I was recently successful in testing an inbound ACL-based QoS policy on all 24 ports of a Development 2960 catalyst switch. The policy marks DSCP values base on access-list classification. The access-lists in the policy reference layer 3/4 criteria. I wanted to test the QoS policy on the spare 24-port development server before putting the policy into production on a 48-port 2960. However, the 48-port production switch only allowed me to apply the policy to the first few ports. When I tried to apply the policy to about the sixth port, the switched indicated that the policy had failed to be applied to the interface due to hardware limitations.
I have been searching Cisco's website and experimenting with my access-lists, but I can't seem to determine exactly where the limitations lie with regard to the maximum number of ACEs. I have issued the "show sdm" command, but the return only references MAC ACls, IGMP, and secrity ACLs. How do the number of ports on a switch factor into calculating the maximum number of ACEs permited in a policy that is applied to each port? What am I missing here? Any help would be much appreciated.