Implementing Acls On Dell Networking Os - Dell Z9500 Configuration Manual
Z-series core and aggregation switche
Hide thumbs
Also See for Z9500:
- Command reference manual (1905 pages) ,
- Reference manual (1849 pages) ,
- Installation manual (47 pages)
Table of Contents
Advertisement
User Configurable CAM Allocation
Allocate space for IPV6 ACLs by using the cam-acl command in CONFIGURATION mode.
The CAM space is allotted in filter processor (FP) blocks. The total space allocated must equal 13 FP blocks. (There are 16 FP
blocks, but System Flow requires three blocks that cannot be reallocated.)
Enter the ipv6acl allocation as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered
ranges.
If you want to configure ACL's on VRF instances, you must allocate a CAM region using the vrfv4acl option in the cam-acl
command.
Save the new CAM settings to the startup-config (use write-mem or copy run start) then reload the system for the new
settings to take effect.
Test CAM Usage
This command applies to both IPv4 and IPv6 CAM profiles, but is best used when verifying QoS optimization for IPv6 ACLs.
To determine whether sufficient ACL CAM space is available to enable a service-policy, use this command. To verify the actual
CAM space required, create a class map with all the required ACL rules, then execute the test cam-usage command in
Privilege mode. The following example shows the output when executing this command. The status column indicates whether
you can enable the policy.
Example of the
test cam-usage
Dell#test cam-usage service-policy input TestPolicy linecard all
Linecard|Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status
--------------------------------------------------------------------------
2|
1|
2|
1|
4|
0|
4|
0|
Dell#
Implementing ACLs on Dell Networking OS
You can assign one IP ACL per interface. If you do not assign an IP ACL to an interface, it is not used by the software.
The number of entries allowed per ACL is hardware-dependent.
If counters are enabled on ACL rules that are already configured, those counters are reset when a new rule which is inserted or
prepended or appended requires a hardware shift in the flow table. Resetting the counters to 0 is transient as the proginal
counter values are retained after a few seconds. If there is no need to shift the flow in the hardware, the counters are not
affected. This is applicable to the following features:
•
L2 Ingress Access list
•
L2 Egress Access list
NOTE:
IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher.
Command
IPv4Flow|
IPv6Flow|
IPv4Flow|
IPv6Flow|
232|
0|
232|
0|
0|Allowed
0|Allowed
0|Allowed
0|Allowed
Access Control Lists (ACLs)
96
Advertisement
Table of Contents
Troubleshooting
