Cisco Community
English
Register
The War in Ukraine - Supporting customers, partners and communities. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
381
Views
0
Helpful
3
Replies
jun.gao
Beginner
Beginner
‎03-15-2012 06:09 AM
‎03-15-2012 06:09 AM

ACL entires capability?

Hi All,

I set up many MAC access-list entires on my Catalyst 3560 (Version 12.2(25)SEB4) to prevent unauthorized computers/devices from accessing network.

mac access-list extended PermittedHost

permit host 0025.6498.65d9 any

permit host f04d.a22d.53ca any

permit host f04d.a22d.54b7 any

permit host f04d.a229.e173 any

permit host b8ac.6f42.cd1a any

permit host 0011.111c.d43c any

permit host 0011.118d.98ac any

permit host 0011.115f.89b7 any

permit host 0013.2080.6779 any

permit host 000d.8846.e468 any

permit host 00c0.02fd.3047 any

......

......

......

interface range FastEthernet 0/2 - 24    // FastEthernet 0/1 is the uplink port

mac access-group PermittedHost in

There have been more than 700 MAC access-list entries in my extended access-list "PermittedHost". I'm worried about the capability of the max access-list entires.

Thanks,

Jun Gao

Labels:
0 Helpful
3 REPLIES 3
v_paranoid
Beginner
Beginner
‎03-20-2012 01:22 AM
‎03-20-2012 01:22 AM

Can't find info of particular number, but suspect that ACL can contain around mac-address-table size.

So it could be up to 12,000 MAC addresses.

You can generate long list and try in a lab :-)

0 Helpful
jun.gao
Beginner
Beginner
In response to v_paranoid
‎03-20-2012 02:21 AM
‎03-20-2012 02:21 AM

Hi v_paranoid, thanks for you reply. So it means I will not be necessary to care the ACL enties capability at all. That's good. BTW, are you from US? It's midnight in US now. Are you still working? :-)

Jun Gao

0 Helpful
v_paranoid
Beginner
Beginner
In response to jun.gao
‎03-20-2012 06:07 AM
‎03-20-2012 06:07 AM

We used to have ACL with around 3000 lines with no problem.

I'm in Russia.

We have though strange problem with long ACL on 6500, while using it for UBRL.

It looked like it once compiled incorrectly and "implicit deny" was somewhere in the middle :-)

Was fixed by reapplying this same ACL.

0 Helpful
Latest Contents
OSPF The Ultimate CCIE Enterprise and Infrastructure Exam av...
Created by Meddane on 05-25-2022 11:03 AM
0
0
0
0
After my first publication of the book OSPF Demystified With RFC in 2014 which goes beyond the CCIE level which explores OSPF from the RFC's perspective. Since one year I had the idea : why not write a book for CCIE Enterprise and Infrastructure to be an ... view more
Upgrade Cisco DNA Center
Created by mclymer on 05-18-2022 12:20 PM
0
0
0
0
Learn more about Cisco DNA Center, Version 2.2.3.4
5-minute Cisco Survey – Enter Gift Card Giveaway!
Created by Robert Murphy on 05-18-2022 11:30 AM
1
10
1
10
Do you use Cisco DNA Center? Have you used and are you willing to provide your feedback in using the Cisco DNA Center help and documentation? If so, we’d like you to complete the survey linked below. Your feedback will help provide more effective and easi... view more
OSPF for CCIE Enterprise and Infrastructure Exam
Created by Meddane on 05-13-2022 02:24 AM
0
0
0
0
The ultimate is coming.  
Cisco Champion Radio: S9|E18 CC Unfiltered: Becoming an Expe...
Created by Amilee San Juan on 05-11-2022 12:57 PM
1
0
1
0
Listen: https://smarturl.it/CCRS9E18Follow us: https://twitter.com/CiscoChampion Reaching the height of your career is no simple feat. It often requires a combination of pursuing the right education, building the right professional network and being ... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad