Reference Guide
ports is configured in the CAM based on bitmask boundaries; the space required
depends on exactly what ports are included in the range.
Example
An ACL rule with a TCP port range of 4000 - 8000 uses eight entries in the CAM:
Rule# Data Mask From To #Covered
1 0000111110100000 1111111111100000 4000 4031 32
2 0000111111000000 1111111111000000 4032 4095 64
3 0001000000000000 1111100000000000 4096 6143 2048
4 0001100000000000 1111110000000000 6144 7167 1024
5 0001110000000000 1111111000000000 7168 7679 512
6 0001111000000000 1111111100000000 7680 7935 256
7 0001111100000000 1111111111000000 7936 7999 64
8 0001111101000000 1111111111111111 8000 8000 1
Total Ports: 4001
Example
An ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# Data Mask From To #Covered
1 0000000000000000 1111110000000000 0 1023 1024
Total Ports: 1024
Related
Commands
deny – assigns a filter to deny IP traffic.
deny tcp – assigns a deny filter for TCP traffic.
ipv6 access-group
Assign an IPv6 access-group to an interface.
C-Series, E-Series, S-Series
Syntax
ipv6 access-group access-list-name {in | out} [implicit-permit]
[vlan range]
To delete an IPv6 access-group configuration, use the no ipv6 access-group
access-list-name {in} [implicit-permit] [vlan range] command.
Parameters
access-list-
name
Enter the name of a configured access list, up to 140
characters.
in | out Enter either the keyword in or out to apply the IPv6 ACL to
incoming traffic (ingress) or outgoing traffic (egress).
implicit-permit (OPTIONAL) Enter the keywords implicit-permit to
change the default action of the IPv6 ACL from implicit-deny
to implicit-permit (that is, if the traffic does not match the
IPv6 Access Control Lists (IPv6 ACLs)
1009