Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

2960 QoS ACL Hardware Limit

I was recently successful in testing an inbound  ACL-based QoS policy on all 24 ports of a Development 2960 catalyst switch.  The policy marks DSCP values base on access-list classification.  The access-lists in the policy reference layer 3/4 criteria.  I wanted to test the QoS policy  on the spare 24-port development server before putting the policy into production on a 48-port 2960.  However, the 48-port production switch only allowed me to apply the policy to the first few ports. When I tried to apply the policy to about the sixth port, the switched indicated that the policy had failed to be applied to the interface due to hardware limitations.

I have been searching Cisco's website and experimenting with my access-lists, but I can't seem to determine exactly where the limitations lie with regard to the maximum number of ACEs.  I have issued the "show sdm" command, but the return only references MAC ACls, IGMP, and secrity ACLs.  How do the number of ports on a switch factor into calculating the maximum number of ACEs permited in a policy that is applied to each port?  What am I missing here?  Any help would be much appreciated.

Cisco Employee

Re: 2960 QoS ACL Hardware Limit


As per the above document, it seems like the 2960 supports 128 QoS ACE's. ACE on every interface will be treated as a seperate ACE.

Hope this helps.



Community Member

Re: 2960 QoS ACL Hardware Limit


Thanks for the post.

I failed to mention in my previous post that the "sdm prefer" is set to QoS on this switch. I reviewed the document that you referenced in the post and it seems to me that the 128 ACE limit is realized when "sdm prefer" is set to default. The document indicates a limit of 384 MAC QoS Access Control Entries when the "sdm prefer" is set to Qos. However, my switch begins to complain of hardware limits and stop allowing me to add policy to interfaces when I have applied 145 ACEs. I am able to apply policy to all of the interfaces using a policy that is reduced to 145 ACES spread out over five access lists. I would like to use more ACEs. But, mostly I would like to understand where the hard limits are in designing QoS policy that references ACLs.

Also, I want to stress that the ACLs used in my policy are extended access lists that reference Layer 3 and Layer 4 criteria. The ACE limits stated in the document that you sent me reference MAC QoS Access Control Entries. Are the limits the same for both MAC ACEs and Layer3/4 extended access lists?

Thanks for your help.

CreatePlease to create content