Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM, ERROR: Unable to add, access-list config limit reached.

Hello.

I need to change the number of partitions because I'm not able to add more ACL.

I'm using a FWSM with only one context and failover peer.

To apply the change I need to reload: does the FWSM restart with the same context configuration?

Many thanks for help.

Regards.

Andrea

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: FWSM, ERROR: Unable to add, access-list config limit reached

Yes, after changing the partition, the configuration of your fwsm (inc. the user context configuration) will remain the same.

However, 1 thing to remember if you have failover configured when changing the partition is to change it on both fwsm, save the config on both, and most importantly "reload" both fwsm at the same time. If you reload 1 fwsm first and the fwsm does not have the same partition number, it will cause a lot of issue when failover synchronise the configuration when 1 has lower/higher partition number than the other.

Lastly, even though the context configuration will not change, I would still recommend that you backup the configuration prior to the change.

Hope that helps.

Cisco Employee

Re: FWSM, ERROR: Unable to add, access-list config limit reached

I wouldn't wait for the sync between module for step# 3. I would just manually configure the command on both primary and secondary fwsm, and save the configuration on both too. Then proceed with step# 5 and 6.

4 REPLIES
Cisco Employee

Re: FWSM, ERROR: Unable to add, access-list config limit reached

Yes, after changing the partition, the configuration of your fwsm (inc. the user context configuration) will remain the same.

However, 1 thing to remember if you have failover configured when changing the partition is to change it on both fwsm, save the config on both, and most importantly "reload" both fwsm at the same time. If you reload 1 fwsm first and the fwsm does not have the same partition number, it will cause a lot of issue when failover synchronise the configuration when 1 has lower/higher partition number than the other.

Lastly, even though the context configuration will not change, I would still recommend that you backup the configuration prior to the change.

Hope that helps.

Community Member

Re: FWSM, ERROR: Unable to add, access-list config limit reached

Many thanks for your help.

Regards.

Andrea

Community Member

Re: FWSM, ERROR: Unable to add, access-list config limit reached

So, just to be clear, after backup configuration:

1. change the partition number with hostname(config)# resource acl-partition number_of_partitions on primary FWSM;

2. save the configuration with write memory /all;

3. wait for the sync between module;

4. save the configuration on secondary FWSM;

5. reload both module at the same time;

6. verify the new setting with show resource acl-partition.

Thanks.

Regards.

Andrea

Cisco Employee

Re: FWSM, ERROR: Unable to add, access-list config limit reached

I wouldn't wait for the sync between module for step# 3. I would just manually configure the command on both primary and secondary fwsm, and save the configuration on both too. Then proceed with step# 5 and 6.

1301
Views
0
Helpful
4
Replies
CreatePlease to create content