Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
show system internal access-list globals command displays negative value for Remaining free size under the Egress memory region switch# show system internal access-list globals slot 1 ======= Atomic Update : ENABLED Default ACL : DENY Bank Chaining : DISABLED Fabric path DNL : DISABLED NS Buffer Profile: Burst optimized Min Buffer Profile: all EOQ Class Stats: qos-group-0 NS MCQ3 Alias: qos-group-3 Ing PG Share: ENABLED IPG in Shape: DISABLED Classify ns-only : DISABLED Ing PG Min: NOT-DISABLED Ing PG Headroom reservation: 100 OQ Drops Type: both OQ Stats Type: [c1]: q 1 both [c2]: q 2 both [c3]: q 3 both [c4]: q 4 both [c5]: q 5 both [c6]: q 6 both [c7]: q 7 both [c8]: q 8 both [c9]: q 9 both peak count type: port counter 0 classes: 255 counter 1 classes: 0 OOBST Max records: 1000 DPP Aging Period: 5000 DPP Max Number of Packets: 120 AFD ETRAP Aging Period: 50 AFD ETRAP Byte Count: 1048555 AFD ETRAP Bandwidth Threshold: 500 ACL Inner Header Match : DISABLED VXLAN OAM Dynamic Entry Move: TRUE VXLAN XConnect ACL Programmed: FALSE DOT1X Entry Move: TRUE DOT1X Entry ACL Programmed: TRUE DOT1X Multi Auth ACL Entry Programmed: FALSE Multicast NLB enabled: FALSE TCAM Template Initialised: TRUE PBR Fast Convergence : DISABLED Reset DEI : 0 LOU Threshold Value : 5 -------------------------------------------------------------------------------------- INSTANCE 0 TCAM Region Information: -------------------------------------------------------------------------------------- Ingress: -------- Region TID Base Size Width -------------------------------------------------------------------------------------- NAT 13 0 0 1 Ingress PACL 1 0 0 1 Ingress VACL 2 0 512 1 Ingress RACL 3 512 1792 1 Ingress RBACL 4 0 0 1 Ingress L2 QOS 5 2304 256 1 Ingress L3/VLAN QOS 6 2560 512 1 Ingress SUP 7 3072 512 1 Ingress L2 SPAN ACL 8 3584 256 1 Ingress L3/VLAN SPAN ACL 9 3840 256 1 Ingress FSTAT 10 0 0 1 SPAN 12 4096 512 1 Ingress REDIRECT 14 0 0 1 Ingress NBM 30 0 0 1 Ingress Flow-redirect 39 0 0 1 Ingress RACL Lite 42 0 0 1 Ingress PACL IPv4 Lite 41 0 0 1 Ingress PACL IPv6 Lite 43 0 0 1 Ingress CNTACL 44 0 0 1 Mcast NAT 46 0 0 1 Ingress DACL 47 0 0 1 Ingress PACL Super Bridge 49 0 0 1 Ingress Storm Control 50 0 0 1 Ingress VACL Redirect 51 0 0 1 Egress Netflow SVI 58 0 0 1 55 0 0 1 ------------------------------------------------------------------------------------- Total configured size: 4608 Remaining free size: 512 Note: Ingress SUP region includes Redirect region Egress: -------- Region TID Base Size Width -------------------------------------------------------------------------------------- Egress VACL 15 0 512 1 Egress RACL 16 512 1280 1 Egress SUP 18 1792 256 1 Egress L2 QOS 19 0 0 1 Egress L3/VLAN QOS 20 0 0 1 Egress CoPP 37 0 0 1 Egress CNTACL 45 0 0 1 Egress VACL 15 0 512 1 ------------------------------------------------------------------------------------- Total configured size: 2560 Remaining free size: -512 However, switch(config)# show hardware access-list tcam region command shows actual memory for VACL is 512. switch(config)# show hardware access-list tcam region | i VACL VACL [vacl] size = 512 Ingress VACL redirect [ing-vacl-nh] size = 0
Carve TCAM for VACL region. Device should run NXOS 10.1 or higher. Was checked on 10.2(x), 10.3.4, 10.4.2
The actual memory available for VACL can be checked with the command: show hardware access-list tcam region | i VACL
*PSIRT Evaluation:* The Cisco PSIRT has evaluated this issue and determined it does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html