Preview Tool

Cisco Bug: CSCuq24924 - EARL8 improve L4op allocation

Last Modified

Nov 27, 2020

Products (1)

  • Cisco Catalyst 6000 Series Switches

Known Affected Releases

15.1(2)SY3 15.4(1)IA1.49 15.5(1.0.9)SY

Description (partial)

When applying a feature (such as an IPv6 access-list) to an interface or following a chassis reload, the ACL may fail to be programmed in TCAM with the following error:

%EARL_CM-SW1-5-NOCAPMAP: No free capmap entry available
%FMCORE-SW1-4-RACL_REDUCED: Interface Vlan100 routed traffic will be software switched in ingress direction.
        L2 features may not be applied at the interface

This is specific to any EARL8 forwarding engine:
- Supervisor2T, 6T
- 6800's (example: 6880-x or 6840-x based switches) 

This occurs when utilizing multiple ACL based features in the same direction that use a large number of L4Ops (greater than 9) .  L4Ops within an access-list include the following:
- gt (greater than)
- lt (less than)
- neq (not equal)
- range
- matching on ToS (DSCP or IPP)
- matching on IP packet length
- matching on TCP flags (ex. established)
- ipv6 extension header or ip options

Note, hardware restriction limits any single feature to <=9 non-expandable l4ops.  More than 9 expandable l4ops can be used by 'expanding' the match logic into multiple entries in TCAM.

1) IPv4 ACL applied to an interface that utilizes >=9 L4OPs (expandable or non-expandable)
2) Attempt to apply an IPv6 ACL to the same interface that utilizes >=1 L4OP

The IPv6 will fail to be applied to the interface. 

Note - All IPv6 ACLs require a minimum of 1 non-expandable L4OP to be applied in hardware, regardless of the permit/deny statements within the ACL.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.