Guest

Preview Tool

Cisco Bug: CSCvi01706 - Removing ACE from long ACL interrupts traffic

Last Modified

Jul 26, 2019

Products (1)

  • Cisco Catalyst 4000 Series Switches

Known Affected Releases

15.2(4)E1

Description (partial)

Symptom:
On 4500 Sup8 VSS or standalone, removing any entry from long extended ACL may momentarily interrupt traffic on the interface the ACL is applied to

For example, ping traffic was momentarily lost for two hosts, even though the ACE removed from the ACL was not related to hosts which were pinging each other

Conditions:
Happens just to long ACLs (many entries), not to short ACLs (few entries).
Looks like when any single line is modified in an ACL we have to re-run the ACL merge algorithm and reprogram the whole ACL in hardware which may impact traffic when the ACL is large and so this process takes extra time to complete
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.