Feature Description

Rules in the first classifier are set up with an action to set class_id. Rules in the second classifier are setup to use the class_id as the key to match on the identity specific policies. The class_id is the common attribute between the two classifiers/tables, uniquely identifies the role of the identity.

This feature introduces one new ACL action modifier for specifying the class-id from the first stage that will be input into the second stage. It also introduces one new ACL match criteria for matching the class-id within the second stage.

When a rule is installed in the first stage ACL table, it will be accounted for in the "Stage: LOOKUP" section of show access-list usage acl-slice port port . When a rule is installed in the second stage ACL table, it is accounted for in the "Stage: INGRESS" section of this command. For example:

# show access-list usage acl-slice port 1
Ports 1-54
Stage: INGRESS
Slices:          Used: 0  Available: 16
Virtual Slice  * (physical slice  0) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  1) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  2) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  3) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  4) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  5) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  6) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  7) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  8) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  9) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice 10) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice 11) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice 12) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice 13) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice 14) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice 15) Rules:   Used:      0  Available:    256
Stage: EGRESS
Slices:          Used: 0  Available: 4
Virtual Slice  * (physical slice  0) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  1) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  2) Rules:   Used:      0  Available:    256
Virtual Slice  * (physical slice  3) Rules:   Used:      0  Available:    256
Stage: LOOKUP
Slices:          Used: 0  Available: 4
Virtual Slice  * (physical slice  0) Rules:   Used:      0  Available:    512
Virtual Slice  * (physical slice  1) Rules:   Used:      0  Available:    512
Virtual Slice  * (physical slice  2) Rules:   Used:      0  Available:    512
Virtual Slice  * (physical slice  3) Rules:   Used:      0  Available:    512
Stage: EXTERNAL

Virtual Slice :  (*) Physical slice not allocated to any virtual slice.
5420F-48P-4XE.10 #

Limitations

Table 1. First-Stage ACL Support Actions
Platform Permit Deny Count Replace-dot1p-value qosprofile Replace-dot1p
4120 Y Y Y Y Y Y
4220 Y Y Y Y Y Y
ExtremeSwitching 5320 Y Y Y Y Y Y
Extreme 7520 Y Y Y Y Y Y
Extreme 7720 Y Y Y Y Y Y