Guest

Preview Tool

Cisco Bug: CSCuq29824 - Python PSS: L3 ACL prefix_len should be 32/128 when not set explicitly

Last Modified

Feb 06, 2017

Products (1)

  • Cisco Support Tools

Known Affected Releases

1.3(0)

Description (partial)

Symptom:
While configuring an L3 ACL on a Network Element using a Python onePK app, when the wildcard mask is not specified (i.e. prefix_len is not set explicitly) then it currently gets set to 0. 

Which as a mask means that we do not care about any bits in the src/dst IP address. And what gets configured on the network element is "any"

The correct behavior is for prefix_len to get set to 32 for IPv4 addresses & 128 for IPv6 address, when it is not set explicitly.

From the IOS config guide at this link:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/15-mt/sec-data-acl-15-mt-book/sec-access-list-ov.html#GUID-F9EDD3BA-B951-4CEB-8826-6C01E37DDF1C

--snip--

If you do not supply a wildcard mask with a source or destination address in an access list statement, the software assumes an implicit wildcard mask of 0.0.0.0, meaning all values must match.

--snip--

Conditions:
onePK Python SDK version:  onePK-sdk-python-rel-1.3.0.170
N7K image:  n7000-s2-dk9.7.1.0.D1.0.213.gbin
IOS image:  c3900-universalk9-mz.SSA.155-0.8.T
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.