Unanswered Question
Feb 28th, 2007

Dear all,

I am designing QoS on Cisco 4506 switch using ACL. I have Sup II+10GE 10GE module.

The following is the error message I am getting:

Feb 26 16:05:16: %C4K_HWACLMAN-4-ACLHWPROGERRREASON: Input(194/Normal, null) PolicyMap: IPPHONE+PC - hardware TCAM policers exceeded.

Feb 26 16:05:26: %C4K_HWACLMAN-4-ACLHWPROGERR: Input PolicyMap: IPPHONE+PC - hardware TCAM limit, qos being disabled on relevant interface.

Part of my config as follows:

class-map match-all DVLAN-PC-VIDEO

match access-group name DVLAN-PC-VIDEO

class-map match-all VVLAN-CALL-SIGNALING

match access-group name VVLAN-CALL-SIGNALING

class-map match-all VVLAN-VOICE

match access-group name VVLAN-VOICE

class-map match-all VVLAN-ANY

match access-group name VVLAN-ANY



policy-map DBL

class class-default


policy-map IPPHONE+PC


set dscp ef

police 128 kbps 8000 byte conform-action transmit exceed-action drop


set dscp cs3

police 32 kbps 8000 byte conform-action transmit exceed-action policed-dscp-transmit


set dscp af41

police 500 kbps 8000 byte conform-action transmit exceed-action policed-dscp-transmit


set dscp default

police 32 kbps 8000 byte conform-action transmit exceed-action policed-dscp-transmit

class class-default

set dscp default

interface GigabitEthernet2/5

switchport access vlan dynamic

switchport mode access

switchport voice vlan 72

ip arp inspection limit rate 100

speed auto 10 100

qos trust device cisco-phone

tx-queue 1

bandwidth percent 5

tx-queue 2

bandwidth percent 25

tx-queue 3

bandwidth percent 30

priority high

shape percent 30

tx-queue 4

bandwidth percent 40

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input IPPHONE+PC

service-policy output DBL

ip verify source vlan dhcp-snooping

ip access-list extended DVLAN-PC-VIDEO

permit udp any any range 16384 32767

ip access-list extended VVLAN-ANY

permit ip any

ip access-list extended VVLAN-CALL-SIGNALING

permit tcp any range 2000 2002

ip access-list extended VVLAN-VOICE

permit udp any range 16384 32767


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jbrunner007 Wed, 02/28/2007 - 10:47

try removing the interface qos commands; these configure the hardware queue. You are better off just using the service policies.

Let me know how you make out.



This Discussion