H Commands
Usage Guidelines
By default, each ACL-based feature can use one TCAM bank on an I/O module. This default behavior limits
each feature to 16,000 TCAM entries. If you have very large security ACLs, you may encounter this limit.
The command allows you to make more than 16,000 TCAM entries available to ACL-based features.
If you want to enable bank chaining for the entire system, Cisco recommends adding the configuration for
the entire module range, even if a module is not present, using the module range command, as described in
the Examples section.
This command does not require a license.
Examples
This example shows how to enable ACL programming across TCAM banks on the I/O module in slot 1:
switch# configure terminal
switch(config)# hardware access-list resource pooling module 1
This example shows how to enable bank chaining for all modules in a 10-slot chassis (excluding supervisor
slots 5 and 6):
switch# configure terminal
switch(config)# hardware access-list resource pooling module 1-4, 7-10
When a new module is inserted, bank chaining is enabled automatically for that module, without you having
to remember to enter the command.
This example shows how to enable VLAN-VLAN mode for the module 3:
switch# configure terminal
switch(config)# hardware access-list resource pooling vlan-vlan module 3
Related Commands
Command
hardware access-list update
show running-config all
show system internal access-list globals
hardware access-list resource pooling
Description
Configures atomic or non-atomic update of access-list,
and default access-list result during the non-atomic
hardware update.
Displays the running configuration, including the
default configuration.
Displays the access control list (ACL) ternary content
addressable memory (TCAM) common information
along with the bank chaining mode.
Cisco Nexus 7000 Series Security Command Reference
353