Guest

Preview Tool

Cisco Bug: CSCsg39754 - DHCP snooping redirect ACL permits more than just bootpc and bootps port

Last Modified

Jan 30, 2017

Products (1)

  • Cisco Catalyst 6000 Series Switches

Known Affected Releases

12.2(32.8.11)SX19

Description (partial)

Symptoms: When DHCP snooping is configured on a VLAN, the redirect access list
programmed in TCAM permits a wide range of UDP ports from bootps/bootpc to 65xxx.
     
Conditions: UDP traffic to these destination ports (0x143, 0x243, 0xFF43) is being
redirected to Route Processor (RP). If "ip dhcp snooping limit" is not
configured, then RP CPU goes to 100%.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.