ProCurve 2610 Manual page 251

3. Determine which of the existing policies you can remove to free up rule
resources for the ACL policy you want to implement. Depending on your
network topology and configuration, you can free up rule resources by
moving some policies to other devices. Another alternative is to inspect
the switch's existing configuration for inefficient applications that could
be removed or revised to achieve the desired policies with less resource
usage. Table 9-2 on page 9-17 and the information displayed by the access-
list resources help command, can help you to determine the resource usage
of ACL policies.
Example of ACL Resource Usage
This example illustrates how to check for current rule availability, and then
how to create and assign an ACL, and then to verify its effect on rule resources.
(For more detailed information on configuring and applying ACLs, refer to the
later sections of this chapter.)
Viewing the Current Rule Usage
The show access-list resources command displays current information about
rules and resources.
ProCurve(config)# show access-list resources
ACL Resource Usage
Feature
-----------------|-----|-------|---------|--------
cli-acl
idm-acl
Figure 9-5. Example of Rules Used and Resources Used and Required
Standard ACL Using a Subset of the Switch's Ports. Suppose that
ports 1 - 4 belong to the following VLANs:
■ VLAN 1: 10.10.10.1
VLAN 2: 10.10.11.1
■
■ VLAN 3: 10.10.12.1
(Assume that ports 1-4 are tagged members of VLAN 22, although tagged/
untagged ports do not affect ACL operation because ACLs examine all
inbound traffic, regardless of VLAN membership.)
Rules Rules Resources Resources
Used Maximum Used
| 15 | 128 |
| 0 | 128 |
Access Control Lists (ACLs)
Planning an ACL Application
Required
1 | 1
0 | 2
9-19