Core issue

The issue may occur for these reasons:

• This message indicates that the VLAN is configured with Private VLAN (PVLAN), and that the Router Access Control List (RACL) for this VLAN cannot be configured in the Policy Feature Card (PFC). The RACL is enforced in the Multilayer Switch Feature Card (MSFC) software.
  
  
• A failure of the ACLs or VACLs to merge property, or they have run out of Ternary Content Addressable Memory (TCAM) space.
  
  
• The ACLs may have failed to load in TCAM space due to a large number of ACLs or VACLs that need to be re-programmed.
  
  
• The flexwan module does not support named ACL.

Resolution

To resolve the issue, perform one of these procedures:

• Remove the PVLAN configuration and re-attach the RACL to the VLAN to configure it in PFC.
  
  
• If no PVLANs are configured, it is likely due to a failure of the ACLs or VACLs to merge property, or they have run out of Ternary Content Addressable Memory (TCAM) space. To avoid this, use the Order Dependent Merge (ODM) algorithm, which more effectively uses the TCAM space. Configure ODM on the supervisor module and the MSFC.
  
  On the Supervisor Module, configure this:
  
  (Config)#set aclmerge algo odm
  
  On the MSFC, configure this:
  
  (config)# mls aclmerge algorithm odm
  (config)# mls aclmerge odm optimizations
  
  Note: After enabling ODM, the switch must be reloaded.
  
  
• If the issue in due to the named ACLs in the flexwan module, change the named ACL into a numbered ACL.  
  
  

For more information, refer to these documents:

• The Comparing ODM to OIM section of Understanding ACL on Catalyst 6500 Series Switches.  

• Cisco bug ID CSCea34181
  

If the issue remains unresolved, contact Cisco Technical Support.