Preview Tool

Cisco Bug: CSCtc97643 - Traffic gets drop when acl optimization is on and after modifying ACEs

Last Modified

Sep 23, 2017

Products (1)

  • Cisco Catalyst 6500 Series Firewall Services Module

Known Affected Releases


Description (partial)


With ACL (Access Control List) Optimization enabled on a Firewall Services Module (FWSM), new ACL entries may not be inserted in the correct order. This may result in incorrectly permitted or denied traffic.


ACL entries added or removed with ACL Optimization enabled.

Related Community Discussions

FWSM Explicit deny strange behavior
Hello, I am having problems with a FWSM with multiple contexts implementation. One of the contexts has a inside interface that must have a EXPLICIT deny ip any any. The problem is: When I put the ACE with the explicit deny at the end of the ACL all the traffic EXPLICIT permitted before it stops working. If I remove the explicit deny, letting the IMPLICIT deny work, everything runs fine. I am running the 4.0(4) code. Any ideas? Thanks in advance, Pedro Mazzoni
Latest activity: Jan 11, 2011
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.