Chapter 110 Troubleshooting Firewall Filters; Message - Juniper JUNOS OS 10.4 - FOR EX REV 1 Manual

CHAPTER 110
Troubleshooting Firewall Filters
Troubleshooting Firewall Filters
Firewall Filter Configuration Returns a No Space Available in TCAM Message
Problem
Solution
Copyright © 2010, Juniper Networks, Inc.
Troubleshooting Firewall Filters on page 3315
Firewall Filter Configuration Returns a No Space Available in TCAM Message on page 3315
1.
When a firewall filter configuration exceeds the amount of available TCAM space, the
switch returns the following
No space available in tcam.
Rules for filter filter-name will not be installed.
The switch returns this message during the commit operation if the firewall filter that
has been applied to a port, VLAN, or Layer 3 interface exceeds the amount of available
TCAM space. However, the commit operation for the firewall filter configuration is
completed in the CLI module.
When a firewall filter configuration exceeds the amount of available TCAM table space,
you must configure a new firewall filter with fewer filter terms so that the space
requirements for the filter do not exceed the available space in the TCAM table.
You can perform either of the following procedures to correct the problem:
To delete the firewall filter and its bind points and apply the new smaller firewall filter
to the same bind points:
Delete the firewall filter configuration and the bind points to ports, VLANs, or Layer 3
1.
interfaces—for example:
[edit]
user@switch# delete firewall family ethernet-switching filter filter-ingress-vlan
user@switch# delete vlans voice-vlan description "filter to block rogue devices on
voice-vlan"
user@switch# delete vlans voice-vlan filter input mini-filter—ingress-vlan
Commit the operation:
2.
[edit]
user@switch# commit

message:

syslogd
3315