Ciao,
I'm implementing 802.1x with NAC Posture using a couple of WS-C4506-E Supervisor 6L-E. They are access switches with each one 4x48 10/100/1000 ports.
I'm configuring dACL for machine authentication and no posture (30 ACE to limit Active Directory access) and machine authentication with healthy posture (1 ACE: permit ip any any).
I did some test with a couple of client connect to these switches and I verify TCAM utilization with command:
sh platform hardware acl statistics utilization brief
CAM Utilization Statistics
--------------------------
Used Free Total
--------------------------------
Input Security (160) 35 (1 %) 2013 (99 %) 2048
Input Security (320) 34 (1 %) 2014 (99 %) 2048
Input Forwarding (160) 7 (0 %) 2041 (100%) 2048
Input Forwarding (320) 24 (1 %) 2024 (99 %) 2048
Input Unallocated (160) 0 (0 %) 24576 (100%) 24576
Output Security (160) 8 (0 %) 2040 (100%) 2048
Output Security (320) 12 (0 %) 2036 (100%) 2048
Output Qos (160) 18 (0 %) 2030 (100%) 2048
Output Qos (320) 2 (0 %) 2046 (100%) 2048
Output Unallocated (160) 0 (0 %) 24576 (100%) 24576
Input Profiles (logical) : used 1 / 32
Input Profiles (physical): used 4 / 32
Output Profiles (logical) : used 1 / 32
Output Profiles (physical): used 3 / 32
It's seem that the utilization is proportional to the ACE applied per port (30 or 1). Can someone explain me if there is any sort of optimization ? Because in the worst case there could be 196 clients x 30 ACE using 9408 of 2048 available.
Thnaks.