Hi all, We're looking at L3 switches which have decent L3 packet forwarding performance (wirespeed if possible), a reasonable amount of L4 ACLs/ACEs (an average of at least 80 per port) and comes in a 24-port 10/100 port package with a couple of GBIC slots for uplinking to the core network. OSPF, but no BGP. We've looked at the Cisco 3550-24, but they seem to have "resource exhaustion" issues[1] if you create more than 8 SVI's (i.e. it goes back to software routing). Extreme 200 switches look OK, but are limited to about 1000 ACE[2] (averages 32 rules per port). Allied Telesyn's 8800/Rapier series currently only manage half that figure in hardware and don't support UDP/TCP port ranges in a single ACE[3]. Are our expectations of a 24-port switch too high? Would it be better to move over to higher density switches and put in large amounts of underfloor cabling in large installations and keep putting separate routers and switches into the smaller locations (<100 ports)? Or are L3 switches not a mature product and we should all stick to using switches for L2 and have L3+ dealt with by dedicated routers for the time being? Cheers, Rich [1] http://www.cisco.com/warp/public/473/145.html [2] http://www.extremenetworks.com/libraries/prodpdfs/products/summit200_24_48.a... [3] They do support ranges, but a rule to cover a single range may require multiple ACEs.