egress ACL = 0Here is one of our Knowledge Articles briefly going over this:
https://gtacknowledge.extremenetworks.com/articles/Solution/7100-Series-Advanced-Router-Mode-Limitat...
The only things I can think to do is either use a different model switch that has added ACL support or contact us to submit a feature request.
Ryan
The output from "show limits" on 7100-series is not going to be accurate, but more of a place holder as our "theoretical maximum". The values change based on limited hardware resources, and depending on which resource profile is chosen, you are limited to the specifications that are listed in the output "show limits resource-profile -verbose" which will state your limitations. For example, router1 profile:
TOR(su)->show limits resource-profile -verbose
Resource Profile: configured (router1), operational (router1)
Resource Profile: router1
Authenticated Users = 512
MAC Rules = 0
IPV6 Rules = 0
IPV4 Rules = 249
L2 Rules = 175
IPV6 Ingress ACL = 128
IPV6 PBR = 0
IPV4 Ingress ACL = 128
IPV4 PBR = 128
L2 Ingress ACL = 0
IPV6 Egress ACL = 256
IPV4 Egress ACL = 256
L2 Egress ACL = 0
Here would be the default setup if you have not changed the resource profile:
TOR(su)->show limits resource-profile -verboseResource Profile: configured (default), operational (default) Resource Profile: default Authenticated Users = 512 MAC Rules = 128 IPV6 Rules = 127 IPV4 Rules = 249 L2 Rules = 175 IPV6 Ingress ACL = 0 IPV6 PBR = 0 IPV4 Ingress ACL = 0 IPV4 PBR = 0 L2 Ingress ACL = 0 IPV6 Egress ACL = 256 IPV4 Egress ACL = 256 L2 Egress ACL = 0Here is one of our Knowledge Articles briefly going over this:
https://gtacknowledge.extremenetworks.com/articles/Solution/7100-Series-Advanced-Router-Mode-Limitat...
The only things I can think to do is either use a different model switch that has added ACL support or contact us to submit a feature request.
Ryan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-28-2017 07:36 AM
Hi,
yes, we checked - the K-series says for "show limits":
Application Limit In use --------- --------- ------------ ------------
access-lists 1000 9
access-list-entries 5000 212
but why the 7100 says and we cannot reach these limits:
Application Limit In use
-------------------------------- --------- ---------
access-lists 256 9
access-list-entries 1000 180 we where very happy if we can reach 1000 access-list-entries!!! comes these in an new firmware-track?
yes, we checked - the K-series says for "show limits":
Application Limit In use --------- --------- ------------ ------------
access-lists 1000 9
access-list-entries 5000 212
but why the 7100 says and we cannot reach these limits:
Application Limit In use
-------------------------------- --------- ---------
access-lists 256 9
access-list-entries 1000 180 we where very happy if we can reach 1000 access-list-entries!!! comes these in an new firmware-track?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-24-2017 06:18 AM
Hi,
yes, we checked - the K-series says for "show limits":
Application Limit In use --------- --------- ------------ ------------
access-lists 1000 9
access-list-entries 5000 212
but why the 7100 says and we cannot reach these limits:
Application Limit In use
-------------------------------- --------- ---------
access-lists 256 9
access-list-entries 1000 180 we where very happy if we can reach 1000 access-list-entries!!!
yes, we checked - the K-series says for "show limits":
Application Limit In use --------- --------- ------------ ------------
access-lists 1000 9
access-list-entries 5000 212
but why the 7100 says and we cannot reach these limits:
Application Limit In use
-------------------------------- --------- ---------
access-lists 256 9
access-list-entries 1000 180 we where very happy if we can reach 1000 access-list-entries!!!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-23-2017 07:22 PM
K-Series supports 1000 ACLs, ACL rules 5000, and ACL Rules per ACL 1000. It does have more capability of ACL's, but according to release notes it only supports 12 x 10GB ports.
It may be best to contact your Sales rep. and explain the requirements so they can search for the best-fit product for the job.
Ryan
It may be best to contact your Sales rep. and explain the requirements so they can search for the best-fit product for the job.
Ryan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-23-2017 07:03 PM
will try if these can help - but the SSA is´nt an option (not enough 10G-Ports) - can the K-Series work as replacement? which limitations have these?
