08-22-2011 05:45 AM
Nexus 5596UP
Regarding RACLs and HSRP
How many HSRP groups does the Layer3 module support ?
The Layer 3 module supports 2048 Racls .. What does that mean`?
Is that the number of entries or the number of acls its supports ( and the acl can be as big as you want? )
Iam looking at but it dont quite understand it...
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/white_paper_c11-682225.pdf
Best Recards
Thomas
Zitcom A/S
08-22-2011 07:32 PM
Thomas,
RACL is an ACL that applies to an interface with an IP address (a layer-3 interface)
Also, HSRP version 1 supports group numbers from 0 to 255. HSRP version 2 supports group numbers from 0 to 4095
For more info refer to this doc:
HTH
Reza
08-22-2011 11:15 PM
Okay..
So the system should support 4096 hrsp groups
But what is a RACL with the 2048 limit
What i mean is
ip access-list st blah
permit ip host 1.1.1.1 host 2.2.2.2
permit ip host 2.2.2.2 host 1.1.1.1
Will this be counted as 1 RACL or 2 RACLs?
08-22-2011 11:19 PM
logically the above counted 1 RACL
as the lines considered ACL entries
08-22-2011 11:22 PM
Okay that sounds great...
Because we need 1 ACL per layer 3 interface with about 10-15 entries in every RACL
08-24-2011 06:45 PM
Not true. You example is 2 RACL. Please see the following output:
switch# sh run int e1/1
!Command: show running-config interface Ethernet1/1
!Time: Fri Aug 19 01:20:56 2011
version 5.0(3)N1(1a)
interface Ethernet1/1
ip access-group test in
no switchport
ip address 1.1.1.1/24
switch# sh run | sec access-list
ip access-list test
10 permit ip 1.1.1.1/32 2.2.2.2/32
20 permit ip 2.2.2.2/32 3.3.3.3/32
30 permit ip 3.0.0.0 255.0.0.0 1.0.0.0/24
switch# sh ip access-list sum
IPV4 ACL test
Total ACEs Configured: 3
Configured on interfaces:
Ethernet1/1 - ingress (Router ACL)
Active on interfaces:
Ethernet1/1 - ingress (Router ACL)
HTH,
jerry
08-25-2011 07:46 AM
Hi Jerry
ACE stand for ACL Entries
you can have 1 ACL with many entries or multiple ACL with multiple entries too
so they are differnt, i am not 100% sure how its being calculated in Nexus but it is clear form the sow Command you provided as it show ACEs
08-25-2011 08:00 AM
Hi Marwanshawi,
I do know that ACE is Access Control Entries.
"The Layer 3 module supports 2048 RACLs"
from my understanding the N5K with L3 is not going to support 2048 different ACL names/number. It should be ACE, but you know what, when we talk about ACE, people will confused that with Application Control Engine.
Regards,
jerry
08-26-2011 12:18 AM
No dont worry the subject is ACL and HSRP
but I believe there should be some specifications of how may ACLs can be configured and how many entries per ACL as a max for example !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide