S10508-V insufficient ACL resources

Deploy portal authentication on the switch at the site

When the number of users reaches around 1200 some users get disconnected and receive insufficient resources prompts

%Feb 26 08:54:34:749 2024 UCAS-ZL-S10508-V PORTAL/4/RULE: -Slot=1; Not enough resources

display qos-acl resource shows significant occupancy

Check the diagnostic portal resources occupying 1137 ACLs

The Portal uses inbound orientation ACL resources, namely IFP. The on-site board model is LSUM2GP24TSSE0, with a total of 4096 resources, of which 1024 are reservation resources (used for some protocol ACLs), leaving only 3072 entries actually available.

   ==== display qos-acl resource ====  

Interfaces: GE0/0/1 to GE0/0/48 (slot 0)

---------------------------------------------------------------------

Type             Total      Reserved   Configured Remaining  Usage

---------------------------------------------------------------------

VFP ACL          2048       1024       0          1024       50%

IFP ACL          4096       1024       2334       738        81%

IFP Meter        2048       512        1          1535       25%

IFP Counter      2048       512        0          1536       25%

EFP ACL          1024       0          0          1024       0%

EFP Meter        512        0          0          512        0%

EFP Counter      512        0          0          512        0%

Interfaces: GE1/0/1 to GE1/0/24, XGE1/0/25 to XGE1/0/28 (slot 1)

---------------------------------------------------------------------

Type             Total      Reserved   Configured Remaining  Usage

---------------------------------------------------------------------

VFP ACL          2048       1024       0          1024       50%

IFP ACL          4096       1024       2336       736        82%

IFP Meter        2048       512        1          1535       25%

IFP Counter      2048       512        0          1536       25%

EFP ACL          1024       0          0          1024       0%

EFP Meter        512        0          0          512        0%

EFP Counter      512        0          0          512        0%

From the underlying perspective, 1137 double-type ACLs are currently used, occupying 1137*2=2274. Combined with other packet filtering ACLs, this aligns with the underlying occupancy count.

  Pri 11, Group  5,usedEntries 1137,mode Double, physlice 0/1/2/3/4/5/6/7/8/9/

  ===================================================

    acl type                             usedEntries[1137] 

  ===================================================

    [35 ]Portal Free                           17  

    [36 ]Portal User                           1113

    [37 ]Portal Redirect                       4   

    [38 ]Portal UnknownIpToCpu                 1   

    [41 ]Portal Deny                           2   

  ================================================

The number of portal free rules used on-site is not large. The current main ACL occupancy is still portal user, which has indeed approached the specifications limit.

There are no other optimization methods currently. It is recommended to upgrade to a board card with higher ACL specifications.