Nexus-9K ACL Logging Settings

ilhan05 · ‎08-26-2020

Hello,

I am having this error one one of our switches while the other looks OK.

Does anyone have an idea?

BB-1# show logging ip access-list status
ERROR: Failed to build CLI response

BB-2# show logging ip access-list status
Max flow = 8000
Alert interval = 300
Threshold value = 0

Christopher Hart · ‎08-26-2020

Hello!

Would you be able to share the output of the show hardware access-list resource utilization command from both devices?

It is possible to see this error message when there is insufficient TCAM space allocated for ACLs being logged. You may also see logs in the system's logfile (you can see this through the show logging logfile command) related to TCAM space exhaustion.

You can read more information about the implementation of TCAM on Nexus 9000 switches and how to re-allocate TCAM resources on the switch through the Nexus 9000 TCAM Carving document.

I hope this helps - Thank you!

-Christopher

ilhan05 · ‎08-26-2020

Hello,

Thank you for your reply,

I am attaching the commant output.

TCAM settings are the same on both switches.

Regards.

Christopher Hart · ‎08-27-2020

Hello!

Your current TCAM utilization looks fine to me, so that clears the most likely explanation for this behavior.

If possible, I would recommend opening up a case with Cisco TAC to review this issue in more detail. There may be some NX-OS inter-process communication errors that could cause this type of issue that require further investigation.

Thank you!

-Christopher