Issue Description
customer want to change interface from layer 2 to layer 3 for CE6810LI device, for example:
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
but appear below error:
Error: Fail to execute undo portswitch command on slot 1 because the number of A CL rules exceeds the maximum value. To use the main interface, run the port switch command and adjust ACL rules
Handling Process
This error is due to ACL resources exceeds the threshold. We can check it as follow information:
1. Check the services type of the device using ACL
===============================================================================
display system tcam service brief
===============================================================================
Slot: 1
----------------------------------------------------------------------------
Chip GroupID Width Stage ServiceName Count
----------------------------------------------------------------------------
0 8 Double Ingress App-Session 30
8 Double Ingress CPCAR 36
8 Double Ingress L2 Protocol Tunnel 1
17 Single Ingress Static Router IPv4 1011
27 Double Ingress Traffic Policy Port 6
----------------------------------------------------------------------------
App-Session and CPCAR and L2 Protocol Tunnel use the same grouping, which is the default resource used by the system, not within the user's distributable range.
Static Router IPv4: It means IPv4's ARP and routing table items, that is, the cumulative occupancy of routing and ARP is 1011
Traffic Policy Port: It means the traffic-policy are applied in the interface view
===============================================================================
display traffic-policy applied-record
===============================================================================
Total records : 6
-------------------------------------------------------------------------------
Policy Type/Name Apply Parameter Slot State
-------------------------------------------------------------------------------
combine 10GE1/0/1 inbound 1 success
10GE1/0/2 inbound 1 success
10GE1/0/5 inbound 1 success
10GE1/0/6 inbound 1 success
combinenew 10GE1/0/7 inbound 1 success
10GE1/0/8 inbound 1 success
-------------------------------------------------------------------------------
2. For the CE6810-LI device, if customer configure traffic-policy , it is completed using ACL by default, then will be assigned 512 ACLs resource, this part of the resource can only be used for the same type of traffic-Policy, and cannot be shared.
3. For the CE6810-LI device, if customer configure layer 3 interface, also need to be assigned with 512 ACLs resource.
The max ACL resource number of CE6810-LI device is 1792, and according to above analysis:
IPv4's ARP and routing occupy 1011, traffic-policy occupy 512. Only 269 ACLs are remainder, so cannot set interface for layer 3.
Root Cause
The max ACL resource number of CE6810-LI device is 1792, and according to above analysis:
IPv4's ARP and routing occupy 1011, traffic-policy occupy 512. Only 269 ACLs are remainder, so cannot set interface for layer 3.
Solution
The CE6810-LI device is positioned for a layer 2 device, it isn’t recommended that you configure layer 3 service. Just can configure VLANIF interface for device management.
Suggestions
The CE6810-LI device is positioned for a layer 2 device, it isn’t recommended that you configure layer 3 service. Just can configure VLANIF interface for device management.
