cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1947
Views
0
Helpful
11
Replies

Catalyst 2960 %ACLMGR-4-RELOADED

dawnccier
Level 1
Level 1

Does anyone has any idea about this issue?

Ports Gi1/0/10, Gi1/0/19 network access issue for PCs. Network continuously flapping.

2021-12-15_132431.png

11 Replies 11

marce1000
VIP
VIP

 

 - Can you post the results of 'show sdm prefer'

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

OASW_3#show sdm prefer
The current template is "lanbase-default" template.
The selected template optimizes the resources in
the switch to support this level of features for
0 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 16K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 3K
number of directly-connected IPv4 hosts: 2K
number of indirect IPv4 routes: 1K
number of IPv6 multicast groups: 1K
number of IPv6 unicast routes: 3K
number of directly-connected IPv6 addresses: 2K
number of indirect IPv6 unicast routes: 1K
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 0.625k
number of IPv6 policy based routing aces: 0
number of IPv6 qos aces: 0.5K
number of IPv6 security aces: 0.625k

 

 - Your device seems quite loaded , similar to what George said, you may also want to examine TCAM parameters and utilization , for that have a look at : https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/command/reference/2960_cr/showplat.html and look for  show platform tcam , review the documentation of this command and examine your system accordingly  , in the end you may need a stronger router platform.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Hello,marce. I can not find where the root cause is.

 

KMI_Sales_OASW_3#show platform tcam utilization

CAM Utilization for ASIC# 0 Max Used
Masks/Values Masks/values

Unicast mac addresses: 16604/16604 210/210
IPv4 IGMP groups + multicast routes: 1072/1072 1/1
IPv4 unicast directly-connected routes: 2048/2048 0/0
IPv4 unicast indirectly-connected routes: 1024/1024 34/34
IPv6 Multicast groups: 1072/1072 11/11
IPv6 unicast directly-connected routes: 2048/2048 0/0
IPv6 unicast indirectly-connected routes: 1024/1024 3/3
IPv4 policy based routing aces: 504/504 13/13
IPv4 qos aces: 504/504 65/65
IPv4 security aces: 600/600 458/458
IPv6 policy based routing aces: 20/20 8/8
IPv6 qos aces: 500/500 53/53
IPv6 security aces: 600/600 17/17

Note: Allocation of TCAM entries per feature uses
a complex algorithm. The above information is meant
to provide an abstract view of the current TCAM utilization

 

KMI_Sales_OASW_3#show platform tcam errors

TCAM Memory Consistency Checker Errors
--------------------------------------
TCAM Space Values Masks Fixups Retries Failures
HFTM 0 0 0 0 0
HQATM 0 0 0 0 0

 

KMI_Sales_OASW_3#show platform tcam usage

=============================================================================
TCAM Table
TCAM Use Width Raw Entries Num Entries Entry Size
=============================================================================
0 L2 16384
1 L2 256
2 L3 6124
3 L3 116
4 L3 180 2048 2048 32
5 ACL 180 2048 1528 32
6 ACL 276 2048 1200 64
=============================================================================
FRAM Entries
=============================================================================
TCAM : 0
Entry Start Entry Base Address Num Entries Bytes/Entry # Range
=============================================================================
0 0x0 0x0 16384 4 1
1 0x0 0x0 16384 4 1
2 0x0 0x0 0 0 0
3 0x0 0x0 0 0 0
4 0x0 0x0 0 0 0
5 0x0 0x0 0 0 0
6 0x0 0x0 0 0 0

TCAM : 1
Entry Start Entry Base Address Num Entries Bytes/Entry # Range
=============================================================================
0 0x0 0x0 256 4 1
1 0x0 0x0 256 4 1
2 0x0 0x0 0 0 0
3 0x0 0x0 0 0 0
4 0x0 0x0 0 0 0
5 0x0 0x0 0 0 0
6 0x0 0x0 0 0 0

TCAM : 2
Entry Start Entry Base Address Num Entries Bytes/Entry # Range
=============================================================================
0 0x0 0x0 2038 4 1
1 0x0 0x0 2038 4 1
2 0x0 0x0 1024 8 1
3 0x0 0x0 1024 8 1
4 0x0 0x0 0 0 0
5 0x0 0x0 0 0 0
6 0x0 0x0 0 0 0

TCAM : 3
Entry Start Entry Base Address Num Entries Bytes/Entry # Range
=============================================================================
0 0x70 0x0 10 4 1
1 0x60 0x0 10 4 1
2 0x0 0x0 48 8 1
3 0x30 0x0 48 8 1
4 0x0 0x0 0 0 0
5 0x0 0x0 0 0 0
6 0x0 0x0 0 0 0

TCAM : 4
Entry Start Entry Base Address Num Entries Bytes/Entry # Range
=============================================================================
0 0x400 0x0 1024 4 1
1 0x0 0x0 1024 4 1
2 0x0 0x0 0 0 0
3 0x0 0x0 0 0 0
4 0x0 0x0 0 0 0
5 0x0 0x0 0 0 0
6 0x0 0x0 2048 0 2
Ranges:0 - 1023 , 1024 - 2047 ,

TCAM : 5
Entry Start Entry Base Address Num Entries Bytes/Entry # Range
=============================================================================
0 0x0 0x0 0 0 0
1 0x0 0x0 0 0 0
2 0x0 0xBD00 20 8 1
3 0x208 0xBD80 504 8 1
4 0x14 0xC000 500 8 1
5 0x608 0xC1F4 504 8 1
6 0x0 0x0 2048 0 2
Ranges:0 - 1023 , 1024 - 2047 ,

TCAM : 6
Entry Start Entry Base Address Num Entries Bytes/Entry # Range
=============================================================================
0 0x0 0xBA58 600 4 1
1 0x258 0xB800 600 4 2
Ranges:600 - 1023 , 1624 - 1799 ,
2 0x0 0x0 0 0 0
3 0x0 0x0 0 0 0
4 0x0 0x0 0 0 0
5 0x0 0x0 0 0 0
6 0x0 0x0 2048 0 2
Ranges:0 - 1023 , 1024 - 2047 ,

Table Name Base Address Num Entries Bytes/Entry
=============================================================================
Equal Cost Route Table: 0xFC00 128 32
Static Address Table: 0x5B00 2 64
Station Table: 0x3200 20480 4
MAC Address Table: 0x2100 4096 8
Unicast RPF Check Table: 0x0 192 32
MetPtr Table: 0x0 2082 8
Multicast Expansion Table: 0x1022 6246 8
VLAN List Table: 0x822 2048 8
L2 Learning Result Table: 0x0 16640 4
L2 Forwarding Result Table: 0xCE00 16640 4
L3 IPv4 Ucast Fwding Result Table: 0xF600 3072 4
L3 IPv4 Mcast Fwding Ext Result Table: 0xC400 1072 8
L3 IPv6 Ucast Fwding Result Table: 0xF000 3072 4
L3 IPv6 Mcast Fwding Ext Result Table: 0xC900 1072 8

Hello,

 

also post the full running configuration (sh run) of the switch...

Due to privacy, the configuration of the issue port is available.

interface GigabitEthernet1/0/10
description ## S-2 ##
switchport access vlan 126
switchport mode access
switchport voice vlan 127
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication event fail action next-method
authentication event server dead action authorize vlan 126
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication timer inactivity server
authentication violation restrict
mab
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 10
auto qos voip cisco-phone
spanning-tree portfast edge
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

 

interface GigabitEthernet1/0/19
description ## P-2 ##
switchport access vlan 126
switchport mode access
switchport voice vlan 127
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication event fail action next-method
authentication event server dead action authorize vlan 126
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication timer inactivity server
authentication violation restrict
mab
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 10
auto qos voip cisco-phone
spanning-tree portfast edge
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

Hello,

 

which 2960 model do you have ? Chances are you are running out of memory. What is the output of:

 

show mem

Model: WS-C2960X-48LPS-L

SW Version: 15.2(4)E2

Show memory: Attachment

 

 

 - Check current software version installed on the 2960 , preferably use an advisory release , check if that can help.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

OASW_3#show version
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(4)E2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Mon 27-Jun-16 08:49 by prod_rel_team

ROM: Bootstrap program is C2960X boot loader
BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.2(3r)E1, RELEASE SOFTWARE (fc1)

OASW_3 uptime is 1 year, 16 weeks, 6 days, 5 hours, 15 minutes
System returned to ROM by power-on
System restarted at 07:13:38 IST Thu Aug 20 2020
System image file is "flash:/c2960x-universalk9-mz.152-4.E2.bin"
Last reload reason: power-on

 

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C2960X-48LPS-L (APM86XXX) processor (revision S0) with 524288K bytes of memory.
Processor board ID FCW2151B1B3
Last reset from power-on
2 Virtual Ethernet interfaces
1 FastEthernet interface
52 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:3C:10:14:DB:80
Motherboard assembly number : 73-16692-06
Power supply part number : 341-0528-02
Motherboard serial number : 
Power supply serial number : 
Model revision number : S0
Motherboard revision number : B0
Model number : WS-C2960X-48LPS-L
Daughterboard assembly number : 73-14200-03
Daughterboard serial number : 
System serial number : 
Top Assembly Part Number : 68-100470-03
Top Assembly Revision Number : F0
Version ID : V05
CLEI Code Number : CMMLP00ARE
Daughterboard revision number : B0
Hardware Board Revision Number : 0x19


Switch   Ports                  Model                   SW                 Version SW Image
------ ----- ----- ---------- ----------
* 1          52     WS-C2960X-48LPS-L     15.2(4)E2      C2960X-UNIVERSALK9-M


Configuration register is 0xF

 

 - Have a go withhttps://software.cisco.com/download/home/284795740/type/280805680/release/15.2.7E4

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '