01-18-2013 10:24 AM - edited 03-07-2019 11:10 AM
I have a question about ACLs on Cisco 3800 router. I tried to configure extended IP access-list. However, I couldn't add more rules into some of the ACLs when the number of rules increase to about 120 rules. These extended IP access-lists are assigned to gigabit ethernet interface and sub-interface (VLAN interface).
Please advise on the problem here. Is this caused by some kind of maximum number of rules supported?
Thanks a lot for any help.
01-18-2013 01:15 PM
Calvin,
Looking at several versions of IOS security Config guides from 12.2 to 15.1
Example
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfabout.html
The same paragraph is always seen
"For a single access list, you can define multiple criteria in multiple, separate access list statements. Each of these statements should reference the same identifying name or number, to tie the statements to the same access list. You can have as many criteria statements as you want, limited only by the available memory. Of course, the more statements you have, the more difficult it will be to comprehend and manage your access lists."
Regards,
Alex.
Please rate useful posts.
01-21-2013 09:32 PM
Alex,
Thanks for your reply.
I did a show memory and got this:
show memory
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 62875F00 189309184 24733008 164576176 163573556 159716520
I/O 2DD00000 36699648 10452224 26247424 26081376 25973884
Based on the output above, it should not be available memory's issue, right?
Regards,
Calvin
01-23-2013 07:22 AM
Is there any possible reasons for this issue other than available memory?
Thanks a lot for any suggestion.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide