Implementing Acls On Dell Networking Os - Dell S4820T Configuration Manual
Hide thumbs
Also See for S4820T:
- Manual (60 pages) ,
- Installation manual (59 pages) ,
- Configuration manual (1178 pages)
Table of Contents
Advertisement
•
CAM Optimization
User Configurable CAM Allocation
Allocate space for IPV6 ACLs by using the cam-acl command in CONFIGURATION mode.
The CAM space is allotted in filter processor (FP) blocks. The total space allocated must equal 13 FP
blocks. (There are 16 FP blocks, but System Flow requires three blocks that cannot be reallocated.)
Enter the ipv6acl allocation as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either
even or odd numbered ranges.
If you want to configure ACL's on VRF instances, you must allocate a CAM region using the vrfv4acl
option in the cam-acl command.
Save the new CAM settings to the startup-config (use write-mem or copy run start) then reload the
system for the new settings to take effect.
CAM Optimization
When you enable this command, if a policy map containing classification rules (ACL and/or dscp/ ip-
precedence rules) is applied to more than one physical interface on the same port-pipe, only a single
copy of the policy is written (only one FP entry is used). When you disable this command, the system
behaves as described in this chapter.
Test CAM Usage
This command applies to both IPv4 and IPv6 CAM profiles, but is best used when verifying QoS
optimization for IPv6 ACLs.
To determine whether sufficient ACL CAM space is available to enable a service-policy, use this
command. To verify the actual CAM space required, create a class map with all the required ACL rules,
then execute the test cam-usage command in Privilege mode. The following example shows the
output when executing this command. The status column indicates whether you can enable the policy.
Example of the
test cam-usage
Dell#test cam-usage service-policy input TestPolicy linecard all
Linecard|Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status
--------------------------------------------------------------------------
2|
1|
2|
1|
4|
0|
4|
0|
Dell#
Implementing ACLs on Dell Networking OS
You can assign one IP ACL per interface with Dell Networking OS. If you do not assign an IP ACL to an
interface, it is not used by the software in any other capacity.
The number of entries allowed per ACL is hardware-dependent. For detailed specification on entries
allowed per ACL, refer to your line card documentation.
122
Command
IPv4Flow|
IPv6Flow|
IPv4Flow|
IPv6Flow|
232|
0|
232|
0|
0|Allowed
0|Allowed
0|Allowed
0|Allowed
Access Control Lists (ACLs)
Advertisement
Table of Contents
Troubleshooting
