Dell MXL 10/40GbE Guidelines for Configuring ACL VLAN groups

for the ACL VLAN groups present on the system, an appropriate error message is displayed. The ACL

manager application verifies the following parameters when you enter the acl-vlan-group command:

• Whether the CAM profile is set in VFP

• Whether the maximum number of groups in the system has exceeded

• Whether the maximum number of VLAN numbers permitted per ACL group has exceeded

• When a VLAN member that is being added is already a part of another ACL group

After these verification steps are performed, the ACL manager considers the command as valid and sends

the information to the ACL agent on the line card. The ACL manager notifies the ACL agent in the

following cases:

• A VLAN member is added or removed from a group, and previously associated VLANs exist in the

group.

• The egress ACL is applied or removed from the group and the group contains VLAN members. VLAN

members are added or deleted from a VLAN, which itself is a group member.

• A line card returns to the active state after going down, and this line card contains a VLAN that is a

member of an ACL group.

• The ACL VLAN group is deleted and it contains VLAN members.

The ACL manager does not notify the ACL agent in the following cases:

• The ACL VLAN group is created.

• The ACL VLAN group is deleted and it does not contain any VLAN members.

• The ACL is applied or removed from a group, and the ACL group does not contain a VLAN member.

• The description of the ACL group is added or removed.

Guidelines for Configuring ACL VLAN groups

Keep the following points in mind when you configure ACL VLAN groups:

• The interfaces, to which the ACL VLAN group is applied, function as restricted interfaces. The ACL

VLAN group name is used to identify the group of VLANs that is used to perform hierarchical filtering.

• You can add only one ACL to an interface at a time.

• When you attach an ACL VLAN group to the same interface, a validation is performed to determine

whether an ACL is applied directly to an interface. If you previously applied an ACL separately to the

interface, an error occurs when you attempt to attach an ACL VLAN group to the same interface.

• The maximum number of members in an ACL VLAN group is determined by the type of switch and its

hardware capabilities. This scaling limit depends on the number of slices that are allocated for ACL

CAM optimization. If one slice is allocated, the maximum number of VLAN members is 256 for all ACL

VLAN groups. If two slices are allocated, the maximum number of VLAN members is 512 for all ACL

VLAN groups.

• The maximum number of VLAN groups that you can configure also depends on the hardware

specifications of the switch. Each VLAN group is mapped to a unique ID in the hardware. The

maximum number of ACL VLAN groups supported is 31. Only a maximum of two components (iSCSI

counters, Open Flow, ACL optimization) can be allocated virtual flow processing slices at a time.

104 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)