It seems it has reached the limit of Layer 4 operations (L4Ops). For typical configurations, the main hardware resources are the logical operation units (LOUs) that are combined on this platform between Layer 3 operations (L3Ops) and Layer 4 operations (L4Ops). The operator portion of an L4Op is one of the lt, gt, neq, and range operators. The operand is the source or destination TCP or UDP port number. Therefore, source or destination matched traffic uses a different operator. The eq operator does not consume an L4Op but Layer 3 operations (L3Ops).
* We have a limitation of 8 UDP and 8 TCP L4Ops per ASIC.
* When "statistics per-entry" is added to an ACL then it avoids rules from merging, which requires a bigger amount of TCAM memory, also temporary records with L4 operators may be created for optimization purposes - and if all L4 containers are used - an error will be shown.
We have seen the Nexus 5500 is capable of accommodating around 256 ACEs for which "statistics per-entry" is added.
However, you can expand/optimize hardware resources using: the "hardware access-list lou resource expansion" command. Then you need to save the configuration and a reload is required so that this command takes effect.