Cisco Bug: CSCur57865 - Port-security on 6800-IA Interface will route first packet
Jan 24, 2017
- Cisco Catalyst 6000 Series Switches
Known Affected Releases
Symptom: Packets that should pass through a 6800-IA and 6k VSS pair in a single VLAN (L2 only) will be routed into a different VLAN per the configured default route. Conditions: The packet that is routed unexpectedly must arrive on a 6800-IA interface with port-security configured. Port-security must learn a MAC from this packet (punt the packet to CPU) for the issue to trigger. A default-route pointing into a different VLAN must be configured. No SVI should be present in the VLAN the frame initially arrives on to trigger this behavior. An SVI for the default route must be present. The first packet will be routed into the different VLAN (based on the route configuration). Subsequent packets will not be routed into a different VLAN (L2 switched only), so long as the MAC is retained in port-security. If a MAC is aged out or manually removed from port-security, the issue will return.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases