Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1875
Views
0
Helpful
3
Replies

3750 ACL design

mustafa.s.raza
Beginner
Beginner

‎04-01-2013 01:38 PM - edited ‎03-03-2019 07:01 AM

Hi
The customer is using fourscout security software to authenticate and separate manufacturing and corporate environment.
The catalyst 3750 supports 3000-3500 acl entries.
Currently each host requires an acl entry which will out last ACL limit on 3750 switch. Basically 4000 host/ entries are required.
Since this is more of a design issue , the client is open for recommendations.

One Idea is to create Vlans for x amount of host and have them match ACL or AD authentication and not to worry about mapping each host with individual ACL

What would you recommend? The client will not changes catalyst 3750 switches .

How can we design so that we stay within 3750 ACL list and supports not only 4000 users but also thousands more.

Any help will be greatly appreciated.

Thanks

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
3 Replies 3

Vivek Ruhil
Cisco Employee
Cisco Employee

‎04-04-2013 10:54 PM

Hi Mustafa

It is never a good design to have 4000 ACE in a single ACL. So I guess there are really two options:

1. Modify the ACL to have lower entries use wild card masks to reduce the size of the ACL. I mean its not like that the customer has such a dis-contiguous network that you cannot club entries together. By the way, why such a peculiar requirement ?

2. Like you said, create multiple vlans.

But I would recommend option 1.

0 Helpful