16-2
Cisco Nexus 1000V Troubleshooting Guide, Release 5.2(1)SV3(1.1)
OL-31593-01
Chapter 16 ACLs
ACL Restrictions
• The maximum number of ACLs is 128 (spread across all the ACLs) in one VEM.
ACL Restrictions
The following restrictions apply to ACLs:
• You cannot apply more than one IP ACL and one MAC ACL in each direction on an interface.
• A MAC ACL applies only to Layer 2 packets.
• VLAN ACLs are not supported.
• IP fragments are not supported on ACL rules.
• Noninitial fragments are not subject to ACL lookup.
• You cannot have two not-equal-to (neq) operators in the same rule.
• ACL is not supported in port channels.
ACL Troubleshooting Commands
The commands listed in this section can be used on the VSM to see the policies that are configured and
applied on the interfaces.
Use the following command to display configured ACLs:
• show access-list summary
Use following commands on the VSM to see run-time information of the ACLMGR and ACLCOMP
during configuration errors and to collect ACLMGR process run-time information configuration errors:
• show system internal aclmgr event-history errors
• show system internal aclmgr event-history msgs
• show system internal aclmgr ppf
• show system internal aclmgr mem-stats (to debug memory usage and leaks)
• show system internal aclmgr status
• show system internal aclmgr dictionary
Use the following commands to collect ACLCOMP process run-time information configuration errors:
• show system internal aclcomp event-history errors
• show system internal aclcomp event-history msgs
• show system internal aclcomp pdl detailed
• show system internal aclcomp mem-stats (to debug memory usage and leaks)
Displaying ACL Policies on the VEM
The commands listed in this section can be used to display configured ACL policies on the Virtual
Ethernet Module (VEM).
Use the following command to list the ACLs installed on that server
switch(config-if)# module vem 3 execute vemcmd show acl
To Next Page
Loading...
