不涉及
某局点S5110交换机下发ACL到物理接口失败,如下图所示:
S5110版本信息如下:
H3C Comware Platform Software
Comware Software, Version 5.20.99, Release 1110
Copyright (c) 2004-2016 Hangzhou H3C Tech. Co., Ltd. All rights reserved.
H3C S5110-52P uptime is 7 weeks, 2 days, 4 hours, 0 minute
H3C S5110-52P
128M bytes DRAM
32M bytes Flash Memory
Config Register points to Flash
Hardware Version is REV.A
Bootrom Version is 111
[SubSlot 0] 48GE+4SFP Hardware Version is REV.A
以下是ACL的配置:
acl number 2000
rule 1 deny source 10.191.19.70 0
rule 2 deny source 10.191.19.71 0
rule 3 deny source 10.191.19.72 0
rule 4 deny source 10.191.19.73 0
rule 5 deny source 10.191.19.74 0
rule 6 deny source 10.191.19.75 0
rule 7 deny source 10.191.19.76 0
rule 8 deny source 10.191.19.77 0
rule 9 deny source 10.191.19.78 0
rule 10 deny source 10.191.19.79 0
rule 11 deny source 10.191.19.80 0
rule 12 deny source 10.191.19.81 0
rule 13 deny source 10.191.19.82 0
rule 14 deny source 10.191.19.83 0
rule 15 deny source 10.191.19.84 0
rule 16 deny source 10.191.19.85 0
rule 17 deny source 10.191.19.86 0
rule 18 deny source 10.191.19.87 0
rule 19 deny source 10.191.19.88 0
rule 20 deny source 10.191.19.89 0
rule 21 deny source 10.191.19.90 0
rule 22 deny source 10.191.19.91 0
rule 23 deny source 10.191.19.92 0
rule 24 deny source 10.191.19.93 0
rule 25 deny source 10.191.19.94 0
rule 26 deny source 10.191.19.95 0
rule 27 deny source 10.191.19.96 0
rule 28 deny source 10.191.19.97 0
rule 29 deny source 10.191.19.98 0
rule 30 deny source 10.191.19.99 0
rule 31 deny source 10.191.19.103 0
rule 32 deny source 10.191.19.104 0
rule 33 deny source 10.191.19.105 0
rule 34 deny source 10.191.19.106 0
rule 35 deny source 10.191.19.107 0
rule 36 deny source 10.191.19.108 0
rule 37 deny source 10.191.19.109 0
rule 38 deny source 10.191.19.110 0
rule 39 deny source 10.191.19.111 0
rule 40 deny source 10.191.19.112 0
rule 41 deny source 10.191.19.113 0
rule 42 deny source 10.191.19.114 0
rule 43 deny source 10.191.19.115 0
rule 44 deny source 10.191.19.116 0
rule 45 deny source 10.191.19.117 0
rule 46 deny source 10.191.19.118 0
rule 47 deny source 10.191.19.119 0
rule 48 deny source 10.191.19.120 0
rule 49 deny source 10.191.19.121 0
rule 50 deny source 10.191.19.122 0
rule 51 deny source 10.191.19.123 0
rule 52 deny source 10.191.19.124 0
rule 53 deny source 10.191.19.125 0
rule 54 deny source 10.191.19.127 0
rule 55 deny source 10.191.19.128 0
rule 56 deny source 10.191.19.129 0
rule 57 deny source 10.191.19.130 0
rule 58 deny source 10.191.19.131 0
rule 59 deny source 10.191.19.132 0
rule 60 deny source 10.191.19.133 0
rule 61 deny source 10.191.19.134 0
rule 62 deny source 10.191.19.135 0
rule 63 deny source 10.191.19.136 0
rule 64 deny source 10.191.19.137 0
rule 65 deny source 10.191.19.138 0
rule 66 deny source 10.191.19.139 0
rule 67 deny source 10.191.19.140 0
rule 68 deny source 10.191.19.141 0
rule 69 deny source 10.191.19.142 0
rule 70 deny source 10.191.19.143 0
rule 71 deny source 10.191.19.144 0
rule 72 deny source 10.191.19.145 0
rule 73 deny source 10.191.19.146 0
rule 74 deny source 10.191.19.147 0
rule 75 deny source 10.191.19.148 0
rule 76 deny source 10.191.19.149 0
rule 77 deny source 10.191.19.150 0
rule 78 deny source 10.191.19.151 0
rule 79 deny source 10.191.19.152 0
rule 80 deny source 10.191.19.153 0
rule 81 deny source 10.191.19.154 0
rule 82 deny source 10.191.19.155 0
rule 83 deny source 10.191.19.156 0
rule 84 deny source 10.191.19.157 0
rule 85 deny source 10.191.19.158 0
rule 86 deny source 10.191.19.159 0
rule 87 deny source 10.191.19.160 0
rule 88 deny source 10.191.19.161 0
rule 89 deny source 10.191.19.162 0
rule 90 deny source 10.191.19.163 0
rule 91 deny source 10.191.19.164 0
rule 92 deny source 10.191.19.165 0
rule 93 deny source 10.191.19.166 0
rule 94 deny source 10.191.19.167 0
rule 95 deny source 10.191.19.168 0
rule 96 deny source 10.191.19.169 0
rule 97 deny source 10.191.19.170 0
rule 98 deny source 10.191.19.171 0
rule 99 deny source 10.191.19.172 0
rule 100 deny source 10.191.19.173 0
rule 101 deny source 10.191.19.174 0
rule 102 deny source 10.191.19.175 0
rule 103 deny source 10.191.19.176 0
rule 104 deny source 10.191.19.177 0
rule 105 deny source 10.191.19.178 0
rule 106 deny source 10.191.19.179 0
rule 107 deny source 10.191.19.180 0
rule 108 deny source 10.191.19.181 0
rule 109 deny source 10.191.19.182 0
rule 110 deny source 10.191.19.183 0
rule 111 deny source 10.191.19.184 0
rule 112 deny source 10.191.19.185 0
rule 113 deny source 10.191.19.186 0
rule 114 deny source 10.191.19.187 0
rule 115 deny source 10.191.19.188 0
rule 116 deny source 10.191.19.189 0
rule 117 deny source 10.191.19.190 0
rule 118 deny source 10.191.19.191 0
rule 119 deny source 10.191.19.192 0
rule 120 deny source 10.191.19.193 0
rule 121 deny source 10.191.19.194 0
rule 122 deny source 10.191.19.195 0
rule 123 deny source 10.191.19.196 0
rule 124 deny source 10.191.19.197 0
rule 125 deny source 10.191.19.198 0
rule 126 deny source 10.191.19.199 0
rule 127 deny source 10.191.19.200 0
rule 128 deny source 10.191.19.201 0
rule 129 deny source 10.191.19.202 0
rule 130 deny source 10.191.19.203 0
rule 131 deny source 10.191.19.204 0
rule 132 deny source 10.191.19.205 0
rule 133 deny source 10.191.19.206 0
rule 134 deny source 10.191.19.207 0
rule 135 deny source 10.191.19.208 0
rule 136 deny source 10.191.19.209 0
rule 137 deny source 10.191.19.210 0
rule 138 deny source 10.191.19.211 0
rule 139 deny source 10.191.19.212 0
rule 140 deny source 10.191.19.213 0
rule 141 deny source 10.191.19.214 0
rule 142 deny source 10.191.19.215 0
rule 143 deny source 10.191.19.216 0
rule 144 deny source 10.191.19.217 0
rule 145 deny source 10.191.19.218 0
rule 146 deny source 10.191.19.219 0
rule 147 deny source 10.191.19.220 0
rule 148 deny source 10.191.19.221 0
rule 149 deny source 10.191.19.222 0
rule 150 deny source 10.191.19.223 0
rule 151 deny source 10.191.19.224 0
rule 152 deny source 10.191.19.225 0
rule 153 deny source 10.191.19.226 0
rule 154 deny source 10.191.19.227 0
rule 155 deny source 10.191.19.228 0
rule 156 deny source 10.191.19.229 0
rule 157 deny source 10.191.19.230 0
rule 158 deny source 10.191.19.231 0
rule 159 deny source 10.191.19.232 0
rule 160 deny source 10.191.19.233 0
rule 161 deny source 10.191.19.234 0
rule 162 deny source 10.191.19.235 0
rule 163 deny source 10.191.19.236 0
rule 164 deny source 10.191.19.237 0
rule 165 deny source 10.191.19.238 0
rule 166 deny source 10.191.19.239 0
rule 167 deny source 10.191.19.240 0
rule 168 deny source 10.191.19.241 0
rule 169 deny source 10.191.19.242 0
rule 170 deny source 10.191.19.243 0
rule 171 deny source 10.191.19.244 0
rule 172 deny source 10.191.19.245 0
rule 173 deny source 10.191.19.246 0
rule 174 deny source 10.191.19.247 0
rule 175 deny source 10.191.19.248 0
rule 176 deny source 10.191.19.249 0
rule 177 deny source 10.191.19.250 0
rule 178 deny source 10.191.19.251 0
rule 179 deny source 10.191.19.252 0
rule 180 deny source 10.191.19.253 0
rule 181 deny source 10.191.19.254 0
rule 182 deny source 10.191.19.255 0
rule 300 permit
从ACL的策略条目来看,可能是由于策略的条目数量过多,从而导致下发时资源不足导致的,因此需要通过查看系统日志来进一步定位问题。
在查看系统日志时,有如下的反馈:
%Jun 17 00:00:16:008 2000 LZ-KJZ-1 FILTER/5/FLT_SET_POLICY_RESOURCE_FAIL: Failed to apply the filter policy to or refresh the filter policy 2000 on interface GigabitEthernet1/0/46 due to lack of resources.
根据日志提示基本可以确定是由于ACL策略条目数量过多而导致下发失败
需要优化ACL的策略配置后下发即可,具体配置如下:
undo acl number 2000
acl number 2020
rule 1 deny source 10.191.19.70 0
rule 2 deny source 10.191.19.71 0
rule 3 deny source 10.191.19.72 0
rule 4 deny source 10.191.19.73 0
rule 5 deny source 10.191.19.74 0
rule 6 deny source 10.191.19.75 0
rule 7 deny source 10.191.19.76 0
rule 8 deny source 10.191.19.77 0
rule 9 deny source 10.191.19.78 0
rule 10 deny source 10.191.19.79 0
rule 11 deny source 10.191.19.80 0.0.0.15
rule 12 deny source 10.191.19.96 0.0.0.15
rule 13 deny source 10.191.19.112 0.0.0.15
rule 14 deny source 10.191.19.128 0.0.0.127
quit
interface GigabitEthernet1/0/46
port access vlan 16
loopback-detection enable
loopback-detection action shutdown
packet-filter 2020 inbound
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作