Is there a limitation on the number of access-lists I can use my 2600 series router?
access-list 1 permit 10.5.0.0 0.0.0.255
access-list 2 permit 10.5.1.0 0.0.0.255
access-list 3 permit 10.5.2.0 0.0.0.255
access-list 4 permit 10.5.4.0 0.0.0.255
access-list 5 permit 10.5.5.0 0.0.0.255
access-list 6 permit 10.5.6.0 0.0.0.255
access-list 7 permit 10.5.7.0 0.0.0.255
This is what I am using? Is there a more consolidated way to do this?
Depends on the purpose of the access-list(s). If you are using the access-lists above for a singular purpose, you could consolidate them to something like the following:
access-list 1 permit 10.5.0.0 0.0.7.255
But like I said, it really depends on what you are using the access-lists for.
As for the limit, I'm not sure. I guess it depends on available memory, and some other factors.
Thank you DelVonte. The purpose of the acces list is to allow the lan to communicate to the Internet via the router. I see what you are saying about the importance of knowing the purpose.
If I was going to Vlan the subnetworks then I would want to leave them separate other wise I can combine them. Is that correct?
from 2600 series
<1-99> IP standard access list
<100-199> IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<700-799> 48-bit MAC address access list
dynamic-extended Extend the dynamic ACL abolute timer
rate-limit Simple rate-limit specific access list
yeah, but unless you are working in a fairly large network you probably wont use those, but a large network can have hundreds of acl's - Wendell Odom even made the comment that he has heard of people with full time jobs doing nothing but access lists for their company.
Shoot me now!
Hey DV...Hmmm...I just realized I dont understand ACLS like I thought I did.
We can have total of 798 Standard Access Lists, or 798 Extended Access lists; but if you create a named ACL, which indicates no limit, numerically, what actually is the limit?
If I choose to name it, I have no idea...I CAN choose a number if I want to... but its ONE OR THE OTHER - as shown here:
R1(config)#ip access-list standard ?
<1-99> Standard IP access-list number
<1300-1999> Standard IP access-list number (expanded range)
WORD Access-list name
If using "named" ACLs the maximum number allowed is limitless. I suppose there is a maximum based on IOS version maybe, but I have never really checked that out.
Another case is that if you platform supports trubo ACLs you should turn on the feature with the "access-list compiled" command inside the global configuration mode. This will not work with special/advanced ACL, but will enhance the lookups of the lines of your normal ACLs. I think that will increase the amount of ACL and lines your platform have.