IPv4 Access Control Lists (ACLs)
Planning an ACL Application
3. Determine which of the existing policies you can remove to free up rule
resources for the ACL policy you want to implement. Depending on your
network topology and configuration, you can free up rule resources by
moving some policies to other devices. Another alternative is to inspect
the switch’s existing configuration for inefficient applications that could
be removed or revised to achieve the desired policies with less resource
usage. Table 9-2 on page 9-18 and the information displayed by the show
access-list resources command, can help you to determine the resource
usage of ACL policies.
Example of ACL Resource Usage
This example illustrates how to check for current rule availability, and then
how to create and assign an ACL, and then to verify its effect on rule resources.
(For more detailed information on configuring and applying ACLs, refer to the
later sections of this chapter.)
Viewing the Current Rule Usage
The show access-list resources command displays current information about
rules and resources.
ProCurve(config)# show access-list resources
Policy Engine Resource Usage
Rules Rules Group
Group Allocated Used Number
------------------------+------------+------------+------------+
QoS | 0 | 0 | 1 |
CLI-ACL | 0 | 0 | 2 |
IDM-ACL | 256 | 126 | 3 |
Free | 128 |
Figure 9-5. Example of Rules Used and Resources Used and Required
Standard ACL Using a Subset of the Switch’s Ports. Suppose that
ports 1 - 4 belong to the following VLANs:
â– VLAN 1: 10.10.10.1
â– VLAN 2: 10.10.11.1
â– VLAN 3: 10.10.12.1
9-20
To Next Page
Loading...
Need help?
General