09-05-2012 06:54 AM - edited 03-11-2019 04:50 PM
I have a FWSM card running IOS ver 3 code that has reached its ACE limitation. I cannot add any new statements.
So I have some questions regarding this:
1. Does the FWSM count each object defined in a network object group as an individual ACE?
2. Does the FWSM count objects that are within the configuration but not used in ACLs against the ACE count? In other words, if I have a network object group with 300 objects in it, but it isn't being referenced by an ACL, is this being looked at by the FWSM as an ACE?
3. Will replacing a ACE that uses an object group with 250 hosts in it with an ACE that permits (or denies) a subnet with those hosts inside it reduce the ACE aggregate?
Solved! Go to Solution.
09-05-2012 06:57 AM
Colin
As memory serves -
1) the FWSM will expand any line in acl using an object-group into it's individual entries and each will be an ACE so an object-group with 20 entries will amount to 20 ACEs
2) if the object-group is not referenced in an ACL then it will not be counted. Only entries in an ACL are counted as ACEs
3) yes it would reduce it from 250 ACEs to one if you are only using one subnet entry
Jon
09-05-2012 06:57 AM
Colin
As memory serves -
1) the FWSM will expand any line in acl using an object-group into it's individual entries and each will be an ACE so an object-group with 20 entries will amount to 20 ACEs
2) if the object-group is not referenced in an ACL then it will not be counted. Only entries in an ACL are counted as ACEs
3) yes it would reduce it from 250 ACEs to one if you are only using one subnet entry
Jon
09-05-2012 07:59 AM
Do ACL remarks count against the ACE limit?
09-05-2012 08:23 AM
Colin
As far as i know remarks are not counted as ACEs as traffic is not checked against them. I can't find anything definitive in the docs either way though.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide