ACE access rules memory exhausted

Unanswered Question
Jun 1st, 2010

At first we were unable to ssh to ACE.

Logs show:

Jun  1 2010 08:32:07 : %ACE-1-106028: WARNING: Access rules memory exhausted while processing merged list. Incomplete rule is currently applied on interface vlan533.  Manual roll back to a previous access rule configuration on this interface is needed

We have tried to remove and reaply the policy containing access-list to VLAN interface and to redefine the VLAN interface, as recommended in the docs, but still have the ssh issue.

Also show resource usage shows no sign of resources beeing exhausted:

ACE_gd/Admin#     sh resource usage all
                                                    Allocation
        Resource         Current       Peak        Min        Max       Denied
-------------------------------------------------------------------------------
Context: Admin
  acl-memory                24080      28112          0          0          9
Context: FWLB
  acl-memory                 3504       3840   15719960          0          0
Context: RLB_WAP
  acl-memory                    0       5856   15719960          0          0
Context: RLB_web
  acl-memory                 5472       5472   15719960          0          0
Context: DNSLB
  acl-memory                 3104       3216   15719960          0          0
Context: WAP
  acl-memory                 3296       5104   15719960          0          0

How can we deallocate those resources (which seem not to be allocated)? Or do we have another problem?

K

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Sean Merrow Wed, 06/02/2010 - 07:18

Hello K,

Can you upload a showtech from the Admin context?  Maybe that will help, but not sure.

Thanks,

Sean

kpanduric Thu, 06/03/2010 - 23:47

Thank you, but we have resolved this.

There have been 4 contexts, each of them had 20 percent of ACL memory reserved. We have changed that in resource-class to 10 percent, recreated policy-map on affected interface and it shows number greater than zero for Max of acl-memory resource (Admin ctx).

Regards,

K

Actions

This Discussion