Cisco WAN :: 7600 Hardware TCAM Entry Capacity Exceeded
Nov 30, 2011
I am seeing the following log messages appear on our border edge 7600 router (SUP720-3BXL) The messages seem to appear when tag switching has been enabled on the interface, so somehow related I presume. The MPLS forwarding table is very small however. [code]
I can't see anything that is using up the ACL_TCAM HI BANK using "show tcam global acl" There aren't any ACL's applied to any of the interfaces, or policy-maps. The only ACL's in use are for SNMP, ntp, and VTY. These are very small any way. Interface Gi1/22, and 1/1 have tag switching enabled. [code]
The router has a full BGP routing table learned via an upstream (EBGP) peer neighbor, and an IBGP peer. The CPU utilisation seems fine, as is memory usage. CEF seems to be running okay. It's currently running [code] Are prefix lists part of TCAM? Is the router over-resourced holding a full bgp routing table?
View 1 Replies
ADVERTISEMENT
Nov 6, 2011
following errors.
Nov 7 21:34:50: %EARL_NETFLOW-SP-STDBY-4-TCAM_THRLD: Netflow TCAM threshold exceeded, TCAM Utilization [99%]
Nov 7 21:44:44: %EARL_NETFLOW-SP-4-TCAM_THRLD: Netflow TCAM threshold exceeded, TCAM Utilization [91%]
I've already found this kinds of cases, in this community. So, It seems that Changing the current configuration to 'mls aging fast threshold ## time ## ' is most suitable in our situation.But, I don't know how to calculate the apt threshold value and time value.
[1] sh run | in mls
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
[code]....
View 1 Replies
View Related
Jul 26, 2012
Branch office has 881 VPN router. Services that ignore MSS in packets don't work. Adjusting MSS has no effect since the services are ignoring that setting.works fine, but some Yahoo sites don't.Found a workaround for exceeded MSS for PIX and ASA (link below), but can't find anything for VPN routers.
View 0 Replies
View Related
Jun 3, 2013
Branch office has 881 VPN router. Services that ignore MSS in packets don't work. Adjusting MSS has no effect since the services are ignoring that setting. Example: www.google.com works fine, but some Yahoo sites don't.
Found a workaround for exceeded MSS for PIX and ASA (link below), but can't find anything for VPN routers.url...
View 3 Replies
View Related
Apr 21, 2012
How to get tcam utilization by using snmp on ASR100x?
View 2 Replies
View Related
Aug 6, 2012
I have 1 x SG300 28P in Layer 3 mode which is the default gateway for all the IP phones that will be installed. The PC's ont he network will use the existing default gateway which is another router. I will have another 2 x SG300 28P devices in layer 2 mode which are connected to the Layer 3 SG300 28P.
My question - Are the IP's that registered against the TCAM limit only the devies which physically plug into the SG300 28P switches ? I assume other computers on the network which are plugged into another switch and don't use the default gateway of the SG300 (its only for voice) they then wouldn't be registered in the TCAM ?
The site has around 65 computers currently and obviously plugging in 65 IP phones we're going to hit a limit of over 100 IP's. My thoughts were to potentially keep the computers and Phones seperate on a couple of the switches to keep the IP's in the TCAM to a minimum..
View 3 Replies
View Related
Apr 16, 2013
I'd like to know what is "masks" in the output of show platform tcam utilization. What does 784 mean? What effect has the number of mask in the amount of supported unicast direct routes?
I'm having trouble comparing the capacity of theese two switches, regarding unicast directly-connected routes. I know the second switch has cpu utilization issues and ip unicast failed routes over 4096 arp entries. What would be the case for the first one?
Switch 1:
CAM Utilization for ASIC# 0 Max Used
Masks/Values Masks/values
Unicast mac addresses: 784/6272 12/26
IPv4 IGMP groups + multicast routes: 144/1152 6/26
[Code]...
View 1 Replies
View Related
Sep 28, 2011
I thought that in the past I had problems with my ASA5505 because I had to reboot a number of times, now that I have logging enabled I can see the following: -Deny traffic for protocol 17 src inside, licensed host limit of 10 exceeded.Does this mean that I can not have any more than 10 inside host going out of the outside interface at any time, if not what this means and how I can solve it.
View 16 Replies
View Related
Feb 24, 2012
I've created a BVI2 where I bridged dot11 0.2 and vlan2 in order to have wired and wireless clients in the same vlan.Some wired client are not reachable from the lan. Wireless clients have no pbl in reaching each other.Monitoring a MAC address that is supposed to be behind the FA2 I have noticed that it moves to vlan2 when in fact it should be behind the FA2.Of course when "show mac-address-table" says it is behind Fa2 the ping to that MAC address works whereas when the TCAM reports it is behind vlan2 it doesn't. Once the MAC address is behind the vlan2 if I clear the mac-address-table and that mac-address is still put behinf Fa2 then the pings works again, sometime I have to perform twice the clear command before the MAC address goes back to the right location.I'd like to understand why the router moves that MAC address from Fa2 to vlan2 and that's the reason for my question in the subject.I don't have any problems for port Fa0 and Fa1."Show int fa2" doesn't show any problem/errors or the likes.BTW even if I force that MAC address to be statically behind FA2 the ping works fine but then stops and if I do "show mac-add" the static entry for it is still there... so looks like there us something that overrides that static entry. If clear everything and I have the mac-address be behind Fa2 then everything starts to work again. I used Fa3 instead of Fa2 and I get the same results.
IOS: c870-advipservicesk9-mz.151-3.T1.bin
View 5 Replies
View Related
Nov 30, 2011
I had a lot of problems with TCAM table in the past and made changes in SDM ended whit that. But now want to be proactive and anticipate the problems in my TCAM table.
If the my template is "default desktop" they support a number of indirect IPv4 routes of 2k. I wanna know automatically by my management tools if this number reaches 1.9k.
That way I can take corrective actions before the problems starts on my network.
View 5 Replies
View Related
Nov 11, 2012
we have a WS-X6K-SUP2-2GE running CATOS software, we are facing a TCAM exhaustion.I would like to know the following:
1. during an exhaustion, based on what ACLs will be kept in hardware or moved to software? the name or number gives any precedence to an ACL over another ACL?
2. If the TCAM's utilisation was on the limit and we increased ACEs to a specific ACL, all the ACL will be moved to software or only the new entries?
View 1 Replies
View Related
Oct 28, 2012
i had a client request to block ICMP request on their 1841 WAN link. i've got ACL hits for ACE 170 but not for 171.
how to test or simulate for ICMP time-exceeded? is this TTL related and is there a DOS command or any way to produce ping packet with a less TTL count that would hit the ACL log? below is the config.
interface FastEthernet0/0
ip address 202.42.x.y 255.255.255.252
ip access-group IDS_Fastethernet0/0_in_0 in
ip access-list extended IDS_Fastethernet0/0_in_0
[code]....
View 2 Replies
View Related
Sep 12, 2012
We have a 3750 stack with a mix of 3750G and 3750X switches. The current active template on the switch is desktop default and we are running EIGRP on the switch with large routing table so we get the TCAM error that a specific prefix cannot be programmed in TCAM memory so it will be software forwarded.%PLATFORM_UCAST-4-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded
This error is quite frequent on a daily basis. My question is that will this error create a high CPU situation and affect traffic processing on the stack causing ESX Hosts to become unresponsive?
View 1 Replies
View Related
Sep 26, 2012
Any command similar to sup720 "show tcam counters" It doesn't work on Sup2t.....
View 2 Replies
View Related
Feb 21, 2012
I have had several complaints from around the firm where by mobile devices are being bumped off the PSK secured network (All other SSID networks are operating A-OK). Both Android and iPhone devices are being affected, the device will just loop until it reconnects, sometimes up to 20 minutes of trying to establish a connection. It will eventually connect so the key is not the issue.I've attached a debug of a device which fails to connect and then shortly after is successful.
Controller 5508 v7.0.116.0
AP 3502i IOS 12.4(23c)JA2
View 4 Replies
View Related
Jul 6, 2010
I've just installed ACS 5.1 and noticed that it seems to count managed devices differently than previous versions.
I have a 500 count license which should be fine as I have about 100 devices which will use ACS for TACACS. On ACS 3.x and 4.x, I would set up AAA clients by using a wild card for the subnets that host our routers/switches, say 192.168.1.0/24, 172.16.1.0/24 and 10.1.1.0/24. when I do this with ACS 5, I get a Managed Device Count Exceeded error messasge becasue of the potential of more than 500 AAA clients. It seems to be counting every IP address in the subnet as a managed device, even if there are only a handful actually in use. Is there a way around this short of having to manually enter (and maintain) the exact IP Address of every managed switch and rotuer which will use the ACS server for TACACS?
View 10 Replies
View Related
May 29, 2013
I have a stack of 3750x switches running 15.0 (2) SE2 IOS. When I reload the switch stack, I am seeing the following message in the logs: IPv6 user port trust TCAM write failed.
View 2 Replies
View Related
Feb 24, 2011
I am having a Cisco 7406 VXR router. I want to know what is the max. MPLS link capacity that can be terminated on the link? We are planning to upgrade the MPLS link to 450 Mb..so was just wondering whether 7206 will support or not..
View 1 Replies
View Related
Feb 1, 2012
Where can the following information be found?
1. CEF table capacity (maximum)
2. Route table capacity (maximum)
I can issue "show ip cef sum", "show ip route sum" to see the current usage.
View 2 Replies
View Related
Feb 22, 2011
I have an ASA 5520 running version 8.2(1) and I am having an issue with ASDM sessions.I can SSH into the ASA and have tried to clear the sessions but they do not clear as per below.
largoGW# sh asdm session0 dguselnx1 dguselnx2 dguselnx3 dguselnx4 dguselnxlargoGW# confi tlargoGW(config)# asdm disconnect 0largoGW(config)# asdm disconnect 1 largoGW(config)# asdm disconnect 2largoGW(config)# asdm disconnect 3largoGW(config)# asdm disconnect 4largoGW(config)# exitlargoGW# sh asdm session0 dguselnx1 dguselnx2 dguselnx3 dguselnx4 dguselnxlargoGW#
An interesting point: the host dguselnx is my linux based computer that I am using to SSH to the ASA. I do not connect via ASDM from this device so it is strange that the hostid for the asdm sessions is showing as my linux host and not my Windows laptop (that I am trying to connect via ASDM from).
View 5 Replies
View Related
Jun 20, 2012
I've just installed an SG300-28 (v01) switch configured in layer 3 mode with 1.0.0.27 firmware. It's working just fine except that when running a traceroute across the switch, it does not respond with an ICMP-11 time exceeded packet. Does this behavior persist in the current 1.2.5 firmware?
View 1 Replies
View Related
Oct 17, 2011
when do we get Desteination host Unreachable and time to live exceeded while trying to ping .
From 10.1.1.1 icmp_seq=2 Destination Host Unreachable
From 10.1.1.1 icmp_seq=4 Destination Host Unreachable
From 10.1.1.1 icmp_seq=7 Destination Host Unreachable
View 1 Replies
View Related
May 8, 2012
I have a 1721 router with 3 equal routes to 0.0.0.0, using CEF for load balancing with universal load balancing algorithm. It doesn`t NAT, just routing. I wonder which is the maximum capacity of the router, since it should support up to 40000 connections to different destination IP. Is the limit set by the router resources (CPU, memory, ...) or a maximum limit of entries in the table FIB / RIB?
View 7 Replies
View Related
Aug 3, 2011
What is the maximum amount of traffic a 3825 router can take. I know that a 3825 is rated to handle half of a DS3/T3. We are planning to put a 50Mbps point to point metro Ethernet circuit between two 3825's and run encryption over that line. I just want to make sure we don't max out the router as I remember once a customer maxed out a 3825 with a ton or GRE tunnels and the router crashed every time they did their nightly data dump.
View 2 Replies
View Related
Apr 6, 2011
This is the error message I am getting on our ACS 5.1 appliance - is there anyway to purge the database or compact the file?
View 1 Replies
View Related
Apr 3, 2012
I have AIR-CT2504-5-K9, with 5 access point license support. I buy capacity adder license LIC-CT2504-5A for add 5 access points more. When i try download licence file from tftp server on WLC system i see message "License 1 Failed 1" on WLC. TFTP server message downloading OK.
View 4 Replies
View Related
Jan 8, 2013
i have AIR-CT2504-5-K9, with 5 access point license support. I buy capacity adder license LIC-CT2504-5A for add 5 access points more. When i try download licence file from tftp server on WLC system i see message "License 1 Failed 1" on WLC. TFTP server message downloading OK.
View 7 Replies
View Related
Sep 11, 2011
Any equivalent show command to get the "FIB TCAM Usage" on An ASR 1006 ?the "show platform hardware capacity forwarding" does not work on ASR1006 Example on 6500: Router# show platform hardware capacity forwarding.
View 1 Replies
View Related
Jan 16, 2012
I have been trying to understand from a long time about the throughput capacities of variety of Cisco Routers and Switches. Have searched over a million pages on cisco.com for data sheets/documents/etc. but havent succesfully got a single document highlighting all of what i need.
I have got queries on the below issues:Which model of Router can support upto 2Gig's of WAN Internet connection running BGP? Any list of routers and switches supporting variety of throughput's from 1 MB to 1 GB.I have heard some experts stating "Switches don't have throughput concerns as they switch the traffic and don't need to route traffic" How true is the statement?? and if it is, Why do we require 6500's instead of 3560 Distribution Switches.
View 3 Replies
View Related
Mar 7, 2013
Can LMS 4.1 give a report for port capacity in stack switches? We are starting to have issues where our techs are going out and plugging devices into switches and the switches are getting full. We would like to be able to see how many ports are left in each switch.
View 2 Replies
View Related
Sep 25, 2011
how to measure the router or swith capacity?
Ex: Actually my problem is, i'm using Dlink 8 port switch, and 40 computers connected indirectly to that switch, few times getting issues like packet drops, internet connecting & disconnecting etc. so i want to know either the switch is capable or not.
View 6 Replies
View Related
Jun 22, 2011
I have a laptop and a PC, both connected to the same router, connected to a Time Warner Road Runner cable modem. The laptop works fine whether it is in wireless or wired mode. The PC does not have wireless. When the PC is connected to the router, it's download speed is OK but I have zero upload speed - which of course kills my ability to do almost any online or even LAN task, including browsing and file transferring over LAN.When I plug directly into the modem, bypassing the Belkin, the PC connection works just fine. It only encounters errors when going through the router, but every other computer in the household works fine through the router (3 laptops, work great either wired or wireless using same cables and ports as the PC). The PC worked fine in my old apartment with a different router, but as soon as I got to this one, nothing.
Both comp's have WinXP Home Edition. The PC has a Realtek onboard NIC, called PCIe GBE Family NIC in Device Manager. Have tried uninstalling and reinstalling it, and using multiple driver versions, to no avail. The Ethernet cable is known working. The router is a Belkin F5D9230-4 Wireless G Plus MIMO Router with fully updated firmware.All my firewalls are turned off, including that of the router.Everything is up to date, I have done full virus and malware scans, power cycled everything, and I just cannot solve this problem.
View 2 Replies
View Related
Jan 24, 2013
When enabling the WAN Traffic Meter on my RV180 with firmware 1.0.1.9, my download speed drops to half of my capacity.WAN Traffic Meter disabled: download around 13 MB/sec, WAN Traffic Meter enabled: max 6 MB/sec.WAN QoS is disabled!
View 1 Replies
View Related
