After upgrading to latest Firmware I get an error about ACL rules?
After upgrading to latest Firmware I get an error about ACL rules?
Hello,
we have setup now finally our new network design:
- OC300 Controller
- ER7206 Router
- 3x TL-SG3428
- 1x TP-Link TL-SX3016F
We have created in total 19 Networks with own VLANs for each of them. Some weeks ago we have test with different clients and Switch ACL rules the separation of the networks and every think worked fine for us. Two days ago, we have upgrade all devices to the latest OC300, ER7206 and Switches. Today we would repeat the test and implement the final networks and ACL rule fot the go Live on friday, but now we can not implement the ACL rules as we get an error message which we had definitely not received before -> Error message: The number of ACL rules has reached the upper limit.
At this time we have created 4 ACL rules
- Main network: LAN block for VLANs and Bidirectional
- VLAN: VLAN1 block for all other VLANs and Bidirectional
- now we would like to create the others VLAN2, VLAN3 etc. but this is not possible anymore
Is there a change in the limitation? On last test we have several ACL rules without any issue. Without this setup we can not rollout our new network what feels like a disaster right now.
Can you please help on this issue?
Many thanks in advanced!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Hank21 Hello,
I have the same problem with ACL and I have the following configuration:
1. ER8411 v1.0 router
2. Controller OC300 1.0
3. Optical Switch TL-SX3016F v1.0 - 2 pcs.
4. Switch TL-SG3452X v1.0 - 3 pcs.
5. Switch TL-SG3428X v1.0 - 21 pcs.
6. Switch TL-SG2428P v4.0 - 28 pcs.
7. Switch TL-SG2218 v1.0 - 14 pcs.
8. EAP225(EU) v4.0 - 90 pcs.
the network has more than 34 VLANs and with this limit of 10 rules it will be very difficult if not impossible to handle the network protection. I request adequate intervention from your side to deal with this problem.
- Copy Link
- Report Inappropriate Content
Hello @AsoBest,
Maybe you set some ACLs which is one Network corresponding to multiple Networks, then multiple ACL entries are also generated in this case. You may access the switch via SSH, and show all ACL rules to check.
You may use the Command "show access-list status" via CLI, the port and protocol you choose when setting up an ACL will both affect the ACL resource calculation, have you tried using the Gateway ACL?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 2657
Replies: 12