Reset Search
 

 

Article

What's difference between dedicated and shared mode of vlan-acl-precedence?

« Go Back

Information

 
TitleWhat's difference between dedicated and shared mode of vlan-acl-precedence?
Question
What's difference between dedicated and shared mode of vlan-acl-precedence?
Environment
  • EXOS >=12.3
Answer

The “vlan-acl-precedence” configuration applies to both VLAN based AND port based ACLs and requires a reboot if you change the setting. When “shared” mode is selected, ACL rules installed against one VLAN have overlapping precedence values with ACL rules installed against other VLANs.  Likewise, ACL rules installed against one port have overlapping precedence values with ACL rules installed against other ports. “Dedicated” mode forces different precedence values for subsequent installations against different ports/VLANs.  This usually will result in improved installation performance (due to less TCAM/slice shifting) but may increase hardware ACL utilization for a given rule set.

  • shared mode: Use this mode when the ACL hardware resource is more heavily used and you want to squeeze more rules into the hardware but installation performance is less of a concern. 
  • dedicated mode: Use this mode when the ACL hardware resource utilization is less of a concern but installation performance is long or a concern.
Example)
test.pol:
entry one {if {source-address 1.1.1.1/32; } then {deny;}}
entry two {if {source-address 2.2.2.1/32; } then { deny;}}
 

command: configure access-list test.pol ports 1,2

shared mode: there will be 2 rules installed in hardware, each matching both ports as a “port bitmap”.
dedicated mode: there will be 4 rules installed in hardware (2 rules each matching 1 of the 2 ports)
 

Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255