Meraki

Community

Advanced access-list on MS switches

Solved
niroulabh
Getting noticed
‎Jun 17 2023 12:23 PM
‎Jun 17 2023 12:23 PM

Advanced access-list on MS switches

I have unique requirements for access-list on the Meraki switches. Anyone here used the access-list extensively? Please reply.

Labels:
0 Kudos
1 Accepted Solution
In response to PhilipDAth
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jun 18 2023 12:19 AM
‎Jun 18 2023 12:19 AM

ACL's on all switches are stateless.
Switches usually work in a totally stateless way.

However the functionality I find seriously lacking in the MS line is the ability to use separate ACL's per interface and the very small TCAM space you can use.

Even the lower end Catalyst switch has 1500 ACE's + 1000 QoS entries.
So even when using an access list based of a radius session (Filter-ID) in MS switches you are severely limited in ACE's with L4 information and you even have to share it with QoS rules.

 

That's why I'm hoping they will change their stance when MS390's or Catalyst switches are in Meraki persona.

View solution in original post

7 Replies 7
alemabrahao
Kind of a big deal
‎Jun 17 2023 4:18 PM
‎Jun 17 2023 4:18 PM

I didn't understand your question. If you want to know if the ACLs on MS works well the answer is yes.

 

https://documentation.meraki.com/MS/Layer_3_Switching/Configuring_ACLs

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Inderdeep
Kind of a big deal
‎Jun 17 2023 7:11 PM
‎Jun 17 2023 7:11 PM

Yes we are using let us know your question?

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 17 2023 7:37 PM
‎Jun 17 2023 7:37 PM

One of the big limitations is they can have a maximum of 127 entries.  Another is that they are stateless.

In response to PhilipDAth
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jun 18 2023 12:19 AM
‎Jun 18 2023 12:19 AM

ACL's on all switches are stateless.
Switches usually work in a totally stateless way.

However the functionality I find seriously lacking in the MS line is the ability to use separate ACL's per interface and the very small TCAM space you can use.

Even the lower end Catalyst switch has 1500 ACE's + 1000 QoS entries.
So even when using an access list based of a radius session (Filter-ID) in MS switches you are severely limited in ACE's with L4 information and you even have to share it with QoS rules.

 

That's why I'm hoping they will change their stance when MS390's or Catalyst switches are in Meraki persona.

In response to GIdenJoe
niroulabh
Getting noticed
‎Jun 23 2023 8:46 AM
‎Jun 23 2023 8:46 AM

Thanks for your answer and explanation.

0 Kudos
In response to PhilipDAth
niroulabh
Getting noticed
‎Jun 23 2023 8:45 AM
‎Jun 23 2023 8:45 AM

Thanks for the number. Sometimes, I have requirement for more than 127.

0 Kudos
In response to PhilipDAth
niroulabh
Getting noticed
‎Jun 23 2023 9:59 AM
‎Jun 23 2023 9:59 AM

Thanks for the number. Sometimes, I have requirement for more than 127.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.