10-03-2022 08:04 AM
Have a pair of N7K switches (hot standby) running 6.1. Adding a PBR to a VLAN interface, one switch accepts the command no problem, the other I get "% Could not apply PBR route-map - Tcam Allocation Failure". Tried rebooting the switch, no change. This is the only PBR on the switches. If I try to apply the PBR map to a different VLAN interface, it works.
We're cutting over to 9k switches next month, so I don't want to spend a ton of time on this, just wondering if there are any quick fixes I can try.
Any input is appreciated.
10-03-2022 09:14 AM
- You may try latest advisory release , if feasible and applicable : https://software.cisco.com/download/home/286284485/type/282088129/release/8.4(5)
M.
10-03-2022 09:26 AM - edited 10-03-2022 09:26 AM
""" If I try to apply the PBR map to a different VLAN interface"""
I think this not relate to TCAM it relate to set <> under PBR I think,
share the PBR let me check it
10-04-2022 06:32 AM
ip access-list pbr-acl
permit ip host 10.*.*.* any
ip access-list pbr-deny1-acl
permit ip host 10.*.*.* 10.0.0.0/8
ip access-list pbr-deny2-acl
permit ip host 10.*.*.* 172.16.0.0/12
ip access-list pbr-deny3-acl
permit ip host 10.*.*.* 192.168.0.0/16
route-map pbr-map deny 10
match ip address pbr-deny1-acl
route-map pbr-map deny 20
match ip address pbr-deny2-acl
route-map pbr-map deny 30
match ip address pbr-deny3-acl
route-map pbr-map permit 40
match ip address pbr-acl
set ip next-hop 10.*.*.*
int vlan***
ip policy route-map pbr-map
10-04-2022 12:59 PM
why I think that this issue about VLAN not NSK ?
you mention that the PBR can apply to other VLAN but this VLAN can not.
for give me little Ack. but I Here try to help you to classify issue
the TCAM in NSK have two TCAM T0 and T1 and each one have Bank B0 and B1
some feature is one TCAM/Bank and other not, this make feature you want to apply can not be in same interface/vlan "sorry".
to be sure try below command add feature you config under VLAN to this command see if it appear in same TCAM/Bank or not.
show hardware access-list input interface feature-combo
MHM
10-05-2022 11:18 AM
Thanks for the reply. If it was an issue with the VLAN, wouldn't the command fail in both switches, not just the one?
The command
show hardware access-list input interface feature-combo
did not work - it gave an error at "interface":
show hardware access-list input ?
config Parsed policy software database
entries Tcam entries
l4ops L4 operations information
merge Tcam entries merge information
redirect Redirect resource information
sampler With sampler details
statistics Aggregate statistics
10-07-2022 02:25 PM - edited 10-07-2022 02:30 PM
show hardware access-list input vlan feature-combo
instead of interface use VLAN
also for other NSK, are you config same feature as this NSK ?
the issue is that if feature like RACL config with PBR and the TCAM bank is mismatch then the config is reject.
10-10-2022 06:50 AM
Hello -
VLAN is not an option either.
SW1# sho hardware access-list input ?
config Parsed policy software database
entries Tcam entries
l4ops L4 operations information
merge Tcam entries merge information
redirect Redirect resource information
sampler With sampler details
statistics Aggregate statistic
The other switch is getting an identical configuration, the two are running as a hot standby pair.
Thanks for your continued help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide