Table Profile Name | Table Name | X450-G2, X460-G2, |
X670-G2, X870 |
X440-G2, X620 |
X690, X590, X465, X695 |
X435 |
---|---|---|---|---|---|---|
Default |
MAC Rules IPv6 Rules IPv4 Rules L2 Rules ExtremeXOS App/System Rules |
256 256 256 184 2,048 (8 Slices) |
256 256 256 184 2,048 (4 Slices) / 1,024 rules |
0 0 256 184 1,024 (4 Slices) |
512 512 512 440 4,096 (4 Slices) / 2,048 rules |
0 0 128 56 512 (4 slices) |
less-acl more-ipv4 |
MAC Rules IPv6 Rules IPv4 Rules L2 Rules ExtremeXOS App/System Rules |
256 256 768 184 1,024 (4 slices) |
256 256 256 184 2,048 (4 slices) / 1,024 rules |
0 0 256 184 1,024 (4 slices) |
512 512 512 440 4,096 (4 slices / 2,048 rules) |
0 0 128 56 512 (4 slices) |
less-acl more-ipv4-no-ipv6 |
MAC Rules IPv6 Rules IPv4 Rules L2 Rules ExtremeXOS App/System Rules |
256 0 1,024 184 1,024 (4 slices) |
256 0 512 184 2,048 (4 slices) / 1,024 rules |
0 0 256 184 1,024 (4 slices) |
512 0 1,024 440 4,096 (4 slices) / 2,048 rules |
0 0 128 56 512 (4 slices) |
less-acl more-ipv4-no-mac-no-ipv6 |
MAC Rules IPv6 Rules IPv4 Rules L2 Rules ExtremeXOS App/System Rules |
0 0 1,280 184 1,024 (4 slices) |
0 0 768 184 2,048 (4 slices) / 1,024 rules |
0 0 256 184 1,024 (4 slices) |
0 0 1,536 440 4,096 (4 slices) / 2,048 rules |
0 0 128 56 512 (4 slices) |
more-ipv4-no-ipv6 |
MAC Rules IPv6 Rules IPv4 Rules L2 Rules ExtremeXOS App/System Rules |
256 0 512 184 2,048 (8 slices) |
256 0 512 184 2,048 (4 slices) / 1,024 rules |
0 0 256 184 512 (4 slices) |
512 0 1,024 440 4,096 (4 slices) / 2,048 rules |
0 0 128 56 512 (4 slices) |
more-ipv4-no-mac-no-ipv6 |
MAC Rules IPv6 Rules IPv4 Rules L2 Rules ExtremeXOS App/System Rules |
0 0 768 184 2,048 (8 slices) |
0 0 768 184 2,048 (4 slices) / 1,024 rules |
0 0 256 184 1,024 (4 slices) |
0 0 1,536 440 4,096 (4 slices) / 2,048 rules |
0 0 128 56 512 (4 slices) |
more-mac-no-ipv6 |
MAC Rules IPv6 Rules IPv4 Rules L2 Rules ExtremeXOS App/System Rules |
512 0 256 184 2,048 (8 slices) |
512 0 256 184 2,048 (4 slices) / 1,024 rules |
0 0 256 184 1,024 (4 slices) |
1,024 0 512 440 4,096 (4 slices) / 2,048 rules |
0 0 128 56 512 (4 slices) |
less-acl-more-ipv4-no-l2 * |
MAC Rules IPv6 Rules IPv4 Rules L2 Rules ExtremeXOS App/System Rules |
256 256 952 0 1,024 (4 slices) |
256 256 440 0 2,048 (4 slices) / 1,024 rules |
0 0 440 0 1,024 (4 slices) |
512 512 952 0 4,096 (4 slices) / 2,048 rules |
0 0 184 0 512 (4 slices) |
less-acl-more-ipv4-no-mac-no-ipv6-no-l2 * |
MAC Rules IPv6 Rules IPv4 Rules L2 Rules ExtremeXOS App/System Rules |
0 0 1,464 0 1,024 (4 slices) |
0 0 952 0 2,048 (4 slices) / 1,024 rules |
0 0 440 0 1,024 (4 slices) |
0 0 1,976 0 4,096 (4 slices) / 2,048 rules |
0 0 184 0 512 (4 slices) |
more-ipv4-no-l2 * |
MAC Rules IPv6 Rules IPv4 Rules L2 Rules ExtremeXOS App/System Rules |
256 256 440 0 2,048 (4 slices |
256 256 440 0 2,048 (4 slices) / 1,024 rules |
0 0 440 0 1,024 (4 slices) |
512 512 952 0 4,096(4 slices) / 2,048 rules |
0 0 184 0 512 (4 slices) |
more-ipv4-no-mac-no-ipv6-no-l2 * |
MAC Rules IPv6 Rules IPv4 Rules L2 Rules ExtremeXOS App/System Rules |
0 0 952 0 2,048 (8 slices) |
0 0 952 0 2,048 (4 slices) / 1,024 rules |
0 0 440 0 1,024 (4 slices) |
0 0 1,976 0 4,096 (4 slices) / 2,048 rules |
0 0 184 0 512 (4 slices) |
* The L2 rule group normally includes ether-type and port qualifiers. When no-l2 is used, all the ether rules are accounted for in the IPv4 group. If you remove both L2 and IPv4 (no-l2 and no-ipv4), then ether rules are accounted for in the IPv6 group. If you remove L2, IPv4, and IPv6, (no-l2, no-ipv4, no-ipv6), then ether rules are accounted for in the MAC group. Note: The best possible ExtremeXOS system application/system
rules are driven by removing the default system ACL rules (disable dot1p replacement
ports all), while keeping these system default ACL rules. ExtremeXOS application rules are reduced by 256 rules in the ExtremeSwitching X670-G2 group, and 512 rules from the ExtremeSwitching X690, X590, and X465) group.
|
For information about the maximum authenticated users per switch, see the Limits table of the ExtremeXOS Release Notes.
In ExtremeXOS 22.4, you can use the profile modifier feature to return resources back to ACL from the specified profile. Use the profile-modifier option in the following command:
configure policy resource-profile [default |less-acl [more-ipv4 | more-ipv4-no-ipv6 | more-ipv4-no-l2 |more-ipv4-no-mac-no-ipv6] | more-ipv4-no-mac-no-ipv6-no-l2 | more-ipv4-no-ipv6 | more-ipv4-no-mac-no-ipv6 | more-mac-no-ipv6] {profile-modifier [{no-mac no_mac} {no-ipv4 no_ipv4} {no-ipv6 no_ipv6} {no-l2 no_l2}]}
To see what profile modifier settings you have configured, use the following command:
show policy resource-profile {[default | less-acl [more-ipv4 |more-ipv4-no-ipv6 | more-ipv4-no-l2 |more-ipv4-no-mac-no-ipv6 | more-ipv4-no-mac-no-ipv6-no-l2] |more-ipv4-no-ipv6 | more-ipv4-no-mac-no-ipv6 | more-mac-no-ipv6] {profile-modifier [ {no-mac} {no-ipv4} {no-ipv6} {no-l2}]}}
The following tables show the maximum number of slices available with the resource profile modifier enabled.
Profile Name | Max Slices Available | No Profile Modifier | no-mac | no-ipv4 | no-ipv6 | no-l2 | no-mac, no-ipv4 | no-mac, no-ipv6 | no-mac--no-l2 | no-ipv4, no-ipv6 | no-pv4-no-l2 | no-ipv6-no-l2 | no-mac-no-ipv4-no-ipv6 | no-mac-no-ipv4-no-l2 | no-mac-noipv6-no-l2 | no-ipv4-no-ipv6-no-l2 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Default | 4 | 4 | 3 | 3 | 3 | 3 | 2 | 2 | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 |
less-acl-more-ipv4 | 6 | 6 | 5 | 3 | 5 | 5 | 2 | 4 | 4 | 2 | 2 | 4 | 1 | 1 | 3 | 1 |
less-acl-more-ipv4-no-ipv6 | 6 | 6 | 5 | 2 | 6 | 5 | 1 | 5 | 4 | 2 | 1 | 5 | 1 | N/A | 4 | 1 |
less-acl-more-ipv4-no-l2 | 6 | 6 | 5 | 2 | 5 | 6 | 1 | 4 | 5 | 1 | 2 | 5 | N/A | 1 | 4 | 1 |
less-acl-more-ipv4-no-mac-no-ipv6 | 6 | 6 | 6 | 1 | 6 | 5 | 1 | 6 | 5 | 1 | N/A | 5 | 1 | N/A | 5 | N/A |
less-acl-more-ipv4-no-mac-no-ipv6-no-l2 | 6 | 6 | 6 | N/A | 6 | 6 | N/A | 6 | 6 | N/A | N/A | 6 | N/A | N/A | 6 | N/A |
more-ipv4-no-ipv6 | 4 | 4 | 3 | 2 | 4 | 3 | 1 | 3 | 2 | 2 | 1 | 3 | 1 | N/A | 2 | 1 |
more-ipv4-no-l2 | 4 | 4 | 3 | 2 | 3 | 4 | 1 | 2 | 3 | 1 | 2 | 3 | N/A | 1 | 2 | 1 |
more-ipv4-no-mac-no-ipv6 | 4 | 4 | 4 | 1 | 4 | 3 | 1 | 4 | 3 | 1 | N/A | 3 | 1 | N/A | 3 | N/A |
more-ipv4-no-mac-no-ipv6-no-l2 | 4 | 4 | 4 | N/A | 4 | 4 | N/A | 4 | 4 | N/A | N/A | 4 | N/A | N/A | 4 | N/A |
more-mac-no-ipv6 | 4 | 4 | 2 | 3 | 4 | 3 | 1 | 2 | 1 | 3 | 2 | 3 | 1 | N/A | 1 | 2 |
Profile Name | Max Slices Available | No Profile Modifier | No-mac | No-ipv4 | No-ipv6 | No-l2 | No-mac, no-ipv4 | No-mac, no-ipv6 | No-mac-no-l2 | No-ipv4, no-ipv6 | no-ipv4-no-l2 | no-ipv6- no-l2 | no-mac-no-ipv4-no-ipv6 | no-mac-no-ipv4- no-l2 | no-mac-no-ipv6- no-l2 | no-ipv4- no-ipv6- no-l2 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Default | 2 | 2 | 2 | 1 | 2 | 1 | 1 | 2 | 1 | 1 | N/A | 1 | 1 | N/A | 1 | N/A |
less-acl more-ipv4 | 2 | 2 | 2 | 1 | 2 | 1 | 1 | 2 | 1 | 1 | N/A | 1 | 1 | N/A | 1 | N/A |
less-acl-more-ipv4-no-ipv6 | 2 | 2 | 2 | 1 | 2 | 1 | 1 | 2 | 1 | 1 | N/A | 1 | 1 | N/A | 1 | N/A |
less-acl-more-ipv4- no-l2 | 2 | 2 | 2 | N/A | 2 | 2 | N/A | 2 | 2 | N/A | N/A | 2 | N/A | N/A | 2 | N/A |
less-acl-more-ipv4-no-mac-no-ipv6 | 2 | 2 | 2 | 1 | 2 | 1 | 1 | 2 | 1 | 1 | N/A | 1 | 1 | N/A | 1 | N/A |
less-acl-more-ipv4- no-mac- no-ipv6- no-l2 | 2 | 2 | 2 | N/A | 2 | 2 | N/A | 2 | 2 | N/A | N/A | 2 | N/A | N/A | 2 | N/A |
more-ipv4-no-ipv6 | 2 | 2 | 2 | 1 | 2 | 1 | 1 | 2 | 1 | 1 | N/A | 1 | 1 | N/A | 1 | N/A |
more-ipv4- no-l2 | 2 | 2 | 2 | N/A | 2 | 2 | N/A | 2 | 2 | N/A | N/A | 2 | N/A | N/A | 2 | N/A |
more-ipv4-no-mac-no-ipv6 | 2 | 2 | 2 | 1 | 2 | 1 | 1 | 2 | 1 | 1 | N/A | 1 | 1 | N/A | 1 | N/A |
more-ipv4- no-mac- no-ipv6- no-l2 | 2 | 2 | 2 | N/A | 2 | 2 | N/A | 2 | 2 | N/A | N/A | 2 | N/A | N/A | 2 | N/A |
more-mac-no-ipv6 | 2 | 2 | 2 | 1 | 2 | 1 | 1 | 2 | 1 | 1 | N/A | 1 | 1 | N/A | 1 | N/A |
Profile Name | Max Slices Available | No Profile Modifier | No-mac | No-ipv4 | No-ipv6 | No-l2 | No-mac, no-ipv4 | No-mac, no-ipv6 | no-mac-- no-l2 | No-ipv4, no-ipv6 | no-ipv4-no-l2 | no-ipv6- no-l2 | no-mac-no-ipv4-no-ipv6 | no-mac-no-ipv4- no-l2 | no-mac-no-ipv6- no-l2 | no-ipv4- no-ipv6- no-l2 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Default | 4 | 4 | 3 | 3 | 3 | 3 | 2 | 2 | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 |
less-acl more-ipv4 | 4 | 4 | 3 | 3 | 3 | 3 | 2 | 2 | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 |
less-acl-more-ipv4-no-ipv6 | 4 | 4 | 3 | 2 | 4 | 3 | 1 | 3 | 2 | 2 | 1 | 3 | 1 | N/A | 2 | 1 |
less-acl-more-ipv4- no-l2 | 4 | 4 | 3 | 2 | 3 | 4 | 1 | 2 | 3 | 1 | 2 | 3 | N/A | 1 | 2 | 1 |
less-acl-more-ipv4-no-mac-no-ipv6 | 4 | 4 | 4 | 1 | 4 | 3 | 1 | 4 | 3 | 1 | N/A | 3 | 1 | N/A | 3 | N/A |
less-acl-more-ipv4- no-mac- no-ipv6- no-l2 | 4 | 4 | 4 | N/A | 4 | 4 | N/A | 4 | 4 | N/A | N/A | 4 | N/A | N/A | 4 | N/A |
more-ipv4-no-ipv6 | 4 | 4 | 3 | 2 | 4 | 3 | 1 | 3 | 2 | 2 | 1 | 3 | 1 | N/A | 2 | 1 |
more-ipv4- nol2 | 4 | 4 | 3 | 2 | 3 | 4 | 1 | 2 | 3 | 1 | 2 | 3 | N/A | 1 | 2 | 1 |
more-ipv4-no-mac-no-ipv6 | 4 | 4 | 4 | 1 | 4 | 3 | 1 | 4 | 3 | 1 | N/A | 3 | 1 | N/A | 3 | N/A |
more-ipv4- no-mac- no-ipv6- no-l2 | 4 | 4 | 4 | N/A | 4 | 4 | N/A | 4 | 4 | N/A | N/A | 4 | N/A | N/A | 4 | N/A |
more-mac-no-ipv6 | 4 | 4 | 2 | 3 | 4 | 3 | 1 | 2 | 1 | 3 | 2 | 3 | 1 | N/A | 1 | 2 |
Profile Name | Max Slices Available | No Profile Modifier | No-mac | No-ipv4 | No-ipv6 | No-l2 | No-mac, no-ipv4 | No-mac, no-ipv6 | no-mac-- no-l2 | No-ipv4, no-ipv6 | no-ipv4-no-l2 | no-ipv6- no-l2 | no-mac-no-ipv4-no-ipv6 | no-mac-no-ipv4- no-l2 | no-mac-no-ipv6- no-l2 | no-ipv4- no-ipv6- no-l2 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Default | 4 | 4 | 3 | 3 | 3 | 3 | 2 | 2 | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 |
less-acl more-ipv4 | 4 | 4 | 3 | 3 | 3 | 3 | 2 | 2 | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 |
less-acl-more-ipv4-no-ipv6 | 4 | 4 | 3 | 2 | 4 | 3 | 1 | 3 | 2 | 2 | 1 | 3 | 1 | N/A | 2 | 1 |
less-acl-more-ipv4- no-l2 | 4 | 4 | 3 | 2 | 3 | 4 | 1 | 2 | 3 | 1 | 2 | 3 | N/A | 1 | 2 | 1 |
less-acl-more-ipv4-no-mac-no-ipv6 | 4 | 4 | 4 | 1 | 4 | 3 | 1 | 4 | 3 | 1 | N/A | 3 | 1 | N/A | 3 | N/A |
less-acl-more-ipv4- no-mac- no-ipv6- no-l2 | 4 | 4 | 4 | N/A | 4 | 4 | N/A | 4 | 4 | N/A | N/A | 4 | N/A | N/A | 4 | N/A |
more-ipv4-no-ipv6 | 4 | 4 | 3 | 2 | 4 | 3 | 1 | 3 | 2 | 2 | 1 | 3 | 1 | N/A | 2 | 1 |
more-ipv4- no-l2 | 4 | 4 | 3 | 2 | 3 | 4 | 1 | 2 | 3 | 1 | 2 | 3 | N/A | 1 | 2 | 1 |
more-ipv4-no-mac-no-ipv6 | 4 | 4 | 4 | 1 | 4 | 3 | 1 | 4 | 3 | 1 | N/A | 3 | 1 | N/A | 3 | N/A |
more-ipv4- no-mac- no-ipv6-no-l2 | 4 | 4 | 4 | N/A | 4 | 4 | N/A | 4 | 4 | N/A | N/A | 4 | N/A | N/A | 4 | N/A |
more-mac-no-ipv6 | 4 | 4 | 2 | 3 | 4 | 3 | 1 | 2 | 1 | 3 | 2 | 3 | 1 | N/A | 1 | 2 |