System Basics Introduction
...
acl-sap-ingress
mac-match-enable max
ipv4-match-enable 1
no ipv6_128-ipv4-match-enable
ipv6_64-only-match-enable max
exit
...
In the above example CLI, the system will take the following actions:
•
•
•
•
•
In the example-2 above, the user can execute no ipv4-match-enable to disable use of ipv4-criteria.
The system checks if there are SAPs using ipv4-criteria and fails the command if one exists; else it
the chunk freed, is for use with either mac-criteria or ipv6-64-bit criteria. The entire chunk is
allocated to mac-criteria, if the first SAP that needs resources requests for mac-criteria and there
are no entries in the chunk already allocated to mac-criteria, leaving no more resources for use by
ipv6-64-bit criteria or the entire chunk is allocated to ipv6-64-bit criteria, if the first SAP that
Page 250
3
System allocates 3 chunks for use by the SAP ingress ACL entries. These resources are
available for use with mac-criteria, ipv4-criteria and ipv6-64-bit match criteria.
System allocates 1 chunk for use by SAP ingress ACL entries using ipv4-criteria. The
system fails the configuration when the number of ACL entries using ipv4-criteria
exceeds the configured limit (that is, the system does not allocate in excess of the
configured limit of 1 chunk).
System allocates 1 chunk for use by SAP ingress ACL entries using mac-criteria when the
user associates an ingress ACL policy (with mac-criteria entries defined) with a SAP. The
system can allocate more chunks, as the user has specified the 'max' keyword, if a chunk
is available for use. In this particular example, (assuming user configures a SAP with a
ingress ACL policy that uses ipv6-64-bit criteria), as there are no more chunks available,
mac-criteria cannot allocate more than 1 chunk (even though it specifies the max
keyword). The system fails the configuration when the number of ACL entries with mac-
criteria exceeds the limit of 1 chunks allocated to SAP ingress ACL mac-criteria (that is,
the system does not allocate in excess of the configured limit of 3 chunks = 1 for mac-
criteria + for ipv4-criteria + 1 for ipv6-criteria).
System allocates a chunk for use by SAP ingress ACL entries using ipv6-64-bit criteria
when user associates an ingress ACL policy (with ipv6-64-bit-criteria entries defined)
with a SAP. The system can allocate more chunks, as the user has specified the 'max'
keyword. In this particular example, as there are no more chunks available, ipv6-64-bit
criteria cannot allocate more than 1 chunk (even though it specifies the max keyword).
The system fails the configuration when the number of ACL entries with ipv6-64-bit
criteria exceeds the limit of one chunk allocated to SAP ingress ACL match (that is, the
system does not allocate in excess of the configured limit of 3 chunks = 1 for mac-criteria
+ 1 for ipv4-criteria + 1 for ipv6-64-bit criteria).
The system fails the user attempt to use SAP ingress ACLs with ipv6-128 bit match
criteria (and the other combinations listed above), as the user has disabled use of these
criteria.
7210 SAS M, T, X, R6 Basic System Configuration Guide