Slice resource exceeded: This happens when all slices are allocated for a given chip and an additional incompatible rule (see Egress ACLs) is installed which requires allocation of another slice.
Rule resource exceeded: This happens when all slices are allocated for a given chip and there is an attempt to install a compatible rule to the lowest precedence slice which already has 128 rules. This condition can be triggered with less than the full capacity number of rules installed. For example, if 15 of the slices each have less than 128 rules and there is an attempt to install 129 compatible rules, this error message will be displayed.
Layer-4 port range exceeded: This happens when more than 32 Layer 4 port ranges are installed on a single chip.
Incompatible fields selected: This happens when the selected conditions can not be satisfied by the available single-slice field selections described in Compatible and Conflicting Rules.
UDF exceeded: This happens in the rare case that the two available user-defined fields are exceeded on a given chip. UDF fields are used to qualify conditions that are not natively supported by the hardware. Some ACL rules that use UDF are: Source MAC address + Destination IP address combination, Destination MAC address + Source IP address combination, ICMP Type, and ICMP Code.