cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1865
Views
0
Helpful
6
Replies

Does not work on UBRL Cisco 6500

Hello All !

When  you try to do Ubrl see this error:

Aug 23 10:31:05.668 MSK: %FM_EARL7-4-NO_FLOWMASK_REGISTERS: Feature configuration on interface GigabitEthernet1/48 could not allocate required flowmask registers, traffic may be switched in software
Aug 23 10:31:52.416 MSK: %FM-4-FLOWMASK_REDUCED: Features configured on interface Vlan70 have conflicting flowmask requirements, some features may work in software

#sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXH6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Thu 15-Oct-09 10:51 by prod_rel_team

ROM: System Bootstrap, Version 12.2(17r)S4, RELEASE SOFTWARE (fc1)

sc000 uptime is 3 weeks, 4 days, 8 hours, 39 minutes
Uptime for this control processor is 3 weeks, 4 days, 8 hours, 38 minutes
Time since sc000 switched to active is 3 weeks, 4 days, 8 hours, 37 minutes
System returned to ROM by  power cycle at 14:21:52 MSK Sat Mar 6 2010 (SP by power on)
System restarted at 01:57:55 MSK Thu Jul 29 2010
System image file is "sup-bootdisk:/s72033-adventerprisek9_wan-mz.122-33.SXH6.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C6509-E (R7000) processor (revision 1.4) with 458720K/65536K bytes of memory.
Processor board ID SMG1129N3K7
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
4294967295 Ethernet interfaces
61 Virtual Ethernet interfaces
88 Gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.

65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102

class-map match-all identify-inbound-student
  match access-group 143

class-map match-all identify-outbound-student
  match access-group 142

policy-map police-student-traffic-outbound
  class identify-outbound-student
     police flow mask src-only 512000 1000 conform-action transmit exceed-action drop
policy-map police-student-traffic-inbound
  class identify-inbound-student
     police flow mask dest-only 512000 1000 conform-action transmit exceed-action drop

#sh access-list 142
Extended IP access list 142
    10 permit ip 10.0.167.0 0.0.0.255 any (8300 matches)
#sh access-list 143
Extended IP access list 143
    10 permit ip any 10.0.167.0 0.0.0.255

interface Vlan70
ip address 10.0.167.2 255.255.255.0
ip access-group XXXXXXX in
ip flow ingress
ip pim sparse-dense-mode
ip ospf message-digest-key 3 md5 7 XXXXXXXXXXXXXXXX
standby 70 ip 10.0.167.1
standby 70 timers msec 500 msec 1500
standby 70 priority 200
standby 70 preempt delay minimum 60
standby 70 authentication XXXXXXXXXXXXXXXXXXXXX
service-policy input police-student-traffic-outbound
end

no mls acl tcam share-global
mls netflow interface
mls flow ip interface-full
no mls flow ipv6
mls nde sender version 5
mls qos map policed-dscp normal-burst 0 24 26 34 36 to 8
mls qos map cos-dscp 0 10 18 24 34 46 48 56
mls qos
mls cef error action freeze

mls netflow interface
mls flow ip interface-full
no mls flow ipv6


ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 10.0.129.91 9996
ip flow-export destination 10.0.129.84 9994
ip flow-top-talkers

#sh fm int vl70
Interface: Vlan70 IP is enabled
  hw_state[INGRESS] = not reduced, hw_state[EGRESS] = not reduced
  mcast = 1
  priority = 0
  flags = 0x0
  parent[INGRESS] = none
  inbound label: 88
    Feature Intf NDE L3 Feature:
    Feature FM_QOS:
        FM_QOS_CONFLICT_RESOLVE
            policy name: police-student-traffic-outbound
    Feature IP_ACCESS_INGRESS:
        ACL: XXXXXXXXXXXXXXXXXXXXXXXXX
-----------------------------------------------------------------------------
FM_FEATURE_IP_ACG - Acl Name: wifi-guest        Direction:Ingress
=============================================================================
DPort  - Destination Port  SPort  - Source Port       Pro    - Protocol
PT     - Packet Type       DPT    - Dst. Packet Type  SPT    - Src. Packet Type
X      - XTAG              TOS    - TOS Value         Res    - VMR Result
RFM    - R-Recirc. Flag    MRTNPC - M-Multicast Flag  R      - Reflexive flag
       - F-Fragment flag          - T-Tcp Control     N      - Non-cachable
       - M-More Fragments         - P-Mask Priority(H-High, L-Low)
Adj.   - Adj. Index        C      - Capture Flag      T      - M(Mask)/V(Value)
FM     - Flow Mask         NULL   - Null FM           SAO    - Source Only FM
DAO    - Dest. Only FM     SADA   - Sour.& Dest. Only VSADA  - Vlan SADA Only
ISADA  - Intf. SADA        FF     - Full Flow         VFF    - Vlan Full Flow
IFF    - Intf. FF          F-VFF  - Either FF or VFF  IFF-FF - Either IFF or FF
A-VSD  - Atleast VSADA     A-FF   - Atleast FF        A-VFF  - Atleast VFF
A-SON  - Atleast SAO       A-DON  - Atleast DAO       A-SD   - Atleast SADA
SHORT  - Shortest          ISADA-L- ISADA Least       FF-L   - FF Least
IFF-L  - IFF Least         A-SFF  - Any short than FF A-EFF  - Any except FF
A-EVFF - Any except VFF    SA-L   - Source Least      DA-L   - Dest. Least
SADA-L - SADA Least        FF-LESS- FF Less           N-FF   - Not FF
N-IFF  - Not IFF           A-LVFF - Any less than VFF FULL   - Full Pkt Type
EUI    - EUI 64 Pkt Type   EMBD   - Embedded Pkt Type ELNK   - EUI Link Overlap
ESIT   - EUI Site Overlap  LINK   - Link Pkt Type     SITE   - Site Pkt Type
SAO-CR - Source Only(CR)   DAO-CR - Dest. Only(CR)    FF-CR  - Full flow(CR)
VFF-CR - Vlan Full flow(CR)ERR    - Flowmask Error
+----+-+---------------+---------------+-----+-----+---+---+-+---+------+----+------+
|Indx|T|  Dest Ip Addr | Source Ip Addr|DPort|SPort|Pro|RFM|X|ToS|MRTNPC|Adj.|  FM  |
+----+-+---------------+---------------+-----+-----+---+---+-+---+-----+----+------+

1    V     10.0.129.30         0.0.0.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M 255.255.255.255         0.0.0.0     0     0   0 000 0   0
      TM_PERMIT_RESULT

2    V     10.0.129.31         0.0.0.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M 255.255.255.255         0.0.0.0     0     0   0 000 0   0
      TM_PERMIT_RESULT

3    V     10.0.129.33         0.0.0.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M 255.255.255.255         0.0.0.0     0     0   0 000 0   0
      TM_PERMIT_RESULT

4    V     10.0.133.10         0.0.0.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M 255.255.255.255         0.0.0.0     0     0   0 000 0   0
      TM_PERMIT_RESULT

5    V     10.0.133.11         0.0.0.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M 255.255.255.255         0.0.0.0     0     0   0 000 0   0
      TM_PERMIT_RESULT

6    V     10.0.133.12         0.0.0.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M 255.255.255.255         0.0.0.0     0     0   0 000 0   0
      TM_PERMIT_RESULT

7    V      10.0.167.0      10.0.167.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M   255.255.255.0   255.255.255.0     0     0   0 000 0   0
      TM_PERMIT_RESULT

8    V     10.0.133.13         0.0.0.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M 255.255.255.255         0.0.0.0     0     0   0 000 0   0
      TM_PERMIT_RESULT

9    V        10.0.0.0         0.0.0.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M       255.0.0.0         0.0.0.0     0     0   0 000 0   0
      TM_L3_DENY_RESULT

10   V      172.16.0.0         0.0.0.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M     255.240.0.0         0.0.0.0     0     0   0 000 0   0
      TM_L3_DENY_RESULT

11   V         0.0.0.0         0.0.0.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M         0.0.0.0         0.0.0.0     0     0   0 000 0   0
      TM_PERMIT_RESULT

12   V         0.0.0.0         0.0.0.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M         0.0.0.0         0.0.0.0     0     0   0 000 0   0
      TM_L3_DENY_RESULT

    Feature IPV4 Default Result Feature:
-----------------------------------------------------------------------------
FM_FEATURE_IPV4_DEFAULT         i/f: Vl70
=============================================================================
+----+-+---------------+---------------+-----+-----+---+---+-+---+------+----+------+
|Indx|T|  Dest Ip Addr | Source Ip Addr|DPort|SPort|Pro|RFM|X|ToS|MRTNPC|Adj.|  FM  |
+----+-+---------------+---------------+-----+-----+---+---+-+---+-----+----+------+

1    V         0.0.0.0         0.0.0.0     0     0   0 --- 0   0 ----L- ---- SHORT
      M         0.0.0.0         0.0.0.0     0     0   0 000 0   0
      TM_PERMIT_RESULT

    Feature OTHER Default Result Feature:
-----------------------------------------------------------------------------
FM_FEATURE_OTHER_DEFAULT        i/f: Vl70
=============================================================================
+----+-+--------------+--------------+----+----+
|Indx|T|   Dest Node  |  Source Node |EtTy|EtCo|
+----+-+--------------+--------------+----+----+

1    V 0000.0000.0000 0000.0000.0000    0 0
      M 0000.0000.0000 0000.0000.0000    0 0
      TM_SOFT_BRIDGE_RESULT

6 Replies 6

a.shaik
Level 1
Level 1

Hi,

Here explanations of these errors

Error Message    %FM_EARL7-4-NO_FLOWMASK_REGISTERS: Feature configuration on interface 
[chars] could not allocate required flowmask registers, traffic may be switched 
in software 

Explanation   The flow mask requirements for configured features on the specified interface cannot be met because there are no available flow mask registers. The traffic on this interface will be sent to software.

Recommended Action   Remove one or more NetFlow-based features or QoS microflow policing from the configuration, and reapply the features.

Error Message    %FM-4-FLOWMASK_REDUCED: Features configured on interface [chars] have
conflicting flowmask requirements, some features may work in software
Explanation    The configured features for this interface have a flow mask conflict. The traffic on this interface and the interfaces sharing the TCAM label with this interface will be sent to the software.

Recommended Action    Redefine and reapply or unconfigure one or more features to avoid the conflict.

Could you please provide us the configuration of the port G1/48

In both cases, I think there is something wrong while combining several features.

Regards

Shaik

I read  about this error on Cisco Error Decoder but to me he did not help.

I tried  to disable the NDE / netflov export but I also did not help

Hello Vadim,

the problem is not netflow but probably originates from your configuration:

policy-map police-student-traffic-outbound
  class identify-outbound-student
     police flow mask src-only 512000 1000 conform-action transmit exceed-action drop
policy-map police-student-traffic-inbound
  class identify-inbound-student
     police flow mask dest-only 512000 1000 conform-action transmit exceed-action drop

I may be wrong as I have not time to check the command syntax now, but it looks like you are asking two different flow masks for the same SVI L3 object.

Hope to help

Giuseppe

No !!!

one  policy i hang on the SVI-70 (police-student-traffic-outbound - out traffic) and the  second hang on another Iface (police-student-traffic-inbound  - in traffic)

up !

up!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco