cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ACL Limitations on MS425

Highlighted
Here to help

ACL Limitations on MS425

All,

 

I am having issues trying to do full Meraki stack as there is a limitation of 128 ACLs and it seems that you can't create an ACL for 0.0.0.0/0 (but can do destination ANY), which would allow me to just set certain allows and then a default DENY ANY ANY

 

So my question is how do I get around the ACL issue?

7 REPLIES 7
Highlighted
Kind of a big deal

Re: ACL Limitations on MS425

I don't know the answer.  Try asking support if the 128 limit can be increased.

Highlighted
Kind of a big deal

Re: ACL Limitations on MS425

ps. You can usually use the word "Any" to represent any traffic destination.

Highlighted
Just browsing

Re: ACL Limitations on MS425

Hello,

 

I'm having the same problem. I can't add more than 128 ACLs, that's a big problem. 

 

I'm trying to find a solution with meraki support but for the moment is not an option. Someone have been add more ACLs?

This is a big issue on MS425 and a big limitation that I don't understand. There is no information about it on datasheet.

 

Someone have find a solution?

 

Thanks in advance, regards.

 

Getting noticed

Re: ACL Limitations on MS425

We ran into the ACL limit years ago, and were told the switches could not handle more than 128 without becoming unstable. Will also add using ACLs compared to MX firewall rules is much more tedious, as you cannot group IPs and/or ports. Major pain in the butt. We ended up moving L3 back to MX, with the exception of some SQL and other server subnets. If I were starting fresh, I probably wouldn't use L3 switch for anything except maybe iSCSI or some other comparable protocol. 

Highlighted
Just browsing

Re: ACL Limitations on MS425

Hello,

finally meraki has not removed the limitation on my dashboard.
I will replace the switch and stop working with Meraki due to limitations.
Thanks for your help.

Regards

Highlighted
Kind of a big deal

Re: ACL Limitations on MS425

@RobertoBonilla thanks for the update, I had the same issue so ended up using another device for my L3 routing. Not sure why they have this limitation but there must be some reason behind it. 

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Highlighted
Building a reputation

Re: ACL Limitations on MS425

You need a Catalyst to do advanced stuff with ACLs, is what I would say.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.