cisco 3800 router ACL

calvin.wen · ‎01-18-2013

I have a question about ACLs on Cisco 3800 router. I tried to configure extended IP access-list. However, I couldn't add more rules into some of the ACLs when the number of rules increase to about 120 rules. These extended IP access-lists are assigned to gigabit ethernet interface and sub-interface (VLAN interface).

Please advise on the problem here. Is this caused by some kind of maximum number of rules supported?

Thanks a lot for any help.

acampbell · ‎01-18-2013

Calvin,

Looking at several versions of IOS security Config guides from 12.2 to 15.1

Example

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfabout.html

The same paragraph is always seen

"For a single access list, you can define multiple criteria in multiple, separate access list statements. Each of these statements should reference the same identifying name or number, to tie the statements to the same access list. You can have as many criteria statements as you want, limited only by the available memory. Of course, the more statements you have, the more difficult it will be to comprehend and manage your access lists."

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

calvin.wen · ‎01-21-2013

Alex,

Thanks for your reply.

I did a show memory and got this:

show memory

Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)

Processor 62875F00 189309184 24733008 164576176 163573556 159716520

I/O 2DD00000 36699648 10452224 26247424 26081376 25973884

Based on the output above, it should not be available memory's issue, right?

Regards,

Calvin

calvin.wen · ‎01-23-2013

Is there any possible reasons for this issue other than available memory?

Thanks a lot for any suggestion.