Filter
Top Products
47-16
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 47 Configuring Network Security with ACLs
TCAM Programming and ACLs for Supervisor Engine 6-E and Supervisor Engine 6L-E
TCAM Programming and ACLs for Supervisor Engine 6-E and
Supervisor Engine 6L-E
You apply three types of hardware resources when you program ACLs and ACL-based features on the
Supervisor Engine 6-E and 6L-E: mapping table entries (MTEs), profiles, and TCAM value/mask
entries. If any of these resources are exhausted, packets are sent to the CPU for software-based
processing.
Note Unlike Supervisor Engine II+ through V-10GE, Supervisor Engine 6-E and 6L-E automatically manages
the available resources. Because masks are not shared on the Supervisor Engine 6-E and 6L-E, only one
programming algorithm exists. Because no regions exist, region resizing is not needed.
If you exhaust resources on the Supervisor Engine 6-E and 6L-E, you should try reducing the complexity
of your configuration.
Note When an interface is in down state, TCAMs are not consumed for RACLs, but are for PACLs.
Layer 4 Operators in ACLs
The following sections provide guidelines and restrictions for configuring ACLs that include Layer 4
port operations:
• Restrictions for Layer 4 Operations, page 47-16
• Configuration Guidelines for Layer 4 Operations, page 47-17
• How ACL Processing Impacts CPU, page 47-18
Restrictions for Layer 4 Operations
You can specify these operator types, each of which uses one Layer 4 operation in the hardware:
2 IgmpToCpu N N/A 0 (estimate)
3 IgmpPimv2ToCpu N N/A 0 (estimate)
2048 Ipv6MldGeneralQueryCopyToCpu N N/A 0 (estimate)
2050 Ipv6MldGeneralQueryCopyToCpu N N/A 0 (estimate)
2052 Ipv6MldQueryOrReportV1ToCpu N N/A 0 (estimate)
2054 Ipv6MldQueryOrReportV1ToCpu N N/A 0 (estimate)
2056 Ipv6MldReportV2ToCpu N N/A 0 (estimate)
2058 Ipv6MldReportV2ToCpu N N/A 0 (estimate)
2060 Ipv6MldDoneToCpu N N/A 0 (estimate)
2064 Ipv6MldPimv2ToCpu N N/A 0 (estimate)
CamIndex Entry Type Active Hit Count CamRegion