2 Replies Latest reply on Oct 8, 2014 11:56 AM by levi

    Duplicate policy-class entries

    lwarwick New Member

      I have an issue that I hope someone can help with.

      I have a 3448 that I use as a VPN concentrator for my remote offices. While reviewing the configuration I have found that I have multiple entries for the same tunnel.

      I am not sure if tis is causing any performance delays, but it certainly is causing extra work in keeping the configuration in check.

      The device is waiting on a maintenance window to be rebooted... not coming soon enough for me.

       

      ADTRAN, Inc. OS version 18.02.03.00.E
        Mainline Version: ENM.11.003
        Checksum: 9FC93B8A
        Built on: Fri Nov 11 15:58:48 2011
        Upgrade key: xxxxxxxxxxxxxxxxxxxxxxx
      Boot ROM version 13.03.00.SB
        Checksum: 70C3
        Built on: Fri Nov 10 08:04:44 2006
      Copyright (c) 1999-2011, ADTRAN, Inc.
      Platform: NetVanta 3448, part number 1200821E1, CLEI code is DDC3RNDCAA
      Serial number LBADTNxxxxxxxxxxxx
      Flash: 33554432 bytes  DRAM: 134217727 bytes

      MW3448-FW uptime is 1 years, 44 weeks, 4 days, 19 hours, 6 minutes, 5 seconds

      System returned to ROM by Soft Reset
      Current system image file is "NV3448A-18-02-03-00-E.biz"
      Primary boot system image file is "NV3448A-R11-2-0-E.biz"
      Backup boot system image file is "NV3448A-18-02-03-00-E.biz"
      Primary system configuration file is "startup-config"

       

        Entry 87 - allow list VPN-130-vpn-selectors1 stateless

        Entry 88 - allow list VPN-120-vpn-selectors stateless

        Entry 89 - allow list VPN-110-vpn-selectors stateless

        Entry 90 - allow list VPN-90-vpn-selectors stateless

        Entry 91 - allow list VPN-60-vpn-selectors stateless

        Entry 92 - allow list VPN-50-vpn-selectors stateless

        Entry 93 - allow list VPN-20-vpn-selectors stateless

        Entry 94 - allow list VPN-160-vpn-selectors stateless

        Entry 95 - allow list VPN-130-vpn-selectors1 stateless

        Entry 96 - allow list VPN-120-vpn-selectors stateless

        Entry 97 - allow list VPN-110-vpn-selectors stateless

        Entry 98 - allow list VPN-90-vpn-selectors stateless

        Entry 99 - allow list VPN-60-vpn-selectors stateless

        Entry 100 - allow list VPN-50-vpn-selectors stateless

        Entry 101 - allow list VPN-20-vpn-selectors stateless

        Entry 102 - allow list VPN-130-vpn-selectors1 stateless

        Entry 103 - allow list VPN-120-vpn-selectors stateless

        Entry 104 - allow list VPN-110-vpn-selectors stateless

        Entry 105 - allow list VPN-90-vpn-selectors stateless

        Entry 106 - allow list VPN-60-vpn-selectors stateless

        Entry 107 - allow list VPN-50-vpn-selectors stateless

        Entry 108 - allow list VPN-20-vpn-selectors stateless

        Entry 109 - allow list VPN-160-vpn-selectors stateless

        Entry 110 - allow list VPN-130-vpn-selectors1 stateless

        Entry 111 - allow list VPN-120-vpn-selectors stateless

        Entry 112 - allow list VPN-110-vpn-selectors stateless

        Entry 113 - allow list VPN-90-vpn-selectors stateless

        Entry 114 - allow list VPN-60-vpn-selectors stateless

        Entry 115 - allow list VPN-50-vpn-selectors stateless

        Entry 116 - allow list VPN-20-vpn-selectors stateless

        Entry 117 - allow list VPN-130-vpn-selectors1 stateless

        Entry 118 - allow list VPN-120-vpn-selectors stateless

        Entry 119 - allow list VPN-110-vpn-selectors stateless

        Entry 120 - allow list VPN-90-vpn-selectors stateless

        Entry 121 - allow list VPN-60-vpn-selectors stateless

        Entry 122 - allow list VPN-50-vpn-selectors stateless

        • Re: Duplicate policy-class entries
          levi Employee

          Larry:

           

          Thank you for asking this question in the support community forum.  It looks like these entries may have been added through the web interface.  I would recommend deleting the duplicate entries through the command line interface, as well as upgrading your firmware to the current recommended maintenance release, which is indicated on the firmware downloads page (at the time of this post it is R10.9.4.). 

           

          As you mentioned, the configuration is cumbersome, but functionality is not affected because in access-control lists, the first match is used; therefore, in this configuration, none of the duplicates will ever be used.

           

          Please, let me know if you have any questions, I will be happy to help in any way I can.

           

          Levi

          • Re: Duplicate policy-class entries
            levi Employee

            lwarwick:

             

            I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

             

            Thanks,

             

            Levi