Hi there,
i'm searching the Limit for ACE on different type of switches. After some research found following:
Nexus 9300
|
Feature
|
9300 Series Verified Limit
|
|
DHCP snooping bindings
|
2048
|
|
IPv4 ingress access control entries (ACEs)
|
3072 (per Network forwarding engine)
|
|
IPv4 egress access control entries (ACEs)
|
768 (per Network forwarding engine)
|
|
IPv6 ingress access control entries (ACEs)
|
1536 (per network forwarding engine)
|
|
IPv6 egress access control entries (ACEs)
|
256 (per network forwarding engine)
|
Catalyst 3850
The Catalyst 3850 Data Sheet suggests that 3,000 security ACL entries are supported. However, these rules define how these 3,000 ACEs can be configured:
- IPv4 VACL/vlmap needs two VMR/ACEs. This means 690 ACEs must be supported in each direction.
- IPv4 PACL, RACL, and GACL need one VMR/ACE. This means 1,380 ACEs must be supported in each direction.
- IPv6 PACL, RACL, and GACL need two VMR/ACEs. This means 690 ACEs must be supported in each direction.
Catalyst 9500
Same Limit as 4500-X?
Catalyst 6840-X
|
ACL Entries
|
64K shared for QoS/security
|
------
When configuring the same ACL on different Interfaces, is the TCAM Counter per ACL or per configured ACL on the Interface? In my view it should be per ACE, because it is just the memory.
BR
Michael
