Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsFN IO Module
111112113114115116117118119120
Access Control List (ACL) VLAN
Groups and Content Addressable
Memory (CAM)
This chapter describes the access control list (ACL) VLAN group and content addressable memory (CAM)
enhancements.
Topics:
Optimizing CAM Utilization During the Attachment of ACLs to VLANs
Guidelines for Configuring ACL VLAN groups
Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters
Viewing CAM Usage
Allocating FP Blocks for VLAN Processes
Optimizing CAM Utilization During the
Attachment of ACLs to VLANs
You can enable and configure the ACL CAM optimization functionality to minimize the number of entries in
CAM while ACLs are applied on a VLAN or a set of VLANs, and also while ACLs are applied on a set of ports.
This capability enables the effective usage of the CAM space when Layer 3 ACLs are applied to a set of VLANs
and when Layer 2 or Layer 3 ACLs are applied on a set of ports.
In releases of Dell Networking OS that do not support the CAM optimization functionality, when an ACL is
applied on a VLAN, the ACL rules are configured with the rule-specific parameters and the VLAN as additional
attributes in the ACL region. When the ACL is applied on multiple VLAN interfaces, the consumption of the
CAM space increases proportionally. For example, when an ACL with ‘n’ number of rules is applied on ‘m’
number of VLAN interfaces, a total of n*m entries are configured in the CAM region that is allocated for ACLs.
Similarly, when an L2 or L3 ACL is applied on a set of ports, a large portion of the CAM space gets used
because a port is saved as a parameter in CAM.
To avoid excessive consumption of the CAM space, configure ACL VLAN groups, which combine all the
VLANs that are applied with the same ACL, into a single group. A class identifier (Class ID) is assigned for each
of the ACLs attached to the VLAN and this Class ID is used as an identifier or locator in the CAM space instead
of the VLAN ID. This method of processing reduces the number of entries in the CAM area significantly and
saves memory space by using the class ID as a filtering criterion in CAM instead of the VLAN ID.
You can create an ACL VLAN group and attach the ACL with the VLAN members. The optimization is
applicable only when you create an ACL VLAN group. If you apply an ACL separately on the VLAN interface,
7
Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) 119