Configuring the TCAM ACL Customization Function for Services
Configuring and Applying a TCAM ACL Preset Profile
Context
After a TCAM ACL preset profile is created, the system automatically generates the preset profile, as well as group names, matching fields, and actions in the preset profile. You only need to apply the TCAM ACL preset profile to a card or globally to make the TCAM ACL customization function take effect.
Only the CE12800E configured with FD-X series cards supports this configuration.
Procedure
- Run system-view
The system view is displayed.
- Run system tcam acl predefined template
A TCAM ACL preset profile is configured.
- Run system tcam acl templatetemplate-name { slotslot-id | all }
The TCAM ACL preset profile is applied to a card or globally.
- Run commit
The configuration is committed.
Configuring and Applying a TCAM ACL Customization Profile
Procedure
- Run system-view
The system view is displayed.
- Run system tcam acl templatetemplate-name
A TCAM ACL customization profile is created and its view is displayed.
- Run groupgroup-name [ precedenceprecedence-value ]
A TCAM ACL customization group is created and its view is displayed.
- Configure a matching rule in the TCAM ACL customization group.
Matching Rule
Command
Configure a matching rule based on Ethernet information.
match ethernet { 8021p | destination-mac | ethertype | inner-8021p | inner-vlan | source-mac | vlan } *
Configure a matching rule based on IPv4 packet information.
match ip { destination-ip | source-ip | fragment | protocol | tos | ttl } *
Configure a matching rule based on IPv6 packet information.
match ipv6 { destination-ip | destination-ip-high | source-ip | source-ip-high | protocol | tos | ttl } *
Configure a matching rule based on TCP packet information.
match tcp { tcp-flag | destination-port | source-port | l4port-range } *
Configure a matching rule based on UDP packet information.
match udp { destination-port | source-port | l4port-range } *
Configure a matching rule based on ICMP packet information.
match icmp icmp-type
Configure a matching rule based on IGMP packet information.
match igmp igmp-type
Configure a matching rule based on MPLS packet information.
match mpls { bos | forward-label-action | exp } *
NOTE:The CE12800E does not support this command.
Configure a matching rule based on the forwarding status.
match forwarding { destination-interface | source-interface | l2sub-interface | bridge-domain | bd-virtual-interface | vlan | vlanif | source-trunk | vrf | vsi } *
NOTE:Only the CE12800E configured with FD-X series cards supports the vlan, vlanif, bridge-domain, source-trunk, and bd-virtual-interface parameters.
Configure a matching rule based on user-defined packet information.
match { udf { ipv4-head | inner-ipv4-head | l2-head | l4-head } [ negative ] { head-length offset-length } }&<1-8>
- Run action { car | deny | forwarding-modify | mac-address-learning-disable | mirror | redirect { eth-trunk | flow | interface | nexthop | observe-port } * | remark { 8021p | dscp | exp | local-precedence | vlan | tos } * | share-car | snoop | statistics | trap } *
The action in the TCAM ACL customization group is configured.
- Run quit
Return to the TCAM ACL customization profile view.
- Run serviceservice-namegroupgroup-name
A service is bound to the TCAM ACL customization group.
Multiple services can be bound to the same TCAM ACL customization group, but different matching rules and actions must be configured for services in the group.
- Run quit
Return to the system view.
- Run system tcam acl templatetemplate-name { slotslot-id | all }
The TCAM ACL customization profile is applied to a card or globally.
- Run commit
The configuration is committed.