Commands
Allows end users to control explicit groupings on PACLs, VACLs and RACLs applications which allows for TCAM resource consolidation. Allow for better network troubleshooting via an individual port or VLAN when reviewing statistics specifically for that port or VLAN.
IPv4 access-group (PACL)
Allows for the configuration of an IPv4 ACL on a port to be shared.
Syntax
[no] ip access-group <ACL-ID>
in|out shared
Description
Apply the specified IPv4 ACL to inbound or outbound packets on this interface. When ACLs are shared, hardware resource usage is optimized where possible.
Options
Restrictions
Per application statistics will not be available when ACLs are applied as shared.
Connection rate filter ACLs cannot be applied on this interface.
IPv6 access-group (PACL)
Allows for the configuration of an IPv6 ACL on a port to be shared.
Syntax
[no] ipv6 access-group <ACL-ID>
in|out shared
Description
Apply the specified IPv6 ACL to inbound or outbound packets on this interface. When ACLs are shared, hardware resource usage is optimized where possible.
Options
Restrictions
Per application statistics will not be available when ACLs are applied as shared.
Connection rate filter ACLs cannot be applied on this interface.
MAC access-group (PACL)
Allows for the configuration of a MAC ACL on a port to be shared.
Syntax
mac-access-group <ACL-ID>
in|out shared
Description
Apply the MAC ACL to the traffic on a port. MAC ACLs can be used to filter the traffic based on the source MAC address, destination MAC address, EtherType, CoS priority, or VLAN number. When ACLs are shared, hardware resource usage is optimized where possible.
Options
Restrictions
Per application statistics will not be available when ACLs are applied as shared.
IPv4 access-group (VACL)
Allows for the configuration of an IPv4 ACL on a vlan to be shared. VACLs are applied from vlan context.
Syntax
[no] ip access-group <ACL-ID>
in|out|vlan-in|vlan-out|connection-rate-filter shared
Description
Apply the specified IPv4 ACL on this VLAN interface. When ACLs are shared, hardware resource usage is optimized where possible.
Options
Restrictions
Per application statistics will not be available when ACLs are applied as shared.
IPv6 access-group (VACL)
Allows for the configuration of an IPv6 ACL on a VLAN to be shared. VACLs are applied from VLAN context.
Syntax
[no] ipv6 access-group <ACL-ID>
in|out|vlan-in|vlan-out|connection-rate-filter shared
Description
Apply the specified IPv6 ACL on this VLAN interface. When ACLs are shared, hardware resource usage is optimized where possible.
Options
Restrictions
Per application statistics will not be available when ACLs are applied as shared.
MAC access-group (VACL)
Allows for the configuration of a MAC ACL on a VLAN to be shared.
Syntax
mac-access-group <ACL-ID>
in|out shared
Description
Apply the MAC ACL to the traffic on a VLAN. MAC ACLs can be used to filter the traffic based on the source MAC address, destination MAC address, EtherType, CoS priority, or VLAN number. When ACLs are shared, hardware resource usage is optimized where possible.
Options
Restrictions
Per application statistics will not be available when ACLs are applied as shared.