Guest

Preview Tool

Cisco Bug: CSCur03111 - MACSEC N7K: Link drop with High Traffic on F2E

Last Modified

Feb 01, 2017

Products (8)

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco Nexus 7700 6-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7000 9-Slot Switch
  • Cisco Nexus 7700 10-Slot Switch

Known Affected Releases

6.2(6) 6.2(8a)

Description (partial)

Symptom:
Without MACSEC traffic passes fine and the customer can push roughly 8.6 gig of traffic on the link. However, When MACSEC is configured initially the connection is established as long as there is roughly 5 gigs of traffic or less the link stays established.  

At about 6.5 gigs of traffic, CRC errors may start being seen on the peer port. After that SAP rekey may fail and the macsec link go down. Link will stay down in SAP AUTHEN INCOMPLETE state.

shut/no shut of the interface or remove/reapply of cts config may not resolve the issue. The port would operate in non-cts mode but not in cts encryption mode. Module needs to be reloaded to recover to cts encryption operation.

Conditions:
1. MACSEC is enabled.
2. egress traffic rate exceeds the effective line rate for encrypted traffic.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.