Guest

Preview Tool

Cisco Bug: CSCun18221 - ACL expanded view does not show correct range of source ports

Last Modified

Jul 27, 2018

Products (8)

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco Nexus 7700 6-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco Nexus 7700 10-Slot Switch
  • Cisco Nexus 7000 9-Slot Switch

Known Affected Releases

6.2(6) 6.2(8)

Description (partial)

Symptom:
ACL expanded view, which is defined using object groups, does not show correct range of source ports.

- Configuration:
object-group ip address TEST-IP1
  10 192.168.1.0/24
object-group ip address TEST-IP2
  10 192.168.2.0/24
object-group ip port TEST-UDP1
  10 range 137 139
  20 eq 445
ip access-list TEST-ACL
  10 permit udp addrgroup TEST-IP1 portgroup TEST-UDP1 addrgroup TEST-IP2
ip access-list TEST-ACL2
  10 permit udp addrgroup TEST-IP1 addrgroup TEST-IP2 portgroup TEST-UDP1

- Output of show command:
N7K# sh ip access-lists expanded

IP access list TEST-ACL
        10 permit udp 192.168.1.0/24 range netbios-ns 192.168.2.0/24
        10 permit udp 192.168.1.0/24 eq netbios-ss 192.168.2.0/24
IP access list TEST-ACL2
        10 permit udp 192.168.1.0/24 192.168.2.0/24 range netbios-ns netbios-ss
        10 permit udp 192.168.1.0/24 192.168.2.0/24 eq 445

Conditions:
range option is used in object group to configure continuous-number ports at the same time.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.