Wired Intelligent Edge

working with portbased access with dynamic / downloable ACLs on a 2530 type switch, it seems it doesn't like the ammount of dynamic / downloadable ACLs we put on it per port. we get errors like "ACL error - insufficient policy engine resources"

the # show qos resources command should give some information about what the maximum ammount should be, i assume they fall under the IDM section? but the result is kinda confusing. over similar switches i see different maximum values.

how can i determine what a switch should be able to handle here?

Greetings!

The number of ACLs supported by the 2530 series switches are listed in Chapter 13 of the Management and Configuration Guide for YA/YB.16.03 (page 245); for quick reference, here are the noted IPv4 ACL limits:

• 2048 named ACLs (both standard and extended)
• 99 numbered standard ACLs
• 100 numbered extended ACLs
• 3072 combined ACEs in all ACLs

For monitoring available ACL resources, you also have the show access-list resources command, which may prove useful in troubleshooting resource availability on the switch.

thank you Matthew, a couple of questions

that seems a general ArubaOS switch document, there are no specific platform limits?

the document has a )1 behind the ACL section on page 245, but on the next page there is no information about 1, is this the same for you? what should it say?