QoS: Multiple acl entries cannot be used in match-any in class Match_XY
I'm getting below error while trying to add the two extended ACL in the class-map for classifying the traffic. Is there any way I can add two extenteded ACL in the same class-map for classifying the traffic.
Error log: "QoS: Multiple acl entries cannot be used in match-any in class Tag_AF13"
device details: cisco WS-C6506-E with Supervisor Engine 2T
IOS version -s2t54-adventerprisek9-mz.SPA.150-1.SY1.bin
R1(config)#class-map match-any Tag_AF13
#match access-group name XX
#match access-group name XY
QoS: Multiple acl entries cannot be used in match-any in class Tag_AF13
QoS: Multiple acl entries cannot be used in match-any in class M
Thats because of the logic used for ACl operations, as per your config you are class-map match-any. The match any argument says that the class map must match either of the two arguments supplied.So lets take a look at how the sequence of operations of how this will be interpreted by your class map.
1> Any particular packet will be first matched against the first ACL "XX".
2> Suppose there are 10 entries there if it matches any of those entries the appropriate action will be talen.
3> If none of those entried match the packet there will be an implicit deny at the end of the ACL( default behaviour of ACL's)
4> In that case the packet will match the implicit deny and will get dropped.
5> The packet will under no circumstances go to the next ACL "XY"
Thats the reason multiple ACL's aren't allowed by the IOS.
You can try to collate both ACL's and put them in just one ACL that should work well. If you need help please pots both the ACL's.
Please do let me know if you have any further questions
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...