cancel
Showing results for 
Search instead for 
Did you mean: 

Policy cannot be enabled when double width access-list

Policy cannot be enabled when double width access-list

Anonymous
Not applicable
Hi There,

Just wondering if anyone has seen this issue, or know what its complaining about and how to correct.

Trying to run the command:
enable policyThis is on an X670G2, Core License running version 21.1.4.4 Patch 1-3

I get the following error:

Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0). Note that Policy cannot be enabled when double width access-list is configured or operational. No ACLs have been configured, the following command shows the same on the other 3 core switches that have relitivly the same config and policy is enabled fine:
Customer-Core4.304 # show access-list width
Slot Type Width (Configured)
---- ---------------- ---------------------
X670G2-48x-4q SingleRun various other ACL commands and nothing is standing out. Googling the error or elements of the message doesn't seem to be returning anything.

Many thanks in advance
4 REPLIES 4

Stefano_Dall_Os
New Contributor III
Hi all,
and thanks for the replies ...

but I think I'm loosing something ...
I don't have any MLAG enabled on the x670-g2 stack ...

so, where is the issue?

thanks in advance

best regards

Stefano

Anonymous
Not applicable
Hi Stefano,

Believe the issue in my case was that with MLAG enabled it used too many ACL slices for me to be able to enable policy.

The fix was to disable MLAG, then enable policy, then enable MLAG again!

Thanks,

Martin

Kawawa
Extreme Employee
Hi Stefano,

Both MLAG and Policy reserve ACL Slice resources when configured/enabled. For policy, you can reduce the resource reservation by configuring the profile-modifier. This functionality was added in 22.4

https://documentation.extremenetworks.com/exos_commands_22.4/exos_21_1/exos_commands_all/r_configure...

So, something like:
configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enableAfter configuring this you should see more available slices in the acl-slice usage output

Stefano_Dall_Os
New Contributor III
hi all ... I have the same error, on the same hardware,
with a different firmware version
summitX-22.4.1.4.xos
is there any update?

please let me know

thanks a lot

best regards

Stefano

GTM-P2G8KFN