Preview Tool

Cisco Bug: CSCsy84448 - VACL policy not getting deleted even after deleting ARP ACL

Last Modified

Jan 29, 2017

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases

4.1(5) 4.1(5)E2 4.2(0.174)

Description (partial)

the cli hangs or is unresponsive for 60 seconds or more, and errors such as the following occur:

  %ACLMGR-3-ACLMGR_PPF_ERROR: PPF error: DDB Error: 0x41170040

  %ETHPORT-2-IF_SEQ_ERROR: Error ("sequence timeout") while communicating with component

  %ETHPORT-2-SEQ_TIMEOUT: Component MTS_SAP_RPM_CTRL timed out on response to

  %RPM-2-PPF_SES_VERIFY: rpm [4581] PPF session verify failed in client (Line card  1/VDC
  NONE/UUID  0) with an error 0x41170014(Operation timed out)

  %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet2/14 is down (Error disabled.
  Reason: Internal Handshake Failure)

this error occurs when:

1) a policy is applied to a non-physical interface, eg a route-map, vacl or arp inspection acl is applied to an SVI, a port channel, or a vlan.  Policies applied directly to physical interfaces, or ospf and bgp redistribution route-maps, are not affected.


2) the policy is applied to either:
  a) a non-physical interface which has more than one physical interface on the same line card, or
  b)  more than one non-physical interface that both share a physical port on the same line card


3) the policy has references to more than one access list, eg:
  a) multiple class-maps match a given access list, or

    route-map map1 permit 10
      match ip address myAcl
    route-map map2 permit 10
      match ip address myAcl

  b) multiple match ip address statements in a route map.
    route-map map1 permit 10
      match ip address myAcl-1
    route-map map1 permit 20
      match ip address myAcl-2


4) the references to the access lists, or the underlying access lists themselves, are modified or deleted while they are applied to an interface

if every acl in a vdc is only used once *and* acls are modified only when they are not applied to a non-physical interface, this error will not occur.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.