This section provides more details on filter scaling numbers for the VOSS platforms.
The switch supports the following maximum limits:
512 non-IPv6 ingress ACLs (inPort, inVSN, or inVlan):
512 ACLs with 1 security ACE each OR
256 ACLs with 1 QoS ACE each OR
a combination based on the following rule:
( (num ACLs + num security ACEs) <= 1024) && ((num ACLs + num QoS ACEs) <= 512)
This maximum implies a VLAN member count of 1 for inVlan ACLs
512 IPv6 ingress ACLs (inPort):
512 ACLs with 1 security ACE each OR
a combination based on the following rule:
(num ACLs + num security ACEs) <= 512
124 egress ACLs (outPort only):
124 ACLs with 1 security ACE each (one of these ACLs can have 2 ACEs) OR
a combination based on the following rule:
(num ACLs + num ACEs) <= 248
This maximum implies a port member count of 1 for outPort ACLs.
1024 ingress ACEs:
Theoretical maximum of 1024 implies 1 ingress ACL with 512 security ACEs and 512 QoS ACEs
Ingress ACEs supported: (512 (security) - # of ACLs) + (512 (QoS) - # of ACLs).
This maximum also implies a VLAN member count of 1 for an inVlan ACL.
247 egress ACEs:
Theoretical maximum of 247 implies 1 egress ACL with 247 security ACEs
Egress ACEs supported: 248 - # of ACLs.
This maximum also implies a port member count of 1 for the outPort ACL.
The switch supports the following maximum limits:
220 IPv4 ingress ACLs
50 IPv4 egress ACLs
128 IPv6 ingress ACLs
1,020 IPv4 ingress ACEs
252 IPv4 egress ACEs
255 IPv6 ingress ACEs
255 IPv6 egress ACEs
The switch supports the following maximum limits:
512 non-IPv6 ingress ACLs (inPort, inVSN, or inVlan):
512 ACLs with 1 security ACE each OR
256 ACLs with 1 QoS ACE each OR
a combination based on the following rule:
( (num ACLs + num security ACEs) <= 1024) && ((num ACLs + num QoS ACEs) <= 512)
This maximum implies a VLAN member count of 1 for inVlan ACLs
512 IPv6 ingress ACLs (inPort):
512 ACLs with 1 security ACE each OR
a combination based on the following rule:
(num ACLs + num security ACEs) <= 512
124 egress ACLs (outPort only):
124 ACLs with 1 security ACE each (one of these ACLs can have 2 ACEs) OR
a combination based on the following rule:
(num ACLs + num ACEs) <= 248
This maximum implies a port member count of 1 for outPort ACLs.
1534 ingress ACEs:
Theoretical maximum of 1534 implies 1 ingress ACL with 1023 security ACEs and 511 QoS ACEs
Ingress ACEs supported: (1024 (security) - # of ACLs) + (512 (QoS) - # of ACLs).
This maximum also implies a VLAN member count of 1 for an inVlan ACL.
247 egress ACEs:
Theoretical maximum of 247 implies 1 egress ACL with 247 security ACEs
Egress ACEs supported: 248 - # of ACLs.
This maximum also implies a port member count of 1 for the outPort ACL.
The switch supports the following maximum limits for ACL scaling:
512 non-IPv6 ingress ACLs (inPort or inVlan):
256 ACLs with 1 Security ACE each + 256 ACLs with 1 QoS ACE each OR
384 ACLs with 1 Security ACE each and/or 1 QoS ACE each OR
a combination based on the following rule:
num ACLs <= 512 && (num ACLs + num Security ACEs) <= 512 && (num ACLs + num QoS ACEs) <= (512 – X) where X = num IPv6 ACLs + num IPv6 ACEs
This maximum implies a single port on inPort ACLs, and a single VLAN on inVlan ACLs.
384 IPv6 ingress ACLs (inPort):
384 IPv6 ACLs with 1 Security ACE each OR
A combination based on the following rule:
num IPv6 ACLs <= 384 && (num IPv6 ACLs + num Security ACEs) <= (768 – X) where X = num non-IPv6 ACLs + num non-IPv6 QoS ACEs
This maximum implies a single port on inPort ACLs.
254 non-IPv6 egress ACLs (outPort):
254 ACLS with 1 Security ACE each OR
A combination based on the following rule:
num ACLs <= 254 && (num ACLs + num Security ACEs) <= 508
This maximum implies a single port on outPort ACLs.
256 IPv6 Egress ACLs (outPort):
256 ACLS with 1 Security ACE each OR
A combination based on the following rule:
num ACLs <= 256 && (num ACLs + num Security ACEs) <= 512
This maximum implies a single port on outPort ACLs.
The switch supports the following maximum limits for ACE scaling:
1,536 non-IPv6 ingress ACEs
This theoretical maximum implies
1 non-IPv6 ingress ACL with 768 Security ACEs and 768 QoS ACEs
no IPv6 ACLs configured
a single port on inPort ACLs, and a single VLAN on inVLAN ACLs
768 IPv6 ingress ACEs
This theoretical maximum implies
1 IPv6 ingress ACL with 768 Security ACEs
no non-IPv6 ACLs configured
a port member count of 1 for inPort ACLs
783 non-IPv6 egress ACEs.
This theoretical maximum implies
1 egress ACL with 783 Security ACEs
a port member count of 1 for outPort ACLs
Non IPv6 egress ACEs supported: 784 - num non-IPv6 egress ACLs
511 IPv6 egress ACEs
This theoretical maximum implies
1 egress ACL with 511 Security ACEs
a port member count of 1 for ourPort ACLs
511 - num IPv6 egress ACLs
The switch supports the following maximum limits:
256 non-IPv6 ingress ACLs (inPort, inVSN, or inVlan):
256 ACLs with 1 security ACE each OR
128 ACLs with 1 QoS ACE each OR
a combination based on the following rule:
( (num ACLs + num security ACEs) <= 512) && ((num ACLs + num QoS ACEs) <= 256)
This maximum implies a VLAN member count of 1 for inVlan ACLs
256 IPv6 ingress ACLs (inPort,):
256 ACLs with 1 security ACE each OR
256 ACLs with 1 QoS ACE each OR
a combination based on the following rule:
(num ACLs + num security ACEs) <= 256
124 egress ACLs (outPort only):
124 ACLs with 1 security ACE each (one of these ACLs can have 2 ACEs)
This maximum implies a port member count of 1 for outPort ACLs.
766 ingress ACEs:
Theoretical maximum of 766 implies 1 ingress ACL with 511 security ACEs and 255 QoS ACEs
Ingress ACEs supported: (512 (security) - # of ACLs) + (256(QoS) - # of ACLs).
This maximum also implies a VLAN member count of 1 for an inVlan ACL.
252 egress ACEs:
Theoretical maximum of 252 implies 1 egress ACL with 252 security ACEs
Egress ACEs supported: 253 - # of ACLs.
This maximum also implies a port member count of 1 for the outPort ACL.
The switch supports a maximum 3,070 non-IPv6 ingress ACEs, 2,047 IPv6 ingress ACEs, and 251 non-IPv6 egress ACEs.
IPv6 ingress and IPv6 egress QoS ACL/Filters are not supported. If you disable an ACL, the ACL state affects the administrative state of all of the ACEs within it.
The switch supports the following maximum limits for ACL scaling:
1,024 non-IPv6 ingress ACLs (inPort, inVlan, or InVSN):
1,024 ACLs with 1 security ACE each OR
a combination based on the following rule:
num of ACLs <= 1,024 AND (num of ACLs + Security ACEs) <= 2,048 AND (num of ACLs + QoS ACEs) <= 1,024
This maximum implies a VLAN member count of 1 for inVlan ACLs.
1,024 IPv6 ingress ACLs (inPort):
1,024 IPv6 ACLs with 1 security ACE each OR
a combination based on the following rule:
num of IPv6 ACLs <= 1,024 AND (num of IPv6 ACLs + Security ACEs) <= 2,048
126 non-IPv6 egress ACLs (outPort):
126 ACLs with 1 Security ACE each OR
a combination based on the following rule:
num ACLs <= 126 AND num ACLs + num security ACEs) <= 252
This maximum implies a port member counter of 1 for outPort ACLs.
The switch supports the following maximum limits for ACE scaling:
3,070 non-IPv6 ingress ACEs:
The theoretical maximum implies the following configuration:
1 non-IPv6 ingress ACL with 2,047 security ACEs and 1,023 QoS ACEs
a VLAN member count of 1 for inVlan ACLs
Non-IPv6 Ingress ACEs supported: [2,048(security) - (num of ACLs)] + [1,024(QoS) - (num of ACLs)]
2,047 IPv6 ingress ACEs:
The theoretical maximum implies the following configuration:
1 IPv6 ingress ACL with 2,047 security ACEs
IPv6 Ingress ACEs supported: [2,048(security) - (num of ACLs)]
251 non-IPv6 egress ACEs:
The theoretical maximum implies the following configuration:
1 egress ACL with 251 security ACEs
a port member count of 1 for outPort ACLs
Non IPv6 egress ACEs supported: 252 - (num egress ACLs)
The switch supports the following maximum limits:
500 IPv4 ingress ACLs
500 IPv4 egress ACLs
500 IPv4 ingress ACEs
500 IPv4 egress ACEs