Refer to the exhibit.
An AOS-Switch has an extended ACL that is applied to several physical interfaces.
- New interfaces have been brought online.
- The ACL has been applied to them as well.
A network administrator sees the output in the exhibit and is concerned that the switch will reach the limit for rules.
What can the administrator do to address this concern?
To address the concern of reaching the limit for rules, enabling ACL grouping and applying ACLs as shared ACLs is an appropriate solution. ACL grouping allows for the sharing of ACLs across multiple interfaces which reduces the number of TCAM resources consumed. Instead of creating separate entries for each ACL application, ACL grouping consolidates these entries, thus efficiently managing TCAM resources and preventing the switch from reaching its rule limit. This approach ensures scalability and efficient resource utilization, which is essential given the observed resource usage in the policy enforcement engine.
It's B: You want to cookie cutter ACL's that are going to be on multiple interfaces by use 'access-list grouping'. It will require a switch reboot. Sw# vlan 10 ip access-group FromGuests vlan-in shared Sw# interface 37 ip access-group FromGuests in shared
yes, B
ACL grouping is an extension of the ACL feature. Each ACL application will consume “n” TCAM resources therefore “x” applications of an ACL will use “x . *n” resources. ACL grouping allows for grouping by an ACL. With ACL grouping, the TCAM usage would shrink to “n”. ACL grouping can be applied to both ports and VLANs.