beautypg.com

Acl cam sharing for inbound ipv6 acls, Considerations when implementing this feature – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 229

background image

Multi-Service IronWare Security Configuration Guide

211

53-1003035-02

ACL CAM sharing for inbound IPv6 ACLs

4

The following example shows the comment text for the ACL named “rtr” in a show ipv6 access-list
display.

The following example shows the comment text for the ACL named “ipv6_acl”.

Brocade(config)# sh ipv6 access-list ipv6_acl

ipv6 access-list ipv6_acl: 3 entries

1: remark test-entry

1: deny sctp any any sequence 1

5: remark-entry sequence 5 test_acl

5: permit esp 2::/64 any sequence 5

23:remark test_remark

23: deny ipv6 any any sequence 23

Syntax: show ipv6 access-list [access-list-name]

For the access-list-name parameter, specify the name of an IPv6 ACL created using the ipv6
access-list command.

ACL CAM sharing for inbound IPv6 ACLs

ACL CAM sharing allows you to conserve CAM by sharing it between ports that are supported by the
same packet processor (PPCR). If this feature is enabled globally, you can share CAM space that is
allocated for inbound ACLs between instances on ports that share the same packet processor
(PPCR). For example, if you have bound- inbound ACL 101 to ports 1/1 and 1/5, the ACL is stored in
a single location in CAM and used by both ports. Table 10 describes which ports share PPCRs and
can participate in ACL CAM sharing.

Considerations when implementing this feature

The following consideration apply when implementing this feature:

If you enable ACL CAM sharing, ACL statistics will be generated per-PPCR instead of per-port. If
you require the statistics per-port granularity for your application, you cannot use this feature.

This feature cannot be applied to a virtual interface.

CAM entry matching within this feature is based on the ACL group ID.

Brocade# show ipv6 access-list rtr

ipv6 access-list rtr: 3 entries

10: remark This entry permits ipv6 packets from 3002::2 to any destination

10: permit ipv6 host 3000::2 any

20: remark This entry denies udp packets from any source to any destination

20: deny udp any any

30: remark This entry denies IPv6 packets from any source to any destination

30: deny ipv6 any any

TABLE 29

Common ports per PPCR

Module type

PPCR number

Ports supported by PPCR

20 x 1G

PPCR 1

1 - 20

4 x 10G

PPCR 1

1 - 2

PPCR 2

3 - 4

2 x 10G

PPCR 1

1 - 2

See also other documents in the category Brocade Computer Accessories: