Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentBlackDiamond G48Ta
81828384858687888990
Open Issues, Known Behaviors, and Resolved Issues
ExtremeXOS 12.5.4 Release Notes
86
ACL
PD3-77983510 Summit X450a and Summit X450e series switches and BlackDiamond 8800 a-series and
e-series modules provide more powerful ACL capabilities. Because of this, the amount
and complexity of ACL rules will naturally impact the time needed to process and apply
the ACL rules to the switch. This will also impact switch bootup time. Access Control List
limitations fall into two areas: physical and virtual.
Physical Limits—Summit X450a and Summit X450e series switches:
The per-VLAN, wildcard (port any), and single-port access list installation limitations are
1,024 rules for the Summit X450e and 2048 rules for the Summit X450a.
Physical Limits—BlackDiamond 8800 a-series and e-series modules:
The per-VLAN, wildcard (port any), and single-port access list installation limitations are
1,024 rules for the e-series modules, and 2048 rules for the a-series modules.
Extreme Networks recommends that you configure ACLs as per-VLAN, wildcard, or
single-port. If either of the following is true, you will have to configure ACLs with multi-
port lists:
Your application requires that ports do not have a homogeneous ACL policy.
When BlackDiamond 8800 original series modules are operational in the same chassis, it
may be necessary to configure ACLs to specific port-lists instead of as wildcard or per-
VLAN. This is because the original series modules have smaller physical limits.
Virtual Limits—Summit X450a and Summit X450e series switches:
When configuring a multi-port ACL, use the following guideline. The total ACL count (as
calculated by ACL rules times ports applied to) should not exceed 48,000 total ACL
rules.
For example, applying a 1,000 rule policy file to a 48 port multi-port list is supported
(1,000 rules * 48 ports in the list <= 48,000).
Virtual Limits—BlackDiamond 8800 a-series and e-series modules:
When configuring a multi-port ACL, use the following guideline. For any a-series or e-
series blade in the system, its total ACL count (as calculated by ACL rules times ports
applied to) should not exceed 48,000 total ACL rules.
For example, applying a 1,000 rule policy file to a 48 port multi-port list on an a-series
module on slot 1 and an e-series module in slot 2 is fine. Neither module exceeds the
48,000 total ACL rules.
Excessive boot times and CPU resource starvation can be seen with larger total rule
counts. If your application requires additional capacity, contact Extreme Networks.
Network Login
PD4-1653484241 Network login cannot authenticate MAC addresses on more than 10 VLANs.
Table 39: Known Behaviors, Platform-Specific and Feature PDs (Continued)
PD Number Description