Guest

Preview Tool

Cisco Bug: CSCul13272 - M1/M2/F2 module L4 protocol CAM limit causes acl rejection

Last Modified

Feb 21, 2018

Products (7)

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7700 10-Slot Switch
  • Cisco Nexus 7000 9-Slot Switch

Known Affected Releases

6.1(4) 6.2(2a)

Description (partial)

Symptom:
n7k system M1/M2/F2 module forwarding engine uses L4 protocol CAM to 
match specific IP protocols. This CAM has only 7 entries out of which 2 
are used by default by CoPP configuration. These 2 entries can be 
re-used by user configured acls. There are only 5 other entries left. 
There are customers who use acls with more than 7 IP protocol ACEs. 
they are migrating from cat6500 and carrying over their acls without 
change and they can't fit into tcam.

Conditions:
n7k system loggs following errors:

M1:
N7K3-B(config-if)# ip access-group l4prot in
ERROR: Module 1, 3, 12, 13 returned status: L4 protocol CAM entry 
allocation failure

M2:
n7009-sup2e-M2(config-if)# ip access-group l4prot in
ERROR: Module 3 returned status: L4 protocol CAM entry allocation 
failure

F2:
n7009-sup2e-F2-LF5(config-if)# ip access-group l4prot in
ERROR: Module 5, 6 returned status: L4 protocol CAM entry allocation 
failure
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.