Policy cannot be enabled when double width access-list

  • 0
  • 1
  • Problem
  • Updated 3 weeks ago
  • Not a Problem
  • (Edited)
Hi There,

Just wondering if anyone has seen this issue, or know what its complaining about and how to correct.

Trying to run the command:
enable policy

This is on an X670G2, Core License running version 21.1.4.4 Patch 1-3

I get the following error:


Warning: Enabling Policy will cause some
Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0). Note that Policy cannot be enabled when double width access-list is configured or operational.
No ACLs have been configured, the following command shows the same on the other 3 core switches that have relitivly the same config and policy is enabled fine:
Customer-Core4.304 #
show access-list width
Slot  Type              Width (Configured)
----  ----------------  ---------------------
 X670G2-48x-4q     Single
Run various other ACL commands and nothing is standing out. Googling the error or elements of the message doesn't seem to be returning anything.

Many thanks in advance
Photo of Martin Flammia

Martin Flammia

  • 5,480 Points 5k badge 2x thumb

Posted 6 months ago

  • 0
  • 1
Photo of Stefano Dall'Osto

Stefano Dall'Osto

  • 324 Points 250 badge 2x thumb
hi all ... I have the same error, on the same hardware,
with a different firmware version
summitX-22.4.1.4.xos
is there any update?

please let me know

thanks a lot

best regards

Stefano
Photo of Kawawa

Kawawa, GTAC

  • 3,150 Points 3k badge 2x thumb
Hi Stefano,

Both MLAG and Policy reserve ACL Slice resources when configured/enabled.  For policy, you can reduce the resource reservation by configuring the profile-modifier. This functionality was added in 22.4

https://documentation.extremenetworks.com/exos_commands_22.4/exos_21_1/exos_commands_all/r_configure...

So, something like:
configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable
After configuring this you should see more available slices in the acl-slice usage output
Photo of Martin Flammia

Martin Flammia

  • 5,480 Points 5k badge 2x thumb
Hi Stefano,

Believe the issue in my case was that with MLAG enabled it used too many ACL slices for me to be able to enable policy.

The fix was to disable MLAG, then enable policy, then enable MLAG again!

Thanks,

Martin
Photo of Stefano Dall'Osto

Stefano Dall'Osto

  • 324 Points 250 badge 2x thumb
Hi all,
and thanks for the replies ...

but I think I'm loosing something ...
I don't have any MLAG enabled on the x670-g2 stack ...

so, where is the issue?

thanks in advance

best regards

Stefano