Wired Intelligent Edge (Campus Switching and Routing)

New Contributor

Switches supporting dACLs?


Looking at implementing clearpass to push dACLs to switch ports during dot1x wired authentication.  Is there a list of which aruba switches support dACLs?  Or is there a IEEE or RFC that I should be looking for on the switch white papers?  Similarly, TCAM limit for how long/how many acls can be dynamically applied?  Our ACLs tend to be around 150-200 lines long, so pushing them down individually per port might hit a resource limit.  It might push us to applying an ACL pre-populated on the switch called by name in the radius request, but again, need to know what swtiches support this.  Any easy way to look this up to ensure we are buying the right model of Aruba switch or to see what switch lines can meet our needs?

Super Contributor II

Re: Switches supporting dACLs?

Please take a look into this document.


Dacl are supported but today the preferred way is to use user-roles. However, 150-200 acl’s per port is usage and I suppose that the switch is not able to handle this. Your are save when you use up to 20 acl’s per port when you use the 2930 switches. Also keep in mind that the acl is applied per authenticated device and not per port.

If you want more control I suggest you to look into dynamic segmentation.

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Search Airheads
Showing results for 
Search instead for 
Did you mean: