Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
71727374757677787980
64 ServerIron ADX NAT64 Configuration Guide
53-1002444-02
ACL entries and the Layer 4 CAM
5
DRAFT: BROCADE CONFIDENTIAL
Displaying the number of Layer 4 CAM entries
To display the number of Layer 4 CAM entries used by each ACL, enter the show access-list all
command.
Syntax: show access-list <acl-num> | <acl-name> | all
The Rule cam use field lists the number of CAM entries used by the ACL or entry. The number of
CAM entries listed for the ACL itself is equal to the total number of the CAM entries used by the
ACL’s entries.
Specifying the maximum number of CAM entries
For rule-based ACLs, you can adjust the allocation of Layer 4 CAM space for use by ACLs, on an IPC
or IGC basis and on 10 Gigabit Ethernet modules. The new allocation applies to all the ports
managed by the IPC or IGC or 10 Gigabit Ethernet module.
Most ACLs require one CAM entry for each ACL entry (rule). The exception is an ACL entry that
matches on more than one TCP or UDP application port. In this case, the ACL entry requires a
separate Layer 4 CAM entry for each application port on which the ACL entry matches.
Make sure you specify a maximum that is equal to or greater than the largest number of entries
required by an ACL applied to any of the ports managed by the same IPC or IGC. For example, if port
1 will have an ACL that requires 250 entries, make sure 250 is the lowest number of entries you
specify for any port on IPC 1 (the IPC that manages ports 1 through 24).
To specify the maximum number of CAM entries the device can allocate for rule-based ACLs, enter
commands such as the following.
ServerIronADX(config)# interface ethernet 1/1
ServerIronADX(config-if-1/1)# ip access-group max-l4-cam 50
This command allows up to 50 ACL entries on each port managed by the IPC or IGC that manages
port 1/1.
Syntax: [no] ip access-group max-l4-cam <num>
The <num> parameter specifies the number of CAM entries and can be from 10 through 2048. The
default value depends on the device.
The command is valid at the interface configuration level. However, the device applies the change
to all ports managed by the same IPC or IGC. Regardless of the port number, when you save the
change to the startup-config file, the CLI applies the command to the first port managed by the IPC
or IGC. For example, if you enter the command on port 3, when you save the configuration change,
the CLI enters the ip access-group max-l4-cam command under port 1 in the startup-config file.
ServerIronADX(config)# show access-list all
Extended IP access list 100 (Total flows: N/A, Total packets: N/A, Total rule cam
use: 3)
permit udp host 192.168.2.169 any (Flows: N/A, Packets: N/A, Rule cam use: 1)
permit icmp any any (Flows: N/A, Packets: N/A, Rule cam use: 1)
deny ip any any (Flows: N/A, Packets: N/A, Rule cam use: 1)