Guest

Preview Tool

Cisco Bug: CSCum80951 - TCAM does not share when same policy is applied to multiple interfaces

Last Modified

Nov 27, 2020

Products (1)

  • Cisco Catalyst 4500 Series Switches

Known Affected Releases

15.1(100.1) 15.1(2)SG1.0

Description (partial)

Symptom:
When you apply the same policy to multiple interfaces, you should use the same label. Incrementing labels when adding them to multiple interfaces quickly exhausts TCAM resources. 
The example below is the output of "show platform software acl input paths"  where each interface gets a new label.

sh platform software acl input paths:

Path              Current Label                  Next Label
------------------------------------------------------------
(in :0, null)     (NQ:16382/PermitAll, Q:16215/Unknown)NotPresent
(in :1, null)     (NQ:16382/PermitAll, Q:16365/Unknown)NotPresent
(in :2, null)     (NQ:16382/PermitAll, Q:16327/Unknown)NotPresent
(in :3, null)     (NQ:16382/PermitAll, Q:16271/Unknown)NotPresent
(in :4, null)     (NQ:16382/PermitAll, Q:16336/Unknown)NotPresent
(in :5, null)     (NQ:16382/PermitAll, Q:16349/Unknown)NotPresent

Conditions:
This condition was first seen on a cat4K with a sup7-e running 03.03.02.SG.  The affected platform has 260 VOIP (phones) attached to WS-X4748-UPOE+E line cards.  The problem also occurs in a situation where there are fewer devices and a couple of line cards.


------------------ show platform hardware acl statistics utilization brief ------------------
 
CAM Utilization Statistics
--------------------------
 
                           Used          Free         Total
                           --------------------------------
 
Output Security    (160)   6     (0  %)  2042  (100%) 2048
Output Security    (320)   12    (0  %)  2036  (100%) 2048
Output Qos         (160)   2909  (71 %)  1187  (29 %) 4096 <------------  
Output Qos         (320)   5116  (83 %)  1028  (17 %) 6144  <------------
Output Unallocated (160)   0     (0  %)  51200 (100%) 51200


#### Log messages seen ###

Dec  5 22:09:19.691: C4K_HWACLMAN-4-ACLHWPROGERR Input VV-7E-Phone-Input-Policy - hardware TCAM limit, qos being disabled on relevant interface.
Dec  5 22:09:19.691: C4K_HWACLMAN-4-ACLHWPROGERRREASON Input(NQ:16382/PermitAll, Q:16199/Unknown) VV-7E-Phone-Input-Policy - insufficient hardware TCAM entries with usable masks.
Dec  5 22:09:20.980: C4K_COMMONHWACLMAN-4-HWPROGSUCCESS Input VV-7E-Phone-Input-Policy - now fully loaded in hardware
Dec  5 22:09:21.116: C4K_COMMONHWACLMAN-4-ALLACLINHW All configured ACLs now fully loaded in hardware - hardware switching / QoS restored.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.