Contents

Introduction

Requirements

Configuration

Verification

Conclusion

QA

Introduction

In modern managed switches, the hardware forwarding decisions rely on specialized high-speed memory known as Ternary Content Addressable Memory (TCAM). This is why switches can forward traffic rapidly with high throughput.

TCAM stores critical forwarding and policy tables—including MAC address tables, IP routing tables, Access Control Entries (ACEs) for ACLs and QoS policies, multicast entries, and other features—in a fixed-capacity resource that is shared among multiple functions.

Because the total TCAM capacity is limited and cannot be expanded, different network roles and deployment scenarios place varying demands on these tables. For example, ACLs involving IPv4 and IPv6 take up different amounts of TCAM resources, and they share the same device TCAM, which is limited. This is why we need the SDM template.

SDM Template is short for Switching Database Management Template. It is a kind of predefined configuration profile that re-partitions the available TCAM space to prioritize specific feature sets. For example, when deploying an IPv4 only network, IPv6 ACLs are unnecessary. Users can switch to an SDM template with no TCAM space allocated for IPv6 ACLs, so that this part of the TCAM space can be saved for ACLs related to IPv4; thus increasing the maximum number of ACLs supported related to IPv4, and the opposite if the network leans more towards IPv6 traffic with precise access control needed. Starting from Omada Network V6.1, while using the latest firmware on Omada switches (Agile and Campus switches excluded), the SDM template used on the switch can be changed, and the status of TCAM space allocation is also displayed.

On Omada Network, there are four types of SDM templates supported: omada, omada-enterpriseV4, omada-enterpriseV6 and omada-enterpriseMix. The different templates can allocate TCAM resources for four types of features: ACL&QoS (IPv4), ACL&QoS (IPv6), IP Source Guard, and IPv6 Source Guard.

The ACL&QoS (IPv4) and ACL&QoS (IPv6) entries will be used after you create Switch ACLs and create rules in Switch QoS page. For the IP Source Guard and IPv6 Source Guard, it’s not available yet to configure through GUI of Omada Network. The Source Guard configuration can be done through the CLI Template on Omada Network.

By default, the omada template is used, and it contains resource for both ACL&QoS (IPv4) and ACL&QoS (IPv6). It is recommended to switch to omada-enterpriseV4 if more IPv4 related ACL are needed while no requirement for IPv6; switching to omada-enterpriseV6 if the opposite. If IP Source Guard and IPv6 Source Guard are needed, omada-enterpriseMix will be the only available template.

After changing the template, the switch needs to reboot to take effect as the TCAM allocation is done during the booting process, and cannot be changed afterwards.

Requirements

• Omada Switches (Omada Agile and Campus Switches excluded) with the latest firmware
• Omada Network V6.1 and above

Configuration

The following part briefly introduces where SDM templates could be configured and viewed.

Step 1. Adopt the switch on Omada Network. Please bear in mind that the firmware on this switch needs to be the latest version, otherwise, the SDM template related features may not be available.

Step 2. Go to Devices, click on the switch, and in the pop out page, click Manage Device.

Step 3. In the switch management page, go to Config -> General, and click to expand Others to access the SDM Related configuration page.

Step 4. In the SDM template configuration menu, click to expand the dropdown menu, select another template, and press Apply to change the configuration.

As introduced previously, a reboot is needed to let the changes from the SDM template take effect. The reboot will not be processed automatically. A manual reboot is required.

Step 5. In the SDM template configuration page, the current template used, as well as the current used and maximum allowed entries on different features within this template, can be viewed in the Used Template section. The templates supported and their maximum allowed entries allocated for different features can be viewed in Exist Template section.

Here we have finished introducing how to change and view the SDM template related configuration.

Verification

Here, an IPv6 ACL has been created on the switch, denying all traffic on IPv6.

On the corresponding page, an entry has been used in type of ACL&QoS (IPv6).

Conclusion

In this article, what is the SDM template, and how to change/monitor the SDM template were introduced and verified.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

QA

Q1: I have created only one Switch ACL. Why is there more than 1 ACL&QoS entry being used on the switch?

A1: The entries shown in the Used Template section refer to the number of ACL rules on one of the Switch ACLs on the controller. You may select more than one source or destination, and this will actually create more than one rule, even though there is only one Switch ACL created.

For example, create a deny rule from 2 networks to another 2 networks. This will actually create 2*2 (4 total) rules, and you will then see 4 rules being used in the Used Template page.