Manuals / Brands / Computer Equipment / Network Card / Cisco Systems / Computer Equipment / Network Card

Cisco Systems Cisco ONS 15310-MA, ONS 15310-CL, ONS 15310-MA Modifying ACL TCAM Size

1 292

Download 292 pages, 5.73 Mb

14-5

Cisco ONS 15310-CL, ONS 15310-MA, and ONS 15310-MA SDH Ethernet Card Software Feature and Configuration Guide, R9.1 and R9.2

78-19415-01

Chapter 14 Configuring Access Control Lists on the ML-Series Card

Modifying ACL TCAM Size

Modifying ACL TCAM Size

You can change the TCAM size by entering the sdm access-list command. For more information on ACL

TCAM sizes, see the “Configuring Access Control List Size in TCAM” section on page 13-3.

Example 14-1 provides an example of modifying and verifying ACLs.

Note

To increase the ACL TCAM size, you must decrease another region’s TCAM size, such as IP,

IP multicast, or L2 switching.

Caution

You need to increase the TCAM size if you see the following error message:

Warning:Programming TCAM entries failed

Please remove last ACL command to re-activate ACL operation.

!<ACL number or name> <IP or IPX> <INPUT_ACL or OUTPUT_ACL> from TCAM group for !<interface>

Please see the documentation to see if TCAM space can be

increased on this platform to alleviate the problem.

Example 14-1 Monitor and Verify ACLs

ML_Series# show ip access-lists 1

Standard IP access list 1

permit 192.168.1.1

permit 192.168.1.2

Table 14-2 Applying ACL to Interface

Command Purpose

ip access-group {

access-list-number

|

name

} {in | out}

Controls access to an interface.

Contents

Main Page CONTENTS Page Page Page Page Page Page Page Page Page Page Page Page Page Preface Revision History Document Objectives Audience Related Documentation Document Conventions xx xxi Page xxiii Page Obtaining Optical Networking Information Where to Find Safety and Warning Information Cisco Optical Networking Product Documentation CD-ROM Obtaining Documentation and Submitting a Service Request Page Overview of the ML-Series Card ML-Series Card Description ML-Series Feature List Page Key ML-Series Features Cisco IOS GFP-F Framing Link Aggregation (FEC and POS) RMON RPR SNMP TL1 CTC Operations on the ML-Series Card Displaying ML-Series POS Statistics in CTC Displaying ML-Series Ethernet Statistics in CTC Displaying ML-Series Ethernet Ports Provisioning Information on CTC Displaying ML-Series POS Ports Provisioning Information on CTC Displaying SONET Alarms Displaying J1 Path Trace Provisioning SONET Circuits Page Page Initial Configuration of the ML-Series Card Hardware Installation Cisco IOS on the ML-Series Card Opening a Cisco IOS Session Using CTC Telnetting to the Node IP Address and Slot Number Telnetting to a Management Port ML-Series IOS CLI Console Port RJ-11 to RJ-45 Console Cable Adapter Connecting a PC or Terminal to the Console Port Startup Configuration File Manually Creating a Startup Configuration File Through the Serial Console Port Passwords Configuring the Management Port Configuring the Hostname Loading a Cisco IOS Startup Configuration File Through CTC Database Restore of the Startup Configuration File Cisco IOS Command Modes Page Using the Command Modes Exit Getting Help Page Configuring Bridging on the ML-Series Card Understanding Bridging Configuring Bridging 4-3 SONET/SDH fast ethernet 0 Figure 4-1 Bridging Example Monitoring and Verifying Bridging pos 0pos 0 fast ethernet 0 ML_Series_A ML_Series_B 4-4 Example 4-3 shows examples of monitoring and verifying bridging. Example 4-3 Monitoring and Verifying Bridging Command Purpose brief displays summary information about spanning tree. 4-5 Page Configuring Interfaces on the ML-Series Card General Interface Guidelines MAC Addresses Interface Port ID Basic Interface Configuration Basic Fast Ethernet and POS Interface Configuration Configuring the Fast Ethernet Interfaces Configuring the POS Interfaces Monitoring Operations on the Fast Ethernet Interfaces 5-7 Example 5-3 show controller Command Output 5-8 Example 5-4 show run interface Command Output Configuring POS on the ML-Series Card Understanding POS on the ML-Series Card Available Circuit Sizes and Combinations LCAS Support J1 Path Trace, and SONET Alarms Framing Mode, Encapsulation, Scrambling, MTU and CRC Support Configuring the POS Interface Configuring POS Interface Framing Mode Configuring POS Interface Encapsulation Type Under GFP-F Framing SONET Alarms Configuring SONET Alarms Configuring SONET Delay Triggers Monitoring and Verifying POS 6-9 Showing scrambling with the show interface pos [0 | 1] command (Example 6-2). Example 6-2 Showing Scrambling with the show interface pos [0 | 1] Command Page Configuring STP and RSTP on the ML-Series Card STP Features STP Overview Supported STP Instances Bridge Protocol Data Units Election of the Root Switch Bridge ID, Switch Priority, and Extended System ID Spanning-Tree Timers Creating the Spanning-Tree Topology Spanning-Tree Interface States Blocking State Listening State Learning State Forwarding State Disabled State Spanning-Tree Address Management STP and IEEE 802.1Q Trunks Spanning Tree and Redundant Connectivity Accelerated Aging to Retain Connectivity RSTP Features Supported RSTP Instances Port Roles and the Active Topology Rapid Convergence Synchronization of Port Roles Bridge Protocol Data Unit Format and Processing Processing Superior BPDU Information Processing Inferior BPDU Information Topology Changes Interoperability with IEEE 802.1D STP Configuring STP and RSTP Features Default STP and RSTP Configuration Disabling STP and RSTP Configuring the Root Switch Configuring the Port Priority Configuring the Path Cost Configuring the Switch Priority of a Bridge Group Configuring the Hello Time Configuring the Forwarding-Delay Time for a Bridge Group Configuring the Maximum-Aging Time for a Bridge Group Verifying and Monitoring STP and RSTP Status Page Page Configuring VLANs on the ML-Series Card Understanding VLANs Configuring IEEE 802.1Q VLAN Encapsulation IEEE 802.1Q VLAN Configuration 8-4 ML-Series ML-Series Router_A Router_B 8-5 Monitoring and Verifying VLAN Operation Example 8-2 Output for show vlans Command Page Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling on the ML-Series Card Understanding IEEE 802.1Q Tunneling Page Page Configuring IEEE 802.1Q Tunneling IEEE 802.1Q Tunneling and Compatibility with Other Features Configuring an IEEE 802.1Q Tunneling Port IEEE 802.1Q Example Understanding VLAN-Transparent and VLAN-Specific Services VLAN-Transparent and VLAN-Specific Services Configuration Example 9-8 Example 9-4 applies to ML-Series card B. Example 9-4 ML-Series Card B Configuration Example 9-5 applies to ML-Series card C. Example 9-5 ML-Series Card C Configuration Understanding Layer 2 Protocol Tunneling Configuring Layer 2 Protocol Tunneling Default Layer 2 Protocol Tunneling Configuration Layer 2 Protocol Tunneling Configuration Guidelines Configuring Layer 2 Tunneling on a Port Configuring Layer 2 Tunneling Per-VLAN Monitoring and Verifying Tunneling Status Configuring Link Aggregation on the ML-Series Understanding Link Aggregation Configuring Link Aggregation Configuring Fast EtherChannel EtherChannel Configuration Example Configuring POS Channel POS Channel Configuration Example Understanding Encapsulation over FEC or POS Channel Configuring Encapsulation over EtherChannel or POS Channel Encapsulation over EtherChannel Example 10-8 Example 10-6 ML_Series B Configuration Monitoring and Verifying EtherChannel and POS 10-9 Example 10-7 show interfaces port-channel Command Page Configuring IRB on the ML-Series Card Understanding Integrated Routing and Bridging Configuring IRB IRB Configuration Example 11-4 Example 11-1 Configuring ML_Series A Table 11-1 shows the privileged EXEC commands for monitoring and verifying IRB. Example 11-2 Configuring ML_Series B Monitoring and Verifying IRB Page Page Configuring Quality of Service on the ML-Series Understanding QoS Priority Mechanism in IP and Ethernet IP Precedence and Differentiated Services Code Point 12-3 Ethernet CoS ML-Series QoS Classification Policing Marking and Discarding with a Policer Queuing Scheduling Control Packets and L2 Tunneled Protocols Egress Priority Marking Ingress Priority Marking QinQ Implementation Flow Control Pause and QoS QoS on RPR Configuring QoS Creating a Traffic Class Creating a Traffic Policy Page Page Page Attaching a Traffic Policy to an Interface Configuring CoS-Based QoS Monitoring and Verifying QoS Configuration QoS Configuration Examples Traffic Classes Defined Example Traffic Policy Created Example class-map match-any and class-map match-all Commands Example match spr1 Interface Example 12-20 ML-Series VoIP Example Figure 12-7 ML-Series VoIP Example Example 12-9 ML-Series VoIP Commands ML-Series Policing Example ML-Series Router_A ML-Series CoS-Based QoS Example 12-22 Example 12-11 shows the code used to configure ML-Series Card A in Figure 12-9. Example 12-12 shows the code used to configure ML-Series Card B in Figure 12-9. Example 12-13 shows the code used to configure ML-Series Card C in Figure 12-9. Understanding Multicast QoS and Multicast Priority Queuing Default Multicast QoS Multicast Priority Queuing QoS Restrictions Configuring Multicast Priority Queuing QoS Page QoS not Configured on Egress ML-Series Egress Bandwidth Example Case 1: QoS with Priority and Bandwidth Configured Without Priority Multicast Case 2: QoS with Priority and Bandwidth Configured with Priority Multicast Understanding CoS-Based Packet Statistics Configuring CoS-Based Packet Statistics 12-30 Understanding IP SLA IP SLA on the ML-Series IP SLA Restrictions on the ML-Series Page Configuring the Switching Database Manager on the ML-Series Card Understanding the SDM Understanding SDM Regions Configuring SDM Configuring SDM Regions Configuring Access Control List Size in TCAM Monitoring and Verifying SDM Page Configuring Access Control Lists on the ML-Series Card Understanding ACLs ML-Series ACL Support IP ACLs Named IP ACLs User Guidelines Creating IP ACLs Creating Numbered Standard and Extended IP ACLs Creating Named Standard IP ACLs Creating Named Extended IP ACLs (Control Plane Only) Applying the ACL to an Interface Modifying ACL TCAM Size Page Configuring Resilient Packet Ring on the ML-Series Card Understanding RPR Role of SONET Circuits Packet Handling Operations Ring Wrapping RPR Framing Process 15-5 MAC Address and VLAN Support RPR QoS CTM and RPR Configuring RPR Connecting the ML-Series Cards with Point-to-Point STS Circuits Configuring CTC Circuits for RPR CTC Circuit Configuration Example for RPR Page Configuring RPR Characteristics and the SPR Interface on the ML-Series Card Page Assigning the ML-Series Card POS Ports to the SPR Interface Page Creating the Bridge Group and Assigning the Ethernet and SPR Interfaces 15-14 RPR Cisco IOS Configuration Example Example 15-1 SPR Station-ID 1 Configuration Example 15-2 SPR Station-ID 2 Configuration 15-15 Example 15-3 SPR Station-ID 3 Configuration Verifying Ethernet Connectivity Between RPR Ethernet Access Ports CRC Threshold Configuration and Detection 15-16 Monitoring and Verifying RPR Example 15-4 Example of show interface spr 1 Output Example 15-5 Example of show run interface spr 1 Output Add an ML-Series Card into an RPR Page Adding an ML-Series Card into an RPR To Page Delete an ML-Series Card from an RPR Page Deleting an ML-Series Card from an RPR To Page Cisco Proprietary RPR KeepAlive Configuring Cisco Proprietary RPR KeepAlive Monitoring Cisco Propretary RPR KeepAlive Cisco Proprietary RPR Shortest Path Configuring Shortest Path and Topology Discovery Page Configuring Security for the ML-Series Card Understanding Security Disabling the Console Port on the ML-Series Card Secure Login on the ML-Series Card Secure Shell on the ML-Series Card Understanding SSH Configuring SSH Configuration Guidelines Setting Up the ML-Series Card to Run SSH Page Configuring the SSH Server Displaying the SSH Configuration and Status RADIUS on the ML-Series Card RADIUS Relay Mode Configuring RADIUS Relay Mode RADIUS Stand Alone Mode Understanding RADIUS Configuring RADIUS Default RADIUS Configuration Identifying the RADIUS Server Host Page Configuring AAA Login Authentication Page Defining AAA Server Groups Page Configuring RADIUS Authorization for User Privileged Access and Network Services Starting RADIUS Accounting Configuring a nas-ip-address in the RADIUS Packet Configuring Settings for All RADIUS Servers Configuring the ML-Series Card to Use Vendor-Specific RADIUS Attributes Configuring the ML-Series Card for Vendor-Proprietary RADIUS Server Communication Displaying the RADIUS Configuration CE-Series Ethernet Cards CE-100T-8 Ethernet Card CE-100T-8 Overview CE-100T-8 Ethernet Features Autonegotiation, Flow Control, and Frame Buffering Ethernet Link Integrity Support Enhanced State Model for Ethernet and SONET Ports IEEE 802.1Q CoS and IP ToS Queuing RMON and SNMP Support Statistics and Counters CE-100T-8 SONET Circuits and Features Available Circuit Sizes and Combinations CE-100T-8 STS/VT Allocation Tab Page CE-100T-8 VCAT Characteristics CE-100T-8 POS Encapsulation, Framing, and CRC CE-100T-8 Loopback, J1 Path Trace, and SONET Alarms CE-MR-6 Ethernet Card CE-MR-6 Overview CE-MR-6 Ethernet Features Autonegotiation, Flow Control, and Frame Buffering Ethernet Link Integrity Support Ethernet Drop and Continue Circuit Administrative and Service States with Soak Time for Ethernet and SONET Ports IEEE 802.1Q CoS and IP ToS Queuing Page RMON and SNMP Support SNMP MIBs Supported Statistics and Counters Supported Cross-connects CE-MR-6 Circuits and Features Available Circuit Sizes and Combinations Page Page CE-MR-6 Pool Allocation CE-MR-6 VCAT Characteristics CE-MR-6 POS Encapsulation, Framing, and CRC CE-MR-6 Loopback, J1 Path Trace, and SONET Alarms Terminal and Facility Loopback on LCAS Circuits In Split Fibre Routing Page A Command Reference for the ML-Series Card [no] bridge bridge-group-number protocol {drpri-rstp | ieee | rstp} clear counters [no] clock auto interface spr 1 [no] pos mode gfp [fcs-disabled] [no] pos pdi holdoff time [no] pos report alarm [non] pos trigger defects condition [no] pos trigger delay time [no] pos vcat defect {immediate | delayed} show controller pos interface-number [details] Page show interface pos interface-number A-15 show ons alarm Page show ons alarm defect {[eqpt | port [port-number] | sts [sts-number] | vcg [vcg-number] | vt]} A-18 Related Commands show controller pos show ons alarm failures show ons alarm failure {[eqpt | port [port-number] | sts [sts-number] | vcg [vcg-number] | vt]} Page spr-intf-id shared-packet-ring-number [no] spr load-balance { auto | port-based } spr station-id station-id-number spr wrap { immediate | delayed } B Unsupported CLI Commands for the ML-Series Unsupported Privileged Exec Commands Unsupported Global Configuration Commands Page Unsupported POS Interface Configuration Commands Unsupported FastEthernet Interface Configuration Commands Unsupported Port-Channel Interface Configuration Commands Unsupported BVI Interface Configuration Commands C Using Technical Support Gathering Information About Your Internetwork Getting the Data from Your ML-Series Card Providing Data to Your Technical Support Representative Page INDEX Numerics A B C Page Page D E F G H I J K L M N O P Q R S T U V W