ExtremeSwitching (EXOS)

 View Only

  • 1.  Too many ACL's & packet rate is too high issue

    Posted 02-24-2017 09:53
    Hi, When i configure the switch to download Xos image to upgrade its verson im getting too many "Too many ACL's & packet rate is too high" messages in the switch logs.

    02/24/2017 11:34:27.76


  • 2.  RE: Too many ACL's & packet rate is too high issue

    Posted 02-27-2017 05:05
    First of all welcome to HUB for your participation here. I could see you had posted this question 3 days back for the reported error log message and requesting us to provide the cause of these messages.

    Looking at the below log messages:

    02/24/2017 11:34:27.76


  • 3.  RE: Too many ACL's & packet rate is too high issue

    Posted 02-27-2017 07:09
    Hi and thank you for your reply, to be honest im not sure if i understood your explanation and i am still bit confused.

    It is true that in recent past i had a policy applied on inteface 49, but not anymore, according to the log packets are being denied on ingress interface, and this is where i get confused, since at the moment i dont have any policy or ACL applied on the interface 49, what is what is denying the ingress traffic?

    Should i do a refresh policy upon removing a policy from an interface so that those log messages dont appear anymore?



  • 4.  RE: Too many ACL's & packet rate is too high issue

    Posted 02-27-2017 07:33
    This means my assumption was correct. This shows in the recent past you had already applied ACL on this specific port and later removed them seems. So what i wanted to say earlier as below:

    For example assume you prepared one policy file and executed them. Say this policy file contains more than 1 entries as below:

    entry one {

    if match all {

    ethernet-destination-address 33:33:00:00:00:00 mask ff:ff:00:00:00:00

    } then {

    count ip-in;
    }
    }


    configure access-list ip-traffic any

    then say you updated the ip-traffic.pol to include one more entry

    entry two {

    if match all {

    ethernet-destination-address 01:80:c2:00:00:00;

    } then {

    count st-in;

    }

    }

    Then you must have refreshed the policy as:

    refresh policy ip-traffic

    Then at last when you try to unconfigure the access-list:

    unconfigure access-list ip-traffic

    Then while executing the show log it takes a long time and later there are chances the log files to be filled with messages such as:

    02/24/2017 11:34:27.76


  • 5.  RE: Too many ACL's & packet rate is too high issue

    Posted 02-27-2017 10:26
    Your assumption is correct and i have to give you credit for that, what i dont understand is the meaning of those messages.

    At the moment i dont have any policy configured and if i upload a new image to the switch those messages wil appear again during the upload proccess. what do they mean? If they relate to someting i had previously configured they are kind of missleading.



  • 6.  RE: Too many ACL's & packet rate is too high issue

    Posted 02-28-2017 02:21
    Thanks for your kind words and appreciation for my correct assumption. Yes you are right it seems these log messages are related to the past activity. If you see the error logs can find default filter events kern.warning is displayed there:

    02/24/2017 11:34:27.76