Owner's Manual
336 | Chapter 13. ACLs
NETGEAR 8800 User Manual
• Add an IP interface to the configuration:
• 2 slices, 13 rules
• Add port-based QoS to the configuration:
• 2 slices, 14 rules
• Add VLAN-based QoS to the configuration:
• 2 slices, 15 rules
• Add VRRP to the configuration:
• 2 slices, 17 rules
• Add IPv6 routing (slowpath) to the configuration:
• 4 slices, 24 rules
• Add Netlogin to the configuration:
• 5 slices, 25 rules
Note: The slice and rule usage numbers given in this section may vary
slightly depending on the XCM8800 release.
ACL Error Messages
Errors may happen when installing an ACL policy on a port, VLAN, or all interfaces
(wildcard). Following is a list of the most common error conditions and their resulting CLI
error message:
• Slice resource exceeded: This happens when all slices are allocated for a given chip and
an additional incompatible rule (see
Egress ACLs on page 332) is installed which requires
allocation of another slice.
Error: ACL install operation failed - slice hardware full for port 3:1
• Rule resource exceeded: This happens when all slices are allocated for a given chip and
there is an attempt to install a compatible rule to the lowest precedence slice which
already has 128 rules. This condition can be triggered with less than the full capacity
number of rules installed. For example, if 15 of the slices each have less than 128 rules
and there is an attempt to install 129 compatible rules, this error message will be
displayed.
Error: ACL install operation failed - rule hardware full for port 3:1
• Layer-4 port range exceeded: This happens when more than 16 Layer 4 port ranges are
installed on a single chip.
Error: ACL install operation failed - layer-4 port range hardware full for
port 3:1
• Incompatible fields selected: This happens when the selected conditions can not be
satisfied by the available single-slice field selections described in
Compatible and
Conflicting Rules on page 329.