Cisco Bug: CSCuq24924 - EARL8 improve L4op allocation
Sep 14, 2019
- Cisco Catalyst 6000 Series Switches
Known Affected Releases
15.1(2)SY3 15.4(1)IA1.49 15.5(1.0.9)SY
Symptom: When applying a feature (such as an IPv6 access-list) to an interface or following a chassis reload, the ACL may fail to be programmed in TCAM with the following error: %EARL_CM-SW1-5-NOCAPMAP: No free capmap entry available %FMCORE-SW1-4-RACL_REDUCED: Interface Vlan100 routed traffic will be software switched in ingress direction. L2 features may not be applied at the interface Conditions: This is specific to any EARL8 forwarding engine: - Supervisor2T, 6T - 6800's (example: 6880-x or 6840-x based switches) This occurs when utilizing multiple ACL based features in the same direction that use a large number of L4Ops (greater than 9) . L4Ops within an access-list include the following: Expandable: - gt (greater than) - lt (less than) - neq (not equal) - range Non-expandable: - matching on ToS (DSCP or IPP) - matching on IP packet length - matching on TCP flags (ex. established) - TTL - ipv6 extension header or ip options Note, hardware restriction limits any single feature to <=9 non-expandable l4ops. More than 9 expandable l4ops can be used by 'expanding' the match logic into multiple entries in TCAM. Example: 1) IPv4 ACL applied to an interface that utilizes >=9 L4OPs (expandable or non-expandable) 2) Attempt to apply an IPv6 ACL to the same interface that utilizes >=1 L4OP The IPv6 will fail to be applied to the interface. Note - All IPv6 ACLs require a minimum of 1 non-expandable L4OP to be applied in hardware, regardless of the permit/deny statements within the ACL.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases