I was recently successful in testing an inbound ACL-based QoS policy on all 24 ports of a Development 2960 catalyst switch. The policy marks DSCP values base on access-list classification. The access-lists in the policy reference layer 3/4 criteria. I wanted to test the QoS policy on the spare 24-port development server before putting the policy into production on a 48-port 2960. However, the 48-port production switch only allowed me to apply the policy to the first few ports. When I tried to apply the policy to about the sixth port, the switched indicated that the policy had failed to be applied to the interface due to hardware limitations.
I have been searching Cisco's website and experimenting with my access-lists, but I can't seem to determine exactly where the limitations lie with regard to the maximum number of ACEs. I have issued the "show sdm" command, but the return only references MAC ACls, IGMP, and secrity ACLs. How do the number of ports on a switch factor into calculating the maximum number of ACEs permited in a policy that is applied to each port? What am I missing here? Any help would be much appreciated.
I failed to mention in my previous post that the "sdm prefer" is set to QoS on this switch. I reviewed the document that you referenced in the post and it seems to me that the 128 ACE limit is realized when "sdm prefer" is set to default. The document indicates a limit of 384 MAC QoS Access Control Entries when the "sdm prefer" is set to Qos. However, my switch begins to complain of hardware limits and stop allowing me to add policy to interfaces when I have applied 145 ACEs. I am able to apply policy to all of the interfaces using a policy that is reduced to 145 ACES spread out over five access lists. I would like to use more ACEs. But, mostly I would like to understand where the hard limits are in designing QoS policy that references ACLs.
Also, I want to stress that the ACLs used in my policy are extended access lists that reference Layer 3 and Layer 4 criteria. The ACE limits stated in the document that you sent me reference MAC QoS Access Control Entries. Are the limits the same for both MAC ACEs and Layer3/4 extended access lists?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...