White Papers

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

121

122

123

124

125

126

127

128

129

130

show acl-vlan-group {group-name | detail}

Dell#show acl-vlan-group detail

Group Name :

TestGroupSeventeenTwenty

Egress IP Acl :

SpecialAccessOnlyExpertsAllowed

Vlan Members :

100,200,300

Group Name :

CustomerNumberIdentificationEleven

Egress IP Acl :

AnyEmployeeCustomerElevenGrantedAccess

Vlan Members :

2-10,99

Group Name :

HostGroup

Egress IP Acl :

Group5

Vlan Members :

1,1000

Dell#

Allocating ACL VLAN CAM

CAM optimization for ACL VLAN groups is not enabled by default. You must allocate blocks of ACL VLAN CAM to enable ACL CAM

optimization by using the cam-acl-vlan command.

By default, 0 blocks of CAM are allocated for VLAN services in the VLAN Content Aware Processor (VCAP), an application that modies

VLAN settings before forwarding packets on member interfaces. The cam-acl-vlan {vlanaclopt | vlaniscsi |

vlanopenflow} command allows you to allocate lter processor (FP) blocks of memory for ACL VLAN services: iSCSI counters, Open

Flow, and ACL VLAN optimization.

You can congure CAM allocation for only two of these VLAN services at a time. You can allocate from 0 to 2 FP blocks for each VLAN

service.

To allocate the number of FP blocks for ACL VLAN optimization, enter the cam-acl-vlan vlanaclopt <0-2> command. After you

congure ACL VLAN CAM, reboot the switch to enable CAM allocation for ACL VLAN optimization.

To display the number of FP blocks currently allocated to dierent ACL VLAN services, enter the show cam-acl-vlan command.

To display the amount of CAM space currently used and available for Layer 2 and Layer 3 ACLs on the switch, enter the show cam-

usage command.

Applying an IP ACL to an Interface

To pass trac through a congured IP ACL, assign that ACL to a physical interface, a port channel interface, or a VLAN.

The IP ACL is applied to all trac entering a physical or port channel interface and the trac is either forwarded or dropped depending on

the criteria and actions specied in the ACL.

The same ACL may be applied to dierent interfaces and that changes its functionality. For example, you can take ACL “ABCD” and apply it

using the in keyword and it becomes an ingress access list. If you apply the same ACL using the out keyword, it becomes an egress

access list. If you apply the same ACL to the Loopback interface, it becomes a Loopback access list.

For more information about Layer 3 interfaces, refer to Interfaces.

1 Enter the interface number.

128

Access Control Lists (ACLs)