01-29-2017 06:23 AM
working with portbased access with dynamic / downloable ACLs on a 2530 type switch, it seems it doesn't like the ammount of dynamic / downloadable ACLs we put on it per port. we get errors like "ACL error - insufficient policy engine resources"
the # show qos resources command should give some information about what the maximum ammount should be, i assume they fall under the IDM section? but the result is kinda confusing. over similar switches i see different maximum values.
how can i determine what a switch should be able to handle here?
02-06-2017 12:18 PM
The number of ACLs supported by the 2530 series switches are listed in Chapter 13 of the Management and Configuration Guide for YA/YB.16.03 (page 245); for quick reference, here are the noted IPv4 ACL limits:
- 2048 named ACLs (both standard and extended)
- 99 numbered standard ACLs
- 100 numbered extended ACLs
- 3072 combined ACEs in all ACLs
For monitoring available ACL resources, you also have the show access-list resources command, which may prove useful in troubleshooting resource availability on the switch.
Matthew Fern | Technical Marketing Engineer, Campus Networking
Aruba, a Hewlett Packard Enterprise Company
02-19-2017 04:58 AM
thank you Matthew, a couple of questions
that seems a general ArubaOS switch document, there are no specific platform limits?
the document has a )1 behind the ACL section on page 245, but on the next page there is no information about 1, is this the same for you? what should it say?