Guest

Preview Tool

Cisco Bug: CSCvh58169 - Tahoe platform MAC acl cannot filter packets correctly

Last Modified

Aug 13, 2019

Products (1)

  • Cisco Nexus 9000 Series Switches

Known Affected Releases

7.0(3)I7(2)

Description (partial)

Symptom:
Topo:
+---------+E1/1         E1/1+---------+
| N93180  +-----------------+  N9K-2  |
+---------+                 +---------+
SVI1: 1.1.1.1               SVI1: 1.1.1.2(286f.7f7e.62e5)

N93180 configuration:
mac access-list test
   5 permit 286f.7f7e.62e5 0000.0000.0000 any 0x806 <<<<<<<<<permit ARP packets
  10 permit 286f.7f7e.62e5 0000.0000.0000 any ip <<<<<<<<<permit IP packets

interface Ethernet1/1
  switchport
  no shutdown
  mac port access-group test
  mac packet-classify

Problem description:
When ping 1.1.1.1 on N9K-2, all ICMP packets are matched by rule 5(permit ARP packets)

N93180(config)# show mac access-lists test

MAC access list test
        statistics per-entry 
        5 permit 286f.7f7e.62e5 0000.0000.0000 any 0x806 [match=473]
       10 permit 286f.7f7e.62e5 0000.0000.0000 any ip [match=0]

Conditions:
Tahoe based platform
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.