CHAPTER 104Troubleshooting Firewall Filters• Troubleshooting Firewall Filters on page 2803Troubleshooting Firewall Filters1. Firewall Filter Configuration Returns a No Space Available in TCAM Message on page 2803Firewall Filter Configuration Returns a No Space Available in TCAM MessageProblem When a firewall filter configuration exceeds the amount of available ternary contentaddressable memory (TCAM) space, the switch returns the following syslogd message:No space available in tcam.Rules for filter filter-name will not be installed.The switch returns this message during the commit operation if the firewall filter thathas been applied to a port, VLAN, or Layer 3 interface exceeds the amount of availableTCAM space. However, the commit operation for the firewall filter configuration iscompleted in the CLI module.Solution When a firewall filter configuration exceeds the amount of available TCAM table space,you must configure a new firewall filter with fewer filter terms so that the spacerequirements for the filter do not exceed the available space in the TCAM table.You can perform either of the following procedures to correct the problem:To delete the firewall filter and its bind points and apply the new smaller firewall filterto the same bind points:1. Delete the firewall filter configuration and the bind points to ports, VLANs, or Layer 3interfaces—for example:[edit]user@switch# delete firewall family ethernet-switching filter filter-ingress-vlanuser@switch# delete vlans voice-vlan description "filter to block rogue devices onvoice-vlan"user@switch# delete vlans voice-vlan filter input mini-filter—ingress-vlan2. Commit the operation:[edit]user@switch# commit2803