This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Too many ACL's & packet rate is too high issue

Too many ACL's & packet rate is too high issue

GONÇALO_NUNO_CO
New Contributor III

‎02-24-2017 09:53 AM

Hi, When i configure the switch to download Xos image to upgrade its verson im getting too many "Too many ACL's & packet rate is too high" messages in the switch logs.

02/24/2017 11:34:27.76 Slot-1: Denied packet on ingress interface vlanIf=1000010 slot=1 port=49, too many ACL's & packet rate is too high.

This messages refer to the trunk where i dont have any access-list applied. Ive run the "sh access-list port 1:49" and got this:

#Dynamic Entries ((*)- Rule is non-permanent )
RuleNo Name Application Zone Sub-Zone
(*)1 idmgmt_ks_tcp_dst IdentityManager SYSTEM 0
(*)2 idmgmt_ks_udp_dst IdentityManager SYSTEM 0
(*)3 idmgmt_ks_tcp_src IdentityManager SYSTEM 0
(*)4 idmgmt_ks_udp_src IdentityManager SYSTEM 0

apart form not having any acl applied to the port 49 i dont have neither the identity management configured on port 49.

Can someone guide me to where should i look for the cause of that log message?

Thanks
0 Kudos
5 REPLIES 5

Tripathy__Priya
Extreme Employee

‎02-27-2017 05:05 AM

First of all welcome to HUB for your participation here. I could see you had posted this question 3 days back for the reported error log message and requesting us to provide the cause of these messages.

Looking at the below log messages:

02/24/2017 11:34:27.76 Slot-1: Denied packet on ingress interface vlanIf=1000010 slot=1 port=49, too many ACL's & packet rate is too high.

As far as my understanding is concerned this is reflected in the log if the "refresh policy" command is invoked by adding few more entries in the policy file, then after unconfiguring that specific ACL, EXOS switch will start logging messages like "Denied packet on ingress interface vlanIf=1000223 slot=1 port=1, too many ACL's & packet rate is too high ".

I can see you had already mentioned that no ACL is configured at this moment. That is true but we never know if in the recent past something was configured and later it was unconfigured. While doing this if the policy files contain more than 1 entries then later it would throw these messages.

Hope you understand whatever i have explained here referring to the provided log message and its cause.
0 Kudos
GTM-P2G8KFN