Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

  • 28 February 2018
  • 41 replies
  • 2001 views

Userlevel 1
Hello everybody

I would like to configure the Extreme Switches (x440-G2, with version 22.4) to sending sflow/netflow data direct to the Extreme Analytics. I heard this is now possible without having a flowcollector enginge like PV FC-180 installed. Is this true? Because I couldn't find any referenced documentation to this. Thank you very much for your feedback.

Best regards, Yves

41 replies

Userlevel 5
Hi,

FYI it was an ultimate example why one should not perform full-blown config for X440-G2s in a stack that exceeds best practice size. The stack that made issues was 7-slot, others were 2-4 slots only. Because of that most likely, the master's CPU was heavily loaded, reaching 100% quite often. Probably that's why we've seen many logs about mirroring instances, and also ports started to flap (at least those with APs connected). Huge mess. ;)
Disabling telemetry left the switch free of high CPU utilization and AP link outages, next step is to simply split the stack.

Hope that helps,
Tomasz
Userlevel 5
Hi @Jason Miceli,

Were you successful with the setup over that time? I was successful now thanks to our local SE advice, here's what I did to get this working on the last stack of X440-G2s:
  • uploaded configuration as script,
  • left essentials, without any Policy, AAA and named the file default.xsf,
  • put the script back to the switch and did unconfigure switch; the script started just a moment after booting from defaults so I had minimum downtime,
  • set the stack as a telemetry source in Analytics first,
  • removed the stack from Policy domain (otherwise had issues), saved, added back, saved, enforced,
  • re-enforced NAC appliance with "force reconfiguration for all switches" just to be sure I didn't remove too much of it when preparing default.xsf parachute.
That helped, but still gotta have in mind that X440-G2 has quite limited resources for all-inclusive scenario.

The only thing that concerns me now is 75 pages of syslog in XMC with that kind of messages just for this 1 out of 8 stacks:
code:
HAL.IPv4ACL: Slot-1: Mirroring instance EAN was disabled, hence mirror action in telemetry policy entry BITTORRENT was disabled on port 1:1



I thought it stopped but after a few moments does the same for tons of entries and for different ports.
Show mirror when it happens:
code:
DefaultMirror   (Disabled)
Description: Default Mirror Instance, created automatically
Mirror to port: -

EAN (Enabled)
Description:
Mirror to remote IP: x.x.x.x VR : VR-Default
From IP : y.y.y.y Ping check: On
Status : Up

Mirrors defined: 2
Mirrors enabled: 1 (Maximum 4)
HW filter instances used: 0 (Maximum 128)
HW mirror instances used: 0 ingress, 0 egress (Maximum 4 total, 1 egress)



Will keep an eye on this but if somebody already walked through this that would be much appreciated. :)

Kind regards,
Tomasz
Userlevel 5
[it doesn't let me edit the post] I see two slices reserved for CoS but I hope there is a workaround different than default&redo...
Userlevel 5
Same here with 22.6.1 patch 1.1.
Couple of X440-G2 stacks, all are ok but one.
Policy (simple at the moment, not much rules, HTTP redirect, no qos yet qos enabled on each), telemetry.
Telemetry was ok on all of these but on one I was receiving a lot of such logs, for different ACL entries:
code:
HAL.IPv4ACL: Slot-1: Mirroring instance EAN was disabled, hence mirror action in telemetry policy entry CITRIXICA was disabled on port 1:1


I've decided to re-add this telemetry source but was unsuccessful, not sure if because of an error in XMC like this (based on my browser history):
code:
EXOS application attempting to install incompatible ACL: filter vlan *, port * (rule "bjnp", index 14)


Rebooted the switch (btw after trying to add a telemetry source before the stack got config internally synced, it disappeared from a list of allowed devices, I had to reboot entire XMC eventually) and... ah (...), here we go again. ;)
No luck with changing vlan-acl-precedence, no luck with removing qos meters and disabling/enabling CoS via Policy in XMC.

Drop some CLI:
code:
Slot-1 SW_STACK-1.45 # show access-list usage acl-slice port 1:1
Ports 1:1-1:24, 1:51, 1:52
Stage: INGRESS
Reserved slices:
Type Used Available
Policy P/D 1 1
Policy CoS 0 2

Slices: Used: 7 Available: 1
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 256 Policy CoS reserved
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 256 Policy CoS reserved
Virtual Slice * (physical slice 5) Rules: Used: 0 Available: 256 Policy P/D reserved
Virtual Slice * (physical slice 6) Rules: Used: 0 Available: 256
Virtual Slice 4 (physical slice 0) Rules: Used: 14 Available: 242 system
Virtual Slice 5 (physical slice 1) Rules: Used: 2 Available: 254 system
Virtual Slice 6 (physical slice 4) Rules: Used: 76 Available: 180 Policy P/D reserved
Virtual Slice 7 (physical slice 7) Rules: Used: 4 Available: 252 user/other
Stage: EGRESS
Slices: Used: 0 Available: 4
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 128
Stage: LOOKUP
Reserved slices:
Type Used Available
Policy Profile 0 4

Slices: Used: 4 Available: 0
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 128 Policy Profile reserved
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 128 Policy Profile reserved
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 128 Policy Profile reserved
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 128 Policy Profile reserved
Stage: EXTERNAL

Virtual Slice : (*) Physical slice not allocated to any virtual slice.

* Slot-1 SW_STACK-1.46 # show access-list dynamic
Dynamic Rules: ((*)- Rule is non-permanent )

(*)hclag_arp_2_4_96_9e_e3_41 Bound to 0 interfaces for application HealthCheckLAG
(*)policy.rule.df.1.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.10 Bound to 1 interfaces for application Policy
(*)policy.rule.df.10.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.11.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.12.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.13 Bound to 1 interfaces for application Policy
(*)policy.rule.df.13.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.14.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.15.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.16.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.17.22.8 Bound to 1 interfaces for application Policy
(*)policy.rule.df.18.22.8 Bound to 1 interfaces for application Policy
(*)policy.rule.df.19.25.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.2.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.20.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.21.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.22.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.23.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.24.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.25.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.26.25.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.27.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.28.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.29.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.3.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.30.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.31.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.32.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.33.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.34.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.35.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.36.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.37.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.38.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.39.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.4 Bound to 1 interfaces for application Policy
(*)policy.rule.df.4.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.40.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.41.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.42.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.43.22.8 Bound to 1 interfaces for application Policy
(*)policy.rule.df.44.22.8 Bound to 1 interfaces for application Policy
(*)policy.rule.df.45.25.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.46.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.47.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.48.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.49.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.5 Bound to 1 interfaces for application Policy
(*)policy.rule.df.5.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.50.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.51.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.52.25.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.53.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.54.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.55.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.56.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.57.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.58.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.59.25.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.6 Bound to 1 interfaces for application Policy
(*)policy.rule.df.6.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.60.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.61.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.62.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.63.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.64.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.65.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.66.25.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.67.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.68.16.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.69.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.7.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.70.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.71.25.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.8.18.16 Bound to 1 interfaces for application Policy
(*)policy.rule.df.9.18.16 Bound to 1 interfaces for application Policy
(*)policy.webredir.server.13.0 Bound to 1 interfaces for application Policy
(*)policy.webredir.sock.13.0 Bound to 1 interfaces for application Policy
(*)policy.webredir.sock.13.1 Bound to 1 interfaces for application Policy
(*)policy.webredir.sock.13.2 Bound to 1 interfaces for application Policy
* Slot-1 SW_STACK-1.47 # show sflow hardware-utilization

sFlow Hardware Table Utilization Statistics

Slot: 1
Type: X440G2-48p-10G4
Resource Type Current Maximum % Util.
-------------------- ------- ------- -------
MAC Entries 387 16384 2
Host Entries 16 4096 0
IPv4 Entries 0 4096 0
IPv6 Entries 0 2048 0
Long IPv6 Entries 0 2048 0
Total Routes 2 512 0
IPv4 Neighbors 1 N/A N/A
IPv6 Neighbors 0 N/A N/A
IPv4 Routes 2 N/A N/A
IPv6 Routes 0 N/A N/A
ECMP Next Hops 0 N/A N/A
ACL Ingress Entries 96 2048 4
ACL Ingress Counters 0 2048 0
ACL Ingress Meters 0 2048 0
ACL Ingress Slices 7 8 87
ACL Egress Entries 0 512 0
ACL Egress Counters 0 512 0
ACL Egress Meters 0 512 0
ACL Egress Slices 0 4 0

Slot: 2
Type: X440G2-48t-10G4
Resource Type Current Maximum % Util.
-------------------- ------- ------- -------
MAC Entries 388 16384 2
Host Entries 16 4096 0
IPv4 Entries 0 4096 0
IPv6 Entries 0 2048 0
Long IPv6 Entries 0 2048 0
Total Routes 0 512 0
IPv4 Neighbors 0 N/A N/A
IPv6 Neighbors 0 N/A N/A
IPv4 Routes 0 N/A N/A
IPv6 Routes 0 N/A N/A
ECMP Next Hops 0 N/A N/A
ACL Ingress Entries 95 2048 4
ACL Ingress Counters 0 2048 0
ACL Ingress Meters 0 2048 0
ACL Ingress Slices 7 8 87
ACL Egress Entries 0 512 0
ACL Egress Counters 0 512 0
ACL Egress Meters 0 512 0
ACL Egress Slices 0 4 0

... up to the rest of slots


I've lost any clue for the moment based on the fact that couple of stacks have the same EXOS version and Policy domain and there are no issues with Telemetry. :(

Did somebody get through it recently?

Kind regards,
Tomasz
Just tried it....I get the same failure, posted below. My SE said this should work fine...as well as with two VSP 4450s I have in my lab environment. I can see flows, but only by typing in the sflow instructions into the CLI of the VSPs and the 440G2...I cannot seem to have analytics automatically configure them via XMC because it doesn't even see the VSPs, and the error when I try and add it to the app telemetry section of the engine:

2018-11-23 12:45:23,159 ERROR [com.enterasys.netsight.appid.server.webapps.monitor.AppIdDwr] javax.script.ScriptException:
*** Script Error ***
Die command issued: Script failed : * X440G2-12p-10G4.17 # configure access-list telemetry.pol any ingress

Error: ACL install operation failed - filter hardware full for vlan *, port *
* X440G2-12p-10G4.18 #
Userlevel 1
Did you tried this command: configure access-list vlan-acl-precedence shared
--> and reboot.
Has this been fixed? I just tried to add my x440G2 into Analytics into a lab environment where I'm also running control doing some basic mac-based authentication at the port...and I get the same error when I try and add the 440 to the analytics engine:

2018-11-21 11:32:37,434 ERROR [com.enterasys.netsight.appid.server.webapps.monitor.AppIdDwr] javax.script.ScriptException:
*** Script Error ***
Die command issued: Script failed : * X440G2-12p-10G4.17 # configure access-list telemetry.pol any ingress

Error: ACL install operation failed - filter hardware full for vlan *, port *
* X440G2-12p-10G4.18 #
Userlevel 5
For what its worth I tried added these commands to minimize use of the ACL slices:

configure access-list vlan-acl-precedence shared
configure access-list rule-compression port-counters shared

But made no difference?
Userlevel 7
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
that's certainly a wise decision, playing all around with the ACL config as you did, you may have some leftovers.

Make sure CoS is disabled in Policy Manager, like that:

Userlevel 5
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
So I've tried all the above and removed all the QoS config I can, but still the ACL slices will not budge, so no idea what's using them?

Think the only way I'm going to be able to straighten it out I think is wipe the switch and start again.

Thanks for all your effort anyway.
Userlevel 5
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
Thanks Stephane, shall try this out and post back. I haven't got double width enabled. I did try it, but removed it as I couldn't enable policy.
Userlevel 7
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
btw, you are not using double width ACL, right? You should not.
Userlevel 7
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
A fresh x440G2 (default config) should use only 1 slice.

X440G2-24p-10G4.1 # show access-list usage acl-slice port 1

Ports 1-28

Stage: INGRESS

Slices: Used: 1 Available: 7

Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 256

Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 256

Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 256

Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 256

Virtual Slice * (physical slice 4) Rules: Used: 0 Available: 256

Virtual Slice * (physical slice 5) Rules: Used: 0 Available: 256

Virtual Slice * (physical slice 6) Rules: Used: 0 Available: 256

Virtual Slice 7 (physical slice 7) Rules: Used: 10 Available: 246 system

Stage: EGRESS

Slices: Used: 0 Available: 4

Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 128

Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 128

Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 128

Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 128

Stage: LOOKUP

Slices: Used: 0 Available: 4

Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 128

Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 128

Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 128

Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 128

Stage: EXTERNAL



Telemetry + Policy should leave you with 1 slice free.

You could try disabling diffserv examination and dot1p examination and turn off port qos (config port qosprofile none). If all else fails, you can reduce policy to just L2 rules via:



config policy resource-profile default profile-modifier no-ipv4 enable



This will require disable/enable policy but will effectively reserve/consume only 2 slices (instead of 4) for policy.
Userlevel 5
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
Well..

I've disable CoS in policy and did an enforce, well I think that's what I've done - see below:



When you look on the switch there is a lot of config that policy originally added, and it doesn't get removed, even removing a CoS from a role (had to do that manually as previously stated):

configure ports group "Default (IRL.1)" add 1-52
configure ports group "Default (TXQ.0)" add 1-52
configure qosscheduler strict-priority ports "Default (TXQ.0)"
configure qosprofile QP1 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP2 maxbuffer 100 weight 1
configure qosprofile QP2 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP3 maxbuffer 100 weight 1
configure qosprofile QP3 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP4 maxbuffer 100 weight 1
configure qosprofile QP4 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP5 maxbuffer 100 weight 1
configure qosprofile QP5 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP6 maxbuffer 100 weight 1
configure qosprofile QP6 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP7 maxbuffer 100 weight 1
configure qosprofile QP7 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP8 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure dot1p type 0 qosprofile QP1 ingress-meter ingmeter0
configure dot1p type 1 qosprofile QP2 ingress-meter ingmeter1
configure dot1p type 2 qosprofile QP3 ingress-meter ingmeter2
configure dot1p type 3 qosprofile QP4 ingress-meter ingmeter3
configure dot1p type 4 qosprofile QP5 ingress-meter ingmeter4
configure dot1p type 5 qosprofile QP6 ingress-meter ingmeter5
configure dot1p type 6 qosprofile QP7 ingress-meter ingmeter6
configure dot1p type 7 qosprofile QP8 ingress-meter ingmeter7
configure vr VR-Default delete protocol mpls
configure cos-index 8 qosprofile QP4 replace-tos 64
configure meter ingmeter2 committed-rate 10000000 Kbps out-actions drop ports "Default (IRL.1)"
configure meter ingmeter3 committed-rate 10000000 Kbps out-actions drop ports "Default (IRL.1)"
configure access-list vlan-acl-precedence shared
configure access-list rule-compression port-counters shared

So apologies if this might seem like a daft question but do you know how I can fully remove all the CoS settings, perhaps just by manually removing all the config above?

I tried removing the meters but it complained about being in use elsewhere, probably the 'configure dot1p' command.

Before I start removing all the config, and its only a POC so its no big deal, I just wanted to see if there was an easier way and that I'm going about it correctly.

Many thanks.
Userlevel 7
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
fwiw, you should be able to have telemetry and policy on the x440G2, but I doubt you can have CoS settings as well. You should check why you still have a cos configured. did you try without the meters?
Userlevel 5
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
No worries. Thanks for helping out on this Stephane. It is quite a challenge, just doesn't seem a clear way to see what's using the slices. Even when policy is disabled and all the ACL config is removed 3 are still consumed, but not sure what?

Tried everything I can fined from compression, shared, dedicated, double ACLs, but nothing is effecting or reducing the values.

There is definitely a dark art to it somewhere 🙂
Userlevel 7
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
You should not see that line imho.
Userlevel 5
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
There are no TCi Overwrites configured and removed all the CoS settings, as can been seen in the screenshot below for one example I set the CoS to 'none'



But even after an enforce the cos value stays persistent in the policy configuration on the switch?



So manually removed this but still no difference to amount of ACL slices used.
Userlevel 7
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
for testing purposes, I'd try to disable the meters, and try to use a light Policy with Telemetry. If possible, can you make sure for your Policy TCI Overwrite is disabled as well as CoS (if not needed, of course)?
Userlevel 5
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
Hi Stephane,

Thanks for posting back. I've currently disabled policy and re-run the Telemetry configuration via EMC, just to see it would take, which it did.

Problem is I can't enable Policy again because its out of resource. So least I know it works with one or the other but never both.

Here is were it stands at the moment with sflow telemetry enabled and policy disabled:

POC.2 # sh access-list usage acl-slice port 1
Ports 1-24, 51, 52
Stage: INGRESS
Slices: Used: 4 Available: 4
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 256
Virtual Slice 4 (physical slice 4) Rules: Used: 12 Available: 244 system
Virtual Slice 5 (physical slice 5) Rules: Used: 2 Available: 254 system
Virtual Slice 6 (physical slice 6) Rules: Used: 123 Available: 133 user/other
Virtual Slice 7 (physical slice 7) Rules: Used: 71 Available: 185 user/other
Stage: EGRESS
Slices: Used: 1 Available: 3
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 128
Virtual Slice 3 (physical slice 3) Rules: Used: 1 Available: 127 user/other
Stage: LOOKUP
Slices: Used: 0 Available: 4
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 128
Stage: EXTERNAL
Virtual Slice : (*) Physical slice not allocated to any virtual slice.

If I disable the ACL's for telemetry (show config acl)

configure meter ingmeter2 committed-rate 1024 Kbps out-actions drop ports "Default (IRL.1)"
configure meter ingmeter3 committed-rate 2048 Kbps out-actions drop ports "Default (IRL.1)"
configure access-list telemetry any ingress
configure access-list telemetryegress any egress

i.e

unconfigure access-list telemetry
unconfigure access-list telemetryegress

and re-enable policy the ACL slices look like the following:

POC.7 # sh access-list usage acl-slice port 1
Ports 1-24, 51, 52
Stage: INGRESS
Reserved slices:
Type Used Available
Policy P/D 0 2
Policy CoS 0 2
Slices: Used: 7 Available: 1
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 256 Policy CoS reserved
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 256 Policy CoS reserved
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 256 Policy P/D reserved
Virtual Slice * (physical slice 6) Rules: Used: 0 Available: 256 Policy P/D reserved
Virtual Slice 5 (physical slice 4) Rules: Used: 12 Available: 244 system
Virtual Slice 6 (physical slice 5) Rules: Used: 2 Available: 254 system
Virtual Slice 7 (physical slice 7) Rules: Used: 64 Available: 192 user/other
Stage: EGRESS
Slices: Used: 0 Available: 4
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 128
Stage: LOOKUP
Reserved slices:
Type Used Available
Policy Profile 0 4
Slices: Used: 4 Available: 0
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 128 Policy Profile reserved
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 128 Policy Profile reserved
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 128 Policy Profile reserved
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 128 Policy Profile reserved
Stage: EXTERNAL
Virtual Slice : (*) Physical slice not allocated to any virtual slice.

With both policy and telemetry disabled:

* POC.9 # sh access-list usage acl-slice port 1
Ports 1-24, 51, 52
Stage: INGRESS
Slices: Used: 3 Available: 5
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 6) Rules: Used: 0 Available: 256
Virtual Slice 5 (physical slice 4) Rules: Used: 12 Available: 244 system
Virtual Slice 6 (physical slice 5) Rules: Used: 2 Available: 254 system
Virtual Slice 7 (physical slice 7) Rules: Used: 64 Available: 192 user/other
Stage: EGRESS
Slices: Used: 0 Available: 4
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 128
Stage: LOOKUP
Slices: Used: 0 Available: 4
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 128
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 128
Stage: EXTERNAL
Virtual Slice : (*) Physical slice not allocated to any virtual slice.

Is there anyway to see what's using those 3 slices when both policy and telemetry are disabled, maybe those meters?
Userlevel 7
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
you use 87% of the ACL Ingress Slices, so you may be using too much resources. You could see more info with that command:

sh access-list usage acl-slice port 1:1
Userlevel 5
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
Hi Stephane,

See output below:

POC.4 # show sflow hardware-utilization
sFlow Hardware Table Utilization Statistics
Resource Type Current Maximum % Util.
-------------------- ------- ------- -------
MAC Entries 11 16383 0
Host Entries 0 4096 0
IPv4 Entries 0 4096 0
IPv6 Entries 0 2048 0
Long IPv6 Entries 0 2048 0
Total Routes 16 512 3
IPv4 Neighbors 5 N/A N/A
IPv6 Neighbors 0 N/A N/A
IPv4 Routes 16 N/A N/A
IPv6 Routes 0 N/A N/A
ECMP Next Hops 0 N/A N/A
ACL Ingress Entries 86 2048 4
ACL Ingress Counters 34 1024 3
ACL Ingress Meters 0 2048 0
ACL Ingress Slices 7 8 87
ACL Egress Entries 0 512 0
ACL Egress Counters 0 512 0
ACL Egress Meters 0 512 0
ACL Egress Slices 0 4 0

Thanks
Userlevel 7
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
Hi,
can you show the output of "show sflow hardware-utilization"?
Userlevel 5
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.

javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult}

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.

If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
Hi Oscar,

Ok thanks for the information, I will contact Extreme GTAC.

Kind Regards,
Kevin.

Reply