Determining Logical Operation Unit Usage - Cisco 6500 Series Software Configuration Manual

Guidelines and Restrictions for Using Layer 4 Operators in ACLs

Determining Logical Operation Unit Usage

Logical operation units (LOUs) are registers that store operator-operand couples. All ACLs use LOUs.
There can be up to 32 LOUs; each LOU can store two different operator-operand couples with the
exception of the range operator. LOU usage per Layer 4 operation is as follows:
•
•
•
•
•
For example, this ACL would use a single LOU to store two different operator-operand couples:
... Src gt 10 ...
... Dst gt 10
A more detailed example follows:
ACL1
... (dst port) gt 10 permit
... (dst port) lt 9 deny
... (dst port) gt 11 deny
... (dst port) neq 6 permit
... (src port) neq 6 deny
... (dst port) gt 10 deny
ACL2
... (dst port) gt 20 deny
... (src port) lt 9 deny
... (src port) range 11 13 deny
... (dst port) neq 6 permit
The Layer 4 operations and LOU usage is as follows:
•
•
•
An explanation of the LOU usage follows:
•
•
•
•
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
23-4
gt uses 1/2 LOU
lt uses 1/2 LOU
neq uses 1/2 LOU
range uses 1 LOU
eq does not require a LOU
ACL1 Layer 4 operations: 5
ACL2 Layer 4 operations: 4
LOUs: 4
LOU 1 stores "gt 10" and "lt 9"
LOU 2 stores "gt 11" and "neq 6"
LOU 3 stores "gt 20" (with space for one more)
LOU 4 stores "range 11 13" (range needs the entire LOU)
Chapter 23 Configuring Network Security
78-14099-04