Guest

Preview Tool

Cisco Bug: CSCtc97643 - Traffic gets drop when acl optimization is on and after modifying ACEs

Last Modified

Sep 23, 2017

Products (1)

  • Cisco Catalyst 6500 Series Firewall Services Module

Known Affected Releases

4.0(7)

Description (partial)

Symptom:

With ACL (Access Control List) Optimization enabled on a Firewall Services Module (FWSM), new ACL entries may not be inserted in the correct order. This may result in incorrectly permitted or denied traffic.

Conditions:

ACL entries added or removed with ACL Optimization enabled.

Related Community Discussions

FWSM Explicit deny strange behavior
Hello, I am having problems with a FWSM with multiple contexts implementation. One of the contexts has a inside interface that must have a EXPLICIT deny ip any any. The problem is: When I put the ACE with the explicit deny at the end of the ACL all the traffic EXPLICIT permitted before it stops working. If I remove the explicit deny, letting the IMPLICIT deny work, everything runs fine. I am running the 4.0(4) code. Any ideas? Thanks in advance, Pedro Mazzoni
Latest activity: Jan 11, 2011
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.