This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EOS)
- 7100-Series / ACL / Access Control List / Limitat...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
7100-Series / ACL / Access Control List / Limitations
7100-Series / ACL / Access Control List / Limitations
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-31-2017 04:06 PM
We want to transfer a large ACL from a DFE module (with Advanced Licence) to an 7100 (about 300 entries). We can only enter 171 lines, then we're done.
The "show limits" command displays:
Chassis limits:
Application Limit In use Entry size Total Memory
-------------------------------- --------- --------- ------------ ------------
access-lists 256 9 125K 31.3M
access-list-entries 1000 171 160B 156.4K
access-list-entries-per-list 1000 - - -
applied-access-lists 1552 0 110B 165.5K
applied-ipv4-in 256 0 - -
applied-ipv4-out 256 0 - -
applied-ipv6-in 256 0 - -
applied-ipv6-out 256 0 - -
applied-l2-in 256 0 - -
applied-l2-out 256 0 - -
The "show limits resource-profile -verbose" command displays:
Resource Profile: router1
Authenticated Users = 512
MAC Rules = 0
IPV6 Rules = 0
IPV4 Rules = 249
L2 Rules = 175
IPV6 Ingress ACL = 128
IPV6 PBR = 0
IPV4 Ingress ACL = 128
IPV4 PBR = 128
L2 Ingress ACL = 0
IPV6 Egress ACL = 256
IPV4 Egress ACL = 256
L2 Egress ACL = 0
How can we solve the problem (more accepted entries in the ACL)?
The "show limits" command displays:
Chassis limits:
Application Limit In use Entry size Total Memory
-------------------------------- --------- --------- ------------ ------------
access-lists 256 9 125K 31.3M
access-list-entries 1000 171 160B 156.4K
access-list-entries-per-list 1000 - - -
applied-access-lists 1552 0 110B 165.5K
applied-ipv4-in 256 0 - -
applied-ipv4-out 256 0 - -
applied-ipv6-in 256 0 - -
applied-ipv6-out 256 0 - -
applied-l2-in 256 0 - -
applied-l2-out 256 0 - -
The "show limits resource-profile -verbose" command displays:
Resource Profile: router1
Authenticated Users = 512
MAC Rules = 0
IPV6 Rules = 0
IPV4 Rules = 249
L2 Rules = 175
IPV6 Ingress ACL = 128
IPV6 PBR = 0
IPV4 Ingress ACL = 128
IPV4 PBR = 128
L2 Ingress ACL = 0
IPV6 Egress ACL = 256
IPV4 Egress ACL = 256
L2 Egress ACL = 0
How can we solve the problem (more accepted entries in the ACL)?
26 REPLIES 26
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-23-2017 07:03 PM
we need round about 40 x 1000TX + 12 x 10G + 250 extended ACL...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-23-2017 07:03 PM
What about an S1A with SK8008-1224-F8 ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-23-2017 06:23 PM
With a clean slate configuration (just single l3 interface) and using router-profile 'router1' I was able to create an ACL that had 200 lines in it, however the total amount of ACL lines that can be applied at any given time is not to exceed 128
Say you have an ACL that is 24 lines (add 1 due to implicit deny all at the end, so 25). You can apply that to five layer-3 interfaces (25 * 5 = 125). If you try applying to a sixth interface, it will jump to 150 applied ACL Lines.
The 7100-Series is limited in it's resources and is more aimed towards top of rack solution for datacenter switching. A good replacement for DFE S-Series would be an SSA which has the resource for more ACL's and PBR setup.
Ryan
Extreme Networks
Say you have an ACL that is 24 lines (add 1 due to implicit deny all at the end, so 25). You can apply that to five layer-3 interfaces (25 * 5 = 125). If you try applying to a sixth interface, it will jump to 150 applied ACL Lines.
The 7100-Series is limited in it's resources and is more aimed towards top of rack solution for datacenter switching. A good replacement for DFE S-Series would be an SSA which has the resource for more ACL's and PBR setup.
Ryan
Extreme Networks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-23-2017 05:18 AM
is there any chance to configure more than 180 ACL-rules? how?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-20-2017 06:34 AM
does somebopdy know why the switch shows:
IPV4 Rules = 249
or
Chassis limits:Application Limit In use Entry size Total Memory
-------------------------------- --------- --------- ------------ ------------
access-lists 256 9 125K 31.3M
access-list-entries 1000 180 160B 156.4K
and we ended at 180 ACL-entries?
IPV4 Rules = 249
or
Chassis limits:Application Limit In use Entry size Total Memory
-------------------------------- --------- --------- ------------ ------------
access-lists 256 9 125K 31.3M
access-list-entries 1000 180 160B 156.4K
and we ended at 180 ACL-entries?
