Slice and Rule Use by Feature
A number of slices and
rules are used by features present on the switch. You consume these resources when the
feature is enabled.
- dot1p examination - enabled by default - 1 slice, 8 rules per
chip
- Slice A (F1=Port-list, F2=MACDA, MACSA, Etype, VID,
F3=packet-type)
- IGMP (Internet Group Management Protocol) snooping - enabled by default
- 2 slice, 2 rules
- Slice A (F1=Port-list, F2=MACDA, MACSA, Etype,
VID, F3=packet-type)
- Slice B (F1=Port-list, F2=MACDA, MACSA, Etype,
VID, F3=IP-Proto, TOS)
- VLAN (Virtual LAN) without IP configured - 2
rules - 2 slices
- Slice A (F1=Port-list, F2=MACDA, MACSA, Etype,
VID, F3=packet-type)
- Slice C (F1=Port-list, F2=SIP, DIP, IP-proto,
L4SP, L4DP, DSCP, F3=packet-type)
- IP interface - disabled by default - 2 slices, 3 rules (plus
IGMP snooping rules above)
- Slice A (F1=Port-list, F2=MACDA, MACSA, Etype, VID,
F3=packet-type)
- Slice C (F1=Port-list, F2=SIP, DIP, IP-proto, L4SP, L4DP,
DSCP, F3=packet-type)
- VLAN QoS (Quality of Service) - disabled by default - 1
slice, n rules (n VLANs)
- Slice A or B (F1=Port-list, F2=MACDA, MACSA,
Etype, VID, F3=anything)
- port QoS - disabled by default - 1 slice, 1 rule
- Slice D (F1=anything, F2=anything, F3=anything)
- VRRP (Virtual Router Redundancy Protocol) - 2 slices, 2 rules
- Slice A (F1=Port-list, F2=MACDA, MACSA, Etype,
VID, F3=packet-type)
- Slice A or B (F1=Port-list, F2=MACDA, MACSA,
Etype, VID, F3=anything)
- EAPS (Extreme Automatic Protection Switching) - 1 slice, 1 rule (master), n
rules (transit - n domains)
- Slice A or B (F1=Port-list, F2=MACDA, MACSA,
Etype, VID, F3=anything)
- ESRP (Extreme Standby Router Protocol) - 2 slices, 2 rules
- Slice A (F1=Port-list, F2=MACDA, MACSA, Etype,
VID, F3=packet-type)
- Slice A or B (F1=Port-list, F2=MACDA, MACSA,
Etype, VID, F3=anything)
- IPv6 - 2 slices, 3 rules
- Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID,
F3=anything)
- Slice (F1=Port-list, F2=DIPv6, IPv6 Next Header Field, TC,
F3=anything)
- Netlogin - 1 slice, 1 rule
- Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID,
F3=anything)
- VLAN Mirroring - 1 slice, n rules (n VLANs)
- Slice E (F1=Port-list, F2=MACDA, MACSA, Etype, VID,
F3=anything)
- Unicast Multiport FDB (forwarding database)
- 1 slice, 1+n rules in 24 port Summit series
switches
- 1 slice, 2+ n rules in 48 port Summit series and
G48Ta, G48Pe cards
- VLAN Aggregation
- 1 slice, 4 rules for the first subvlan configured and 1
slice, 2 rules for subsequent subvlan configuration
- Private VLAN
- 2 slices, 3 rules when adding an non-isolated VLAN with
loop-back port a to private VLAN
- 1 slice, 3 rules when adding an isolated subscriber VLAN
(without loopback port) to a private VLAN. 3 additional rules when a loopback
port is configured in the above isolated subscriber VLAN
- ESRP Aware - 1 slice, 1 rule
- Field 1: {Drop, OuterVlan, EtherType, PacketFormat, HiGig,
Stage, StageIngress, Ip4, Ip6}
- Field 2: {SrcIp, DstIp, L4SrcPort, L4DstPort, IpProtocol,
DSCP, Ttl, Ip6HopLimit, TcpControl, IpFlags}
- Field 3: {RangeCheck}
-
ACL (Access Control List) rule with mirror action is
installed in a separate slice, and this slice cannot be shared by other
rules without a mirror action.
Note
The user ACLs may not be compatible with the slice used by this
ESRP rule. This may result in the reduction the number of rules
available to the user by 127.
Note
Additional rule is created for every active IPv6 interface and for
routes with prefix greater than 64 in following cards for Black
Diamond. These rules occupy a different slice. G48Ta,10G1xc,G48Te,
G48Pe, G48Ta, G48Xa, 10G4Xa, 10G4Ca, G48Te2, G24Xc, G48Xc, G48Tc,
10G4Xc, 10G8Xc, S-G8Xc, S-10G1Xc.
To display the number of slices used by the ACLs on the
slices that support a particular port, use the following command:
show access-list usage acl-slice port port To display the
number of rules used by the ACLs on the slices that support a particular port, use the
following command:
show access-list usage
acl-rule port port To display the number of Layer 4 ranges used by the ACLs on the slices that support a
particular port, use the following command:
show access-list usage acl-range port port