取消
显示结果 
搜索替代 
您的意思是: 
cancel
4869
查看次数
5
有帮助
3
回复

关于 Nexus 5596 在interface vlan 下不能对ACL进行删除

huihuxu735715
Spotlight
Spotlight

如题,请教大家,下面红字报错是什么原因导致?这个组策略port_445  下面是一个空的列表。有些贴子里说,需要重启交换机可以解决这个问题,但是这台交换机是用户的核心设备,客户不太愿意重启,没有嘛好的解决方式?
5596up_99# show run int vlan 2

!Command: show running-config interface Vlan2 

version 7.3(3)N1(1)

interface Vlan2
no shutdown
ip access-group port_445 in
ip access-group port_445 out
no ip redirects
ip address 192.168.10.206/24
ip address 66.66.20.131/24 secondary
no ipv6 redirects
ip policy route-map pbr_baoleiji_172.16.10.100_fb
hsrp 2
preempt
ip 192.168.10.254
hsrp 66
preempt
ip 66.66.20.254

5596up_99#
5596up_99#
5596up_99# conf t
Enter configuration commands, one per line. End with CNTL/Z. 


5596up_99(config)# int vlan 2
5596up_99(config-if)# no ip access-group port_445 in
ERROR: no free label   

5596up_99(config-if)# no ip access-group port_445 out
ERROR: no free label

5596up_99(config-if)#

1 个已接受解答

已接受的解答

ERROR: no free label Message for ACL modification
CSCus09017
 
Description
Symptom:
The Next message is output when the Customer tries to modify an ACL applied in the SVI (delete, modify, enable): ACLMGR-3-ACLMGR_VERIFY_FAIL: Verify failed: no free label

N5K(config)# int vlan 527
N5K(config-if)# no ip access-group NAME in
ERROR: no free label
N5K(config-if)#

No Hardware limits are crossed

Conditions:
Apparently the TCAM label is being used by two different features (RACL, and PBR). This is causing the label allocation error.

Workaround:
Identify the duplicated labels between PBRs and ACLs, remove the configuration for the PBRs, save configuration, reload the Switch, and the apply the PBR configuration back. For more Information Contact TAC

Further Problem Description:
应该是和这个bug有关系,Workaround也是这么说,所以如果有所顾虑的话,建议开TAC CASE。
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

在原帖中查看解决方案

3 条回复3

huihuxu735715
Spotlight
Spotlight
 

ERROR: no free label Message for ACL modification
CSCus09017
 
Description
Symptom:
The Next message is output when the Customer tries to modify an ACL applied in the SVI (delete, modify, enable): ACLMGR-3-ACLMGR_VERIFY_FAIL: Verify failed: no free label

N5K(config)# int vlan 527
N5K(config-if)# no ip access-group NAME in
ERROR: no free label
N5K(config-if)#

No Hardware limits are crossed

Conditions:
Apparently the TCAM label is being used by two different features (RACL, and PBR). This is causing the label allocation error.

Workaround:
Identify the duplicated labels between PBRs and ACLs, remove the configuration for the PBRs, save configuration, reload the Switch, and the apply the PBR configuration back. For more Information Contact TAC

Further Problem Description:
应该是和这个bug有关系,Workaround也是这么说,所以如果有所顾虑的话,建议开TAC CASE。
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

是的,我看的也是这篇,除了重启应该没别的好方法了

入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接