06-01-2010 06:44 AM
At first we were unable to ssh to ACE.
Logs show:
Jun 1 2010 08:32:07 : %ACE-1-106028: WARNING: Access rules memory exhausted while processing merged list. Incomplete rule is currently applied on interface vlan533. Manual roll back to a previous access rule configuration on this interface is needed
We have tried to remove and reaply the policy containing access-list to VLAN interface and to redefine the VLAN interface, as recommended in the docs, but still have the ssh issue.
Also show resource usage shows no sign of resources beeing exhausted:
ACE_gd/Admin# sh resource usage all
Allocation
Resource Current Peak Min Max Denied
-------------------------------------------------------------------------------
Context: Admin
acl-memory 24080 28112 0 0 9
Context: FWLB
acl-memory 3504 3840 15719960 0 0
Context: RLB_WAP
acl-memory 0 5856 15719960 0 0
Context: RLB_web
acl-memory 5472 5472 15719960 0 0
Context: DNSLB
acl-memory 3104 3216 15719960 0 0
Context: WAP
acl-memory 3296 5104 15719960 0 0
How can we deallocate those resources (which seem not to be allocated)? Or do we have another problem?
K
06-02-2010 07:18 AM
Hello K,
Can you upload a showtech from the Admin context? Maybe that will help, but not sure.
Thanks,
Sean
06-03-2010 11:47 PM
Thank you, but we have resolved this.
There have been 4 contexts, each of them had 20 percent of ACL memory reserved. We have changed that in resource-class to 10 percent, recreated policy-map on affected interface and it shows number greater than zero for Max of acl-memory resource (Admin ctx).
Regards,
K
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: