QoS: Multiple acl entries cannot be used in match-any in class Match_XY

thiyagarajankalaiselvan · ‎11-19-2013

Hello All,

I'm getting below error while trying to add the two extended ACL in the class-map for classifying the traffic. Is there any way I can add two extenteded ACL in the same class-map for classifying the traffic.

Error log: "QoS: Multiple acl entries cannot be used in match-any in class Tag_AF13"

device details: cisco WS-C6506-E with Supervisor Engine 2T

IOS version -s2t54-adventerprisek9-mz.SPA.150-1.SY1.bin

R1(config)#class-map match-any Tag_AF13

#match access-group name XX

#match access-group name XY

QoS: Multiple acl entries cannot be used in match-any in class Tag_AF13

Regards,

Thiyagu

Umesh Shetty · ‎11-19-2013

Hi Rajan,

Thats because of the logic used for ACl operations, as per your config you are class-map match-any. The match any argument says that the class map must match either of the two arguments supplied.So lets take a look at how the sequence of operations of how this will be interpreted by your class map.

1> Any particular packet will be first matched against the first ACL "XX".

2> Suppose there are 10 entries there if it matches any of those entries the appropriate action will be talen.

3> If none of those entried match the packet there will be an implicit deny at the end of the ACL( default behaviour of ACL's)

4> In that case the packet will match the implicit deny and will get dropped.

5> The packet will under no circumstances go to the next ACL "XY"

Thats the reason multiple ACL's aren't allowed by the IOS.

You can try to collate both ACL's and put them in just one ACL that should work well. If you need help please pots both the ACL's.

Please do let me know if you have any further questions

HTH

Regards

Umesh