Cisco Bug: CSCup35657 - Object-group modification not being recognized by ACL
May 05, 2021
- Cisco ASR 9000 Series Aggregation Services Routers
Known Affected Releases
Symptom: An ACL applied on interface is using object-group. The object-group is changed. The change could be add new member, delete existing member. The change was accepted by the system (no error). However, traffic filtering does not behave correctly. It is as if the accepted change has never occurred. Conditions: The ACL has undergone multiple changes. There are multiple edits of object-group that leads to one single most important trigger of this problem - the edit has previously failed. In this customer's case, the object-group edit failed because the resulting ACL requires more TCAM that the system could afford. After the error, another object-group edit is accepted, and the problem occurs. It must be noted that without any prior obj-group edit failure, this issue cannot occur.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases