Commands

Allows end users to control explicit groupings on PACLs, VACLs and RACLs applications which allows for TCAM resource consolidation. Allow for better network troubleshooting via an individual port or VLAN when reviewing statistics specifically for that port or VLAN.

IPv4 access-group (PACL)

Allows for the configuration of an IPv4 ACL on a port to be shared.

Syntax

[no] ip access-group <ACL-ID> in|out shared

Description

Apply the specified IPv4 ACL to inbound or outbound packets on this interface. When ACLs are shared, hardware resource usage is optimized where possible.

Options

shared

Apply the IPv4 ACL so as to share hardware resources.

Restrictions

  • Per application statistics will not be available when ACLs are applied as shared.

  • Connection rate filter ACLs cannot be applied on this interface.

ip access-group my-acl out shared

switch(config)# int a1
switch(eth-a1)# ip access-group my-acl out shared

IPv6 access-group (PACL)

Allows for the configuration of an IPv6 ACL on a port to be shared.

Syntax

[no] ipv6 access-group <ACL-ID> in|out shared

Description

Apply the specified IPv6 ACL to inbound or outbound packets on this interface. When ACLs are shared, hardware resource usage is optimized where possible.

Options

shared

Apply the IPv6 ACL so as to share hardware resources.

Restrictions

  • Per application statistics will not be available when ACLs are applied as shared.

  • Connection rate filter ACLs cannot be applied on this interface.

ipv6 access-group my-acl out shared

switch(config)# int a1
switch(eth-a1)# ipv6 access-group my-acl out shared

MAC access-group (PACL)

Allows for the configuration of a MAC ACL on a port to be shared.

Syntax

mac-access-group <ACL-ID> in|out shared

Description

Apply the MAC ACL to the traffic on a port. MAC ACLs can be used to filter the traffic based on the source MAC address, destination MAC address, EtherType, CoS priority, or VLAN number. When ACLs are shared, hardware resource usage is optimized where possible.

Options

shared

Apply the MAC ACL so as to share hardware resources.

Restrictions

  • Per application statistics will not be available when ACLs are applied as shared.

mac-access-group my-acl out shared

Switch(config)# int a1
switch(eth-a1)# mac-access-group my-acl out shared

IPv4 access-group (VACL)

Allows for the configuration of an IPv4 ACL on a vlan to be shared. VACLs are applied from vlan context.

Syntax

[no] ip access-group <ACL-ID> in|out|vlan-in|vlan-out|connection-rate-filter shared

Description

Apply the specified IPv4 ACL on this VLAN interface. When ACLs are shared, hardware resource usage is optimized where possible.

Options

shared

Apply the IPv4 ACL so as to share hardware resources.

Restrictions

Per application statistics will not be available when ACLs are applied as shared.

ip access-group my-acl out shared

switch(config)# vlan 1
switch(vlan-1)# ip access-group my-acl vlan-out shared
switch(vlan-1)# ip access-group my-acl out shared

IPv6 access-group (VACL)

Allows for the configuration of an IPv6 ACL on a VLAN to be shared. VACLs are applied from VLAN context.

Syntax

[no] ipv6 access-group <ACL-ID> in|out|vlan-in|vlan-out|connection-rate-filter shared

Description

Apply the specified IPv6 ACL on this VLAN interface. When ACLs are shared, hardware resource usage is optimized where possible.

Options

shared

Apply the IPv6 ACL so as to share hardware resources.

Restrictions

Per application statistics will not be available when ACLs are applied as shared.

ipv6 access-group my-acl out shared

switch(config)# vlan 1
switch(vlan-1)# ipv6 access-group my-acl vlan-out shared
switch(vlan-1)# ipv6 access-group my-acl out shared

MAC access-group (VACL)

Allows for the configuration of a MAC ACL on a VLAN to be shared.

Syntax

mac-access-group <ACL-ID> in|out shared

Description

Apply the MAC ACL to the traffic on a VLAN. MAC ACLs can be used to filter the traffic based on the source MAC address, destination MAC address, EtherType, CoS priority, or VLAN number. When ACLs are shared, hardware resource usage is optimized where possible.

Options

shared

Apply the MAC ACL so as to share hardware resources.

Restrictions

Per application statistics will not be available when ACLs are applied as shared.

mac-access-group my-acl out shared

switch(config)# vlan 1
switch(vlan-1)# mac-access-group my-acl out shared