Preview Tool

Cisco Bug: CSCul66978 - cisco.acl module ip address entry adds host to network addresses

Last Modified

Feb 03, 2017

Products (2)

  • Cisco Nexus 9000 Series Switches
  • Cisco Nexus 9508 Switch

Known Affected Releases


Description (partial)

The Cisco Nexus 9000 cisco python package includes an acl module which is designed to support acl creation, 
deletion and modification.  When entering ip addresses for both source and destination, if you leave out a forward
slash, the module incorrectly assumes that the address is a host address and prepends the host keyword to the
ip address.  If that IP address actually includes a subnet mask it will fail to parse.

This will occur when using the cisco.acl.IPv4ACL.permit(), cisco.acl.IPv4ACL.deny(), cisco.acl.IPv6ACL.permit() 
and cisco.acl.IPv6ACL.deny() methods with source or destination arguments that do not have forward slashes (/)
in them but do contain network masks.  These are valid IP addresses according to the CLI but the cisco.acl module
prepends the IP addresses with the host keyword.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.