02-28-2007 03:02 AM - edited 03-05-2019 02:37 PM
Dear all,
I am designing QoS on Cisco 4506 switch using ACL. I have Sup II+10GE 10GE module.
The following is the error message I am getting:
Feb 26 16:05:16: %C4K_HWACLMAN-4-ACLHWPROGERRREASON: Input(194/Normal, null) PolicyMap: IPPHONE+PC - hardware TCAM policers exceeded.
Feb 26 16:05:26: %C4K_HWACLMAN-4-ACLHWPROGERR: Input PolicyMap: IPPHONE+PC - hardware TCAM limit, qos being disabled on relevant interface.
Part of my config as follows:
class-map match-all DVLAN-PC-VIDEO
match access-group name DVLAN-PC-VIDEO
class-map match-all VVLAN-CALL-SIGNALING
match access-group name VVLAN-CALL-SIGNALING
class-map match-all VVLAN-VOICE
match access-group name VVLAN-VOICE
class-map match-all VVLAN-ANY
match access-group name VVLAN-ANY
!
!
policy-map DBL
class class-default
dbl
policy-map IPPHONE+PC
class VVLAN-VOICE
set dscp ef
police 128 kbps 8000 byte conform-action transmit exceed-action drop
class VVLAN-CALL-SIGNALING
set dscp cs3
police 32 kbps 8000 byte conform-action transmit exceed-action policed-dscp-transmit
class DVLAN-PC-VIDEO
set dscp af41
police 500 kbps 8000 byte conform-action transmit exceed-action policed-dscp-transmit
class VVLAN-ANY
set dscp default
police 32 kbps 8000 byte conform-action transmit exceed-action policed-dscp-transmit
class class-default
set dscp default
interface GigabitEthernet2/5
switchport access vlan dynamic
switchport mode access
switchport voice vlan 72
ip arp inspection limit rate 100
speed auto 10 100
qos trust device cisco-phone
tx-queue 1
bandwidth percent 5
tx-queue 2
bandwidth percent 25
tx-queue 3
bandwidth percent 30
priority high
shape percent 30
tx-queue 4
bandwidth percent 40
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input IPPHONE+PC
service-policy output DBL
ip verify source vlan dhcp-snooping
ip access-list extended DVLAN-PC-VIDEO
permit udp any any range 16384 32767
ip access-list extended VVLAN-ANY
permit ip 172.17.192.0 0.0.1.255 any
ip access-list extended VVLAN-CALL-SIGNALING
permit tcp 172.17.192.0 0.0.1.255 any range 2000 2002
ip access-list extended VVLAN-VOICE
permit udp 172.17.192.0 0.0.1.255 any range 16384 32767
Thanks,
02-28-2007 10:47 AM
try removing the interface qos commands; these configure the hardware queue. You are better off just using the service policies.
Let me know how you make out.
Joe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide