2
Troubleshooting flowchart
Figure 1 Flowchart for troubleshooting ACL deployment failure
Solution
To resolve the issue:
1.
Determine the reason for the issue.
If the
Reason: Not enough hardware resource
message is displayed, the ACL fails to be
deployed due to insufficient resources or because the ACL has been referenced.
You can also use the
display acl resource
command to view the ACL resource usage. If
the
Remaining
field is 0 or a small value, no ACL can be deployed. If ACL resources are
sufficient, go to step 2 for an ACL that is deployed in a QoS policy and go to step 3 for an ACL
that is deployed in a packet filter. Use the
display qos policy interface
command to
check whether an ACL is deployed in a QoS policy.
2.
Check the QoS policy configuration.
a.
Use the one of the following commands to check whether the QoS policy lacks traffic
classes and traffic behaviors:
−
display qos policy interface
−
display qos vlan-policy
−
display qos policy global
If yes, add the traffic classes and traffic behaviors.
Hardware resources
insufficient?
Is ACL deployed via
a QoS policy?
Address resource
insufficiency
Failure cleared?
ACL deployment
failure
Yes
No
No
Yes
No
Yes
Yes
Is QoS policy
configured correctly?
Configure QoS
policy correctly
Failure cleared?
No
Yes
Yes
No
Is ACL rule
configured correctly?
Configure ACL rule
correctly
Failure cleared?
No
Yes
Yes
No
Contact the support
Configure packet
filter correctly
Is packet filter
configured correctly?
Failure cleared?
Yes
No
End
No