Cisco Bug: CSCun13225 - FWSM DOC - ACL-Enabled Inspection Limitation
Mar 17, 2014
- Cisco Catalyst 6500 Series Firewall Services Module
Known Affected Releases
Symptom: Configuring Inspection with ACL can cause unexpected ACL memory exhaustion, even while node has plenty of free ACL nodes. Node might not fully recover, from the error and some nameif might be gone from running configuration & hardware. SAMPLE CONFIG: Note: Variable "n" needed to hit issue is unpredictable. access-list ACL extended permit tcp any <S1> <M1> eq sunrpc ..<n x ACE> access-list ACL extended permit tcp any <Sn> <Mn> eq sunrpc service-policy GLOBAL_POLICY global policy-map GLOBAL_POLICY class SUNRPC_CLASS inspect sunrpc class-map SUNRPC_CLASS match access-list ACL Conditions: Inspection with ACL.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases