• September 23, 2020, 01:01:58 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Limitation on number of ACL's per VLAN & ACE's per ERS 8600  (Read 2103 times)

0 Members and 1 Guest are viewing this topic.

Offline Lalitdantu

  • Rookie
  • **
  • Posts: 13
Limitation on number of ACL's per VLAN & ACE's per ERS 8600
« on: February 20, 2014, 02:32:21 AM »
Hi All,

We have recently upgraded ERS 8600 for one of our customers to v7.2.1.1 and had memory related issues on the devices and upon verification found the issue related to the no. of ACL's and ACT attributes.

Once the same have been modified (reduced from 2500 ACE entries to 1400) the network is stable and running fine over the past 1 week.

Need to understand if

a. Can One ACL can be used for multiple VLAN's ?
b. Maximum sustainable number of ACE's that can be used in a ACL.

Pls. suggest.

Thanks in advance.


Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3842
    • michaelfmcnamara
    • Michael McNamara
Re: Limitation on number of ACL's per VLAN & ACE's per ERS 8600
« Reply #1 on: March 02, 2014, 09:38:06 AM »
There is a limitation because these are implemented in hardware but I believe they are dependent on the module (line card) and the CPU/SF. In the early days the CPU/SF did all that evaluation just like the original Cisco routers so the only limit was the CPU/SF and the speed bump to traffic processing.

I'll just refer you to the documentation, http://downloads.avaya.com/css/P8/documents/100128492

Good Luck!
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline Paul L

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 754
    • paulaleroux
    • Paul's Networking blog
Re: Limitation on number of ACL's per VLAN & ACE's per ERS 8600
« Reply #2 on: March 02, 2014, 10:20:43 AM »
fixed for Grammar and facts..

You can create 10,000 aces and 4,000 acts and 4,000 acls. 
However, I remember reading somewhere that there is a finite number of ACE's you can apply to a single port.  I can't find that value.

Regardless. The 8600 was never meant to be used in this fashion. I have lots of customers that ran unto issues once their access lists got too long.  Not because of performance.  But because the rules started contradicting each other.  As a personal rule of thumb. If you need more than 40 access lists on your router you should buy a firewall.

« Last Edit: March 02, 2014, 11:45:02 AM by Paul L »
ACSS- Avaya Enterprise Routing Switch  #8