Slice and Rule Use by Feature

A number of slices and rules are used by features present on the switch. You consume these resources when the feature is enabled.
  • dot1p examination - enabled by default - 1 slice, 8 rules per chip
    • Slice A (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=packet-type)
  • IGMP snooping - enabled by default - 2 slice, 2 rules
    • Slice A (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=packet-type)
    • Slice B (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=IP-Proto, TOS)
  • VLAN without IP configured - 2 rules - 2 slices
    • Slice A (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=packet-type)
    • Slice C (F1=Port-list, F2=SIP, DIP, IP-proto, L4SP, L4DP, DSCP, F3=packet-type)
  • IP interface - disabled by default - 2 slices, 3 rules (plus IGMP snooping rules above)
    • Slice A (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=packet-type)
    • Slice C (F1=Port-list, F2=SIP, DIP, IP-proto, L4SP, L4DP, DSCP, F3=packet-type)
  • VLAN QoS - disabled by default - 1 slice, n rules (n VLANs)
    • Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=anything)
  • port QoS - disabled by default - 1 slice, 1 rule
    • Slice D (F1=anything, F2=anything, F3=anything)
  • VRRP - 2 slices, 2 rules
    • Slice A (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=packet-type)
    • Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=anything)
  • EAPS - 1 slice, 1 rule (master), n rules (transit - n domains)
    • Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=anything)
  • ESRP - 2 slices, 2 rules
    • Slice A (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=packet-type)
    • Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=anything)
  • IPv6 - 2 slices, 3 rules
    • Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=anything)
    • Slice (F1=Port-list, F2=DIPv6, IPv6 Next Header Field, TC, F3=anything)
  • Netlogin - 1 slice, 1 rule
    • Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=anything)
  • VLAN Mirroring - 1 slice, n rules (n VLANs)
    • Slice E (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=anything)
  • Unicast Multiport FDB
    • 1 slice, 1+n rules in 24 port ExtremeSwitching series switches
    • 1 slice, 2+ n rules in 48 port ExtremeSwitching series and G48Ta, G48Pe cards
  • VLAN Aggregation
    • 1 slice, 4 rules for the first subvlan configured and 1 slice, 2 rules for subsequent subvlan configuration
  • Private VLAN
    • 2 slices, 3 rules when adding an non-isolated VLAN with loop-back port a to private VLAN
    • 1 slice, 3 rules when adding an isolated subscriber VLAN (without loopback port) to a private VLAN. 3 additional rules when a loopback port is configured in the above isolated subscriber VLAN
  • ESRP Aware - 1 slice, 1 rule
    • Field 1: {Drop, OuterVlan, EtherType, PacketFormat, HiGig, Stage, StageIngress, Ip4, Ip6}
    • Field 2: {SrcIp, DstIp, L4SrcPort, L4DstPort, IpProtocol, DSCP, Ttl, Ip6HopLimit, TcpControl, IpFlags}
    • Field 3: {RangeCheck}
  • ACL rule with mirror action is installed in a separate slice, and this slice cannot be shared by other rules without a mirror action.
    Note

    Note

    The user ACLs may not be compatible with the slice used by this ESRP rule. This may result in the reduction the number of rules available to the user by 127.
    Note

    Note

    Additional rule is created for every active IPv6 interface and for routes with prefix greater than 64 in following cards for Black Diamond. These rules occupy a different slice. G48Ta,10G1xc,G48Te, G48Pe, G48Ta, G48Xa, 10G4Xa, 10G4Ca, G48Te2, G24Xc, G48Xc, G48Tc, 10G4Xc, 10G8Xc, S-G8Xc, S-10G1Xc.

To display the number of slices used by the ACLs on the slices that support a particular port, use the following command:

show access-list usage acl-slice port port

To display the number of rules used by the ACLs on the slices that support a particular port, use the following command:

show access-list usage acl-rule port port

To display the number of Layer 4 ranges used by the ACLs on the slices that support a particular port, use the following command:

show access-list usage acl-range port port