Guest

Preview Tool

Cisco Bug: CSCus87501 - ASR5000 - IPv6/ICMP6 ACLs not working as expected.

Last Modified

Dec 25, 2016

Products (1)

  • Cisco ASR 5000 Series

Known Affected Releases

17.0.0

Description (partial)

Symptom:
IPv6 / ICMP6 ACLs not working as expected.   ACL Stats not matching expected traffic types.

User performs PING6 sending Echo Request (Type 128) and stats matching Destination Unreachable (Type 1)

Conditions:
Following IPv6 ACL applied to interface:

ipv6 access-list IPv6ICMP
      permit icmp any any 1
      permit icmp any any 2
      permit icmp any any 3
      permit icmp any any 4
      permit icmp any any 128
      permit icmp any any 129
      deny icmp any any
      permit ip any any

ping6 performed  and stats matching wrong type

show ipv6 access-group statistics 
Access group: IPv6ICMP       Priority: 0  
Type:         Interface TEST
Direction:    In 
Rules:
  permit icmp any any 1
    Frames:            101 Bytes:            11692    <<<<<
  permit icmp any any 2
    Frames:              0 Bytes:                0
  permit icmp any any 3
    Frames:              0 Bytes:                0
  permit icmp any any 4
    Frames:              0 Bytes:                0
  permit icmp any any 128
    Frames:              0 Bytes:                0
  permit icmp any any 129
    Frames:              0 Bytes:                0
  deny icmp any any
    Frames:              0 Bytes:                0
  permit ip any any
    Frames:            406 Bytes:            47034
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.