Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Manipulating SDM templates / increasing QOS ACLs

Hi all,

Cisco 3560 switch running 12.2(25)SEE2 running IPBASE image.

I am encountering an issue where the switch is occasionally exceeding 512 IP4/MAC qos ACLs which seems to cause the switch to reboot with an exception error - nice!

Of the 5 SDM templates available (access, default, dual-ip4-andipv6, ruoting, vlan) I'm currently using default, but all the templates offer a maximum of 512 QOS ACLs.

The switch is pure layer 2 with security and qos ACLs. I don't need the 8K of IP4 unicast routes or 1K of IP4 multicast routes which the current template gives me.

Does anyone know a method of creating your own SDM template with increased QOS ACLs, or any other way of increasing QOS ACLs?

Any replies very gratefully received!



Hall of Fame Super Bronze

Re: Manipulating SDM templates / increasing QOS ACLs

It's a hardware limitation based on the TCAM that comes with those switches.

From the available SDMs, hardware resources get shifted around depending upon your need but I believe there was an engineering reason to offer the same amount of resources for QoS ACLs on all SDM templates.

I'm afraid you can't create your own template. A macro was created to offer you the choices that you've know of.


New Member

Re: Manipulating SDM templates / increasing QOS ACLs

Thanks for confirming my suspicions, I will have to investigate an alternative solution.



New Member

Re: Manipulating SDM templates / increasing QOS ACLs

While there are no templates that go over 512 entries at this time for the 3560. The 3750's do go to 1k on some templates but that's probably because we expect more ports in a stack.

I would open a TAC case on the crash, just because you go over the limit that doesn't mean the switch should be allowed to crash. If you have the tracebacks you could also just post them here and I'll look into it when I have time.

Looking deeper into this, why do you have so many QoS ACLs? Can you share some of the details here as far as what you are trying to do or if you just have lots of ACEs?

If you are performing the same policies on many ports, look at VLAN-based QoS:

If you have lots of ACE's, maybe look into consolidating?

Hope this helps you!