◦
Mirror policies per VLAN through the CLI using monitor service
◦
Jumbo IP-MTU
•
When the following features are configured per-port, resource usage is applied only to the slot or port group on
which the feature is configured:
◦
ACLs or QoS applied per-port or per-user through RADIUS authentication
◦
ACLs applied per-port through the CLI using the ip access-group or ipv6 traffic-filter
commands
◦
QoS policies applied per port through the CLI using the service-policy command
◦
Mirror policies applied per-port through the CLI using the monitor all service and service-
policycommands
◦
ICMP rate-limiting through the CLI using the rate-limit icmp command
Usage notes for show resources output
•
A 1:1 mapping of internal rules to configured policies in the switch does not necessarily exist. As a result,
displaying current resource usage is the most reliable method for keeping track of available resources. Also,
because some internal resources are used by multiple features, deleting a feature configuration may not
increase the amount of available resources.
•
Resource usage includes resources actually in use or reserved for future use by the listed features.
•
"Internal dedicated-purpose resources" include the following features:
◦
Per-port ingress and egress rate limiting through the CLI using rate-limit in/out
◦
Per-port or per-VLAN priority or DSCP through the CLI using qos priority or qos dscp
◦
Per protocol priority through the CLI using qos protocol
•
The "Available" columns display the resources available for additional feature use.
•
The "IDM" column shows the resources used for RADIUS-based authentication.
•
"Meters" are used when applying either ICMP rate-limiting or a QoS policy with a rate-limit class action.
When insufficient resources are available
The switch has ample resources for configuring features and supporting RADIUS-authenticated clients (with or
without the optional IDMapplication).
If the resources supporting these features become fully subscribed:
•
The current feature configuration, RADIUS-authenticated client sessions, and VT instances continue to
operate normally.
•
The switch generates anevent log notice to say that current resources are fully subscribed.
•
Currently engaged resources must be released before any of the following actions are supported:
◦
Modifying currently configured ACLs, IDM, VT, and other software features, such as Management VLAN,
DHCP snooping, and dynamic ARP protection.You can modify currently configured classifier-base QoS and
Chapter 2 Time Protocols
67