Cisco Bug: CSCsy84448 - VACL policy not getting deleted even after deleting ARP ACL
Jan 29, 2017
- Cisco Nexus 7000 Series Switches
Known Affected Releases
4.1(5) 4.1(5)E2 4.2(0.174)
Symptom: the cli hangs or is unresponsive for 60 seconds or more, and errors such as the following occur: %ACLMGR-3-ACLMGR_PPF_ERROR: PPF error: DDB Error: 0x41170040 (ddb_srv_ses_rmtsrv_dset_unln/1864) %ETHPORT-2-IF_SEQ_ERROR: Error ("sequence timeout") while communicating with component MTS_SAP_RPM_CTRL for opcode MTS_OPC_ETHPM_PORT_LOGICAL_CLEANUP (RID_PORT: port-channel5) %ETHPORT-2-SEQ_TIMEOUT: Component MTS_SAP_RPM_CTRL timed out on response to opcode MTS_OPC_ETHPM_PORT_LOGICAL_CLEAN %RPM-2-PPF_SES_VERIFY: rpm  PPF session verify failed in client (Line card 1/VDC NONE/UUID 0) with an error 0x41170014(Operation timed out) %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet2/14 is down (Error disabled. Reason: Internal Handshake Failure) Conditions: this error occurs when: 1) a policy is applied to a non-physical interface, eg a route-map, vacl or arp inspection acl is applied to an SVI, a port channel, or a vlan. Policies applied directly to physical interfaces, or ospf and bgp redistribution route-maps, are not affected. and 2) the policy is applied to either: a) a non-physical interface which has more than one physical interface on the same line card, or b) more than one non-physical interface that both share a physical port on the same line card and 3) the policy has references to more than one access list, eg: a) multiple class-maps match a given access list, or route-map map1 permit 10 match ip address myAcl route-map map2 permit 10 match ip address myAcl b) multiple match ip address statements in a route map. route-map map1 permit 10 match ip address myAcl-1 route-map map1 permit 20 match ip address myAcl-2 and 4) the references to the access lists, or the underlying access lists themselves, are modified or deleted while they are applied to an interface if every acl in a vdc is only used once *and* acls are modified only when they are not applied to a non-physical interface, this error will not occur.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases