Management and Configuration Guide K/KA/KB.15.15
usage in the policy enforcement engine is based on how these features are configured on the
switch:
• Resource usage by dynamic port ACLs and VT is determined as follows:
Dynamic port ACLs configured by a RADIUS server (with or without the optional IDM
application) for an authenticated client determine the current resource consumption for
•
this feature on a specified slot. When a client session ends, the resources in use for that
client become available for other uses.
• A VT configuration (connection-rate filtering) on the switch does not affect switch resources
unless traffic behavior has triggered either a throttling or blocking action on the traffic
from one or more clients. When the throttling action ceases or a blocked client is
unblocked, the resources used for that action are released.
• When the following features are configured globally or per-VLAN, resource usage is applied
across all port groups or all slots with installed modules:
• ACLs
• QoS configurations that use the following commands:
QoS device priority (IP address) through the CLI using the qos device-priority
command
•
• QoS application port through the CLI using qos tcp-port or qos udp-port
• VLAN QoS policies through the CLI using service-policy
• Management VLAN configuration
• DHCP snooping
• Dynamic ARP protection
• Remote mirroring endpoint configuration
• Mirror policies per VLAN through the CLI using monitor service
• Jumbo IP-MTU
• When the following features are configured per-port, resource usage is applied only to the
slot or port group on which the feature is configured:
• ACLs or QoS applied per-port or per-user through RADIUS authentication
• ACLs applied per-port through the CLI using the ip access-group or ipv6
traffic-filter commands
• QoS policies applied per port through the CLI using the service-policycommand
• Mirror policies applied per-port through the CLI using the monitor all service and
service-policycommands
• ICMP rate-limiting through the CLI using the rate-limit icmpcommand
• VT applied to any port (when a high-connection-rate client is being throttled or blocked)
Usage notes for show resources output
• A 1:1 mapping of internal rules to configured policies in the switch does not necessarily exist.
As a result, displaying current resource usage is the most reliable method for keeping track
of available resources. Also, because some internal resources are used by multiple features,
deleting a feature configuration may not increase the amount of available resources.
• Resource usage includes resources actually in use or reserved for future use by the listed
features.
Viewing information on resource usage 73