values. Any region size can be carved with a value only in multiples of 256 entries (with the exception
of the span region, which can be carved only in multiples of 512 entries).
• RACL v6, CoPP, and multicast have default TCAM sizes and these TCAM sizes must be non-zero on
the following Cisco Nexus 9504 and Cisco Nexus 9508 line cards to avoid line card failure during reload:
• N9K-X96136YC-R
• N9K-X9636C-RX
• N9K-X9636Q-R
• N9K-X9636C-R
• When the egress RACL is beyond 4K, the TCAM carving configuration has to be ingress RACL (RACL)
+ egress RACL (e-racl) summing to 20480. See the following TCAM carving example:
hardware access-list tcam region ifacl 0
hardware access-list tcam region ipv6-ifacl 0
hardware access-list tcam region mac-ifacl 0
hardware access-list tcam region racl 0
hardware access-list tcam region ipv6-racl 0
hardware access-list tcam region span 0
hardware access-list tcam region redirect_v4 0
hardware access-list tcam region redirect_v6 0
hardware access-list tcam region e-racl 20480
• You can partially use IPv6 RACL with IPv6 IFCAL. This is applicable to Cisco Nexus N9K-C9508 and
N9K-C9504 with N9K-X96136YC-R, N9K-X9636C-R, N9K-X9636Q-R, and N9K-X9636C-RX line
cards.
The following table summarizes the regions that need to be configured for a given feature to work. The region
sizes should be selected based on the scale requirements of a given feature.
Table 13: Features per ACL TCAM Region
Region Name
Feature Name
ifacl: For IPv4 port ACLs
ifacl-udf: For UDFs on IPv4 port ACLs
(Cisco Nexus 3232C and 3264Q switches
only)
ing-ifacl: For ingress IPv4, IPv6, and MAC
port ACLs (Cisco Nexus 9200, 9300, and
9300-EX Series switches only)
ipv6-ifacl: For IPv6 port ACLs
mac-ifacl: For MAC port ACLs
Port ACL
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
224
Configuring IP ACLs
ACL TCAM Regions