Customer can't change interface from layer 2 to layer 3 for CE6810LI device

Created May 18, 2018 16:23:03 511 0 1 0

Issue Description

customer want to change interface from layer 2 to layer 3 for CE6810LI device, for example:

[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch

 

but appear below error:

Error: Fail to execute undo portswitch command on slot 1 because the number of A CL rules exceeds the maximum value. To use the main interface, run the port switch command and adjust ACL rules

Handling Process

This error is due to ACL resources exceeds the threshold. We can check it as follow information:
1. Check the services type of the device using ACL
===============================================================================
                 display system tcam service brief
===============================================================================

Slot: 1
----------------------------------------------------------------------------
Chip  GroupID  Width      Stage          ServiceName                 Count
----------------------------------------------------------------------------
    0        8  Double     Ingress        App-Session                    30
             8  Double     Ingress        CPCAR                          36
             8  Double     Ingress        L2 Protocol Tunnel              1
            17  Single     Ingress        Static Router IPv4           1011
            27  Double     Ingress        Traffic Policy Port             6
----------------------------------------------------------------------------

App-Session and CPCAR and L2 Protocol Tunnel use the same grouping, which is the default resource used by the system, not within the user's distributable range.
Static Router IPv4: It means IPv4's ARP and routing table items, that is, the cumulative occupancy of routing and ARP is 1011
Traffic Policy Port: It means the traffic-policy are applied in the interface view
===============================================================================
                 display traffic-policy applied-record
===============================================================================

Total records : 6
-------------------------------------------------------------------------------
Policy Type/Name                 Apply Parameter             Slot   State
-------------------------------------------------------------------------------
combine                          10GE1/0/1 inbound              1   success     
                                 10GE1/0/2 inbound              1   success     
                                 10GE1/0/5 inbound              1   success     
                                 10GE1/0/6 inbound              1   success     
combinenew                       10GE1/0/7 inbound              1   success     
                                 10GE1/0/8 inbound              1   success     
-------------------------------------------------------------------------------

2. For the CE6810-LI device, if customer configure traffic-policy , it is completed using ACL by default, then will be assigned 512 ACLs resource, this part of the resource can only be used for the same type of traffic-Policy, and cannot be shared.
3. For the CE6810-LI device, if customer configure layer 3 interface, also need to be assigned with 512 ACLs resource.

The max ACL resource number of CE6810-LI device is 1792, and according to above analysis:
IPv4's ARP and routing occupy 1011, traffic-policy occupy 512. Only 269 ACLs are remainder, so cannot set interface for layer 3.

 

 

 

 

 

Root Cause

The max ACL resource number of CE6810-LI device is 1792, and according to above analysis:
IPv4's ARP and routing occupy 1011, traffic-policy occupy 512. Only 269 ACLs are remainder, so cannot set interface for layer 3.

Solution

The CE6810-LI device is positioned for a layer 2 device, it isn’t recommended that you configure layer 3 service. Just can configure VLANIF interface for device management.

Suggestions

The CE6810-LI device is positioned for a layer 2 device, it isn’t recommended that you configure layer 3 service. Just can configure VLANIF interface for device management.

 

  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top