Maximum lines/entries for an ACL

Unanswered Question
Apr 18th, 2009

Hi! I would like to know how many lines (or entries) can I enter for an extended or named ACL in a Cisco router (IOS 12.3)

Also: if you enter one line beyond that amount , what is the router's behaviour, does it overwrite the acl from the beginning or does it trigger an error msg?

Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lamav Sat, 04/18/2009 - 09:29

Hi:

I'm not sure there is a limit. If there is, not only have I never read it anywhere before, but I am positive you will never reach it. No one will.

But here is an interesting study on the effects of ACLs on Cisco router performance.

HTH

Victor

ccnastupro Sun, 04/19/2009 - 11:04

Thanks a lot! I also thought so. The thing is I am not connecting to the router by console, I'm using an automated program so, it may write a lot of acls.

This router is a 800 series...

(I am not a hacker...:) )

If limit is about 10.000, well that's almost infinity, but 1000 or 500. Well 1000 it's still a lot but 500, maybe not so much.

I'll have a loook at the paper, thanks!

lamav Sun, 04/19/2009 - 12:02

Hi:

Can I ask what you're using this router for that you are worried that 500 lines of access lists may not be enough to support your application?

Thanks

Victor

ccnastupro Mon, 04/20/2009 - 07:09

The program I'm talking about writes as many acls as existing IDS alerts :) , for instance existing alerts in a log file.

Actions

This Discussion