Access list entry limit 2811/7206

Unanswered Question
Sep 21st, 2010

I have been looking round the Cisco web site to no avail. Is there any limit on the number of access list entries on either a 2811 or 7206?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bmathesw Wed, 10/06/2010 - 07:01

Hi Paul,

There is no practical upper limit specified for any router. All the  design documents will list general guidelines. As far as I can see no  one has done any experimental research into this area and probably with  good reason. We know that router performance degrades as the average  depth the router has to search for a match increases. But so much  depends on how the ACL is designed in the first place. As performance  degrades to the point where it is unacceptable to the end user, there  are lots of performance tweaks that can be employed to redress this.  Increasing the memory, using switching strategies and using turbo access  lists are all viable solutions to ACL performance issues. From the  stark question of how many access list entries can I have, I would say  around 3000 or so. This is based on the amount of NVRAM available to  store the config. However, having said this, there is no unwritten rule  that says you must store the config there. The router can be configured  to pick up the working config from a TFTP server for instance. Then the  size of the config is only limited by the available DRAM which can be  upgraded to whatever the specified limit is and then we are limited by  the requirements of the other users of DRAM etc etc etc etc. So the only  way that a precise answer will ever be derived is to re-create the  customers access lists in the lab and pump traffic captured from the  customers network through it using a packet generator. In the end, not  worth the aggravation I'd say




This Discussion