Platform Rule Allocation

Table 1. Platform Rule Allocation
Table Profile Name Table Name X450-G2, X460-G2,

X670-G2,

X870

X440-G2,

X620

X690,

X590,

X465,

X695

 X435
Default

MAC Rules

IPv6 Rules

IPv4 Rules

L2 Rules

ExtremeXOS App/System Rules

256

256

256

184

2,048 (8 Slices)

256

256

256

184

2,048 (4 Slices) / 1,024 rules

0

0

256

184

1,024 (4 Slices)

512

512

512

440

4,096 (4 Slices) / 2,048 rules

 0

0

128

56

512 (4 slices)
less-acl more-ipv4

MAC Rules

IPv6 Rules

IPv4 Rules

L2 Rules

ExtremeXOS App/System Rules

256

256

768

184

1,024 (4 slices)

256

256

256

184

2,048 (4 slices) / 1,024 rules

0

0

256

184

1,024 (4 slices)

512

512

512

440

4,096 (4 slices / 2,048 rules)

0

0

128

56

512 (4 slices)
less-acl more-ipv4-no-ipv6

MAC Rules

IPv6 Rules

IPv4 Rules

L2 Rules

ExtremeXOS App/System Rules

256

0

1,024

184

1,024 (4 slices)

256

0

512

184

2,048 (4 slices) / 1,024 rules

0

0

256

184

1,024 (4 slices)

512

0

1,024

440

4,096 (4 slices) / 2,048 rules

0

0

128

56

512 (4 slices)
less-acl more-ipv4-no-mac-no-ipv6

MAC Rules

IPv6 Rules

IPv4 Rules

L2 Rules

ExtremeXOS App/System Rules

0

0

1,280

184

1,024 (4 slices)

0

0

768

184

2,048 (4 slices) / 1,024 rules

0

0

256

184

1,024 (4 slices)

0

0

1,536

440

4,096 (4 slices) / 2,048 rules

0

0

128

56

512 (4 slices)
more-ipv4-no-ipv6

MAC Rules

IPv6 Rules

IPv4 Rules

L2 Rules

ExtremeXOS App/System Rules

256

0

512

184

2,048 (8 slices)

256

0

512

184

2,048 (4 slices) / 1,024 rules

0

0

256

184

512 (4 slices)

512

0

1,024

440

4,096 (4 slices) / 2,048 rules

0

0

128

56

512 (4 slices)
more-ipv4-no-mac-no-ipv6

MAC Rules

IPv6 Rules

IPv4 Rules

L2 Rules

ExtremeXOS App/System Rules

0

0

768

184

2,048 (8 slices)

0

0

768

184

2,048 (4 slices) / 1,024 rules

0

0

256

184

1,024 (4 slices)

0

0

1,536

440

4,096 (4 slices) / 2,048 rules

0

0

128

56

512 (4 slices)
more-mac-no-ipv6

MAC Rules

IPv6 Rules

IPv4 Rules

L2 Rules

ExtremeXOS App/System Rules

512

0

256

184

2,048 (8 slices)

512

0

256

184

2,048 (4 slices) / 1,024 rules

0

0

256

184

1,024 (4 slices)

1,024

0

512

440

4,096 (4 slices) / 2,048 rules

0

0

128

56

512 (4 slices)
less-acl-more-ipv4-no-l2 *

MAC Rules

IPv6 Rules

IPv4 Rules

L2 Rules

ExtremeXOS App/System Rules

256

256

952

0

1,024 (4 slices)

256

256

440

0

2,048 (4 slices) / 1,024 rules

0

0

440

0

1,024 (4 slices)

512

512

952

0

4,096 (4 slices) / 2,048 rules

0

0

184

0

512 (4 slices)
less-acl-more-ipv4-no-mac-no-ipv6-no-l2 *

MAC Rules

IPv6 Rules

IPv4 Rules

L2 Rules

ExtremeXOS App/System Rules

0

0

1,464

0

1,024 (4 slices)

0

0

952

0

2,048 (4 slices) / 1,024 rules

0

0

440

0

1,024 (4 slices)

0

0

1,976

0

4,096 (4 slices) / 2,048 rules

0

0

184

0

512 (4 slices)
more-ipv4-no-l2 *

MAC Rules

IPv6 Rules

IPv4 Rules

L2 Rules

ExtremeXOS App/System Rules

256

256

440

0

2,048 (4 slices

256

256

440

0

2,048 (4 slices) / 1,024 rules

0

0

440

0

1,024 (4 slices)

512

512

952

0

4,096(4 slices) / 2,048 rules

0

0

184

0

512 (4 slices)
more-ipv4-no-mac-no-ipv6-no-l2 *

MAC Rules

IPv6 Rules

IPv4 Rules

L2 Rules

ExtremeXOS App/System Rules

0

0

952

0

2,048 (8 slices)

0

0

952

0

2,048 (4 slices) / 1,024 rules

0

0

440

0

1,024 (4 slices)

0

0

1,976

0

4,096 (4 slices) / 2,048 rules

0

0

184

0

512 (4 slices)

* The L2 rule group normally includes ether-type and port qualifiers. When no-l2 is used, all the ether rules are accounted for in the IPv4 group. If you remove both L2 and IPv4 (no-l2 and no-ipv4), then ether rules are accounted for in the IPv6 group. If you remove L2, IPv4, and IPv6, (no-l2, no-ipv4, no-ipv6), then ether rules are accounted for in the MAC group.

Note: The best possible ExtremeXOS system application/system rules are driven by removing the default system ACL rules (disable dot1p replacement ports all), while keeping these system default ACL rules. ExtremeXOS application rules are reduced by 256 rules in the ExtremeSwitching X670-G2 group, and 512 rules from the ExtremeSwitching X690, X590, and X465) group.

For information about the maximum authenticated users per switch, see the Limits table of the ExtremeXOS Release Notes.

In ExtremeXOS 22.4, you can use the profile modifier feature to return resources back to ACL from the specified profile. Use the profile-modifier option in the following command:

configure policy resource-profile [default |less-acl [more-ipv4 | more-ipv4-no-ipv6 | more-ipv4-no-l2 |more-ipv4-no-mac-no-ipv6] | more-ipv4-no-mac-no-ipv6-no-l2 | more-ipv4-no-ipv6 | more-ipv4-no-mac-no-ipv6 | more-mac-no-ipv6] {profile-modifier [{no-mac no_mac} {no-ipv4 no_ipv4} {no-ipv6 no_ipv6} {no-l2 no_l2}]}

To see what profile modifier settings you have configured, use the following command:

show policy resource-profile {[default | less-acl [more-ipv4 |more-ipv4-no-ipv6 | more-ipv4-no-l2 |more-ipv4-no-mac-no-ipv6 | more-ipv4-no-mac-no-ipv6-no-l2] |more-ipv4-no-ipv6 | more-ipv4-no-mac-no-ipv6 | more-mac-no-ipv6] {profile-modifier [ {no-mac} {no-ipv4} {no-ipv6} {no-l2}]}}

The following tables show the maximum number of slices available with the resource profile modifier enabled.

Table 2. Slices Available with Resource Profile Modifier for ExtremeSwitching X450-G2, X460-G2
Profile Name Max Slices Available No Profile Modifier no-mac no-ipv4 no-ipv6 no-l2 no-mac, no-ipv4 no-mac, no-ipv6 no-mac--no-l2 no-ipv4, no-ipv6 no-pv4-no-l2 no-ipv6-no-l2 no-mac-no-ipv4-no-ipv6 no-mac-no-ipv4-no-l2 no-mac-noipv6-no-l2 no-ipv4-no-ipv6-no-l2
Default 4 4 3 3 3 3 2 2 2 2 2 2 1 1 1 1
less-acl-more-ipv4 6 6 5 3 5 5 2 4 4 2 2 4 1 1 3 1
less-acl-more-ipv4-no-ipv6 6 6 5 2 6 5 1 5 4 2 1 5 1 N/A 4 1
less-acl-more-ipv4-no-l2 6 6 5 2 5 6 1 4 5 1 2 5 N/A 1 4 1
less-acl-more-ipv4-no-mac-no-ipv6 6 6 6 1 6 5 1 6 5 1 N/A 5 1 N/A 5 N/A
less-acl-more-ipv4-no-mac-no-ipv6-no-l2 6 6 6 N/A 6 6 N/A 6 6 N/A N/A 6 N/A N/A 6 N/A
more-ipv4-no-ipv6 4 4 3 2 4 3 1 3 2 2 1 3 1 N/A 2 1
more-ipv4-no-l2 4 4 3 2 3 4 1 2 3 1 2 3 N/A 1 2 1
more-ipv4-no-mac-no-ipv6 4 4 4 1 4 3 1 4 3 1 N/A 3 1 N/A 3 N/A
more-ipv4-no-mac-no-ipv6-no-l2 4 4 4 N/A 4 4 N/A 4 4 N/A N/A 4 N/A N/A 4 N/A
more-mac-no-ipv6 4 4 2 3 4 3 1 2 1 3 2 3 1 N/A 1 2
Table 3. Slices Available with Resource Profile Modifier for ExtremeSwitching X435, X440-G2 and X620
Profile Name Max Slices Available No Profile Modifier No-mac No-ipv4 No-ipv6 No-l2 No-mac, no-ipv4 No-mac, no-ipv6 No-mac-no-l2 No-ipv4, no-ipv6 no-ipv4-no-l2 no-ipv6- no-l2 no-mac-no-ipv4-no-ipv6 no-mac-no-ipv4- no-l2 no-mac-no-ipv6- no-l2 no-ipv4- no-ipv6- no-l2
Default 2 2 2 1 2 1 1 2 1 1 N/A 1 1 N/A 1 N/A
less-acl more-ipv4 2 2 2 1 2 1 1 2 1 1 N/A 1 1 N/A 1 N/A
less-acl-more-ipv4-no-ipv6 2 2 2 1 2 1 1 2 1 1 N/A 1 1 N/A 1 N/A
less-acl-more-ipv4- no-l2 2 2 2 N/A 2 2 N/A 2 2 N/A N/A 2 N/A N/A 2 N/A
less-acl-more-ipv4-no-mac-no-ipv6 2 2 2 1 2 1 1 2 1 1 N/A 1 1 N/A 1 N/A
less-acl-more-ipv4- no-mac- no-ipv6- no-l2 2 2 2 N/A 2 2 N/A 2 2 N/A N/A 2 N/A N/A 2 N/A
more-ipv4-no-ipv6 2 2 2 1 2 1 1 2 1 1 N/A 1 1 N/A 1 N/A
more-ipv4- no-l2 2 2 2 N/A 2 2 N/A 2 2 N/A N/A 2 N/A N/A 2 N/A
more-ipv4-no-mac-no-ipv6 2 2 2 1 2 1 1 2 1 1 N/A 1 1 N/A 1 N/A
more-ipv4- no-mac- no-ipv6- no-l2 2 2 2 N/A 2 2 N/A 2 2 N/A N/A 2 N/A N/A 2 N/A
more-mac-no-ipv6 2 2 2 1 2 1 1 2 1 1 N/A 1 1 N/A 1 N/A
Table 4. Slices Available with Resource Profile Modifier for ExtremeSwitching X670-G2, X870
Profile Name Max Slices Available No Profile Modifier No-mac No-ipv4 No-ipv6 No-l2 No-mac, no-ipv4 No-mac, no-ipv6 no-mac-- no-l2 No-ipv4, no-ipv6 no-ipv4-no-l2 no-ipv6- no-l2 no-mac-no-ipv4-no-ipv6 no-mac-no-ipv4- no-l2 no-mac-no-ipv6- no-l2 no-ipv4- no-ipv6- no-l2
Default 4 4 3 3 3 3 2 2 2 2 2 2 1 1 1 1
less-acl more-ipv4 4 4 3 3 3 3 2 2 2 2 2 2 1 1 1 1
less-acl-more-ipv4-no-ipv6 4 4 3 2 4 3 1 3 2 2 1 3 1 N/A 2 1
less-acl-more-ipv4- no-l2 4 4 3 2 3 4 1 2 3 1 2 3 N/A 1 2 1
less-acl-more-ipv4-no-mac-no-ipv6 4 4 4 1 4 3 1 4 3 1 N/A 3 1 N/A 3 N/A
less-acl-more-ipv4- no-mac- no-ipv6- no-l2 4 4 4 N/A 4 4 N/A 4 4 N/A N/A 4 N/A N/A 4 N/A
more-ipv4-no-ipv6 4 4 3 2 4 3 1 3 2 2 1 3 1 N/A 2 1
more-ipv4- nol2 4 4 3 2 3 4 1 2 3 1 2 3 N/A 1 2 1
more-ipv4-no-mac-no-ipv6 4 4 4 1 4 3 1 4 3 1 N/A 3 1 N/A 3 N/A
more-ipv4- no-mac- no-ipv6- no-l2 4 4 4 N/A 4 4 N/A 4 4 N/A N/A 4 N/A N/A 4 N/A
more-mac-no-ipv6 4 4 2 3 4 3 1 2 1 3 2 3 1 N/A 1 2
Table 5. Slices Available with Resource Profile Modifier for ExtremeSwitching X590, X690, X695, , and X465
Profile Name Max Slices Available No Profile Modifier No-mac No-ipv4 No-ipv6 No-l2 No-mac, no-ipv4 No-mac, no-ipv6 no-mac-- no-l2 No-ipv4, no-ipv6 no-ipv4-no-l2 no-ipv6- no-l2 no-mac-no-ipv4-no-ipv6 no-mac-no-ipv4- no-l2 no-mac-no-ipv6- no-l2 no-ipv4- no-ipv6- no-l2
Default 4 4 3 3 3 3 2 2 2 2 2 2 1 1 1 1
less-acl more-ipv4 4 4 3 3 3 3 2 2 2 2 2 2 1 1 1 1
less-acl-more-ipv4-no-ipv6 4 4 3 2 4 3 1 3 2 2 1 3 1 N/A 2 1
less-acl-more-ipv4- no-l2 4 4 3 2 3 4 1 2 3 1 2 3 N/A 1 2 1
less-acl-more-ipv4-no-mac-no-ipv6 4 4 4 1 4 3 1 4 3 1 N/A 3 1 N/A 3 N/A
less-acl-more-ipv4- no-mac- no-ipv6- no-l2 4 4 4 N/A 4 4 N/A 4 4 N/A N/A 4 N/A N/A 4 N/A
more-ipv4-no-ipv6 4 4 3 2 4 3 1 3 2 2 1 3 1 N/A 2 1
more-ipv4- no-l2 4 4 3 2 3 4 1 2 3 1 2 3 N/A 1 2 1
more-ipv4-no-mac-no-ipv6 4 4 4 1 4 3 1 4 3 1 N/A 3 1 N/A 3 N/A
more-ipv4- no-mac- no-ipv6-no-l2 4 4 4 N/A 4 4 N/A 4 4 N/A N/A 4 N/A N/A 4 N/A
more-mac-no-ipv6 4 4 2 3 4 3 1 2 1 3 2 3 1 N/A 1 2
9036637-00 Rev AA