cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ACL Limitations on MS425

JHO
Here to help

ACL Limitations on MS425

All,

 

I am having issues trying to do full Meraki stack as there is a limitation of 128 ACLs and it seems that you can't create an ACL for 0.0.0.0/0 (but can do destination ANY), which would allow me to just set certain allows and then a default DENY ANY ANY

 

So my question is how do I get around the ACL issue?

5 REPLIES 5
Kind of a big deal

Re: ACL Limitations on MS425

I don't know the answer.  Try asking support if the 128 limit can be increased.

Kind of a big deal

Re: ACL Limitations on MS425

ps. You can usually use the word "Any" to represent any traffic destination.

New here

Re: ACL Limitations on MS425

Hello,

 

I'm having the same problem. I can't add more than 128 ACLs, that's a big problem. 

 

I'm trying to find a solution with meraki support but for the moment is not an option. Someone have been add more ACLs?

This is a big issue on MS425 and a big limitation that I don't understand. There is no information about it on datasheet.

 

Someone have find a solution?

 

Thanks in advance, regards.

 

Conversationalist

Re: ACL Limitations on MS425

We ran into the ACL limit years ago, and were told the switches could not handle more than 128 without becoming unstable. Will also add using ACLs compared to MX firewall rules is much more tedious, as you cannot group IPs and/or ports. Major pain in the butt. We ended up moving L3 back to MX, with the exception of some SQL and other server subnets. If I were starting fresh, I probably wouldn't use L3 switch for anything except maybe iSCSI or some other comparable protocol. 

Getting noticed

Re: ACL Limitations on MS425

You need a Catalyst to do advanced stuff with ACLs, is what I would say.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.