Manualshelf

Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8810
331332333334335336337338339340
Chapter 13. ACLs | 337
NETGEAR 8800 User Manual
Error: ACL install operation failed - conditions specified in rule "r1" cannot be
satisfied by hardware on port 3:1
UDF exceeded: This happens in the rare case that the two available user-defined fields
are exceeded on a given chip. UDF fields are used to qualify conditions which are not
natively supported by the hardware. Currently, these include: ICMP Type and ICMP
Code.
Error: ACL install operation failed - user-defined-field (UDF) hardware full for port
3:1
ACL Counters—Shared and Dedicated
You can configure rule compression in ACLs to be either shared or dedicated.
In the dedicated mode, ACL rules that have counters are assigned a separate rule space and
the counter accurately shows the count of matching events. If the ACL with counter is applied
to ports 1 and 2, and 10 packets ingress via port 1 and 20 packets ingress via port 2, the ACL
counter value for ports 1 and 2 is 10 and 20 packets respectively. More space is used and the
process is slower than shared. Dedicated is the default setting
In the shared mode, ACL space is reused even with counters. ACL counters count packets
ingressing via all ports in the whole unit. If the ACL with the counter is applied to ports 1 and
2, and 10 packets ingress via port 1, and 20 packets ingress via port 2, the ACL counter
value is 30 each of ports 1 and 2 instead of 10 and 20. The process is faster—as fast as
applying an ACL without the counters—and saves space.
The shared/dedicated setting is global to the switch; that is, the option does not support
setting some ACL rules with shared counters and some with dedicated counters.
Use the following command to configure the shared or dedicated mode:
configure access-list rule-compression port-counters [shared | dedicated]
Use the following command to view the configuration:
show access-list configuration
The shared or dedicated mode does not affect any ACLs that have already been configured.
Only ACLs entered after the command is entered are affected.
To configure all ACLs in the shared mode, the command must be entered before any ACLs
are configured or have been saved in the configuration when a switch is booted.
Policy-Based Routing
This section describes the following topics:
Layer 3 Policy-Based Redirect on page 338
Layer 2 Policy-Based Redirect on page 339
Policy-Based Redirection Redundancy on page 341