No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Adding rule failed due to insufficient resource

Publication Date:  2014-04-26 Views:  116 Downloads:  0
Issue Description
 New ACL rules cannot be added because of the ACL resource insufficient .
Alarm Information
Error: Adding rule failed. Insufficient resource in policy vlan 250 classifier vlan 250 behavior vlanPermit acl 3001, rule xxx, on slot x vlan 250.
Handling Process
1. Initial configuration is shown below, different VLANs apply same traffic-policy
#
acl number 3001
description "Standard allow ACL"
rule 1 permit ospf source 172.x.250.0 0.0.0.255
rule 2 permit ospf source 172.x.251.0 0.0.0.255
rule 3 permit ip source 172.x.250.0 0.0.0.255
rule 4 permit ip source 172.x.251.0 0.0.0.255

#
traffic classifier pstv-acl operator or precedence 5
if-match acl 3001
#
traffic policy pstv-policy
classifier pstv-acl behavior pstv-behavior
#
vlan 250
traffic-policy pstv-policy inbound
vlan 251
traffic-policy pstv-policy inbound
#

2. Replace current traffic-policy with global policy, occupation of ACL resource reduces 50%
#
acl number 3001
description "Standard allow ACL"
rule 1 permit ospf source 172.x.250.0 0.0.0.255
rule 2 permit ospf source 172.x.251.0 0.0.0.255
rule 3 permit ip source 172.x.250.0 0.0.0.255
rule 4 permit ip source 172.x.251.0 0.0.0.255

#
traffic classifier pstv-acl operator and
if-match vlan-id 250 to 251
if-match acl 3001
#
traffic policy pstv-policy
classifier pstv-acl behavior pstv-behavior
#
traffic-policy pstv-policy global inbound
#
Root Cause
Traffic-policy including hundreds of ACL rules are applied in different VLANs. ACL resource will be depleted exponentially.
Suggestions
when differnet VLANs or interfaces apply same traffic policy, global policy can optimize ACL resource exponentially.

END