Cisco Bug: CSCum57888 - MAC security logging doesn't work on Trident LC
Oct 24, 2018
- Cisco ASR 9000 Series Aggregation Services Routers
Known Affected Releases
4.2.3.BASE 4.3.0.BASE 4.3.1.BASE 4.3.4.BASE 5.1.0.BASE
Symptom: 1. When MAC address moves from one bridge port to another, only one NP on all Trident line cards will successfully update the MAC entry. The rest NPs on Trident line cards will not have the MAC entry updated to the 2nd bridge port. 2. After MAC flush operation, if the flushed MAC is received on a different bridge port than previously learned, only one NP on all Trident line cards can successfully learn the MAC on new port. The rest NPs on Trident line cards will not learn the MAC. 3. In both case 1 and 2, MAC table on Trident line cards are out of sync among NPs. It takes about half MAC age (2.5 minutes by default) for the MAC table to be synchronized among NPs when traffic from the source MAC is continuously received on ASR9k switch. Although MAC table is out of sync, traffic forwarding impact is no expected. If there is traffic sent to the MAC destination which is missing on some NPs, the MAC out of sync problem is corrected immediately. 4. If MAC security feature is configured in the bridge domain or on bridge ports and the MAC security action is "none" with logging enabled, logging function will not work when MAC move occurs among bridge ports on GigE and TenGigE main/sub interfaces. Conditions: Impacted LC and interface types: GigE and TenGigE main/sub L2 interface on Trident line cards are impacted by the defect. If MAC moves among PW bridge ports, Ether bundle based bridge ports, BVI based bridge ports, or any other types of internal/virtual bridge ports, the defect has no impact.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases