Comware

[SwRtr_4500-26]packet-filter vlan 4 outbound ip-group 3011
 Applying Acl 3011 rule 11 failed!  Reason: Resource unavailable!(Ethernet1/0/1)
 Applying Acl 3011 rule 11 failed!  Reason: Resource unavailable!(Ethernet1/0/19
)
 Applying Acl 3011 rule 11 failed!  Reason: Resource unavailable!(Ethernet1/0/20
)
 Applying Acl 3011 rule 11 failed!  Reason: Resource unavailable!(Ethernet1/0/21
)
 Applying Acl 3011 rule 11 failed!  Reason: Resource unavailable!(Ethernet1/0/22
)
 Applying Acl 3011 rule 11 failed!  Reason: Resource unavailable!(Ethernet1/0/23
)
 Applying Acl 3011 rule 11 failed!  Reason: Resource unavailable!(Ethernet1/0/24
)
 Applying Acl 3011 rule 11 failed!  Reason: Resource unavailable!(GigabitEtherne
t1/0/25)
 Applying Acl 3011 rule 8 failed!  Reason: Resource unavailable!(GigabitEthernet
1/0/26)
 Applying Acl 3011 rule 9 failed!  Reason: Resource unavailable!(GigabitEthernet
1/0/26)
 Applying Acl 3011 rule 10 failed!  Reason: Resource unavailable!(GigabitEtherne
t1/0/26)
 Applying Acl 3011 rule 11 failed!  Reason: Resource unavailable!(GigabitEtherne
t1/0/26)

P.S. This thread has been moved from ProCurve / ProVision-Based to Comware-Based. -HP Forum Moderator

[4500]display drv qacl_resource
        block   used-mask  used-rule spare-mask  spare-rule
         0         16                      65                0                   191
         1         11                      56                5                   200
         2         11                      56                5                   200
         6         10                      27                6                   101
         7         10                      27                6                   101
         8         10                      27                6                   101
         9         10                      27                6                   101

Well i am no 3com/HP expert but It seems that your ACL's are using more resources then your switch can handle. As you can see BLOCK 0 has a spare-mask value of 0. How does this work?

Block 0 is used by FE ports 1/0/1 to 1/0/8

Block 1 is used by FE ports 1/0/9 to 1/0/16

Block 2 is used by FE ports 1/0/17 to 1/0/24

Block 6 is used by GE port 1/0/25

Block 7 is used by GE port 1/0/26

Block 8 is used by GE port 1/0/27

Block 9 is used by GE port 1/0/28

This means port 1 to 8 can not be configured by acl's that use mask values (seems you are using one in acl nr 3011 rule11 on e 1/0/1).......well you get the picture for the other error messages..

So what to do ? you can take a look to lower the number of ACL's or you'll have to buy a switch that can handle more acl's (the 5500 also uses 16 masks and 256 rules maximum)..Maybe an HP guy can tell you which one you need

hope it helps

richard

Could you pls explain with example what is used_mask ?

can you post rule 11 of acl 3011 ?

rule 11 permit icmp

rule 11 permit icmp actually converts to rule 11 permit any any

From URL below : The source/source-wildcard of 0.0.0.0/255.255.255.255 means "any".

This is called a mask. You can read more here :

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

regards

richard

you mean to say wild card mask?