[c-nsp] TurboACL on Cisco 12000
Kevin Warwashana
kevinw at telnetww.com
Thu Dec 15 12:37:24 EST 2005
Does 'attach <slot>' work?
12000#attach 2
Entering Console for 1 Port Gigabit Ethernet in Slot: 2
Type "exit" to end this session
Press RETURN to get started!
LC-Slot2>show access-list comp
Hope that helps.
Kevin
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Chen, Qinxue
Sent: Thursday, December 15, 2005 12:27 PM
To: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] TurboACL on Cisco 12000
how to excute the commands on the linecard? We have IOS 12.0(27)S5.
-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
Sent: Thursday, December 15, 2005 8:19 AM
To: Chen, Qinxue; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] TurboACL on Cisco 12000
Chen, Qinxue <> wrote on Thursday, December 15, 2005 4:14 PM:
> It showed "operational." But the same ACL has been applied to
> different line cards. How can we tell if it's working on each card?
Just execute this command on all linecards..
> We know one line card doesn't have enough memory, but the others have
> plenty. The memory Malloc errors started about twice a day on the
> line card with low memory while TurboACL tried to optimize. By the
> way, all our line cards are Engine-1 cards and they don't support
> hardware ACL.
Well, depends.. check http://www.cisco.com/warp/public/63/acl_12000.html
(access-list hardware salsa).. The Salsa chip has limited ACL support..
oli
> -----Original Message-----
> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
> Sent: Wednesday, December 14, 2005 8:32 PM
> To: Chen, Qinxue; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] TurboACL on Cisco 12000
>
>
> Chen, Qinxue <> wrote on Wednesday, December 14, 2005 8:21 PM:
>
>> Hi,
>>
>> Do you know the consequences when TurboACL failed to dynamically
>> allocate enough memory on the line card for the ACL lookup table?
>> Would it fail over to linear search the ACL entries or just fail to
>> process the ACL entries in general? Thanks
>
> you can check the current status by issuing "show access-list
> compiled"
> on the linecard. When it says "operational", we still perform
> Turbo-ACL,
> otherwise we do linear search. We can do Turbo-ACL lookup for some
> ACLs
> and linear for others..
> It also depends on the type of LC engine as Turbo-ACLs only work in
> the
> slow-path on the LC-CPU, so all hw-based LCs with ACL support
> (essentially E1 and higher) will processes the ACLs in hardware.
>
> When do you see the Malloc failure? When you initially configure the
> ACLs or enable Turbo-ACL, or when Turbo-ACL tries to optimize it
> later?
>
> oli
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list