Preview Tool

Cisco Bug: CSCuq69358 - Fix Typo in packet-tracer ZBF drop reason

Last Modified

Feb 07, 2017

Products (21)

  • Cisco IOS
  • Cisco ASR 901-6CZ-FS-D Router
  • Cisco ASR 901-6CZ-F-D Router
  • Cisco ME 3600X-24TS-M Switch
  • Cisco ASR 901S-4SG-F-D Router
  • Cisco ASR 901-4C-FT-D Router
  • Cisco ASR 901-6CZ-F-A Router
  • Cisco ASR 901S-2SG-F-D Router
  • Cisco ASR 901S-2SG-F-AH Router
  • Cisco ASR 901-6CZ-FT-A Router
View all products in Bug Search Tool Login Required

Known Affected Releases


Description (partial)

Packet-tracer ZBF packet drops reports have a typo

ASR reports UDP drops due to classification as:

asr1000#sh platform hardware qfp active feature firewall drop
Drop Reason                                                             Packets

Policy drop:classify result                                                1288

Packet tracer reports the same dropped as:

asr1000#sh platform packet-trace packet 1
Packet: 1           CBUG ID: 4
  Input     : GigabitEthernet1
  Output    : GigabitEthernet3
  State     : DROP 183 (FirewallPolicy)
    Start   : 4077803868916 ns (06/11/2014 10:36:59.786640 UTC)
    Stop    : 4077803888617 ns (06/11/2014 10:36:59.786660 UTC)
Path Trace
  Feature: IPV4
    Source      :
    Destination :
    Protocol    : 17 (UDP)
      SrcPort : 57020
      DstPort : 1967
  Feature: ZBFW
    Action  : Drop
    Reason  : ICMP policy drop:classify result
    Zone-pair name  : internet_to_dmz
    Class-map name  : restrict_service

The word ICMP is confusing here since :

1- It does not match the granular drop reason name
2- It's not related to ICMP

Uses of packet-tracer while troubleshooting packet drops
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.