After these verification steps are performed, the ACL manager considers the command valid and sends
the information to the ACL agent on the line card. The ACL manager notifies the ACL agent in the
following cases:
• A VLAN member is added or removed from a group and previously associated VLANs exist in the
group.
• The egress ACL is applied or removed from the group and the group contains VLAN members.
• VLAN members are added or deleted from a VLAN, which itself is a group member.
• A line card returns to the active state after going down and this line card contains a VLAN that is a
member of an ACL group.
• The ACL VLAN group is deleted and it contains VLAN members.
The ACL manager does not notify the ACL agent in the following cases:
• The ACL VLAN group is created.
• The ACL VLAN group is deleted and it does not contain VLAN members.
• The ACL is applied or removed from a group and the ACL group does not contain a VLAN member.
• The description of the ACL group is added or removed.
Guidelines for Configuring ACL VLAN Groups
Keep the following points in mind when you configure ACL VLAN groups:
• The interfaces where you apply the ACL VLAN group function as restricted interfaces. The ACL VLAN
group name identifies the group of VLANs that performs hierarchical filtering.
• You can add only one ACL to an interface at a time.
• When you attach an ACL VLAN group to the same interface, validation performs to determine whether
the ACL is applied directly to an interface. If you previously applied an ACL separately to the interface,
an error occurs when you attempt to attach an ACL VLAN group to the same interface.
• The maximum number of members in an ACL VLAN group is determined by the type of switch and its
hardware capabilities. This scaling limit depends on the number of slices that are allocated for ACL
CAM optimization. If one slice is allocated, the maximum number of VLAN members is 256 for all ACL
VLAN groups. If two slices are allocated, the maximum number of VLAN members is 512 for all ACL
VLAN groups.
• The maximum number of VLAN groups that you can configure also depends on the hardware
specifications of the switch. Each VLAN group is mapped to a unique ID in the hardware. The
maximum number of ACL VLAN groups supported is 31. Only a maximum of two components (iSCSI
counters, Open Flow, ACL optimization, and so on) can be allocated virtual flow processing slices at a
time.
• Port ACL optimization is applicable only for ACLs that are applied without the VLAN range.
• If you enable the ACL VLAN group capability, you cannot view the statistical details of ACL rules per
VLAN and per interface. You can only view the counters per ACL only using the
show ip
accounting access list
command.
• Within a port, you can apply Layer 2 ACLs on a VLAN or a set of VLANs. In this case, CAM optimization
is not applied.
Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)
125
Содержание S4820T
Страница 1: ...Dell Configuration Guide for the S4820T System 9 8 0 0 ...
Страница 282: ...Dell 282 Control Plane Policing CoPP ...
Страница 569: ...Figure 62 Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol LACP 569 ...
Страница 572: ...Figure 64 Inspecting a LAG Port on BRAVO Using the show interface Command 572 Link Aggregation Control Protocol LACP ...
Страница 573: ...Figure 65 Inspecting LAG 10 Using the show interfaces port channel Command Link Aggregation Control Protocol LACP 573 ...
Страница 617: ...mac address table static multicast mac address vlan vlan id output range interface Microsoft Network Load Balancing 617 ...
Страница 622: ...Figure 81 Configuring Interfaces for MSDP 622 Multicast Source Discovery Protocol MSDP ...
Страница 623: ...Figure 82 Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol MSDP 623 ...
Страница 624: ...Figure 83 Configuring PIM in Multiple Routing Domains 624 Multicast Source Discovery Protocol MSDP ...
Страница 629: ...Figure 86 MSDP Default Peer Scenario 2 Multicast Source Discovery Protocol MSDP 629 ...
Страница 630: ...Figure 87 MSDP Default Peer Scenario 3 630 Multicast Source Discovery Protocol MSDP ...
Страница 751: ...10 11 5 2 00 00 05 00 02 04 Member Ports Te 1 2 1 PIM Source Specific Mode PIM SSM 751 ...
Страница 905: ...Figure 112 Single and Double Tag First byte TPID Match Service Provider Bridging 905 ...
Страница 979: ...6 Member not present 7 Member not present Stacking 979 ...
Страница 981: ...storm control Storm Control 981 ...
Страница 999: ... Te 1 1 0 INCON Root Rootguard Te 1 2 0 LIS Loopguard Te 1 3 0 EDS Shut Bpduguard Spanning Tree Protocol STP 999 ...
Страница 1103: ...Figure 134 Setup OSPF and Static Routes Virtual Routing and Forwarding VRF 1103 ...