Guidelines For Configuring Acl Vlan Groups - Dell S4820T Configuration Manual
Hide thumbs
Also See for S4820T:
- Manual (60 pages) ,
- Installation manual (59 pages) ,
- Configuration manual (1128 pages)
Table of Contents
Advertisement
After these verification steps are performed, the ACL manager considers the command valid and sends
the information to the ACL agent on the line card. The ACL manager notifies the ACL agent in the
following cases:
•
A VLAN member is added or removed from a group and previously associated VLANs exist in the
group.
•
The egress ACL is applied or removed from the group and the group contains VLAN members.
•
VLAN members are added or deleted from a VLAN, which itself is a group member.
•
A line card returns to the active state after going down and this line card contains a VLAN that is a
member of an ACL group.
•
The ACL VLAN group is deleted and it contains VLAN members.
The ACL manager does not notify the ACL agent in the following cases:
•
The ACL VLAN group is created.
•
The ACL VLAN group is deleted and it does not contain VLAN members.
•
The ACL is applied or removed from a group and the ACL group does not contain a VLAN member.
•
The description of the ACL group is added or removed.
Guidelines for Configuring ACL VLAN Groups
Keep the following points in mind when you configure ACL VLAN groups:
•
The interfaces where you apply the ACL VLAN group function as restricted interfaces. The ACL VLAN
group name identifies the group of VLANs that performs hierarchical filtering.
•
You can add only one ACL to an interface at a time.
•
When you attach an ACL VLAN group to the same interface, validation performs to determine whether
the ACL is applied directly to an interface. If you previously applied an ACL separately to the interface,
an error occurs when you attempt to attach an ACL VLAN group to the same interface.
•
The maximum number of members in an ACL VLAN group is determined by the type of switch and its
hardware capabilities. This scaling limit depends on the number of slices that are allocated for ACL
CAM optimization. If one slice is allocated, the maximum number of VLAN members is 256 for all ACL
VLAN groups. If two slices are allocated, the maximum number of VLAN members is 512 for all ACL
VLAN groups.
•
The maximum number of VLAN groups that you can configure also depends on the hardware
specifications of the switch. Each VLAN group is mapped to a unique ID in the hardware. The
maximum number of ACL VLAN groups supported is 31. Only a maximum of two components (iSCSI
counters, Open Flow, ACL optimization, and so on) can be allocated virtual flow processing slices at a
time.
•
Port ACL optimization is applicable only for ACLs that are applied without the VLAN range.
•
If you enable the ACL VLAN group capability, you cannot view the statistical details of ACL rules per
VLAN and per interface. You can only view the counters per ACL only using the show ip
accounting access list command.
•
Within a port, you can apply Layer 2 ACLs on a VLAN or a set of VLANs. In this case, CAM optimization
is not applied.
Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)
125
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
