Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

111

112

113

114

115

116

117

118

119

120

Vlan Members :

2-10,99

Group Name :

HostGroup

Vlan Members :

1,1000

Dell#

Allocating ACL VLAN CAM

CAM optimization for ACL VLAN groups is not enabled by default. You must allocate blocks of ACL VLAN CAM to enable ACL CAM

optimization by using the cam-acl-vlan command.

By default, 0 blocks of CAM are allocated for VLAN services in the VLAN Content Aware Processor (VCAP), an application that modifies

VLAN settings before forwarding packets on member interfaces. The cam-acl-vlan {vlanaclopt | vlaniscsi |

vlanopenflow} command allows you to allocate filter processor (FP) blocks of memory for ACL VLAN services: iSCSI counters, Open

Flow, and ACL VLAN optimization.

You can configure CAM allocation for only two of these VLAN services at a time. You can allocate from 0 to 2 FP blocks for each VLAN

service.

To allocate the number of FP blocks for ACL VLAN optimization, enter the cam-acl-vlan vlanaclopt <0-2> command. After you

configure ACL VLAN CAM, reboot the switch to enable CAM allocation for ACL VLAN optimization.

To display the number of FP blocks currently allocated to different ACL VLAN services, enter the show cam-acl-vlan command.

To display the amount of CAM space currently used and available for Layer 2 and Layer 3 ACLs on the switch, enter the show cam-

usage command.

Applying an IP ACL

To apply an IP ACL (standard or extended) to a physical or port channel interface, use the following commands.

1. Enter the interface number.

CONFIGURATION mode

interface interface slot/port

2. Configure an IP address for the interface, placing it in Layer-3 mode.

INTERFACE mode

ip address ip-address

3. Apply an IP ACL to traffic entering or exiting an interface.

INTERFACE mode

ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range | vrf vrf-range]

[layer3]

NOTE:

• The number of entries allowed per ACL is hardware-dependent. For detailed specification about entries allowed

per ACL, refer to your line card documentation.

• One of the usage scenarios is to avoid ACL being applied on the L2 traffic which comes in via ICL. The layer 3

keyword can be used at the VLAN level.

4. Apply rules to the new ACL.

INTERFACE mode

ip access-list [standard | extended] name

To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use the show running-

config command in EXEC mode.

To filter traffic on Telnet sessions, use only standard ACLs in the access-class command.

Access Control Lists (ACLs)

115