03-15-2012 06:09 AM - edited 03-07-2019 05:34 AM
Hi All,
I set up many MAC access-list entires on my Catalyst 3560 (Version 12.2(25)SEB4) to prevent unauthorized computers/devices from accessing network.
mac access-list extended PermittedHost
permit host 0025.6498.65d9 any
permit host f04d.a22d.53ca any
permit host f04d.a22d.54b7 any
permit host f04d.a229.e173 any
permit host b8ac.6f42.cd1a any
permit host 0011.111c.d43c any
permit host 0011.118d.98ac any
permit host 0011.115f.89b7 any
permit host 0013.2080.6779 any
permit host 000d.8846.e468 any
permit host 00c0.02fd.3047 any
......
......
......
interface range FastEthernet 0/2 - 24 // FastEthernet 0/1 is the uplink port
mac access-group PermittedHost in
There have been more than 700 MAC access-list entries in my extended access-list "PermittedHost". I'm worried about the capability of the max access-list entires.
Thanks,
Jun Gao
03-20-2012 01:22 AM
Can't find info of particular number, but suspect that ACL can contain around mac-address-table size.
So it could be up to 12,000 MAC addresses.
You can generate long list and try in a lab :-)
03-20-2012 02:21 AM
Hi v_paranoid, thanks for you reply. So it means I will not be necessary to care the ACL enties capability at all. That's good. BTW, are you from US? It's midnight in US now. Are you still working? :-)
Jun Gao
03-20-2012 06:07 AM
We used to have ACL with around 3000 lines with no problem.
I'm in Russia.
We have though strange problem with long ACL on 6500, while using it for UBRL.
It looked like it once compiled incorrectly and "implicit deny" was somewhere in the middle :-)
Was fixed by reapplying this same ACL.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide