The mls acl tcam share-global command enables the static sharing feature. With static sharing, only one copy of the PACL/ACL and inherited VLAN-based feature ACLs is stored in the TCAM for all ports using the same ACL set, freeing TCAM space for more ACLs. Note that by using this command only global default ACL's would be shared and not the banks.The bank that gets chosen and the features that can share the same bank depends on the feature configuration. If TCAM ran out of Hardware spaces for ACL's , any new ACL will be processed by the CPU causing it to go high .
For example the Sup720-3BXL has the two TCAM banks in Parallel so features generally use only one of these banks at a time. Two banks are provided to handle multiple features per interface at a time. Consider that you have configured a RACL which is a single feature set it uses one bank
( Bank0) and consequently when it is exhausted (reaching 50 % of total capacity) it throws an error. The workaround for this issue could be adding mls acl tcam share-global command which will act upon GLOBAL DEFAULT ACL's (deny any any) in TCAM between Bank0 and Bank1 leaving space for newly added ACL's in your setup. When no form of the command enabled, a unique deny any ACE will be used per ACL if the user configures an explicit deny any terminating an ACL; else, we will just use a single entry for all ACLs (saving TCAM space but losing per-ACL deny any counters). The TCAM's are in PFC of the supervisor engine and not in Linecards.(DFC Linecards download these info from PFC.)
My Router is not making the acting as a Proxy for the ARP requests for the NATted IP's on the NAT oustide intterface. Here's the interface config : ISR#sh run int fa0/0.101
Current configuration : 169 bytes
Hi, I have a question about C3750E switch.IOS image :c3750e-universalk9-mz.150-2.SE4.bin Receive a lot of log event about" Failed to send hrpc non blocking message". I have seen some related information. ex.https://community.cisco.com/...
I was looking at GRE DMVPN and have a basic idea. can anyone tell me what role the tunnel interface ip address plays in the GRE tunnel process. reason i am asking is that we have tunnel source and tunnel destination addresses as the overlay address and it...