[c-nsp] stumped by mac access-list extended resources

Abhishek amande at cisco.com
Mon Dec 6 08:42:33 EST 2004


 The "%Error: Out of Rule Resources" means that the hardware has run out of
resources.
Catalyst 2950 supports 75 ACEs per every 8 ports (specified on 8 port
controllers, 1-8,
9-16, 17-24, etc) and this is a hardware limitation. You need to reduce the
number of ACE
so it would not be more than 75 per 8 ports. The ACEs are implemented on
controllers. A
set of 8 ports use the same controller and that is why the number of ACEs
are limited for
each 8 set of ports (for example, 1-8, 9-16, 17-24, etc. This is already
built in the
switch. Neither memory upgrade nor software upgrade will fix this issue.

Refer to this link about the ACE limitation on 2950:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg
/swacl.htm#wp1075613

The document says:
Fast Ethernet ports support up to 75 ACEs per 1 ACL across a range of 8 Fast
Ethernet
ports. This means that ports 1 to 8 support a combined total of 75 ACEs,
ports 9 to 16
support a combined total of 75 ACEs, and so on.

Regards,
Abhishek

From: <A.L.M.Buxey at lboro.ac.uk>
To: <cisco-nsp at puck.nether.net>
Sent: Monday, December 06, 2004 6:18 AM
Subject: [c-nsp] stumped by mac access-list extended resources


> hi,
>
> I have some 2950t's that I've been putting MAC access-list ACL's onto.
>
> on one 2950t-24 I have put 14 rules onto it
>
> eg
>
> mac access-list extended SYSTEMALLOW
>  permit host xxxx.xxxx.xxxx any
>  permit...
>
> ..etc for 14 hosts
>
>
> on the another 'identical' switch, I get to rule 10 and IOS barfs out a
> "%Error: Out of Rule Resources" when trying to process the 10th rule.
>
> how many MAC ACLs should I be able to do on a 2950t-24 edge switch.
>
> ..and, whats more confusing is that these switches have the same
configuration,
> the one that is up to 14 rules without problem doesnt do any less 'work'
> and the one with problems isnt doing anything special. both have same IOS
> (have tried upgrading/degrading to no avail)  -  12.1(22)EA1
>
> is there some lower-level little bit of hardware that has been improved or
> reduced which may be causing this (the one with problem has a later serial
number)
>
> Alan
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list