Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
101102103104105106107108109110
User Congurable CAM Allocation
Allocate space for IPV6 ACLs by using the cam-acl command in CONFIGURATION mode.
The CAM space is allotted in lter processor (FP) blocks. The total space allocated must equal 13 FP blocks. (There are 16 FP blocks, but
System Flow requires three blocks that cannot be reallocated.)
Enter the ipv6acl allocation as a factor of 2 (2, 4, 6, 8, 10). All other prole allocations can use either even or odd numbered ranges.
If you want to congure ACL's on VRF instances, you must allocate a CAM region using the vrfv4acl option in the cam-acl command.
Save the new CAM settings to the startup-cong (use write-mem or copy run start) then reload the system for the new settings
to take eect.
CAM Optimization
When you enable this command, if a policy map containing classication rules (ACL and/or dscp/ ip-precedence rules) is applied to more
than one physical interface on the same port-pipe, only a single copy of the policy is written (only one FP entry is used). When you disable
this command, the system behaves as described in this chapter.
Test CAM Usage
This command applies to both IPv4 and IPv6 CAM proles, but is best used when verifying QoS optimization for IPv6 ACLs.
To determine whether sucient ACL CAM space is available to enable a service-policy, use this command. To verify the actual CAM space
required, create a class map with all the required ACL rules, then execute the test cam-usage command in Privilege mode. The
following example shows the output when executing this command. The status column indicates whether you can enable the policy.
Example of the test cam-usage Command
Dell#test cam-usage service-policy input asd stack-unit 1 port-set 0
Stack-unit|Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status
--------------------------------------------------------------------------
1| 1| IPv4Flow| 232| 0|Allowed
Dell#
Implementing ACLs on Dell Networking OS
You can assign one IP ACL per interface. If you do not assign an IP ACL to an interface, it is not used by the software.
The number of entries allowed per ACL is hardware-dependent.
If counters are enabled on ACL rules that are already congured, those counters are reset when a new rule which is inserted or prepended
or appended requires a hardware shift in the ow table. Resetting the counters to 0 is transient as the proginal counter values are retained
after a few seconds. If there is no need to shift the ow in the hardware, the counters are not aected. This is applicable to the following
features:
L2 Ingress Access list
L2 Egress Access list
NOTE
: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher.
Access Control Lists (ACLs) 101