[c-nsp] [c3560g] Not in truth table when modyfing ACL

Mateusz Blaszczyk blahu77 at gmail.com
Mon Jun 29 11:17:05 EDT 2009 

This error message shows up every now end then when adding or modyfing
an ACL (with or without access-group config on the SVI):

Jun  4 03:33:23.347: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9
RACL 9 Rtprot 9 Mcb 13 Feat 3
Jun  4 03:33:23.347: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9
RACL 9 Rtprot 9 Mcb 13 Feat 3
Jun  4 03:33:23.355: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9
RACL 9 Rtprot 9 Mcb 13 Feat 3
Jun  4 03:33:23.355: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9
RACL 9 Rtprot 9 Mcb 13 Feat 3

Can anyone tell me what is the severity of that problem? google is
quite quiet apart from link to cisco's error messages list, which is
not really helpful.

=-=-
Error Message    ACLMGR-3-INTTABLE: Not in truth table: VLMAP [dec]
RACL [dec] Mcb [dec]
Feat [dec].

Explanation    This message means that an unrecoverable software error
occurred while trying to merge the configured input features. [dec]
are internal action codes.

Recommended Action    Copy the message exactly as it appears on the
console or in the system log. Research and attempt to resolve the
error by using the Output Interpreter. Enter the show running-config
user EXEC command to gather data that might help identify the nature
of the error. Use the Bug Toolkit to look for similar reported
problems. If you still require assistance, open a case with the TAC,
or contact your Cisco technical support representative, and provide
the representative with the gathered information. For more information
about these online tools and about contacting Cisco, see the "Error
Message Traceback Reports" section.
=-=-

The only time this error message could be linked to a buggy behaviour
was when an acl on input have to be removed because it didnt allow bgp
session to come up between switch and server connected directly to it.
Even "permit any any" was somehow blocking the packets through and
only complete removal of "ip access-group acl in" config, helped to
resolve the problem.

Any ideas?

#sh ver | in IOS
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version
12.2(50)SE1, RELEASE SOFTWARE (fc2)

#sh sdm prefer
 The current template is "desktop routing" template.
 The selected template optimizes the resources in
 the switch to support this level of features for
 8 routed interfaces and 1024 VLANs.

  number of unicast mac addresses:                  3K
  number of IPv4 IGMP groups + multicast routes:    1K
  number of IPv4 unicast routes:                    11K
    number of directly-connected IPv4 hosts:        3K
    number of indirect IPv4 routes:                 8K
  number of IPv4 policy based routing aces:         0.5K
  number of IPv4/MAC qos aces:                      0.5K
  number of IPv4/MAC security aces:                 1K

#sh platform tcam utilization

CAM Utilization for ASIC# 0                      Max            Used
                                             Masks/Values    Masks/values

 Unicast mac addresses:                        400/3200         53/330
 IPv4 IGMP groups + multicast routes:          144/1152         12/40
 IPv4 unicast directly-connected routes:       400/3200         53/330
 IPv4 unicast indirectly-connected routes:    1040/8320         49/327
 IPv4 policy based routing aces:               384/512           1/2
 IPv4 qos aces:                                768/768         324/324
 IPv4 security aces:                          1024/1024        223/223

More information about the cisco-nsp mailing list