01-20-2016 09:02 AM
Hi,
I'm facing a problem with two X670-48x in version 15.5.3.4 when I try to install an ACL on an egress port.
Here is the content of the policy file :
 
entry NO-DHCP-SR1-SR2-01 {
if match all {
vlan-id 443 ;
protocol udp ;
destination-port bootps ;
ethernet-destination-address ff:ff:ff:ff:ff:ff ;
} then {
deny ;
count BROADDHCP443;
}
}
When I try to install the ACL I get this error :
SRX.14 # configure access-list INTER-ROUTERS ports 2 egress
Error: ACL install operation failed - filter hardware full for vlan *, port 2
Months ago, I upgraded the swith from 15.2.2.7 to 15.5.3.4, so I thought I match the symptoms described herre : https://extremeportal.force.com/ExtrArticleDetail?an=000077652
I have follow the instructions and changed the access-list configuration, saved the configuration and then reboot the switch but I'm still having the same error message.
Here is an extract of the log when trying to apply the ACL :
01/19/2016 07:57:07.88 Policy:unBind:INTER-ROUTERS:vlan:*:port:*:
01/19/2016 07:57:07.88 Policy:unBind:INTER-ROUTERS:vlan:*:port:2:
01/19/2016 07:57:07.88 EXOS application attempting to install incompatible ACL: filter vlan *, port 2 (rule "NO-DHCP-SR1-SR2-01", index 1)
01/19/2016 07:57:07.87 Loaded Policy: INTER-ROUTERS number of entries 1
01/19/2016 07:57:07.87 Loading policy INTER-ROUTERS from file /config/INTER-ROUTERS.pol
01/19/2016 07:50:55.75 Policy:unBind:INTER-ROUTERS:vlan:*:port:*:
01/19/2016 07:50:55.75 Policy:unBind:INTER-ROUTERS:vlan:*:port:2:
01/19/2016 07:50:55.75 EXOS application attempting to install incompatible ACL: filter vlan *, port 2 (rule "NO-DHCP-SR1-SR2-01", index 1)
01/19/2016 07:50:55.74 Loaded Policy: INTER-ROUTERS number of entries 1
01/19/2016 07:50:55.74 Loading policy INTER-ROUTERS from file /config/INTER-ROUTERS.pol
Have you any idea about what's wrong with this ?
Regards,
Romain M.
01-21-2016 07:44 AM
01-20-2016 07:53 PM
01-20-2016 09:49 AM
