QoS +ACL and TCAM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2007 03:02 AM - edited 03-05-2019 02:37 PM
Dear all,
I am designing QoS on Cisco 4506 switch using ACL. I have Sup II+10GE 10GE module.
The following is the error message I am getting:
Feb 26 16:05:16: %C4K_HWACLMAN-4-ACLHWPROGERRREASON: Input(194/Normal, null) PolicyMap: IPPHONE+PC - hardware TCAM policers exceeded.
Feb 26 16:05:26: %C4K_HWACLMAN-4-ACLHWPROGERR: Input PolicyMap: IPPHONE+PC - hardware TCAM limit, qos being disabled on relevant interface.
Part of my config as follows:
class-map match-all DVLAN-PC-VIDEO
match access-group name DVLAN-PC-VIDEO
class-map match-all VVLAN-CALL-SIGNALING
match access-group name VVLAN-CALL-SIGNALING
class-map match-all VVLAN-VOICE
match access-group name VVLAN-VOICE
class-map match-all VVLAN-ANY
match access-group name VVLAN-ANY
!
!
policy-map DBL
class class-default
dbl
policy-map IPPHONE+PC
class VVLAN-VOICE
set dscp ef
police 128 kbps 8000 byte conform-action transmit exceed-action drop
class VVLAN-CALL-SIGNALING
set dscp cs3
police 32 kbps 8000 byte conform-action transmit exceed-action policed-dscp-transmit
class DVLAN-PC-VIDEO
set dscp af41
police 500 kbps 8000 byte conform-action transmit exceed-action policed-dscp-transmit
class VVLAN-ANY
set dscp default
police 32 kbps 8000 byte conform-action transmit exceed-action policed-dscp-transmit
class class-default
set dscp default
interface GigabitEthernet2/5
switchport access vlan dynamic
switchport mode access
switchport voice vlan 72
ip arp inspection limit rate 100
speed auto 10 100
qos trust device cisco-phone
tx-queue 1
bandwidth percent 5
tx-queue 2
bandwidth percent 25
tx-queue 3
bandwidth percent 30
priority high
shape percent 30
tx-queue 4
bandwidth percent 40
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input IPPHONE+PC
service-policy output DBL
ip verify source vlan dhcp-snooping
ip access-list extended DVLAN-PC-VIDEO
permit udp any any range 16384 32767
ip access-list extended VVLAN-ANY
permit ip 172.17.192.0 0.0.1.255 any
ip access-list extended VVLAN-CALL-SIGNALING
permit tcp 172.17.192.0 0.0.1.255 any range 2000 2002
ip access-list extended VVLAN-VOICE
permit udp 172.17.192.0 0.0.1.255 any range 16384 32767
Thanks,
- Labels:
-
LAN Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2007 10:47 AM
try removing the interface qos commands; these configure the hardware queue. You are better off just using the service policies.
Let me know how you make out.
Joe
