Search this Blog

Friday, May 21, 2010

FWSM, ERROR: Unable to add, access-list config limit reached.

We need to change the number of partitions because We are not able to add more ACL. We are using a FWSM with only one context and failover peer. To apply the change we need to reload: does the FWSM restart with the same context configuration?

Yes, after changing the partition, the configuration of your fwsm (inc. the user context configuration) will remain the same.

However, you have fail over configured when changing the partition is to change it on both fwsm, save the config on both, and most importantly "reload" both fwsm at the same time. If you reload 1 fwsm first and the fwsm does not have the same partition number, it will cause a lot of issue when failover synchronise the configuration when 1 has lower/higher partition number than the other.

Lastly, even though the context configuration will not change, please the configuration prior to the change.

Here are the steps that you can follow -
  1. change the partition number with hostname(config)# resource acl-partition number_of_partitions on primary FWSM;
  2. save the configuration with write memory /all;
  3. manually configure the command on both primary and secondary fwsm, and save the configuration on both
  4. reload both module at the same time;
  5. verify the new setting with show resource acl-partition.
Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */