Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4820T
111112113114115116117118119120
CAM Optimization
When you enable this command, if a policy map containing classication rules (ACL and/or dscp/ ip-precedence rules) is applied to
more than one physical interface on the same port-pipe, only a single copy of the policy is written (only one FP entry is used). When
you disable this command, the system behaves as described in this chapter.
Test CAM Usage
This command applies to both IPv4 and IPv6 CAM proles, but is best used when verifying QoS optimization for IPv6 ACLs.
To determine whether sucient ACL CAM space is available to enable a service-policy, use this command. To verify the actual CAM
space required, create a class map with all the required ACL rules, then execute the
test cam-usage command in Privilege mode.
The following example shows the output when executing this command. The status column indicates whether you can enable the
policy.
Example of the
test cam-usage
Command
Dell#test cam-usage service-policy input asd stack-unit 1 port-set 0
Stack-unit|Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status
--------------------------------------------------------------------------
1| 1| IPv4Flow| 232| 0|Allowed
Dell#
Implementing ACLs on Dell Networking OS
You can assign one IP ACL per interface. If you do not assign an IP ACL to an interface, it is not used by the software.
The number of entries allowed per ACL is hardware-dependent.
If counters are enabled on ACL rules that are already congured, those counters are reset when a new rule which is inserted or
prepended or appended requires a hardware shift in the ow table. Resetting the counters to 0 is transient as the proginal counter
values are retained after a few seconds. If there is no need to shift the ow in the hardware, the counters are not aected. This is
applicable to the following features:
L2 Ingress Access list
L2 Egress Access list
NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher.
Assigning ACLs to VLANs
When you apply an ACL to a VLAN using single port-pipe, a copy of the ACL entries gets installed in the ACL CAM on the port-pipe.
The entry looks for the incoming VLAN in the packet. When you apply an ACL on individual ports of a VLAN, separate copies of the
ACL entries are installed for each port belonging to a port-pipe.
You can use the log keyword to log the details about the packets that match. The control processor becomes busy based on the
number of packets that match the log entry and the rate at which the details are logged in. However, the route processor (RP) is
unaected. You can use this option for debugging issues related to control trac.
ACL Optimization
If an access list contains duplicate entries, Dell Networking OS deletes one entry to conserve CAM space.
Standard and extended ACLs take up the same amount of CAM space. A single ACL rule uses two CAM entries to identify whether
the access list is a standard or extended ACL.
Determine the Order in which ACLs are Used to Classify Trac
When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according
to queue priority (queue numbers closer to 0 have lower priorities).
As shown in the following example, class-map cmap2 is matched against ingress packets before cmap1.
Access Control Lists (ACLs)
111