Guest

Preview Tool

Cisco Bug: CSCur57865 - Port-security on 6800-IA Interface will route first packet

Last Modified

Jan 24, 2017

Products (1)

  • Cisco Catalyst 6000 Series Switches

Known Affected Releases

15.1(2)SY2.1 15.1(2)SY3.1

Description (partial)

Symptom:
Packets that should pass through a 6800-IA and 6k VSS pair in a single VLAN (L2 only) will be routed into a different VLAN per the configured default route.

Conditions:
The packet that is routed unexpectedly must arrive on a 6800-IA interface with port-security configured. 
Port-security must learn a MAC from this packet (punt the packet to CPU) for the issue to trigger. 
A default-route pointing into a different VLAN must be configured.
No SVI should be present in the VLAN the frame initially arrives on to trigger this behavior. An SVI for the default route must be present.

The first packet will be routed into the different VLAN (based on the route configuration).

Subsequent packets will not be routed into a different VLAN (L2 switched only), so long as the MAC is retained in port-security.

If a MAC is aged out or manually removed from port-security, the issue will return.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.