Manualsbrain.com
  1. Manuals
  2. Brands
  3. DELL
  4. N3000
  5. User Manual

DELL N3000 User Manual

Download
Page of 1460
Configuring Access Control Lists
597
Resource-Sharing Between ACLs and PBR
ACLs associated with a route-map and general ACLs share the same hardware 
resources. If PBR consumes the maximum number of HW resources on an 
interface or system-wide, general purpose ACLs cannot be configured and 
vice versa. Hardware allocation is performed on a first-come, first-serve basis. 
Counter Support for Route-map ACL
A counter is associated with each ACL rule associated with a route-map. The 
counter indicates how many packets were policy routed. There is no provision 
to nondestructively clear these counters from the UI. Counters associated 
with a route-map statement are cleared when the route-map is removed from 
the VLAN. The hardware does not support both a counter and a rate-limit. 
Therefore, the system does not support configuring ACLs with a rate-limit 
being used for PBR.
Priority of ACL/PBR Rules When Applied to Hardware
Each ACL normally is associated with a sequence number that indicates the 
order in which an ACL needs to be applied when multiple ACLs are applied 
on a single VLAN. The sequence number or priority indicates the order in 
which ACLs (and corresponding rules associated with ACLs) are applied.  
When an ACL is used in a route-map's “match” clause, it is applied to 
hardware with the same priority as if it were an independent ACL, but with 
the exception of the implicit “deny all” rule. A route-map may have multiple 
statements with different sequence numbers associated with each ACL entry. 
In this case, the ACL inherits the sequence number of the route-map entry. 
Therefore, it is advisable to segregate ACLs used in route-maps from ACLs 
applied directly to interfaces. 
ACL Resource Usage
When a route-map defines a “match” rule associated with an ACL, except for 
the implicit routing behavior mentioned above, the resource consumption is 
the same as if a normal ACL is applied on an interface. Rules consumed by an 
ACL corresponding to a route-map “match” clause share hardware resources 
with the ACL component. Certain resources cannot be shared. For example, 
the rate-limit clause cannot be utilized in a PBR ACL, as the hardware cannot 
support both a counter (allocated by every PBR route-map) and a rate limit. 
Resources are not consumed until the route-map is associated with an