© 2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
898989
© 2004 Cisco Systems, Inc. All rights reserved.
RST-3508
9805_05_2004_c2
Checking TCAM Usage
Supervisor IV and V Have Larger TCAMs
• Input feature TCAM is used for security based features: PACL; RACL; DHCP
Snooping; Dynamic ARP Inspection; IP Source Guard
• Output feature TCAM is used for outbound RACLs and PACLs; DHCP
Snooping
r3_4507R_S4#sh platform hardware acl statistics utilization (truncated output from
Supervisor II-Plus)
Software Usage Statistics
Input FeatureCam
Used (%) Free (%) Total
-------------- -------------- ------
PortAndVlan Entries 0 ( 0.0) 1024 (100.0) 1024
PortAndVlan Masks 0 ( 0.0) 128 (100.0) 128
PortOrVlan Entries 231 ( 22.5) 793 ( 77.4) 1024
PortOrVlan Masks 128 (100.0) 0 ( 0.0) 128
Output FeatureCam
PortAndVlan Entries 0 ( 0.0) 1024 (100.0) 1024
PortAndVlan Masks 0 ( 0.0) 128 (100.0) 1
PortOrVlan Entries 11 ( 1.0) 1013 ( 98.9) 1024
PortOrVlan Masks 11 ( 8.5) 117 ( 91.4) 128
Apr 22 09:25:13.626 PDT: %C4K_HWACLMAN-4-ACLHWPROGERR: Input Security: 199 - hardware TCAM limit, some
packet processing will be software switched.
Apr 22 09:25:13.626 PDT: %C4K_HWACLMAN-4-ACLHWPROGERRREASON: Input Security: 199 - out of hardware TCAM
entries.
909090
© 2004 Cisco Systems, Inc. All rights reserved.
RST-3508
9805_05_2004_c2
Security ACL Feature TCAM
• Be careful when using L4 ops collapse contiguous
ranges into a single ACE if possible or use eq
operator
• Check TCAM usage as ACLs being added
• Consider a Supervisor IV or V with larger TCAM
space than Supervisor II-Plus
• Mask allocation optimization is in latest IOS
release, 12.2.20 EW
To Next Page
Loading...
Need help?
General
