In a recent project, I had the opportunity to work with something “new” yet familiar. During a customer data center refresh project, one of the key tasks was upgrading their aging Nexus 5000 to the new Nexus 9000 series.
The model in play? N93360YC-FX2, a powerhouse with enhanced capabilities — but with a few nuances.
At first glance, porting over configurations from the N5K seemed straightforward.
No FCoE, no zoning, no fancy storage integrations.
But then came the surprise.
While copying over configurations, I encountered an unexpected error related to TCAM, specifically that the:
“vacl region is not configured.”
This caused several issues:
- vPC was up, but no active VLANs appeared on the trunk
- Interface trunk showed error-disabled for all VLANs
After some research — and input from my Cisco Champion network — it became clear that the Nexus 9000 requires explicit TCAM vacl region configuration for:
- ACLs within VLAN maps
- ACLs under a port-channel for HSRP filtering
What is TCAM?
Ternary Content Addressable Memory (TCAM) is specialized high-speed lookup memory used in switches and routers.
It’s commonly used for:
- ACLs
- QoS
- Route lookups
- Policy enforcement
TCAM’s ability to match 0 / 1 / don’t care makes it powerful for complex packet classification.
On the N93360YC-FX2, the default TCAM partition had not allocated a VACL region — causing the configuration import error and the resulting trunk failure.
The Fix: Reconfigure TCAM Regions
To resolve the issue, TCAM space needed to be explicitly defined.
The following configuration worked:
switch(config)# hardware access-list tcam region egr-racl 1280
switch(config)# hardware access-list tcam region ing-racl 2048
(Reboot required)
switch(config)# hardware access-list tcam region vacl 256
(Reboot required)