HPE Community
Switches, Hubs, and Modems
1752819 Members
4220 Online
108789 Solutions
New Discussion юеВ

Re: Access Control Lists

 
Lee Bailey_1
Occasional Advisor

тАО06-12-2008 06:12 AM

тАО06-12-2008 06:12 AM

Access Control Lists

Hello,

A very general question...

Is there any kind of limit on the number of access control entries for an access control list? I'm trying an ACL that contains approx 185 entries on a Procurve 5406zl switch. All seems to work for a couple of minutes before traffic stops being passed over the filtered port until I removed the ACL from it.

Thanks, Lee.
0 Kudos
9 REPLIES 9
Pieter 't Hart
Honored Contributor

тАО06-19-2008 02:58 AM

тАО06-19-2008 02:58 AM

Re: Access Control Lists

FAQ's says :
>>> Named (Extended or Standard) ACLs: Up to 2048 (minus any numeric ACL assignments)
Numeric Standard ACLs: Up to 99; numeric range: 1 - 99
Numeric Extended ACLs: Up to 100; numeric range: 100 - 199
Total ACEs in all ACLs: Depends on the combined resource usage by ACL, QoS, IDM, Virus-Throttling, ICMP, and Management VLAN features <<<

So as there can be 2048 ACL's i dont think 185 entries for one acl wil be a serious problem. maybe there is an option to "compile" the acl so it takes less resources.

check whatlogging is enabled, especially for the console port, maybe the switch is flooded with log entries.
0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-19-2008 03:30 AM

тАО06-19-2008 03:30 AM

Re: Access Control Lists

hi Lee
you want write acl on switch no directed write

before you make write on notepad your acl complate all acl entry on notepad after copy to switch

cenk.
cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-19-2008 03:50 AM

тАО06-19-2008 03:50 AM

Re: Access Control Lists

because
Procurve switch each two second auto write mem command so copy run config to startup config

you make write acl during tree or four entry (2second)write startup config and running rule on switch one after another write this command meseems crash switch.

cenk
cenk

0 Kudos
Lee Bailey_1
Occasional Advisor

тАО06-20-2008 01:57 AM

тАО06-20-2008 01:57 AM

Re: Access Control Lists

Hi Cenk,

Your English is far better than my Turkish but I am struggling to understand what you are saying. I've created my ACL on notepad first and copied it across to the switch. I have then applied the ACL to a port and done a write mem. Can you explain what you think is crashing the switch?

Many thanks, Lee.
0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-22-2008 05:29 AM

тАО06-22-2008 05:29 AM

Re: Access Control Lists

soryy Lee my english speak very bad
but you have very smart bucause you can understand me
congratulations...

many vendor advice acl entry write notepad after copy device
because
copy existing in switch acl command to notepad and write new acl entry on notepad after back to copy in switch because all acl entry learning is switch same time

you can write one after another acl command on switch Procurve switch make otomaticaly wr mem command a few secont
you can entry acl commad directly on switch ,switch is same time learning this rule (copy running config to startup config with otomaticaly)and running this rule on switch.

you make one after another this acl entry 185 times...........switch learning one rule during you can write two,tree,four,five .......rule on switch
switch make learning and running after againg learing running againg learning and runnin rules (185 times)

you make must be one time learning switch all acl rule therefore you make use notepad method


please you make test

cenk
cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-22-2008 02:27 PM

тАО06-22-2008 02:27 PM

Re: Access Control Lists

do you understand me ?
cenk

0 Kudos
Lee Bailey_1
Occasional Advisor

тАО06-22-2008 11:58 PM

тАО06-22-2008 11:58 PM

Re: Access Control Lists

Hi Cenk,

I'm still not sure...

I've created the acl on notepad (all 185 lines) and copied to the switch and applied to an interface.

I'm not entering the ACLs line by line on the switch.

Thanks, Lee.
0 Kudos
Pieter 't Hart
Honored Contributor

тАО06-23-2008 12:04 AM

тАО06-23-2008 12:04 AM

Re: Access Control Lists

Lee, i think Cenk does not address your problem.
His solution is for when you have problems entering a long ACL beacuse when uploading the acl the autowrite-timer interferes with the upload.
You describe the problem as allready having an acl with 185 lines and the switch stops functioning at some time.
0 Kudos
cenk sasmaztin
Honored Contributor

тАО06-23-2008 04:22 AM

тАО06-23-2008 04:22 AM

Re: Access Control Lists

yes Lee you understand me true

please you send me switch sh tech print

cenk
cenk

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.