Cisco Bug: CSCum71431 - Cat3850 FED Reload when trying to being up switch stack
Dec 14, 2018
- Cisco Catalyst 3850 Series Switches
Known Affected Releases
Symptom: In an environment where downloadable ACLs are used a Cat3850 may report a FED crash. Conditions: This crash is triggered due to ACL names longer than 64 characters. Internally, several strings are added to the ACL name, and if the aggregate exceeds 63 characters this crash would be seen. As an example, consider an ACL configured in an ACS server as "this-acl-is-22-letters". - ACS adds characters to the beginning and end of this ACL (which can be seen in "show auth sess int <int> detail - the switch adds characters to the beginning and end of this ACL #sh auth sess int gi 2/11 details Interface: GigabitEthernet2/11 ... Authorized By: Authentication Server ACS ACL: xACSACLx-IP-this-acl-is-22-letters-520492d0 ... Any port where a device receives an ACL which is longer then 64 characters will be truncated and this same truncated string will share the ACL programming with other ports in same state and trigger the issue.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases