ACL Limitations on MS425

JHO
Here to help

ACL Limitations on MS425

All,

 

I am having issues trying to do full Meraki stack as there is a limitation of 128 ACLs and it seems that you can't create an ACL for 0.0.0.0/0 (but can do destination ANY), which would allow me to just set certain allows and then a default DENY ANY ANY

 

So my question is how do I get around the ACL issue?

7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal

I don't know the answer.  Try asking support if the 128 limit can be increased.

PhilipDAth
Kind of a big deal
Kind of a big deal

ps. You can usually use the word "Any" to represent any traffic destination.

RobertoBonilla
Just browsing

Hello,

 

I'm having the same problem. I can't add more than 128 ACLs, that's a big problem. 

 

I'm trying to find a solution with meraki support but for the moment is not an option. Someone have been add more ACLs?

This is a big issue on MS425 and a big limitation that I don't understand. There is no information about it on datasheet.

 

Someone have find a solution?

 

Thanks in advance, regards.

 

hockeydude
Getting noticed

We ran into the ACL limit years ago, and were told the switches could not handle more than 128 without becoming unstable. Will also add using ACLs compared to MX firewall rules is much more tedious, as you cannot group IPs and/or ports. Major pain in the butt. We ended up moving L3 back to MX, with the exception of some SQL and other server subnets. If I were starting fresh, I probably wouldn't use L3 switch for anything except maybe iSCSI or some other comparable protocol. 

RobertoBonilla
Just browsing

Hello,

finally meraki has not removed the limitation on my dashboard.
I will replace the switch and stop working with Meraki due to limitations.
Thanks for your help.

Regards

BlakeRichardson
Kind of a big deal
Kind of a big deal

@RobertoBonilla thanks for the update, I had the same issue so ended up using another device for my L3 routing. Not sure why they have this limitation but there must be some reason behind it. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Brons2
Building a reputation

You need a Catalyst to do advanced stuff with ACLs, is what I would say.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels