Guest

Preview Tool

Cisco Bug: CSCum71431 - Cat3850 FED Reload when trying to being up switch stack

Last Modified

Dec 14, 2018

Products (1)

  • Cisco Catalyst 3850 Series Switches

Known Affected Releases

15.0(1)EZ

Description (partial)

Symptom:
In an environment where downloadable ACLs are used a Cat3850 may report a FED crash.

Conditions:
This crash is triggered due to ACL names longer than 64 characters. Internally, several strings are added to the ACL name, and if the aggregate exceeds 63 characters this crash would be seen.


As an example, consider an ACL configured in an ACS server as "this-acl-is-22-letters".
- ACS adds characters to the beginning and end of this ACL (which can be seen in "show auth sess int <int> detail
- the switch adds characters to the beginning and end of this ACL 

#sh auth sess int gi 2/11 details
            Interface:  GigabitEthernet2/11
            ...
        Authorized By:  Authentication Server
              ACS ACL:  xACSACLx-IP-this-acl-is-22-letters-520492d0
            ...
Any port where a device receives an ACL which is longer then 64 characters will be truncated and this same truncated string will share the ACL programming with other ports in same state and trigger the issue.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.