Slice and Rule Use by Feature
A number of slices and
rules are used by features present on the switch. You consume these resources when the
feature is enabled.
- dot1p examination - enabled by default - 1 slice, 8 rules per
chip
- Slice A (F1=Port-list, F2=MACDA, MACSA, Etype, VID,
F3=packet-type)
- IGMP snooping - enabled by default
- 2 slice, 2 rules
- Slice A (F1=Port-list, F2=MACDA, MACSA, Etype,
VID, F3=packet-type)
- Slice B (F1=Port-list, F2=MACDA, MACSA, Etype,
VID, F3=IP-Proto, TOS)
- VLAN without IP configured - 2
rules - 2 slices
- Slice A (F1=Port-list, F2=MACDA, MACSA, Etype,
VID, F3=packet-type)
- Slice C (F1=Port-list, F2=SIP, DIP, IP-proto,
L4SP, L4DP, DSCP, F3=packet-type)
- IP interface - disabled by default - 2 slices, 3 rules (plus
IGMP snooping rules above)
- Slice A (F1=Port-list, F2=MACDA, MACSA, Etype, VID,
F3=packet-type)
- Slice C (F1=Port-list, F2=SIP, DIP, IP-proto, L4SP, L4DP,
DSCP, F3=packet-type)
- VLAN QoS - disabled by default - 1
slice, n rules (n VLANs)
- Slice A or B (F1=Port-list, F2=MACDA, MACSA,
Etype, VID, F3=anything)
- port QoS - disabled by default - 1 slice, 1 rule
- Slice D (F1=anything, F2=anything, F3=anything)
- VRRP - 2 slices, 2 rules
- Slice A (F1=Port-list, F2=MACDA, MACSA, Etype,
VID, F3=packet-type)
- Slice A or B (F1=Port-list, F2=MACDA, MACSA,
Etype, VID, F3=anything)
- EAPS - 1 slice, 1 rule (master), n
rules (transit - n domains)
- Slice A or B (F1=Port-list, F2=MACDA, MACSA,
Etype, VID, F3=anything)
- ESRP - 2 slices, 2 rules
- Slice A (F1=Port-list, F2=MACDA, MACSA, Etype,
VID, F3=packet-type)
- Slice A or B (F1=Port-list, F2=MACDA, MACSA,
Etype, VID, F3=anything)
- IPv6 - 2 slices, 3 rules
- Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID,
F3=anything)
- Slice (F1=Port-list, F2=DIPv6, IPv6 Next Header Field, TC,
F3=anything)
- Netlogin - 1 slice, 1 rule
- Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID,
F3=anything)
- VLAN Mirroring - 1 slice, n rules (n VLANs)
- Slice E (F1=Port-list, F2=MACDA, MACSA, Etype, VID,
F3=anything)
- Unicast Multiport FDB
- 1 slice, 1+n rules in
24 port ExtremeSwitching series switches
- 1 slice, 2+ n rules
in 48 port ExtremeSwitching series and G48Ta, G48Pe
cards
- VLAN Aggregation
- 1 slice, 4 rules for the first subvlan configured and 1
slice, 2 rules for subsequent subvlan configuration
- Private VLAN
- 2 slices, 3 rules when adding an non-isolated VLAN with
loop-back port a to private VLAN
- 1 slice, 3 rules when adding an isolated subscriber VLAN
(without loopback port) to a private VLAN. 3 additional rules when a loopback
port is configured in the above isolated subscriber VLAN
- ESRP Aware - 1 slice, 1 rule
- Field 1: {Drop, OuterVlan, EtherType, PacketFormat, HiGig,
Stage, StageIngress, Ip4, Ip6}
- Field 2: {SrcIp, DstIp, L4SrcPort, L4DstPort, IpProtocol,
DSCP, Ttl, Ip6HopLimit, TcpControl, IpFlags}
- Field 3: {RangeCheck}
-
ACL rule with mirror action is
installed in a separate slice, and this slice cannot be shared by other
rules without a mirror action.
Note
The user ACLs may not be compatible with the slice used by this
ESRP rule. This may result in the reduction the number of rules
available to the user by 127.
Note
Additional rule is created for every active IPv6 interface and for
routes with prefix greater than 64 in following cards for Black
Diamond. These rules occupy a different slice. G48Ta,10G1xc,G48Te,
G48Pe, G48Ta, G48Xa, 10G4Xa, 10G4Ca, G48Te2, G24Xc, G48Xc, G48Tc,
10G4Xc, 10G8Xc, S-G8Xc, S-10G1Xc.
To display the number of slices used by the ACLs on the
slices that support a particular port, use the following command:
show access-list usage acl-slice port port To display the
number of rules used by the ACLs on the slices that support a particular port, use the
following command:
show access-list usage
acl-rule port port To display the number of Layer 4 ranges used by the ACLs on the slices that support a
particular port, use the following command:
show access-list usage acl-range port port