Acl Memory Partitions Overview; Configuring Acl Memory Partitions - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 5
Managing Security Contexts
ACL Memory Partitions Overview
With ACL memory partitions, you can maximize the available ACL memory in the network processor
when you create security contexts. The default ACL memory is divided into 12 partitions and an
additional backup partition. In addition to these partitions, there is one partition and a backup partition
for downloadable ACLs. The default behavior is that when you create a security context, it is associated
with an ACL partition chosen in a round-robin fashion. All of the access lists created in the context get
programmed into the associated partition. This behavior results in an inefficient allocation of available
ACL memory. The default ACL memory allocation scheme results in the following inefficiencies:
•
•
•
Configuring ACL Memory Partitions
Beginning with FWSM software release 2.3, you can configure the number of partitions to maximize
ACL memory usage. This feature allows you to eliminate the inefficiencies of the default ACL memory
allocation scheme.
There are two parts to configuring ACL memory partitions: partitioning the ACL memory using the
resource acl-partition command and mapping a context to a partition using the allocate-acl-partition
command.
To partition the ACL memory, enter this command:
fwsm(config)# resource acl-partition number-of-partitions
The no form of this command will cause ACL memory to be partitioned into the default number of
partitions (12).
The following caveats apply to this command:
•
•
•
OL-6392-01
Fewer contexts than the default number of partitions
When you have fewer contexts than partitions, some partitions are never used. The result is that
–
there is less usable memory than available memory.
More contexts than the default number of partitions
If the number of contexts is more than the number of partitions, configuration changes made by
–
one user can impact other users because they share the resource.
No guaranteed resources for business class customers
All users or customers were treated equally with no way to prioritize them.
–
You must reboot the module before the changes will take place. In a failover set up, you must reboot
both of the modules at the same time. Rebooting both modules at the same time will result in
network downtime.
The resource acl-partition <X> command will not take effect until you enter a write mem
command and reboot the module.
If you are using a failover configuration, you must use these recommended command sequences:
On the active module, use this sequence:
resource acl-partition X
write mem
reload
On the redundant module, use this sequence: reload
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Configuring Resource Management
5-17
Advertisement
Table of Contents
Troubleshooting
