S5110交换机下发ACL到物理接口失败的解决办法

不涉及

某局点S5110交换机下发ACL到物理接口失败，如下图所示：

S5110版本信息如下：

H3C Comware Platform Software

Comware Software, Version 5.20.99, Release 1110

Copyright (c) 2004-2016 Hangzhou H3C Tech. Co., Ltd. All rights reserved.

H3C S5110-52P uptime is 7 weeks, 2 days, 4 hours, 0 minute

H3C S5110-52P

128M    bytes DRAM

32M     bytes Flash Memory

Config Register points to Flash

Hardware Version is REV.A

Bootrom Version is 111

[SubSlot 0] 48GE+4SFP Hardware Version is REV.A

以下是ACL的配置：

acl number 2000

 rule 1 deny source 10.191.19.70 0

 rule 2 deny source 10.191.19.71 0

 rule 3 deny source 10.191.19.72 0

 rule 4 deny source 10.191.19.73 0

 rule 5 deny source 10.191.19.74 0

 rule 6 deny source 10.191.19.75 0

 rule 7 deny source 10.191.19.76 0

 rule 8 deny source 10.191.19.77 0

 rule 9 deny source 10.191.19.78 0

 rule 10 deny source 10.191.19.79 0

 rule 11 deny source 10.191.19.80 0

 rule 12 deny source 10.191.19.81 0

 rule 13 deny source 10.191.19.82 0

 rule 14 deny source 10.191.19.83 0

 rule 15 deny source 10.191.19.84 0

 rule 16 deny source 10.191.19.85 0

 rule 17 deny source 10.191.19.86 0

 rule 18 deny source 10.191.19.87 0

 rule 19 deny source 10.191.19.88 0

 rule 20 deny source 10.191.19.89 0

 rule 21 deny source 10.191.19.90 0

 rule 22 deny source 10.191.19.91 0

 rule 23 deny source 10.191.19.92 0

 rule 24 deny source 10.191.19.93 0

 rule 25 deny source 10.191.19.94 0

 rule 26 deny source 10.191.19.95 0

 rule 27 deny source 10.191.19.96 0

 rule 28 deny source 10.191.19.97 0

 rule 29 deny source 10.191.19.98 0

 rule 30 deny source 10.191.19.99 0

 rule 31 deny source 10.191.19.103 0

 rule 32 deny source 10.191.19.104 0

 rule 33 deny source 10.191.19.105 0

 rule 34 deny source 10.191.19.106 0

 rule 35 deny source 10.191.19.107 0

 rule 36 deny source 10.191.19.108 0

 rule 37 deny source 10.191.19.109 0

 rule 38 deny source 10.191.19.110 0

 rule 39 deny source 10.191.19.111 0

 rule 40 deny source 10.191.19.112 0

 rule 41 deny source 10.191.19.113 0

 rule 42 deny source 10.191.19.114 0

 rule 43 deny source 10.191.19.115 0

 rule 44 deny source 10.191.19.116 0

 rule 45 deny source 10.191.19.117 0

 rule 46 deny source 10.191.19.118 0

 rule 47 deny source 10.191.19.119 0

 rule 48 deny source 10.191.19.120 0

 rule 49 deny source 10.191.19.121 0

 rule 50 deny source 10.191.19.122 0

 rule 51 deny source 10.191.19.123 0

 rule 52 deny source 10.191.19.124 0

 rule 53 deny source 10.191.19.125 0

 rule 54 deny source 10.191.19.127 0

 rule 55 deny source 10.191.19.128 0

 rule 56 deny source 10.191.19.129 0

 rule 57 deny source 10.191.19.130 0

 rule 58 deny source 10.191.19.131 0

 rule 59 deny source 10.191.19.132 0

 rule 60 deny source 10.191.19.133 0

 rule 61 deny source 10.191.19.134 0

 rule 62 deny source 10.191.19.135 0

 rule 63 deny source 10.191.19.136 0

 rule 64 deny source 10.191.19.137 0

 rule 65 deny source 10.191.19.138 0

 rule 66 deny source 10.191.19.139 0

 rule 67 deny source 10.191.19.140 0

 rule 68 deny source 10.191.19.141 0

 rule 69 deny source 10.191.19.142 0

 rule 70 deny source 10.191.19.143 0

 rule 71 deny source 10.191.19.144 0

 rule 72 deny source 10.191.19.145 0

 rule 73 deny source 10.191.19.146 0

 rule 74 deny source 10.191.19.147 0

 rule 75 deny source 10.191.19.148 0

 rule 76 deny source 10.191.19.149 0

 rule 77 deny source 10.191.19.150 0

 rule 78 deny source 10.191.19.151 0

 rule 79 deny source 10.191.19.152 0

 rule 80 deny source 10.191.19.153 0

 rule 81 deny source 10.191.19.154 0

 rule 82 deny source 10.191.19.155 0

 rule 83 deny source 10.191.19.156 0

 rule 84 deny source 10.191.19.157 0

 rule 85 deny source 10.191.19.158 0

 rule 86 deny source 10.191.19.159 0

 rule 87 deny source 10.191.19.160 0

 rule 88 deny source 10.191.19.161 0

 rule 89 deny source 10.191.19.162 0

 rule 90 deny source 10.191.19.163 0

 rule 91 deny source 10.191.19.164 0

 rule 92 deny source 10.191.19.165 0

 rule 93 deny source 10.191.19.166 0

 rule 94 deny source 10.191.19.167 0

 rule 95 deny source 10.191.19.168 0

 rule 96 deny source 10.191.19.169 0

 rule 97 deny source 10.191.19.170 0

 rule 98 deny source 10.191.19.171 0

 rule 99 deny source 10.191.19.172 0

 rule 100 deny source 10.191.19.173 0

 rule 101 deny source 10.191.19.174 0

 rule 102 deny source 10.191.19.175 0

 rule 103 deny source 10.191.19.176 0

 rule 104 deny source 10.191.19.177 0

 rule 105 deny source 10.191.19.178 0

 rule 106 deny source 10.191.19.179 0

 rule 107 deny source 10.191.19.180 0

 rule 108 deny source 10.191.19.181 0

 rule 109 deny source 10.191.19.182 0

 rule 110 deny source 10.191.19.183 0

 rule 111 deny source 10.191.19.184 0

 rule 112 deny source 10.191.19.185 0

 rule 113 deny source 10.191.19.186 0

 rule 114 deny source 10.191.19.187 0

 rule 115 deny source 10.191.19.188 0

 rule 116 deny source 10.191.19.189 0

 rule 117 deny source 10.191.19.190 0

 rule 118 deny source 10.191.19.191 0

 rule 119 deny source 10.191.19.192 0

 rule 120 deny source 10.191.19.193 0

 rule 121 deny source 10.191.19.194 0

 rule 122 deny source 10.191.19.195 0

 rule 123 deny source 10.191.19.196 0

 rule 124 deny source 10.191.19.197 0

 rule 125 deny source 10.191.19.198 0

 rule 126 deny source 10.191.19.199 0

 rule 127 deny source 10.191.19.200 0

 rule 128 deny source 10.191.19.201 0

 rule 129 deny source 10.191.19.202 0

 rule 130 deny source 10.191.19.203 0

 rule 131 deny source 10.191.19.204 0

 rule 132 deny source 10.191.19.205 0

 rule 133 deny source 10.191.19.206 0

 rule 134 deny source 10.191.19.207 0

 rule 135 deny source 10.191.19.208 0

 rule 136 deny source 10.191.19.209 0

 rule 137 deny source 10.191.19.210 0

 rule 138 deny source 10.191.19.211 0

 rule 139 deny source 10.191.19.212 0

 rule 140 deny source 10.191.19.213 0

 rule 141 deny source 10.191.19.214 0

 rule 142 deny source 10.191.19.215 0

 rule 143 deny source 10.191.19.216 0

 rule 144 deny source 10.191.19.217 0

 rule 145 deny source 10.191.19.218 0

 rule 146 deny source 10.191.19.219 0

 rule 147 deny source 10.191.19.220 0

 rule 148 deny source 10.191.19.221 0

 rule 149 deny source 10.191.19.222 0

 rule 150 deny source 10.191.19.223 0

 rule 151 deny source 10.191.19.224 0

 rule 152 deny source 10.191.19.225 0

 rule 153 deny source 10.191.19.226 0

 rule 154 deny source 10.191.19.227 0

 rule 155 deny source 10.191.19.228 0

 rule 156 deny source 10.191.19.229 0

 rule 157 deny source 10.191.19.230 0

 rule 158 deny source 10.191.19.231 0

 rule 159 deny source 10.191.19.232 0

 rule 160 deny source 10.191.19.233 0

 rule 161 deny source 10.191.19.234 0

 rule 162 deny source 10.191.19.235 0

 rule 163 deny source 10.191.19.236 0

 rule 164 deny source 10.191.19.237 0

 rule 165 deny source 10.191.19.238 0

 rule 166 deny source 10.191.19.239 0

 rule 167 deny source 10.191.19.240 0

 rule 168 deny source 10.191.19.241 0

 rule 169 deny source 10.191.19.242 0

 rule 170 deny source 10.191.19.243 0

 rule 171 deny source 10.191.19.244 0

 rule 172 deny source 10.191.19.245 0

 rule 173 deny source 10.191.19.246 0

 rule 174 deny source 10.191.19.247 0

 rule 175 deny source 10.191.19.248 0

 rule 176 deny source 10.191.19.249 0

 rule 177 deny source 10.191.19.250 0

 rule 178 deny source 10.191.19.251 0

 rule 179 deny source 10.191.19.252 0

 rule 180 deny source 10.191.19.253 0

 rule 181 deny source 10.191.19.254 0

 rule 182 deny source 10.191.19.255 0

 rule 300 permit

 从ACL的策略条目来看，可能是由于策略的条目数量过多，从而导致下发时资源不足导致的，因此需要通过查看系统日志来进一步定位问题。

在查看系统日志时，有如下的反馈：

%Jun 17 00:00:16:008 2000 LZ-KJZ-1 FILTER/5/FLT_SET_POLICY_RESOURCE_FAIL: Failed to apply the filter policy to or refresh the filter policy 2000 on interface GigabitEthernet1/0/46 due to lack of resources.

根据日志提示基本可以确定是由于ACL策略条目数量过多而导致下发失败

需要优化ACL的策略配置后下发即可，具体配置如下：

undo acl number 2000

acl number 2020

 rule 1 deny source 10.191.19.70 0

 rule 2 deny source 10.191.19.71 0

 rule 3 deny source 10.191.19.72 0

 rule 4 deny source 10.191.19.73 0

 rule 5 deny source 10.191.19.74 0

 rule 6 deny source 10.191.19.75 0

 rule 7 deny source 10.191.19.76 0

 rule 8 deny source 10.191.19.77 0

 rule 9 deny source 10.191.19.78 0

 rule 10 deny source 10.191.19.79 0

 rule 11 deny source 10.191.19.80 0.0.0.15

 rule 12 deny source 10.191.19.96 0.0.0.15

 rule 13 deny source 10.191.19.112 0.0.0.15

 rule 14 deny source 10.191.19.128 0.0.0.127

quit

interface GigabitEthernet1/0/46

 port access vlan 16

 loopback-detection enable

 loopback-detection action shutdown

packet-filter 2020 inbound