hardware-profile filter (XGS)
Use this command to enable or disable ingress IPv4 or IPv6 and egress IPv6 filter groups. Disabling filter groups increases the configurable filter entries.
Use the no command to remove explicit enable/disable config for the filter group and switch to default behavior for that filter group.
Command Syntax
hardware-profile filter port-isolation (ingress-mirror|ingress-ipv4|ingress-ipv6|egress-ipv6|ingress-arp|bfd-group) (enable|disable)
no hardware-profile filter (ingress-ipv4|ingress-ipv6|egress-ipv6|bfd-group)
| • | 'no' command is provided only for ingress-ipv4, ingress-ipv6 and egress-ipv6. By default, group is enabled. To increase scalability for other groups, disable the group. |
| • | During multiple add/delete entry operation execution in TCAM, entry movement is possible which may lead to delay in completion of operation in hardware resulting into higher cpu utilization. |
| • | bfd-group filter is applicable only for Trident-3 devices. Only after enabling the bfd-group filter bfd sessions will be up in Trident-3. |
| • | Trident4 devices share hardware resources between some ingress and egress profiles. For instance, ingress-ipv4 and ingress-ipv6 will share physical resources, and egress-ipv6 will share resources with the egress l2/ipv4/QoS profile enabled by default. Consequently, resource usage is counted equally for all shared profiles wheneverone of the profiles uses more entries. Shared profiles are marked with the (*) in the output of the `show hardware-profile filters` command. |
-
Configuring and unconfiguring access-list to the interface in a single commit is not recommended.
Example:
OcNOS(config)#interface xe8
OcNOS(config-if)#no ip access-group ACL1v4 out
OcNOS(config-if)#exit
OcNOS(config)#interface xe3
OcNOS(config-if)#ip access-group ACL2v4 out
OcNOS(config-if)#commit
Parameter
ingress-mirror
Ingress TCAM group for Port-mirroring
ingress-ipv4
IPv4 filter ingress group.
ingress-ipv6
IPv6 filter ingress group.
egress-ipv6
IPv6 filter egress group.
enable
Enable filter group.
disable
Disable filter group.
ingress-arp
ARP filter ingress group
bfd-group
BFD filter group
port-isolation
The filter must be enabled before configuring port isolation. Since default filter groups are full, some unused filter needs be disabled in order to enable port-isolation filter.
no
Reset the group to as it was during init
Default
By default, all filter groups are enabled except the ingress-arp,bfd-group, port-isolation filter group.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
The no command is introduced in OcNOS version 4.2.
The ingress-mirror option was introduced in OcNOS version 6.4.1 release.
Examples
#configure terminal
(config)#hardware-profile filter ingress-ipv4 disable
(config)#hardware-profile filter ingress-ipv4 enable
(config)#no hardware-profile filter ingress-ipv4
(config)#hardware-profile filter ingress-ipv6 disable
(config)#hardware-profile filter port-isolation enable
(config)# hardware-profile filter ingress-mirror enable