Okay..

So the system should support 4096 hrsp groups

But what is a RACL with the 2048 limit

What i mean is

ip access-list st blah

permit ip host 1.1.1.1 host 2.2.2.2

permit ip host 2.2.2.2 host 1.1.1.1

Will this be counted as 1 RACL or 2 RACLs?

logically the above counted 1 RACL

as the lines considered ACL entries

Okay that sounds great...

Because we need 1 ACL per layer 3 interface with about 10-15 entries in every RACL

Not true. You example is 2 RACL. Please see the following output:

switch# sh run int e1/1

!Command: show running-config interface Ethernet1/1

!Time: Fri Aug 19 01:20:56 2011

version 5.0(3)N1(1a)

interface Ethernet1/1

  ip access-group test in

  no switchport

  ip address 1.1.1.1/24

switch# sh run | sec access-list

ip access-list test

  10 permit ip 1.1.1.1/32 2.2.2.2/32

  20 permit ip 2.2.2.2/32 3.3.3.3/32

  30 permit ip 3.0.0.0 255.0.0.0 1.0.0.0/24

switch# sh ip access-list sum

IPV4 ACL test

        Total ACEs Configured: 3

        Configured on interfaces:

                Ethernet1/1 - ingress (Router ACL)

        Active on interfaces:

                Ethernet1/1 - ingress (Router ACL)

HTH,

jerry

Hi Jerry

ACE stand for ACL Entries

you can have 1 ACL with many entries or multiple ACL with multiple entries too

so they are differnt, i am not 100% sure how its being calculated in Nexus but it is clear form the sow Command you provided as it show ACEs

Hi Marwanshawi,

I do know that ACE is Access Control Entries.

"The Layer 3 module supports 2048 RACLs"

from my understanding the N5K with L3 is not going to support 2048 different ACL names/number. It should be ACE, but you know what, when we talk about ACE, people will confused that with Application Control Engine.

Regards,

jerry

No dont worry the subject is ACL and HSRP

but I believe there should be some specifications of how may ACLs can be configured and how many entries per ACL as a max for example !