2 large ip ACL with 1500 entries
System is kind of strenched, and hitting limit with hash collision with mask-group
IP Access List test2
10 deny pim host 70.0.70.210 any
20 deny ospf host 0.70.210.70 any
30 deny pim host 140.140.70.210 any
40 permit gre host 70.0.0.0 any
50 permit ospf host 70.140.0.210 any
60 deny icmp host 140.70.210.70 any
70 permit igmp host 0.70.0.0 any
80 permit vrrp host 0.0.0.210 any
90 deny tcp host 70.70.210.70 any
100 deny ospf host 0.210.210.140 any
110 deny gre host 210.140.0.210 any
120 deny ip host 0.0.210.210 any
130 deny igmp host 140.70.140.70 any
140 permit ip host 70.0.70.0 any
dut23:44:51(config-if-Et2/
% Error: Cannot apply ip ACL test2 to Ethernet2/1 (Out of SW resources on Chip-0)
fu590.09:21:58#show platform algo chip 0 acl table usage
Table ID Entries used
-------- ------------
0 7968
1 5567
2 6415
3 0
4 8010
5 2520
show platform algo chip 0 acl mask-group
Initial revision
Hw Acl ID 1
Mask group ID Mask group descriptor Entries
------------- ------------------------------
2 ipv4PAcl,sip:8,dip:0,sport:0,
1 ipv4PAcl,sip:8,dip:0,sport:0,
3 ipv4PAcl,sip:9,dip:0,sport:0,
Final revision
Hw Acl ID 1
Mask group ID Mask group descriptor Entries
------------- ------------------------------
3 ipv4PAcl,sip:9,dip:0,sport:0,
show platform algo chip 0 acl table la
Final revision
Hw Acl ID 1
Table ID Mask group ID Mask group descriptor
-------- ------------- ------------------------------
0 3 ipv4PAcl,sip:9,dip:0,sport:0,
1 3 ipv4PAcl,sip:9,dip:0,sport:0,
2 3 ipv4PAcl,sip:9,dip:0,sport:0,
4 3 ipv4PAcl,sip:9,dip:0,sport:0,
5 3 ipv4PAcl,sip:9,dip:0,sport:0,
No comments:
Post a Comment