Configuring The Compression And Reordering Of Acl Masks; Configuring The Cram Feature From The Cli - Cisco WS-C6506 Software Manual

Chapter 15 Configuring Access Control

Configuring the Compression and Reordering of ACL Masks

The compression and reordering of the ACL masks (CRAM) feature optimizes the mask usage across
the different ACLs. This optimization promotes mask sharing and results in more efficient usage of the
TCAM and the ability to program more ACLs in the TCAM.
The TCAM is used for implementing the ACLs in the hardware. One mask entry is shared among eight
value entries. When programming the ACLs, it is possible to see the error condition where the TCAM is
full and can no longer program any new ACLs into the TCAM hardware. This problem is almost always
caused by a shortage of TCAM masks.
You can run CRAM in two modes. In the manual mode, you execute the feature when desired. In the
automatic mode, the feature is run whenever a TCAM full exception is seen. When the feature is
executed, the new mask ordering is computed and the ACL hardware is programmed accordingly.
Note With software release 8.4(1), CRAM is supported only for the security ACLs. This feature works for the
QoS ACLs but you cannot specifically run the feature on the QoS ACLs.

Configuring the CRAM Feature from the CLI

Note When the CRAM feature is run, the traffic is disrupted (denied) for a period of less than 0.5 seconds
during the programming of the hardware.
This section contains these example procedures:
•
•
•
•
•
OL-8978-04
Disable - statistics are not enabled per ACL
Enable - stats are enabled per ACL
The number shows the VLANs where per-vlan stattistics are enabled
ACL
--------------------------------
ip1
ip2
ip3
Console> (enable)
The fields are described as follows:
Disable: The statistics are not enabled on the ACL.
–
Enable: The statistics are enabled on the ACL.
–
The numbers show the VLANs where per-VLAN statistics are enabled ("2-3" in the example).
–
Enabling a Test Run of the CRAM Feature, page 15-88
Enabling the CRAM Feature Manually, page 15-88
Enabling the Automatic Execution of the CRAM Feature, page 15-88
Displaying the CRAM Feature Status Information, page 15-89
Disabling the CRAM Feature Automatic Mode, page 15-89
Configuring the Compression and Reordering of ACL Masks
Type VLANS (Statistics)
---- ----------------
IP 2-9 (2-3 Enable)
IP 10 (Disable)
IP 11 (Disable)
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
15-87