Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S5000
111112113114115116117118119120
118 | Access Control Lists (ACLs)
www.dell.com | support.dell.com
Test CAM Usage
The test cam-usage command is supported on the S5000 platform. This command applies to the IPv4
ingress CAM partition.
Use this command to determine if sufficient ACL CAM space is available to enable a service-policy.
Create a Class Map with all required ACL rules, then execute the
test cam-usage command in Privilege
mode to verify the actual CAM space required. The example below gives a sample of the output shown
when executing the command. The status column indicates whether or not the policy can be enabled.
Figure 7-1. Command Example: test cam-usage )
Implementing ACLs on Dell Networking OS
You can assign one IP ACL per interface with Dell Networking OS. If an IP ACL is not assigned to an
interface, it is not used by the software in any other capacity.
The number of entries allowed per ACL is hardware-dependent.
If counters are enabled on IP ACL rules that are already configured, those counters are reset when a new
rule is inserted or prepended. If a rule is appended, the existing counters are not affected. This is applicable
to the following features:
L2 Ingress Access list
L2 Egress Access list
L3 Ingress Access list
L3 Egress Access list
ACLs and VLANs
There are some differences when assigning ACLs to a VLAN rather than a physical port. For example,
when using a single port-pipe, if you apply an ACL to a VLAN, one copy of the ACL entries would get
installed in the ACL CAM on the port-pipe. The entry would look for the incoming VLAN in the packet.
Whereas if you apply an ACL on individual ports of a VLAN, separate copies of the ACL entries would be
installed for each port belonging to a port-pipe.
V
Note: IP ACLs are supported over VLANs in Version 6.2.1.1 and higher.
Dell#test cam-usage service-policy input TestPolicy stack-unit all
Stack-unit | Portpipe | CAM Partition | Available CAM | Estimated CAM per Port | Status
------------------------------------------------------------------------------------------
2 | 1 | IPv4Flow | 232 | 0 | Allowed
2 | 1 | IPv6Flow | 0 | 0 | Allowed
4 | 0 | IPv4Flow | 232 | 0 | Allowed
4 | 0 | IPv6Flow | 0 | 0 | Allowed
Dell#