(Note: this is an expansion / demonstration of an article written by Yogesh Ramdoss, “ACL TCAM and LOUs in Catalyst 6500“)
In the last post, a simple ACL was presented and we could see how quickly our precious TCAM space could be consumed with very few 2-port ranges. Our switch becomes more needy when other operators are used, or when ranges include more than two ports. Let’s re-create the ACL to be used for packet classification:
ip access-list v4-NETWORK-MGMT 10 permit tcp any any gt 1024
Remember that TCAM operates on masks – so ports 1024 to 65,535 must be expanded to cover the entire range. To expand this into binary, the following masks must be created (note: the ‘-‘ character indicates that we don’t care whether the value is a one or a zero):
0000 0100 0000 0000 = 1024 !! Starting port - not included as we need all ports gt 1024 0000 0100 0000 0001 = 1025 0000 0100 0000 001- = 1026 to 1027 0000 0100 0000 01-- = 1028 to 1031 0000 0100 0000 1--- = 1032 to 1039 0000 0100 0001 ---- = 1040 to 1055 0000 0100 001- ---- = 1056 to 1087 0000 0100 01-- ---- = 1088 to 1151 0000 0100 1--- ---- = 1152 to 1279 0000 0101 ---- ---- = 1280 to 1535 0000 011- ---- ---- = 1536 to 2047 0000 1--- ---- ---- = 2048 to 4095 0001 ---- ---- ---- = 4096 to 8191 001- ---- ---- ---- = 8192 to 16383 01-- ---- ---- ---- = 16384 to 32767 1--- ---- ---- ---- = 32768 to 65535