Configuring TCAM
Ternary content-addressable memory (TCAM) is a type of high-speed memory that can be entirely searched in a single clock cycle. The term “ternary” refers to the memory's ability to store and query data using three different inputs: 0, 1 and X.
The TCAM stores access control-lists (ACLs) which are ordered sets of rules that you can use to filter your network traffic. Each rule specifies a set of conditions that a packet must satisfy to match the rule. When the device determines that an ACL applies to a packet, it tests the packet against the conditions of all rules. The first matching rule determines whether the packet is permitted or denied. If there is no match, the device applies the applicable implicit rule. The device continues processing packets that are permitted and drops packets that are denied.
The egress TCAM size is 1K, divided into four 256 entries.
TCAM space is limited. The choice for what is best for your implementation depends on the specific use.
By default, all TCAM space is already allocated, so you need to decide where you want to 'steal' TCAM space from in order to allocate elsewhere.
Configuring ACL TCAM Region with e-racl TCAM Carving
Configuring ACL TCAM Region with e-racl TCAM CarvingPOST http://<mgmt0_IP>/api/mo/sys/pltfm.json{
"platformEntity": {
"children": [
{
"platformTcamRegion": {
"attributes": {
"eRaclSize": "256"
}}}]}}{
imdata:[]
}<System>
<pltfm-items>
<tcamRegion-items>
<eRaclSize>256</eRaclSize>
</tcamRegion-items>
</pltfm-items>
</System>Configures the size of the IPv4 egress router ACL (ERACL) TCAM region.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
hardware access-list tcam region e-racl 256
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring ACL TCAM Region with vpc-convergence TCAM Carving
Configuring ACL TCAM Region with vpc-convergence TCAM CarvingPOST http://<mgmt0_IP>/api/mo/sys/pltfm.json{
"platformEntity": {
"children": [
{
"platformTcamRegion": {
"attributes": {
"vpcConvergenceSize": "0"
}}}]}}{
imdata:[]
}<System>
<pltfm-items>
<tcamRegion-items>
<vpcConvergenceSize>0</vpcConvergenceSize>
</tcamRegion-items>
</pltfm-items>
</System>Configures the size of the vPC convergence TCAM region.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
hardware access-list tcam region vpc-convergence 0
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring ACL TCAM Region with racl-lite TCAM Carving
Configuring ACL TCAM Region with racl-lite TCAM CarvingPOST http://<mgmt0_IP>/api/node/mo/sys/pltfm/tcamRegion.json{
"platformEntity": {
"children": [
{
"platformTcamRegion": {
"attributes": {
"ifaclLiteSize": "256"
}}}]}}{
imdata:[]
}<System>
<pltfm-items>
<tcamRegion-items>
<eRaclSize>256</eRaclSize>
</tcamRegion-items>
</pltfm-items>
</System>Configures the size of the IPv4 RACL lite TCAM region.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
hardware access-list tcam region racl-lite 256
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring ACL TCAM Region with ipv6-ifacl TCAM Carving
Configuring ACL TCAM Region with ipv6-ifacl TCAM CarvingPOST http://<mgmt0_IP>/api/mo/sys/pltfm.json{
"platformEntity": {
"children": [
{
"platformTcamRegion": {
"attributes": {
"ipv6IfaclSize": "256"
}}}]}}{
imdata:[]
}<System>
<pltfm-items>
<tcamRegion-items>
<ipv6IfaclSize>256</ipv6IfaclSize>
</tcamRegion-items>
</pltfm-items>
</System>Configures the size of the IPv6 port ACL TCAM region.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
hardware access-list tcam region ipv6-ifacl 256
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring ACL TCAM Region Size with e-ipv6-racl TCAM Carving
Configuring ACL TCAM Region Size with e-ipv6-racl TCAM CarvingPOST http://<mgmt0_IP>/api/mo/sys/pltfm.json{
"platformEntity": {
"children": [
{
"platformTcamRegion": {
"attributes": {
"eIpv6RaclSize": "256"
}}}]}}{
imdata:[]
}<System>
<pltfm-items>
<tcamRegion-items>
<eIpv6RaclSize>256</eIpv6RaclSize>
</tcamRegion-items>
</pltfm-items>
</System>Configures the size of the IPv6 egress router ACL (ERACL) TCAM region.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
hardware access-list tcam region e-ipv6-racl 256
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring ACL TCAM Region with ifacl-lite TCAM Region Size
Configuring ACL TCAM Region with ifacl-lite TCAM Region SizePOST http://<mgmt0_IP>/api/node/mo/sys/pltfm/tcamRegion.json{
"platformEntity": {
"children": [
{
"platformTcamRegion": {
"attributes": {
"raclLiteSize": "256"
}}}]}}{
imdata:[]
}Configures the size of the IPv4 port ACL lite TCAM region.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right.
hardware access-list tcam region ifacl-lite 256
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring Hardware Profile racl TCAM Region Size
Configuring Hardware Profile racl TCAM Region SizePOST http://<mgmt0_IP>/api/mo/sys/pltfm.json{
"platformEntity": {
"children": [
{
"platformTcamRegion": {
"attributes": {
"raclSize": "3072"
}}}]}}{
imdata:[]
}<System>
<pltfm-items>
<tcamRegion-items>
<raclSize>3072</raclSize>
</tcamRegion-items>
</pltfm-items>
</System>Configures the size of the router ACL (RACL) TCAM region.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
hardware profile tcam region racl 3072
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring Hardware Profile QoS TCAM Region Size
Configuring Hardware Profile QoS TCAM Region SizePOST http://<mgmt0_IP>/api/mo/sys/pltfm.json{
"platformEntity": {
"children": [
{
"platformTcamRegion": {
"attributes": {
"qosSize": "256"
}}}]}}{
imdata:[]
}<System>
<pltfm-items>
<tcamRegion-items>
<qosSize>256</qosSize>
</tcamRegion-items>
</pltfm-items>
</System>Configures the size of the quality of service (QoS) TCAM region.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
hardware profile tcam region qos 256
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring Hardware Profile e-vacl TCAM Region Size
Configuring Hardware Profile e-vacl TCAM Region SizePOST http://<mgmt0_IP>/api/mo/sys/pltfm.json{
"platformEntity": {
"children": [
{
"platformTcamRegion": {
"attributes": {
"eVaclSize": "0"
}}}]}}{
imdata:[]
}<System>
<pltfm-items>
<tcamRegion-items>
<eVaclSize>0</eVaclSize>
</tcamRegion-items>
</pltfm-items>
</System>Configures the size of the egress VLAN ACL (EVACL) TCAM region.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
hardware profile tcam region e-vacl 0
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring Hardware Profile ifacl TCAM Region Size
Configuring Hardware Profile ifacl TCAM Region SizePOST http://<mgmt0_IP>/api/mo/sys/pltfm.json{
"platformEntity": {
"children": [
{
"platformTcamRegion": {
"attributes": {
"ifaclSize": "0"
}}}]}}{
imdata:[]
}<System>
<pltfm-items>
<tcamRegion-items>
<ifaclSize>0</ifaclSize>
</tcamRegion-items>
</pltfm-items>
</System>Configures the size of the interface ACL (ifacl) TCAM region.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
hardware profile tcam region ifacl 0
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring Hardware Profile vacl TCAM Region Size
The following is an example of configuring the vacl TCAM region in the hardware.
Configuring Hardware Profile vacl TCAM Region SizePOST http://<mgmt0_IP>/api/mo/sys/pltfm.json{
"platformEntity": {
"children": [
{
"platformTcamRegion": {
"attributes": {
"vaclSize": "0"
}}}]}}{
imdata:[]
}<System>
<pltfm-items>
<tcamRegion-items>
<vaclSize>0</vaclSize>
</tcamRegion-items>
</pltfm-items>
</System>Configures the size of the VLAN ACL (VACL) TCAM region.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
hardware profile tcam region vacl 0
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring Hardware QoS Min-buffer
Configuring Hardware QoS Min-bufferPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"platformEntity": {
"attributes": {
"qosMinBuffer": "default"
}
}
}
]
}
}{
imdata:[]
}<System>
<pltfm-items>
<qosMinBuffer>default</qosMinBuffer>
</pltfm-items>
</System>Configures the QoS buffer.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
hardware qos min-buffer qos-group default
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring the Percentage of Shared Pool Buffers to be Reserved
Configuring the Percentage of Shared Pool Buffers to be ReservedPOST http://<mgmt0_IP>/api/mo/sys.json {
"platformEntity": {
"children": [
{
"platformPfcMmuBuffer": {
"attributes": {
"bufferReservation": "20",
"mmuBufferState": "enable"
}
}
}
]
}
}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System>
<pltfm-items>
<pfcmmubuffer-items>
<bufferReservation>20</bufferReservation>
</pfcmmubuffer-items>
<mmuBufferState>enable</mmuBufferState>
</pltfm-items>
</System>Note: This example was added in Release 9.2(2)
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the opt-left corner of the pane on the right to view the JSON payload. Click the YANG tab to view the XML payload.
hardware profile pfc mmu buffer-reservation 20
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
For detailed information about classes and attributes in the payloads, see the NX-API DME Model Reference:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Disabling the Reserved Percentage of Shared Pool Buffers
Disabling the Reserved Percentage of Shared Pool BuffersPOST http://<mgmt0_IP>/api/mo/sys.json {
"platformEntity": {
"children": [
{
"platformPfcMmuBuffer": {
"attributes": {
"bufferReservation": "20",
"mmuBufferState": "disable"
}
}
}
]
}
}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System>
<pltfm-items>
<pfcmmubuffer-items>
<bufferReservation>20</bufferReservation>
<mmuBufferState>disable</mmuBufferState>
</pfcmmubuffer-items>
</pltfm-items>
</System>Note: This example was added in Release 9.2(2)
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the opt-left corner of the pane on the right to view the JSON payload. Click the YANG tab to view the XML payload.
no hardware profile pfc mmu buffer-reservation 20
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
For detailed information about classes and attributes in the payloads, see the NX-API DME Model Reference:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Disabling URPF (Unicast Reverse Path Forwarding)
The following is an example of (global) disabling Unicast Reverse Path Forwarding (URPF).
Disabling URPF (Unicast Reverse Path Forwarding)POST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"platformEntity": {
"attributes": {
"urpfStatus": "disabled"
}
}
}
]
}
}{
imdata:[]
}<System>
<pltfm-items>
<urpfStatus>disabled</urpfStatus>
</pltfm-items>
</System>Globally disables URPF.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
system urpf disable
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring Logging Level to Match Entries in ACL Log
Configuring Logging Level to Match Entries in ACL LogPOST http://<mgmt0_IP>/api/mo/sys.json{
"acllogInst": {
"children": [
{
"acllogLogCache": {
"attributes": {
"matchLevel": "6"
}}}]}}{
imdata:[]
}<System>
<acllog-items>
<inst-items>
<log-items>
<matchLevel>6</matchLevel>
</log-items>
</inst-items>
</acllog-items>
</System>Specifies the minimum severity level to log ACL matches. The default is 6 (informational). The range is from 0 (emergency) to 7 (debugging).
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
acllog match-log-level 6
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring TFTP Source Interface
Configuring TFTP Source InterfacePOST http://<mgmt0_IP>/api/mo/sys/ipSrcIf.json{
"srcintfEntity": {
"children": [
{
"srcintfTftp": {
"attributes": {
"srcIf": "po4",
"vrf": "default"
}}}]}}{
imdata:[]
}<System>
<ipSrcIf-items>
<tftp-items>
<Tftp-list>
<vrf>default</vrf>
<srcIf>po4</srcIf>
</Tftp-list>
</tftp-items>
</ipSrcIf-items>
</System>Configures the source interface for all TFTP packets.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
ip tftp source-interface po4 vrf default
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html