Cisco Cisco 1700 2600 3600 3700 Series VPN Module White Paper
© 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 54 of 55
Router ACLs
Router ACLs refers to all ACLs that are applied to interfaces that also have an IP address specified, including
Layer 3 physical routed interfaces, Layer 3 SVIs, as well as port-channel interfaces. Directional by nature, RACLs
apply only to traffic that is routed through those specific interfaces.
In a Cisco Virtual Switching System environment, RACLs do not change significantly, since they can be applied to
all Layer 3 interfaces across the entire system (on Switch 1, Switch 2, or both). Global TCAM show commands,
however, have been extended to account for the switch keyword. For example:
vss#sh tcam counts switch 1
Used Free Percent Used Reserved
---- ---- ------------ --------
Labels:(in) 4 4092 0
Labels:(eg) 2 4094 0
ACL_TCAM
--------
Masks: 77 4019 1 72
Entries: 49 32719 0 576
QOS_TCAM
--------
Masks: 22 4074 0 18
Entries: 22 32746 0 144
LOU: 0 128 0
ANDOR: 0 16 0
ORAND: 0 16 0
ADJ: 3 2045 0
vss#sh tcam counts switch 2
Used Free Percent Used Reserved
---- ---- ------------ --------
Labels:(in) 4 4092 0
Labels:(eg) 2 4094 0
ACL_TCAM
--------
Masks: 77 4019 1 72
Entries: 49 32719 0 576
QOS_TCAM
--------
Masks: 22 4074 0 18
Entries: 22 32746 0 144 LOU: 0 128 0
ANDOR: 0 16 0
ORAND: 0 16 0
ADJ: 3 2045 0
VLAN ACLs
VACLs refers to all ACLs that are applied to Layer 2 VLANs directly and affect both traffic that is switched within
the VLAN for which the VACL is applied. Traffic that is routed through the VLAN. VACLs are bidirectional.