Rules in the first classifier are set up with an action to set class_id. Rules in the second classifier are setup to use the class_id as the key to match on the identity specific policies. The class_id is the common attribute between the two classifiers/tables, uniquely identifies the role of the identity.
This feature introduces one new ACL action modifier for specifying the class-id from the first stage that will be input into the second stage. It also introduces one new ACL match criteria for matching the class-id within the second stage.
When a rule is installed in the first stage ACL table, it will be accounted for in the "Stage: LOOKUP" section of "show access-list usage acl-slice". When a rule is installed in the second stage ACL table, it will be accounted for in the "Stage: INGRESS" section of this command. For example:
X460G2-48x-10G4.9 # show access-list usage acl-slice port 1 Ports 1-54 Stage: INGRESS Slices: Used: 0 Available: 16 Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 4) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 5) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 6) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 7) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 8) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 9) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 10) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 11) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 12) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 13) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 14) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 15) Rules: Used: 0 Available: 256 Stage: EGRESS Slices: Used: 0 Available: 4 Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 256 Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 256 Stage: LOOKUP Slices: Used: 0 Available: 4 Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 512 Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 512 Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 512 Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 512 Stage: EXTERNAL Virtual Slice : (*) Physical slice not allocated to any virtual slice. X460G2-48x-10G4.10 #
First Stage ACL Support Actions
| Platform Family | Platform | Permit | Deny | Count | Replace-dot1p-value | qosprofile | Replace-dot1p |
|---|---|---|---|---|---|---|---|
| Summit | X430 | N/A | N/A | N/A | N/A | N/A | N/A |
| X440 | N/A | N/A | N/A | N/A | N/A | N/A | |
| X450-G2 | Y | Y | Y | Y | Y | Y | |
| X460 | Y | Y | Y | Y | Y | Y | |
| X460-G2 | Y | Y | Y | Y | Y | Y | |
| X480 | Y | Y | N | Y | Y | Y | |
| X670 | Y | Y | Y | Y | Y | Y | |
| X670-G2 | Y | Y | Y | Y | Y | Y | |
| X770 | Y | Y | Y | Y | Y | Y | |
| Black Diamond 8K | G48Xc | Y | Y | N | N | N | N |
| G48Tc | Y | Y | N | N | N | N | |
| G48Te2 | Y | Y | N | N | N | N | |
| G24Xc | Y | Y | N | N | N | N | |
| 10G4Xc | Y | Y | N | N | N | N | |
| 10G8Xc | Y | Y | N | N | N | N | |
| S-G8Xc | Y | Y | N | N | N | N | |
| S-10G1Xc | Y | Y | N | N | N | N | |
| S-10G2Xc | Y | Y | N | N | N | N | |
| 8900-10G24X-c | Y | Y | N | Y | Y | Y | |
| xl-series | Y | Y | N | Y | Y | Y | |
| 8900-G96T-c | Y | Y | N | Y | Y | Y | |
| 8900-40G6X-c | Y | Y | Y | Y | Y | Y | |
| 8500-series | N/A | N/A | N/A | N/A | N/A | N/A | |
| Black Diamond X8 | BDXA-series | Y | Y | Y | Y | Y | Y |
| BDXB-series | Y | Y | Y | Y | Y | Y | |
| BDXC-series | Y | Y | Y | Y | Y | Y |
Print
this page
Email this topic
Feedback
View PDF
Download EPUB