Ok I will do my best here. The 390s have a limit of about 5000 active ACE entries on the platform at any given time. The 355s are about 600 ACE entries active at any given time, and the 125s unfortunately do not have the TCAM for group policy ACL assignment. That being said, a single 30 line group policy ACL with 100 clients associated to it, will take up 30 entries in the TCAM due to the way the ACLs are applied to the endpoints. This is the same across the 390 and the other platforms that support GPACL (210/225/250/350/355). These do require a RADIUS server to apply them, so you would need to enable at the minimum MAC Auth Bypass to start applying group policies to clients on switching. Hope this helps!
... View more