Possible error message when exceeding switch policy limits: "Failed to Enabled service policy. Please check ACL mask config" Explanation and Suggestions: ACLs are done in hardware and there is a chance you can run into hardware resource constraints. Customers configuring ACLs based on fine QoS granularity and applying to all ports, may run into limitation of resources.
TCAM rules capacity: All the current shipping Small Business Managed Switches support a maximum of 512 TCAM rules. This is true for SRW, ESW, SFE, SGE, and also the newly introduced 300-series switches. It is also similar to competitive products in the market. 1) The switches support 512 rules (class maps)
2) Of these, one rule per port and one rule per trunk is reserved, which means you cannot use the reserved rules (52+8=60). Add to this Global mode, which also uses one rule so there are a total of 61 rules, which are reserved.
4) Therefore, there are a total of 451 rules you can use. (512-60-1=451)
5) To figure out how many ports you can use based on the number of class maps configured, here is the math: 451/rules per port= Number of configurable ports. Customers can group traffic into buckets to minimize the number of ACLs used. For example, in ESW, the DSCP 0-15 all map into the priority queue 4 (the lowest priority - best effort). In this case, creating additional ACLs for "CS1 HTTP" and "AF11 SMB 9100 25" are unnecessary and will be covered by the first ACL. Also, customers may want to consider configuring ACLs to classify only control plane and multimedia traffic (CS 3 and above) to higher priority queues. And give all other traffic the best effort, which uses a combination of SP & WRR to guarantee bandwidth for each queue.