Manipulating SDM templates / increasing QOS ACLs

Unanswered Question
Dec 21st, 2007
User Badges:

Hi all,

Cisco 3560 switch running 12.2(25)SEE2 running IPBASE image.

I am encountering an issue where the switch is occasionally exceeding 512 IP4/MAC qos ACLs which seems to cause the switch to reboot with an exception error - nice!

Of the 5 SDM templates available (access, default, dual-ip4-andipv6, ruoting, vlan) I'm currently using default, but all the templates offer a maximum of 512 QOS ACLs.

The switch is pure layer 2 with security and qos ACLs. I don't need the 8K of IP4 unicast routes or 1K of IP4 multicast routes which the current template gives me.

Does anyone know a method of creating your own SDM template with increased QOS ACLs, or any other way of increasing QOS ACLs?

Any replies very gratefully received!



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Edison Ortiz Fri, 12/21/2007 - 14:25
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

It's a hardware limitation based on the TCAM that comes with those switches.

From the available SDMs, hardware resources get shifted around depending upon your need but I believe there was an engineering reason to offer the same amount of resources for QoS ACLs on all SDM templates.

I'm afraid you can't create your own template. A macro was created to offer you the choices that you've know of.


george_daly Thu, 12/27/2007 - 01:36
User Badges:

Thanks for confirming my suspicions, I will have to investigate an alternative solution.



johgill Sat, 01/05/2008 - 13:15
User Badges:
  • Bronze, 100 points or more

While there are no templates that go over 512 entries at this time for the 3560. The 3750's do go to 1k on some templates but that's probably because we expect more ports in a stack.

I would open a TAC case on the crash, just because you go over the limit that doesn't mean the switch should be allowed to crash. If you have the tracebacks you could also just post them here and I'll look into it when I have time.

Looking deeper into this, why do you have so many QoS ACLs? Can you share some of the details here as far as what you are trying to do or if you just have lots of ACEs?

If you are performing the same policies on many ports, look at VLAN-based QoS:

If you have lots of ACE's, maybe look into consolidating?

Hope this helps you!


This Discussion