Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cat 6500 Sup32-3B TCAM usage - same ACL on many ports


Could some one confirm if the TCAM space utilization remains same if the same ACL is used across many ports on sup32-3B/6500 as this behavior is purely dependent on hardware. From my initial testing (tried on two ports) it appeared so, but would like to hear if the consumption increases in steps based on number of instantiations( say, 1-32 instantiations - usage x%;  33-64 instantatiaons- y% etc). ACL would be applied on a few hundred ports of WS-X6148A-GE-45AF's and there are no other daugther cards in the system.

Appreciate a quick reply.



Cisco Employee

Cat 6500 Sup32-3B TCAM usage - same ACL on many ports

Hello Vijaya,

ACL architecture on PFC based modules for Cat6500 familty products utilizate the concept of ACL labels, basically we programm ACL into TCAM and create a "reference" for it - called "Label" and as soon as ACL is applied to the interface it will use use this label to match packets.

Another crucial part you should be aware of is "merging" concept running on the switch. It means in order to reduce TCAM utilization we combine different security features configured on the interface into a single "ACL" to be programmed into TCAM. It means in case the configuration on interfaces will be different even with the same ACL applied it could possible lead to a situation where we will require to program additional entries.

I would suggest you to take a look into the following document, it gives a very good overview of ACL concept running on Cat6500 switches:

Best regards,
Dmitry Skotnikov

-- Best regards, Dmitry Skotnikov