ACL Violation
Description
An Access Violation ACL Violation can occur for two primary reasons:
- VLAN ACL Mode Change: The VLAN ACL Mode has been changed, and the system cannot apply the ACLs without a reboot. The system should be rebooted during a maintenance window as it will be service affecting.
- ACL Memory Resource Limitation: There are insufficient ACL hardware resources to apply the ACL to the OLT.
ACL Memory Resource Limitation
The ACL Memory Resource Limitation indicates that there are insufficient resources. In some instances, this can be resolved with a reset (which re-organizes the ACL resources) but in most instances, it indicates that the ACLs must be optimized by system administrators.
There are multiple techniques for this:
- Move Service Profile ACLs to Card Level ACLs: ACLs that are applied to all users at all times on that vlan should be moved up to card level acls. This will only use a single ACL rule for the whole system. Service level ACLs require ACL resources either per port or more often per MAC.
- Simplify ACLs: Use fewer ACLs by simplifying rules.
- Do not mix IP4 and IPv6 ACLs: Using both tends to fragment the tables more.
- Minimize IPv6 Rules: IPv6, due to the length of addresses, consumes larger key sizes.
- Limit Ranges: Only use Ranges when strictly Necessary
FEEDBACK: Are you happy with this material?
Thank you Your feedback helps us to continually improve our content.
On this page