cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1946
Views
0
Helpful
4
Replies

FWSM, ERROR: Unable to add, access-list config limit reached.

andrea.meconi
Level 2
Level 2

Hello.

I need to change the number of partitions because I'm not able to add more ACL.

I'm using a FWSM with only one context and failover peer.

To apply the change I need to reload: does the FWSM restart with the same context configuration?

Many thanks for help.

Regards.

Andrea

2 Accepted Solutions

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

Yes, after changing the partition, the configuration of your fwsm (inc. the user context configuration) will remain the same.

However, 1 thing to remember if you have failover configured when changing the partition is to change it on both fwsm, save the config on both, and most importantly "reload" both fwsm at the same time. If you reload 1 fwsm first and the fwsm does not have the same partition number, it will cause a lot of issue when failover synchronise the configuration when 1 has lower/higher partition number than the other.

Lastly, even though the context configuration will not change, I would still recommend that you backup the configuration prior to the change.

Hope that helps.

View solution in original post

I wouldn't wait for the sync between module for step# 3. I would just manually configure the command on both primary and secondary fwsm, and save the configuration on both too. Then proceed with step# 5 and 6.

View solution in original post

4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

Yes, after changing the partition, the configuration of your fwsm (inc. the user context configuration) will remain the same.

However, 1 thing to remember if you have failover configured when changing the partition is to change it on both fwsm, save the config on both, and most importantly "reload" both fwsm at the same time. If you reload 1 fwsm first and the fwsm does not have the same partition number, it will cause a lot of issue when failover synchronise the configuration when 1 has lower/higher partition number than the other.

Lastly, even though the context configuration will not change, I would still recommend that you backup the configuration prior to the change.

Hope that helps.

Many thanks for your help.

Regards.

Andrea

So, just to be clear, after backup configuration:

1. change the partition number with hostname(config)# resource acl-partition number_of_partitions on primary FWSM;

2. save the configuration with write memory /all;

3. wait for the sync between module;

4. save the configuration on secondary FWSM;

5. reload both module at the same time;

6. verify the new setting with show resource acl-partition.

Thanks.

Regards.

Andrea

I wouldn't wait for the sync between module for step# 3. I would just manually configure the command on both primary and secondary fwsm, and save the configuration on both too. Then proceed with step# 5 and 6.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: