Context group selectors

Context group selectors are a limited hardware resource that is required for applying ACLs and classifier policies. The selectors enable the application of an ACL or classifier policy to multiple instances of the same context (for example, ports on a line card or VLANs) without consuming additional resources.

There are a limited number of available context group selectors for each context group (Ingress Ports, Ingress VLANs, Egress Ports, Egress VLANs).

NOTE:

IP ACLs require two selectors that are allocated together; one selector for each address family (IPv4 and IPv6).

Context group selectors work on a first-come-first-served basis. IP ACLs and Classes require two selectors that are allocated together; one selector for each address family (IPv4 and IPv6). Once all the group selectors for a context group have been used, no new application type of ACL or classifier policy for the context group can be applied. For example, if an existing configuration has a MAC ACL, IP ACL, and classifier policy applied on ingress to ports, a policy cannot be applied to a port in the routed-in direction .

Context group selector consumption and availability are as follows:

Type	Selectors
Ingress Port MAC ACL	1
Ingress Port IP ACL	2
Ingress Port Policy	1
Ingress Routed Port Policy	1
Available Ingress Port Selectors	4

Ingress VLAN MAC ACL	1
Ingress VLAN IP ACL	2
Ingress VLAN Policy	1
Ingress Routed VLAN Policy	1
Available Ingress VLAN Selectors	4

Egress Port MAC ACL	1
Egress Port IP ACL	2
Egress Port Policy	1
Available Egress Port Selectors	5

Egress VLAN MAC ACL	1
Egress VLAN IP ACL	2
Egress VLAN Policy	1
Available Egress VLAN Selectors	5