Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1437
Views
5
Helpful
2
Replies

ACL limitation on Cisco 4431 IST running Cisco IOS XE Software, Version 03.16.04b.S - Extended Support Release //Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE

rajkumardamera
Level 1
Level 1

‎09-05-2019 04:19 AM

Hi,

 

Where can I get the details of ACL limitation on Cisco 4431 IST running Cisco IOS XE Software, Version 03.16.04b.S - Extended Support Release //Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE

Labels:
0 Helpful
2 Replies 2

Julio E. Moisa
VIP
VIP

‎09-05-2019 05:01 AM - edited ‎09-05-2019 05:14 AM

Hi

 

 

  • The max ACL limit range configurable is 1 to 216.

  • The max ace limit range per ACL configurable is 1 to 232.

  • The max global ace limit range configurable is 1 to 232.

  • The acl-ace-limit set is applicable to all the ACLs that are already configured and will be configured.

 

 

Try executing the following command:

show access-list acl-limit

 

Also visit this website: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-16/sec-data-acl-xe-16-book/sec-data-acl-xe-16-book_chapter_010101.html




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

rajkumardamera
Level 1
Level 1
In response to Julio E. Moisa

‎09-05-2019 05:24 AM

Hi Julio,

 

Thank you for your response.

Is the link provided applicable for Cisco 4000 ISR router with the version in subject.

 

I was going through the below document under 'Security: Access Control List' which gives a different figures under the limitations.

 

Restrictions for Creating an IP Access List and Applying It to an Interface

The following restrictions apply when configuring IPv4 and IPv6 access control lists (ACLs)

  • Application control engine (ACE)-specific counters are not supported.

     

  • Layer 3 IPv4 and IPv6 ACLs are not supported on the same interface.

     

  • MAC ACLs are not supported on Ethernet flow points (EFPs) or trunk EFP interfaces to which Layer 3 IPv4 or IPv6 ACLs are applied.

     

  • A maximum of 500 ACEs per ACL are supported.

     

  • IPv4 and IPv6 ACLs are not currently supported on EFP interfaces. IPv4 and IPv6 ACLs are supported on physical interfaces, bridge-domain interfaces, and port-channel interfaces.

     

  • Layer 4 port-range functionality expands into Ternary Content-Addressable Memory (TCAM). IPv4 ACL scale is limited to 1K TCAM, Layer 2 ACL scale is limited to 1K TCAM entries.

     

  • ACL counters or statistics are not supported in Cisco ASR 900 RSP3 Module.

     

  • Object-groups are not supported with IP ACLs.

     

  • IPv6 ACL is not supported in Cisco ASR 900 RSP3 Module.

     

  • Outbound ACL is not supported in Cisco ASR 900 RSP3 Module.

  •  

https://www.cisco.com/c/en/us/support/routers/4000-series-integrated-services-routers-isr/products-installation-and-configuration-guides-list.html

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card