Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Planning an ACL Application on a Series 3400cl or Series 6400cl Switch
Prioritizing and Monitoring ACL, IGMP, QoS, and Rate
Limiting Feature Usage
If you want to configure ACLs and either QoS or Rate-Limiting (or both) on
the same 3400cl or 6400cl port(s), plan and implement your per-port configu-
ration in descending order of feature importance. This will help to ensure that
the most important features are configured first on any given port. Also, if
insufficient resources become a problem, this approach can help you recog-
nize how to distribute the desired feature implementations across multiple
switches to achieve your objectives.
Note ACLs on the Series 3400cl and Series 6400cl switches are applied per-port.
Except for the source-port classifier, QoS on 3400cl/6400cl switches is applied
across either all physical interfaces on the switch or across all physical
interfaces on a specified VLAN. This means that in most cases a QoS config-
uration applies to multiple ports while an ACL configuration applies only to
specifically designated ports.
Adding ACLs consumes per-port ACL mask resources rapidly. If ACLs are
more important on particular 3400cl or 6400cl switch ports than IGMP, then
you should plan and configure your ACL resource usage first for those ports,
then give attention to configuration of IGMP. If insufficient resources remain
for IGMP, try applying IGMP on other switches.
ACL Resource Usage and Monitoring
ACL configurations on the 3400cl/6400cl switches use internal rule and mask
resources on a per-port basis. Per-Port rule and mask usage is reserved as
shown below:
Feature Maximum Internal Masks
Available Per-Port
Maximum Internal Rules
Available Per-Port
ACLs and IGMP
*
8 ACL Masks* 120 maximum
*
Enabling IGMP on one or more VLANs consumes one per-port ACL mask on all ports. If all
per-port ACL masks are used up on any port in the switch, IGMP cannot be configured.
The switch consumes per-port (internal) rule and mask resources required by
the ACEs in an ACL when you apply the ACL to one or more port and/or static
trunk interfaces.
10-17
To Next Page
Loading...
