Preview Tool

Cisco Bug: CSCul25039 - N7K: ACL applied to running-config using config session via TFTP fails

Last Modified

Jan 29, 2017

Products (7)

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7000 9-Slot Switch
  • Cisco Nexus 7700 10-Slot Switch

Known Affected Releases


Description (partial)

Changes are made to an ACL already applied on an interface. The
commit is successful, but the ACL definition is unexpected.
Only remark ACEs remain.

Several conditions must be met for this issue to occur:

1. An ACL is configured with one or more remark ACEs
2. At least one remark ACE has remark string longer than 16 characters
3. The ACL is applied on an interface
4. The process 'aclmgr' is restarted for any of the following reasons:
    4.1. The process crashed due to a bug in the product
    4.2. User has manually restarted the process
    4.3. User has issued a manual SUP switchover. In this case, the process
         'aclmgr' on the newly active SUP is considered to "have restarted"
    4.4. User triggered an ISSU
    4.5. The local time setting on the switch is changed
5. User issued the command "no ip access-list <name>" to remove the ACL
   while it remains applied on one or more target (e.g. interface)

Note that step 4 needs to occur before step 5.

After step 5, further edit of the ACL (e.g. adding the ACL definition back
by configuring it) will not properly construct the desired ACL.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.