Guest

Preview Tool

Cisco Bug: CSCup97600 - DACL over 26 lines not applied on CAT4500

Last Modified

Sep 14, 2019

Products (1)

  • Cisco IOS

Known Affected Releases

15.1(0.0.10)

Description (partial)

Symptom:
ACL not being applied to the interface of a 4500.

If the DACL lines increase to be more than 26 lines the DACL fails to be applied.

IF the DACL lines are less than 26 lines the DACL is applied fine.

Conditions:
4500 series Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Experimental Version 0.DEV-0 [palrames 100]
ROM: 15.0(1r)SG10

PCs connected directly to the interfaces of the switch no phones in between.

Port Config:

interface GigabitEthernet2/18
 description CONF PHONE
 switchport access vlan 870
 switchport mode access
 switchport voice vlan 8
 ip access-group DEFAULT-ACCESS in
 authentication host-mode multi-auth
 authentication order mab
 authentication priority mab
 authentication port-control auto
 authentication periodic

 authentication timer reauthenticate server
 mab
 spanning-tree portfast
 spanning-tree guard root
 service-policy output TX_QUEUES

RADIUS server:     Aruba Clearpass. 

Successful Attempt:
Jun 10 08:22:03: EPM_SESS_EVENT:valid pmap node for nacl type found
Jun 10 08:22:03: EPM_SESS_EVENT:Received string xACSACLx-IP-Custom_dnload_ACL_Internet-3001-64
Jun 10 08:22:03: EPM_SESS_EVENT:AAA reply (to download ACE's) passed


Failed attempt:
Jun 10 08:11:01: RADIUS: Retransmit to (X.X.X.X:1812,1813) for id 1645/146
Jun 10 08:11:01: RADIUS(00000000): Started 5 sec timeout
Jun 10 08:11:06: RADIUS(00000000): Request timed out! 
Jun 10 08:11:06: RADIUS: No response from (X.X.X.X:1812,1813) for id 1645/146
Jun 10 08:11:06: RADIUS/DECODE: No response from radius-server; parse response; FAIL
Jun 10 08:11:06: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL - FAIL
Jun 10 08:11:06: EPM_SESS_EVENT:valid pmap node for nacl type found
Jun 10 08:11:06: EPM_SESS_EVENT:Received string xACSACLx-IP-Custom_dnload_ACL_Internet-3001-63
Jun 10 08:11:06: EPM_SESS_EVENT:Received AAA Failed reply for acl download
Jun 10 08:11:06: EPM_API:In function epm_send_message_to_client
Jun 10 08:11:06: EPM_SESS_EVENT:Sending response message to process AUTH POLICY Framework
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.