Users Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

121

122

123

124

125

126

127

128

129

130

1,1000

Dell#

Allocating ACL VLAN CAM

CAM optimization for ACL VLAN groups is not enabled by default. You must allocate blocks of ACL VLAN CAM to enable ACL

CAM optimization by using the

cam-acl-vlan command.

By default, 0 blocks of CAM are allocated for VLAN services in the VLAN Content Aware Processor (VCAP), an application that

modifies VLAN settings before forwarding packets on member interfaces. The cam-acl-vlan {vlanaclopt | vlaniscsi

| vlanopenflow} command allows you to allocate filter processor (FP) blocks of memory for ACL VLAN services: iSCSI

counters, Open Flow, and ACL VLAN optimization.

You can configure CAM allocation for only two of these VLAN services at a time. You can allocate from 0 to 2 FP blocks for

each VLAN service.

To allocate the number of FP blocks for ACL VLAN optimization, enter the cam-acl-vlan vlanaclopt <0-2> command.

After you configure ACL VLAN CAM, reboot the switch to enable CAM allocation for ACL VLAN optimization.

To display the number of FP blocks currently allocated to different ACL VLAN services, enter the show cam-acl-vlan

command.

To display the amount of CAM space currently used and available for Layer 2 and Layer 3 ACLs on the switch, enter the show

cam-usage

command.

Applying an IP ACL to an Interface

To pass traffic through a configured IP ACL, assign that ACL to a physical interface, a port channel interface, or a VLAN.

The IP ACL is applied to all traffic entering a physical or port channel interface and the traffic is either forwarded or dropped

depending on the criteria and actions specified in the ACL.

The same ACL may be applied to different interfaces and that changes its functionality. For example, you can take ACL “ABCD”

and apply it using the in keyword and it becomes an ingress access list. If you apply the same ACL using the out keyword, it

becomes an egress access list. If you apply the same ACL to the Loopback interface, it becomes a Loopback access list.

For more information about Layer 3 interfaces, refer to Interfaces.

1 Enter the interface number.

CONFIGURATION mode

interface interface {slot/port | port-channel-number}

2 Configure an IP address for the interface, placing it in Layer 3 mode.

INTERFACE mode

ip address ip-address

3 Apply an IP ACL to traffic entering or exiting an interface.

INTERFACE mode

ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range]

NOTE: The number of entries allowed per ACL is hardware-dependent. For detailed specification about entries allowed

per ACL, refer to your line card documentation.

4 Apply rules to the new ACL.

INTERFACE mode

ip access-list [standard | extended] name

Access Control Lists (ACLs) 121