02-26-2007 08:15 AM - edited 03-14-2019 08:13 PM
Dear all,
I am designing QoS on Cisco 4506 switch using ACL. I have Sup II+10GE 10GE module.
The following error message I am getting:
Feb 26 16:05:16: %C4K_HWACLMAN-4-ACLHWPROGERRREASON: Input(194/Normal, null) PolicyMap: IPPHONE+PC - hardware TCAM policers exceeded.
Feb 26 16:05:26: %C4K_HWACLMAN-4-ACLHWPROGERR: Input PolicyMap: IPPHONE+PC - hardware TCAM limit, qos being disabled on relevant interface.
My config as follows:
class-map match-all DVLAN-PC-VIDEO
match access-group name DVLAN-PC-VIDEO
class-map match-all VVLAN-CALL-SIGNALING
match access-group name VVLAN-CALL-SIGNALING
class-map match-all VVLAN-VOICE
match access-group name VVLAN-VOICE
class-map match-all VVLAN-ANY
match access-group name VVLAN-ANY
!
!
policy-map DBL
class class-default
dbl
policy-map IPPHONE+PC
class VVLAN-VOICE
set dscp ef
police 128 kbps 8000 byte conform-action transmit exceed-action drop
class VVLAN-CALL-SIGNALING
set dscp cs3
police 32 kbps 8000 byte conform-action transmit exceed-action policed-dscp-transmit
class DVLAN-PC-VIDEO
set dscp af41
police 500 kbps 8000 byte conform-action transmit exceed-action policed-dscp-transmit
class VVLAN-ANY
set dscp default
police 32 kbps 8000 byte conform-action transmit exceed-action policed-dscp-transmit
class class-default
set dscp default
interface GigabitEthernet2/5
switchport access vlan dynamic
switchport mode access
switchport voice vlan 72
ip arp inspection limit rate 100
speed auto 10 100
qos trust device cisco-phone
tx-queue 1
bandwidth percent 5
tx-queue 2
bandwidth percent 25
tx-queue 3
bandwidth percent 30
priority high
shape percent 30
tx-queue 4
bandwidth percent 40
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input IPPHONE+PC
service-policy output DBL
ip verify source vlan dhcp-snooping
ip access-list extended DVLAN-PC-VIDEO
permit udp any any range 16384 32767
ip access-list extended VVLAN-ANY
permit ip 172.17.192.0 0.0.1.255 any
ip access-list extended VVLAN-CALL-SIGNALING
permit tcp 172.17.192.0 0.0.1.255 any range 2000 2002
ip access-list extended VVLAN-VOICE
permit udp 172.17.192.0 0.0.1.255 any range 16384 32767
Hope you would help me.
Thanks,
03-02-2007 11:39 AM
Workaround:
Disabling DHCP snooping and enabling it again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide