Guest

Preview Tool

Cisco Bug: CSCui96165 - ACLMGR incorrectly identifies ACL as inactive thereby preventing ISSU

Last Modified

Nov 27, 2020

Products (1)

  • CiscoPro Workgroup EtherSwitch Software

Known Affected Releases

5.2(3a) 6.1(2) 6.1(4) 6.2(2)

Description (partial)

Symptom:
ISSU is blocked with an error message like:

Service "aclmgr" in vdc 2:
The running configuration has inactive policies, which need to be removed
you can view them using 'show running-config aclmgr inactive-if-config'
you can remove them using 'clear inactive config acl/qos`


Pre-upgrade check failed. Return code 0x41180057 (
The running configuration has inactive policies, which need to be removed
you can view them using 'show running-config aclmgr inactive-if-config'
you can remove them using 'clear inactive config acl/qos`
).

User can see inactive configuration for ACLs when they do the following in atleast one VDC:
show running-config aclmgr inactive-if-config

Conditions:
This condition happens only when user has an ACL which has atleast 1 active and atleast 1 inactive port.
For example, if user configuration has an SVI with  Ethernet 2/1 and Ethernet 3/1 as members of that VLAN and port Ethernet2/1 is down and Ethernet 3/1 is up and active, the ACL on SVI will show up as inactive configuration. 
This because atleast 1 port in this VLAN is inactive.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.