Guest

Preview Tool

Cisco Bug: CSCup35657 - Object-group modification not being recognized by ACL

Last Modified

Jul 26, 2018

Products (1)

  • Cisco ASR 9000 Series Aggregation Services Routers

Known Affected Releases

4.3.4.BASE

Description (partial)

Symptom:

An ACL applied on interface is using object-group. The object-group is changed.
The change could be add new member, delete existing member.

The change was accepted by the system (no error). However, traffic filtering
does not behave correctly. It is as if the accepted change has never occurred.

Conditions:

The ACL has undergone multiple changes. There are multiple edits of object-group
that leads to one single most important trigger of this problem - the edit has
previously failed. In this customer's case, the object-group edit failed because
the resulting ACL requires more TCAM that the system could afford. 

After the error, another object-group edit is accepted, and the problem occurs.

It must be noted that without any prior obj-group edit failure, this issue
cannot occur.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.