1. Manuals
  2. Brands
  3. Brocade Communications Systems Manuals
  4. Switch
  5. ServerIron ADX 12.4.00a
  6. Security manual

Acl Entries And The Layer 4 Cam; Aging Out Of Entries In The Layer 4 Cam; Displaying The Number Of Layer 4 Cam Entries - Brocade Communications Systems ServerIron ADX 12.4.00a Security Manual

Version 12.4.00a
Hide thumbs
Table of Contents

Advertisement

1. The system-max for Ip-filter-sys value must be set to 4096.
2. The Ip access-group max-l4-cam parameter must be set to 4096 on the interface that the ACL
3. Execute the write memory command to save the running configuration to the startup-config
The actual number of ACLs you can configure and store in the startup-config file depends on the
amount of memory available on the device for storing the startup-config. To store 4096 ACLs in the
startup-config file requires at least 250K bytes, which is larger than the space available on a
device's flash memory module.
You can load ACLs dynamically by saving them in an external configuration file on flash card or TFTP
server, then loading them using one of the following commands.
copy tftp running-config <ip-addr> <filename>
ncopy tftp <ip-addr> <from-name> running-config
In this case, the ACLs are added to the existing configuration.

ACL entries and the Layer 4 CAM

Rule-based ACLs both use Layer 4 CAM entries.

Aging out of entries in the Layer 4 CAM

On a ServerIron ADX device, the device permanently programs rule-based ACLs into the CAM. The
entries never age out.

Displaying the number of Layer 4 CAM entries

To display the number of Layer 4 CAM entries used by each ACL, enter the following command.
ServerIronADX(config)# show access-list all
Extended IP access list 100 (Total flows: N/A, Total packets: N/A, Total rule cam
use: 3)
permit udp host 192.168.2.169 any (Flows: N/A, Packets: N/A, Rule cam use: 1)
permit icmp any any (Flows: N/A, Packets: N/A, Rule cam use: 1)
deny ip any any (Flows: N/A, Packets: N/A, Rule cam use: 1)
Syntax: show access-list <acl-num> | <acl-name> | all
The Rule cam use field lists the number of CAM entries used by the ACL or entry. The number of
CAM entries listed for the ACL itself is the total of the CAM entries used by the ACL's entries.
ServerIron ADX Security Guide
53-1002440-03
ServerIronADX(config)# system-max ip-filter-sys 4096
will be applied
ServerIronADX(config)# interface ethernet 1
ServerIronADX(config-if-e1000-1)# ip access-group max-l4-cam 4096
reload the ServerIron ADX.
ACL entries and the Layer 4 CAM
2
53

Advertisement

Table of Contents
loading

Related Manuals for Brocade Communications Systems ServerIron ADX 12.4.00a

Related Content for Brocade Communications Systems ServerIron ADX 12.4.00a

This manual is also suitable for:

Serveriron adx 1000Serveriron adx 4000Serveriron adx 8000Serveriron adx 10000

Table of Contents