Maximum lines/entries for an ACL

ccnastupro · ‎04-18-2009

Hi! I would like to know how many lines (or entries) can I enter for an extended or named ACL in a Cisco router (IOS 12.3)

Also: if you enter one line beyond that amount , what is the router's behaviour, does it overwrite the acl from the beginning or does it trigger an error msg?

Thanks!

lamav · ‎04-18-2009

Hi:

I'm not sure there is a limit. If there is, not only have I never read it anywhere before, but I am positive you will never reach it. No one will.

But here is an interesting study on the effects of ACLs on Cisco router performance.

HTH

Victor

lamav · ‎04-18-2009

http://cd-docdb.fnal.gov/cgi-bin/RetrieveFile?docid=1260&version=4&filename=dynamic_ACL_Paper.pdf

ccnastupro · ‎04-19-2009

Thanks a lot! I also thought so. The thing is I am not connecting to the router by console, I'm using an automated program so, it may write a lot of acls.

This router is a 800 series...

(I am not a hacker...:) )

If limit is about 10.000, well that's almost infinity, but 1000 or 500. Well 1000 it's still a lot but 500, maybe not so much.

I'll have a loook at the paper, thanks!

lamav · ‎04-19-2009

Hi:

Can I ask what you're using this router for that you are worried that 500 lines of access lists may not be enough to support your application?

Thanks

Victor

ccnastupro · ‎04-20-2009

The program I'm talking about writes as many acls as existing IDS alerts :) , for instance existing alerts in a log file.