Solved: Cisco 6509 sup 720 %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

rahulb212 · ‎03-22-2018

Hi All,

we had a 3000 lines of ACL that is applied to the interface ,

CPU on the switch spiking to 100% and i see below logs on the switch.

CPU seems to 100% for most of the time , for temporary fix we removed the acl which bought down the CPU utilization , but my management wants to put the ACL back in ,

Mar 13 21:27:18.373 GMT: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

Mar 13 21:28:45.242 GMT: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

Mar 13 21:32:13.804 GMT: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

Mar 13 21:35:53.314 GMT: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

Mar 13 21:38:42.647 GMT: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

Could some one help me in fixing this issue

Georg Pauwen · ‎03-22-2018

Hello,

this could be a bug, which IOS version are you running ?

Check if your switch supports the command:

;mls acl tcam share-global'

if so, issue that command and reload the device. Also, (obviously) make sure that 'ip cef' is enabled...

View solution in original post

Georg Pauwen · ‎03-22-2018

Hello,

this could be a bug, which IOS version are you running ?

Check if your switch supports the command:

;mls acl tcam share-global'

if so, issue that command and reload the device. Also, (obviously) make sure that 'ip cef' is enabled...

rahulb212 · ‎03-23-2018

thanks, we have maintenance scheduled next week, I will make changes as recommended.

Leo Laohoo · ‎03-22-2018

Please post the complete output to the command "sh version".

I'd be looking at upgrading the firmware of the chassis.

rahulb212 · ‎03-23-2018

R1.VDC-FO.QA1#show version
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI7, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Mon 18-Jul-11 05:49 by prod_rel_team

ROM: System Bootstrap, Version 12.2(17r)SX7, RELEASE SOFTWARE (fc1)

R1.VDC-FO.QA1 uptime is 50 weeks, 6 days, 19 hours, 30 minutes
Uptime for this control processor is 50 weeks, 6 days, 19 hours, 17 minutes
Time since R1.VDC-FO.QA1 switched to active is 50 weeks, 6 days, 19 hours, 24 minutes
System returned to ROM by reload at 17:43:33 GMT Fri Mar 31 2017 (SP by reload)
System restarted at 18:33:01 GMT Fri Mar 31 2017
System image file is "sup-bootdisk:s72033-advipservicesk9_wan-mz.122-33.SXI7.bin"
Last reload reason: reload

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C6509-E (R7000) processor (revision 1.2) with 983008K/65536K bytes of memory.
Processor board ID
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
30 Virtual Ethernet interfaces
74 Gigabit Ethernet interfaces
32 Ten Gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.

65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102