beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 167

background image

Multi-Service IronWare Security Configuration Guide

149

53-1003035-02

IP receive ACLs

3

Syntax: [no] ip receive access-list {acl-num | acl-name} sequence seq-num [policy-map

policy-map-name [strict-acl]]

By default, traffic matching the “permit” clause in the specified ACL is permitted and traffic
matching the “deny” clause in the ACL is dropped.

When the policy-map option is used, traffic matching the permit clause of the specified ACL is
rate-limited as defined in the policy map specified by the policy-map-name variable and traffic
matching the “deny” clause in the ACL is permitted but not rate limited. Using the [no] option
removes the policy map defined in the command.

When the policy-map option is used with the strict-acl option, traffic matching the permit clause of
the specified ACL is rate-limited as defined in the policy map specified by the policy-map-name
variable and traffic matching the “deny” clause in the ACL is dropped. Using the [no] option
removes the strict-acl option for the rACL command defined in the command.

Specifying the maximum number of rACLs supported in CAM

You can configure the number of software ACL CAM entries available for rACLs using the following
command.

Brocade(config)# system-max receive-cam 2048

Syntax: [no] system-max receive-cam number

The number variable is the maximum number of ACL CAM entries that are allowed. Acceptable
values are powers of 2 from 512 through 16384. Examples of powers of 2 are 512, 1024, 2048,
and so on. The default value is 1024.

NOTE

You must reload the device for this command to take effect.

If you enter a value that is not a power of 2, the system rounds off the entry to a number less than
the input value. For example, if you enter 16383, which is not a power of 2, the system rounds it off
to 8192 and displays a warning.

The system-max receive-cam command also checks if there is enough space in the IPv4 ACL
partition before allocating more space to rACL sub-partition. The following error is displayed when
there is less space to increase rACL.

Brocade(config)# system-max receive-cam 16383

Warning - Receive ACL CAM size requires power of 2, round down to 8192

Reload required. Please write memory and then reload or power cycle the system.

Failure to reload could cause system instability on failover.

Newly configured system-max will not take effect during hitless-reload.

Brocade(config)# system-max receive-cam 16384

Error - IPv4 Receive ACL CAM (16384) exceeding available CAM resources

Total IPv4 ACL CAM: 49152(Raw Size)

IPv4 Multicast CAM: 32768(Raw Size)

IPV4 Broadcast ACL CAM: 0(Raw Size)

IPv4 Source Guard CAM: 0(Raw Size)

Reserved IPv4 Rule ACL CAM: 1024(Raw Size)

Available IPv4 Receive ACL CAM: 15360(Raw Size) 7680(User Size)

See also other documents in the category Brocade Computer Accessories: