Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Reflexive ACL creating issues in 6500

does anyone face issues with reflexive ACL in 6500 (With SUP-720-10G). infact the ACL entreies are too big and switch was working fine for almost three days on production, all of a sudden the device went to 100% utilization and network crashed. please share if anyone had similar experience with the switch

IOS version is : s72033-ipservicesk9_wan-mz.122-33.SXI2a.bin

SH module output

------------------ show module ------------------

Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1    6  Firewall Module                        WS-SVC-FWM-1       SAL1425KV5T
  3   16  SFM-capable 16 port 1000mb GBIC        WS-X6516-GBIC      SAL06427JU6
  4   48  48 port 10/100/1000mb EtherModule      WS-X6148-GE-TX     SAL1222SEBS
  5    5  Supervisor Engine 720 10GE (Active)    VS-S720-10G        SAL1430NK4L
  6   48  48 port 10/100/1000mb EtherModule      WS-X6148-GE-TX     SAL09496ZNL
  7   48  SFM-capable 48-port 10/100 Mbps RJ45   WS-X6548-RJ-45     SAL06468G7P
  9   48  48 port 10/100/1000mb EtherModule      WS-X6148-GE-TX     SAD0753014Y

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  1  5475.d062.6dd0 to 5475.d062.6dd7   4.5   7.2(1)       4.0(4)       Ok
  3  0009.11e6.7ca8 to 0009.11e6.7cb7   5.1   6.3(1)       12.2(33)SXI2 Ok
  4  001d.70a4.d460 to 001d.70a4.d48f   7.2   7.2(1)       12.2(33)SXI2 Ok
  5  c47d.4ffd.fc20 to c47d.4ffd.fc27   3.2   8.5(4)       12.2(33)SXI2 Ok
  6  0016.4674.ad84 to 0016.4674.adb3   1.1   7.2(1)       12.2(33)SXI2 Ok
  7  0009.11e7.8ab4 to 0009.11e7.8ae3   5.1   6.3(1)       12.2(33)SXI2 Ok
  9  000e.d70f.9040 to 000e.d70f.906f   6.0   7.2(1)       12.2(33)SXI2 Ok

Mod  Sub-Module                  Model              Serial       Hw     Status
---- --------------------------- ------------------ ----------- ------- -------
  5  Policy Feature Card 3       VS-F6K-PFC3C       SAL1429NGHZ  1.1    Ok
  5  MSFC3 Daughterboard         VS-F6K-MSFC3       SAL1428MDXU  5.0    Ok

Mod  Online Diag Status
---- -------------------
  1  Pass
  3  Pass
  4  Pass
  5  Pass
  6  Pass
  7  Pass
  9  Pass

Cisco Employee

Re: Reflexive ACL creating issues in 6500

Hello Najeeb,

Make sure you have enough tcam space in order to program all your RACL s in hardware, if not taffic will be punted to the CPU for process switching. Please check the following outputs.

sh tcam counts

Sometimes if you have multiple features configured on that SVI or layer 3 interfaces, there might be conflicts programming all that

features in hardware, following are some outputs that you can verify this.

sh fm summary       < --- run this command and see if you have any inactive intefaces inbound or outbound. If there are any inactive interfaces

                                     select the interfaces which are inactive and then run the below commnad.

sh fm fie interface < x/x>   ( from this output you can see if there are conflicts programming those features in hardware)

Additional inforamtion.

- There are limitations when it comes to configuring features on lSVI or L3 interfaces.

- On this code bydefault ODM alogrythm is enabled, so I hope you have not changed the default.

Please read the following document and this is a very good document regarding this issue and expains step by step how to troubleshoot these

types of issues.


Let me know if you have any questions and hope this helps.


CreatePlease login to create content