Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Maximum number of lines on access-list 4506 Switch

Hi,

Just wondered if there is a maximum number of lines on an access-list. I currently have an access-list of around 850 lines on a 4506 switch which is becoming unmanageable. I'm concerned we might reach a point where we can add no more lines to the access-list. I'm therefore proposing we give access to whole subnets rather than individual ip's. I just need some ammunition for my proposal so any other reasons why we should reduce its size would be appreciated.

Thanks

2 REPLIES
New Member

Re: Maximum number of lines on access-list 4506 Switch

I have no idea the max number of ACL's you can have. But you do want to minimize the size of this since your switching is going to have to inspect every line of the ACL which is going to have an impact on the CPU (Could cause delay with packets). I would try to bring this size down.

Super Bronze

Re: Maximum number of lines on access-list 4506 Switch

I recall one risk on many switches with large ACLs, you might overflow the TCAM resource. If you do, you'll shift performance from your ASICs to the main supervisor CPU (something you'll want to avoid).

627
Views
10
Helpful
2
Replies