Table of Contents
Advertisement
Appendix A. Security and QoS Configuration Messages
This appendix describes the switch error messages for configuring network security
with access control lists (ACLs) and for configuring quality of service (QoS). In
Access Control Parameters (ACPs) are referred to as masks. For more information
about ACPs, refer to the software configuration guide for this release.
Table 4. Common ACL Error Messages .
Error Message
%Error:Class-map [class-map name] has a
different mask than the Policymap
[policy-map name]
%Error:Class-maps have a mix of System
Defined
and User Defined masks within the
Policymap
[policy-map name]
%Error:System Defined ACEs of TCP/UDP and
IP
cannot exist together in a policy-map.
Check
policy-map :[policy-map name]
%Error:Service-Policy is not supported on
VLAN
interface
%Error:Invalid policy-map
%Error:Match Numbered Attach Filter :ONLY
one
ACL allowed in a class-map
%Error:Deny ACE not supported in access-
group
within a class-map.
Check class-map : [class-map name]
%Error:System Defined and User Defined
ACEs
cannot exist together in access-group
within a
class-map.
Check class-map : [class-map name]
© Copyright IBM Corp. 2004
Explanation and Suggested Solution
This error message means that the policy map has a
different mask than the class map.
Use the same mask in both the class map and the policy
map.
This error message means that a combination of system-
defined and user-defined masks has been used in the
multiple class maps that are part of a policy map.
Class maps that are in a policy map cannot have ACLs that
use both system-defined masks and user-defined masks.
This error message means that a combination of Layer 3
system-defined access control entries (ACEs) and Layer 4
system-defined ACEs is in the same policy map.
A policy map cannot have both Layer 3 system-defined
ACEs and Layer 4 system-defined ACEs.
Note: You cannot have masks such as permit tcp any
any, permit udp any any, and permit ip any any within
the same policy map.
This error message means that you have tried to attach a
policy map to a VLAN interface.
A policy map can be attached only to a physical interface.
This error message means that the policy map is invalid.
This message is normally preceded by a more explicit error
message that gives details about the reasons for the
invalidity of the policy map.
This error message means that there was an attempt to add
another numbered ACL in the class map.
Only one ACL is allowed in a class map.
This error message means that a deny ACE has been
entered in an access group within a class map.
A deny ACE is not supported in an access group within a
class map.
This error message means that a combination of system-
defined and user-defined masks has been used in an
access group within a class map.
The access group in a class map cannot have ACLs that
use both system-defined masks and user-defined masks.
Table
4,
47
Advertisement
Table of Contents
