Implementing Acls On Ftos - Dell Force10 C150 Configuration Manual

Ftos configuration guide ftos 8.4.2.7 e-series terascale, c-series, s-series (s50/s25)

Hide thumbs Also See for Force10 C150:

Manual (57 pages)

Manual (66 pages)

Quick start manual (33 pages)

Table of Contents

Figure 8-1. Command Example: test cam-usage (C-Series)

FTOS#test cam-usage service-policy input TestPolicy

------------------------------------------------------------------------------------------

1 | IPv4Flow

1 | IPv6Flow

0 | IPv4Flow

0 | IPv6Flow

Implementing ACLs on FTOS

One IP ACL can be assigned per interface with FTOS. If an IP ACL is not assigned to an interface, it is not

used by the software in any other capacity.

The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for

detailed specification on entries allowed per ACL.

If counters are enabled on IP ACL rules that are already configured, those counters are reset when a new

rule is inserted or prepended. If a rule is appended, the existing counters are not affected. This is applicable

to the following features:

L2 Ingress Access list

L2 Egress Access list

L3 Egress Access list

Note: IP ACLs are supported over VLANs in Version 6.2.1.1 and higher.

ACLs and VLANs

There are some differences when assigning ACLs to a VLAN rather than a physical port. For example,

when using a single port-pipe, if you apply an ACL to a VLAN, one copy of the ACL entries would get

installed in the ACL CAM on the port-pipe. The entry would look for the incoming VLAN in the packet.

Whereas if you apply an ACL on individual ports of a VLAN, separate copies of the ACL entries would be

installed for each port belonging to a port-pipe.

When you use the

Depending on how many packets match the log entry and at what rate, CP might become busy as it has to

log these packets' details. However the other processors (RP1 and RP2) should be unaffected. This option

is typically useful when debugging some problem related to control traffic. We have used this option

numerous times in the field and have not encountered any problems in such usage so far.

ACL Optimization

If an access list contains duplicate entries, FTOS deletes one entry to conserve CAM space.

keyword, CP processor will have to log details about the packets that match.

linecard all

IP Access Control Lists (ACL), Prefix Lists, and Route-maps | 137

Show Quick Links

Table of Contents

Troubleshooting

Implementing Acls On Ftos - Dell Force10 C150 Configuration Manual

Implementing ACLs on FTOS

Hide quick links:

Troubleshooting

Related Manuals for Dell Force10 C150

Related Content for Dell Force10 C150

This manual is also suitable for:

Table of Contents