Filter
Top Products
Allocating ACL VLAN CAM
CAM optimization for ACL VLAN groups is not enabled by default. You must allocate blocks of ACL VLAN
CAM to enable ACL CAM optimization by using the cam-acl-vlan command.
By default, 0 blocks of CAM are allocated for VLAN services in the VLAN Content Aware Processor
(VCAP), an application that modifies VLAN settings before forwarding packets on member interfaces. The
cam-acl-vlan {vlanaclopt | vlaniscsi | vlanopenflow} command allows you to allocate
filter processor (FP) blocks of memory for ACL VLAN services: iSCSI counters, Open Flow, and ACL VLAN
optimization.
You can configure CAM allocation for only two of these VLAN services at a time. You can allocate from 0
to 2 FP blocks for each VLAN service.
To allocate the number of FP blocks for ACL VLAN optimization, enter the cam-acl-vlan vlanaclopt
<0-2> command. After you configure ACL VLAN CAM, reboot the switch to enable CAM allocation for
ACL VLAN optimization.
To display the number of FP blocks currently allocated to different ACL VLAN services, enter the show
cam-acl-vlan command.
To display the amount of CAM space currently used and available for Layer 2 and Layer 3 ACLs on the
switch, enter the show cam-usage command.
Applying an IP ACL to an Interface
To pass traffic through a configured IP ACL, assign that ACL to a physical interface, a port channel
interface, or a VLAN.
The IP ACL is applied to all traffic entering a physical or port channel interface and the traffic is either
forwarded or dropped depending on the criteria and actions specified in the ACL.
The same ACL may be applied to different interfaces and that changes its functionality. For example, you
can take ACL “ABCD” and apply it using the in keyword and it becomes an ingress access list. If you apply
the same ACL using the out keyword, it becomes an egress access list. If you apply the same ACL to the
Loopback interface, it becomes a Loopback access list.
For more information about Layer 3 interfaces, refer to Interfaces.
1. Enter the interface number.
CONFIGURATION mode
interface interface {slot/port | port-channel-number}
2. Configure an IP address for the interface, placing it in Layer 3 mode.
INTERFACE mode
ip address ip-address
3. Apply an IP ACL to traffic entering or exiting an interface.
INTERFACE mode
Access Control Lists (ACLs)
105