Wireless Access

Reply
Contributor I

Validuser ACL limits

Does anyone know if there is a limit or threshold to how many entries can be processed by the Validuser ACL? We have over 300 subnets that we will need to put in a whiitelist. At what point does this list or ACL affect the processor or impact performance? We are currently running 6.1.2.6 on M3 controllers. Any advice is appreciated.
Colleen Szymanik
------------------------------------
University of Pennsylvania
Network Engineer
(215)573-2628
Occasional Contributor I

Re: Validuser ACL limits

Our validuser acl for our large section of campus has 100 ace entries, we were able to supernet things down to save on the ace entries. We aren't seeing problems at that level, but doesn't really answer your question. Any of that address space contiguous?

 

Garrett Harmon

Ohio State University

Occasional Contributor II

Re: Validuser ACL limits

The validuser ACL also supports non-contiguous masks which helped me shrink the length of my whitelist significantly.

Contributor I

Re: Validuser ACL limits

We've had issues with subnet gateway addresses becoming entries in the user table, effectively bringing down that network segment.  So, I don't want to aggregate the individual subnets because I don't feel that I will have protection against something like that happening again.  I was thinking to use the netdestination idea as white listing all our valid networks and denying some specific hosts and subnets on a smaller range.  I have an open ticket with support on it, but it's very slow moving.  

 

Thanks to both of you for advice! 

Colleen Szymanik
------------------------------------
University of Pennsylvania
Network Engineer
(215)573-2628
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: