Header Only - DO NOT REMOVE - Extreme Networks

Error: ACL install operation failed - filter hardware full for vlan esn-mo-01, port *

Userlevel 3
Hi there,

I'm trying to implement a new egress vlan ACL to match traffic going to a particular address on a range of UDP ports and put it into QoSprofile QP6.

But I'm getting the above error.

I'm on an X460 running and I appear to have egress ACL slices available:

show access-list usage acl-slice port 1
Ports 1-34
Slices: Used: 0 Available: 4
Slice 0 Rules: Used: 0 Available: 0
Slice 1 Rules: Used: 0 Available: 0
Slice 2 Rules: Used: 0 Available: 0
Slice 3 Rules: Used: 0 Available: 0
Slices: Used: 1 Available: 3
Slice 0 Rules: Used: 0 Available: 0
Slice 1 Rules: Used: 0 Available: 0
Slice 2 Rules: Used: 0 Available: 0
Slice 3 Rules: Used: 35 Available: 477 system
Slices: Used: 0 Available: 0

I've found the 'fix' to reset the precedence to 'shared' as it now defaults to 'dedicated', but why should I? This ACL didn't exist on any previous version of code so why can't I use the default setting to apply this relatively simple ACL?


Many thanks,

3 replies

Userlevel 4
The egress ACL doesn't support a port range of UDP/TCP. Unlike ingress ACLs, ‘qosprofile’ action is only used to determine DSCP and DOT1P mappings and has no effect on the traffic queuing or prioritization.
Userlevel 3
Thanks Kevin, but this is taken from the Concepts Guide chapter about ACL QoS Traffic Classes:

"Depending on the platform you are using, traffic in an ACL traffic group can be processed as follows:

• Assigned to an ingress meter for rate limiting

• Marked for an egress QoS profile for rate shaping <<<<<<

• Marked for an egress traffic queue for rate shaping <<<<<<<

• Marked for DSCP replacement on egress

• Marked for 802.1p priority replacement on egress

• Assigned to an egress meter for rate limiting"

Is that incorrect? Should I be using an Ingress ACL on the incoming Vlan to assign my traffic to an appropriate QP?
Userlevel 4
You can use 'qosprofile' action statement in an egress ACL for remarking DSCP or Dot1p values. However, the traffic queuing or prioritization doesn't take place.

qosprofile qosprofilename—Forwards the packet to the specified QoS profile.

• ingress—all platforms
• egress—does not forward the packets to the specified qosprofile. If the action modifier “replace- dot1p” is present in the ACL rule, the dot1p field in the packet is replaced with the value from associated qosprofile.