-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ibrahim:
- - No QoS - - V.small outbound ACL - - Low load / CPU - - Low traffic think it may be a CAM programming issue, am going to capture a textual representation of the ACLents in the CAM with the command show platform hardware acl <dir> entries interface <int> all and compare it to the textual ACL applied (or supposedly applied) and try and do this from an EEM applet, this should give me a diff of the two and I can then see which entries don't make it to the CAM and for how long. Will keep you all updated as I progress (first step to get EEM on the box!!) Mant thanks to richard for pointing me in the right direction here. Dave. Ibrahim Abo Zaid wrote: > Hi David > > from Cisco > > > Error Message C4K_PKTPROCESSING-5-NOTAPPLYINGACL:Not applying > [input/output] Acl > for packet [packet-info] > > Explanation The software has not taken the ACL actions because it could > not determine the correct ACL entry indicated by the hardware. The > hardware-provided index of the ACL content addressable memory (CAM) > indicates that the software needs to take the actions for the entry at that > index. If the packet was queued in the hardware before being processed by > the software, the index is out-of-date. > Recommended Action This message is informational only. No action is > required. > > the only thing i am wondering about is ACL HW-Index is temp and has > expiration timer ? > > so do have any QoS policy applied at the same interface ? do u have any CPU > problem on this gear ? > > > best regards > --Ibrahim > > On Wed, May 20, 2009 at 4:03 PM, David Freedman <[email protected] >> wrote: > > No ACL changes being made at the time, a block of these occur randomly > at once, could there be a CAM problem? > > Dave. > > Richard Gallagher wrote: >>>> David, >>>> >>>> How often did the message occur? Were any ACL changes being made at the >>>> time? >>>> >>>> Rich >>>> >>>> On 20 May 2009, at 01:35, David Freedman wrote: >>>> >>>>> Anybody seen these messages occur frequently? >>>>> >>>>>> May 18 09:19:31 box 575: May 18 08:20:37 UTC: >>>>>> %C4K_PKTPROCESSING-5-NOTAPPLYINGACL: Not applying Output Acl for packet >>>>>> udp srcHost 1.1.1.1 dstHost 2.2.2.2 tos 0 srcPort 934 >>>>>> dstPort 2049 >>>>> According the error decoder, they are CAM programming issue but that >>>>> is about the level >>>>> of detail it goes into, I would infer from this that they should only >>>>> be seen rarely >>>>> but I'm starting to see them frequently, box is 4948 running >>>>> 12.2(25)EWA10, bugtool >>>>> as usual has nothing. >>>>> >>>>> Any pointers appreciated. >>>>> >>>>> Regards, >>>>> >>>>> ------------------------------------------------ >>>>> David Freedman >>>>> Group Network Engineering >>>>> Claranet Limited >>>>> http://www.clara.net >>>>> >>>>> _______________________________________________ >>>>> cisco-nsp mailing list [email protected] >>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp >>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ >> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoVbDUACgkQtFWeqpgEZrLQ2ACguoFB8AMRPfLAmLfdpNdfVYLI a8kAoM+f7K4y1yD/F5BIl9x9cZv/Mo0/ =8w6Z -----END PGP SIGNATURE----- _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
