cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

Duplicate policy-class entries

Jump to solution

I have an issue that I hope someone can help with.

I have a 3448 that I use as a VPN concentrator for my remote offices. While reviewing the configuration I have found that I have multiple entries for the same tunnel.

I am not sure if tis is causing any performance delays, but it certainly is causing extra work in keeping the configuration in check.

The device is waiting on a maintenance window to be rebooted... not coming soon enough for me.

ADTRAN, Inc. OS version 18.02.03.00.E
  Mainline Version: ENM.11.003
  Checksum: 9FC93B8A
  Built on: Fri Nov 11 15:58:48 2011
  Upgrade key: xxxxxxxxxxxxxxxxxxxxxxx
Boot ROM version 13.03.00.SB
  Checksum: 70C3
  Built on: Fri Nov 10 08:04:44 2006
Copyright (c) 1999-2011, ADTRAN, Inc.
Platform: NetVanta 3448, part number 1200821E1, CLEI code is DDC3RNDCAA
Serial number LBADTNxxxxxxxxxxxx
Flash: 33554432 bytes  DRAM: 134217727 bytes

MW3448-FW uptime is 1 years, 44 weeks, 4 days, 19 hours, 6 minutes, 5 seconds

System returned to ROM by Soft Reset
Current system image file is "NV3448A-18-02-03-00-E.biz"
Primary boot system image file is "NV3448A-R11-2-0-E.biz"
Backup boot system image file is "NV3448A-18-02-03-00-E.biz"
Primary system configuration file is "startup-config"

  Entry 87 - allow list VPN-130-vpn-selectors1 stateless

  Entry 88 - allow list VPN-120-vpn-selectors stateless

  Entry 89 - allow list VPN-110-vpn-selectors stateless

  Entry 90 - allow list VPN-90-vpn-selectors stateless

  Entry 91 - allow list VPN-60-vpn-selectors stateless

  Entry 92 - allow list VPN-50-vpn-selectors stateless

  Entry 93 - allow list VPN-20-vpn-selectors stateless

  Entry 94 - allow list VPN-160-vpn-selectors stateless

  Entry 95 - allow list VPN-130-vpn-selectors1 stateless

  Entry 96 - allow list VPN-120-vpn-selectors stateless

  Entry 97 - allow list VPN-110-vpn-selectors stateless

  Entry 98 - allow list VPN-90-vpn-selectors stateless

  Entry 99 - allow list VPN-60-vpn-selectors stateless

  Entry 100 - allow list VPN-50-vpn-selectors stateless

  Entry 101 - allow list VPN-20-vpn-selectors stateless

  Entry 102 - allow list VPN-130-vpn-selectors1 stateless

  Entry 103 - allow list VPN-120-vpn-selectors stateless

  Entry 104 - allow list VPN-110-vpn-selectors stateless

  Entry 105 - allow list VPN-90-vpn-selectors stateless

  Entry 106 - allow list VPN-60-vpn-selectors stateless

  Entry 107 - allow list VPN-50-vpn-selectors stateless

  Entry 108 - allow list VPN-20-vpn-selectors stateless

  Entry 109 - allow list VPN-160-vpn-selectors stateless

  Entry 110 - allow list VPN-130-vpn-selectors1 stateless

  Entry 111 - allow list VPN-120-vpn-selectors stateless

  Entry 112 - allow list VPN-110-vpn-selectors stateless

  Entry 113 - allow list VPN-90-vpn-selectors stateless

  Entry 114 - allow list VPN-60-vpn-selectors stateless

  Entry 115 - allow list VPN-50-vpn-selectors stateless

  Entry 116 - allow list VPN-20-vpn-selectors stateless

  Entry 117 - allow list VPN-130-vpn-selectors1 stateless

  Entry 118 - allow list VPN-120-vpn-selectors stateless

  Entry 119 - allow list VPN-110-vpn-selectors stateless

  Entry 120 - allow list VPN-90-vpn-selectors stateless

  Entry 121 - allow list VPN-60-vpn-selectors stateless

  Entry 122 - allow list VPN-50-vpn-selectors stateless

Labels (2)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: Duplicate policy-class entries

Jump to solution

Larry:

Thank you for asking this question in the support community forum.  It looks like these entries may have been added through the web interface.  I would recommend deleting the duplicate entries through the command line interface, as well as upgrading your firmware to the current recommended maintenance release, which is indicated on the firmware downloads page (at the time of this post it is R10.9.4.). 

As you mentioned, the configuration is cumbersome, but functionality is not affected because in access-control lists, the first match is used; therefore, in this configuration, none of the duplicates will ever be used.

Please, let me know if you have any questions, I will be happy to help in any way I can.

Levi

View solution in original post

0 Kudos
2 Replies
Anonymous
Not applicable

Re: Duplicate policy-class entries

Jump to solution

Larry:

Thank you for asking this question in the support community forum.  It looks like these entries may have been added through the web interface.  I would recommend deleting the duplicate entries through the command line interface, as well as upgrading your firmware to the current recommended maintenance release, which is indicated on the firmware downloads page (at the time of this post it is R10.9.4.). 

As you mentioned, the configuration is cumbersome, but functionality is not affected because in access-control lists, the first match is used; therefore, in this configuration, none of the duplicates will ever be used.

Please, let me know if you have any questions, I will be happy to help in any way I can.

Levi

0 Kudos
Anonymous
Not applicable

Re: Duplicate policy-class entries

Jump to solution

lwarwick:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi