Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
314
Views
2
Helpful
2
Replies

Allowed number of ACLs on Catalyst and Nexus

Go to solution
daniel-gutierrez
Level 1
Level 1

‎02-26-2025 07:03 PM

I have a specific requirement and I can't find the information that helps me support it. I need to know the following:
How many Access Control Lists (ACLs) can I configure on a Catalyst 9600 with SUP-1? How many Access Control Entries (ACEs) can I configure for each ACL?

How many Access Control Lists (ACLs) can I configure on a Nexus 9504? How many Access Control Entries (ACEs) can I configure for each ACL?

Can anyone help me?

Thanks.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎02-26-2025 10:32 PM

Hello @daniel-gutierrez 

Nexus 9504 switch operates with a hardware architecture that divides resources into slices of ASICS. Each slice can support up to 62 unique ACLs. If an ACL is applied to multiple interfaces, it shares the same label within a slice, provided the ACL entries are identical. However, if each ACL has unique entries, the label limit remains at 62 per slice. To achieve configurations requiring more than 62 ACLs, it's necessary to distribute the ingress interfaces across multiple ASIC slices.

source: https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/102x/configuration/scalability/cisco-nexus-9000-series-nx-os-verified-scalability-guide-1023.html

Now, regarding the number of ACE per ACL, the Nexus 9504's capacity depends on the available TCAM resources. While specific ACE limits per ACL aren't explicitly stated, the overall TCAM space is finite, and complex ACE configurations can consume significant resources...

As concerned C9600 platform, for precise and up-to-date information, consult the latest cisco doc or reach out the support directly. 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

2 Replies 2

Go to solution
M02@rt37
VIP
VIP

‎02-26-2025 10:32 PM

Hello @daniel-gutierrez 

Nexus 9504 switch operates with a hardware architecture that divides resources into slices of ASICS. Each slice can support up to 62 unique ACLs. If an ACL is applied to multiple interfaces, it shares the same label within a slice, provided the ACL entries are identical. However, if each ACL has unique entries, the label limit remains at 62 per slice. To achieve configurations requiring more than 62 ACLs, it's necessary to distribute the ingress interfaces across multiple ASIC slices.

source: https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/102x/configuration/scalability/cisco-nexus-9000-series-nx-os-verified-scalability-guide-1023.html

Now, regarding the number of ACE per ACL, the Nexus 9504's capacity depends on the available TCAM resources. While specific ACE limits per ACL aren't explicitly stated, the overall TCAM space is finite, and complex ACE configurations can consume significant resources...

As concerned C9600 platform, for precise and up-to-date information, consult the latest cisco doc or reach out the support directly. 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
daniel-gutierrez
Level 1
Level 1
In response to M02@rt37

‎02-28-2025 11:46 AM

Thank you very much for your reply, it helped me a lot.

0 Helpful
Customers Also Viewed These Support Documents
Top