Cisco Bug: CSCvi09442 - Cat9400 - Incorrect DACL applied to port
Aug 21, 2019
- Cisco Catalyst 9400 Series Switches
Known Affected Releases
Symptom: On a Cat9400 using MAB, an incorrect DACL may be applied to some previously authenticated interfaces when another interface authenticates and uses a different DACL. The new DACL will be applied to the interfaces instead. This can cause unexpected loss of connectivity or allow traffic to pass that shouldn't. Example: Interface X: Authenticates on phone profile, uses DACL A Interface Y: Authenticates on default profile, uses DACL B Assuming interface X is already up and authenticated, when interface Y comes up and authenticates, both interfaces X and Y will have DACL B applied. Conditions: 1. "show access-session interface <intf> detail" for affected endpoint will still show as "Auth Success" for MAB and correct DACL associated with interface. 2. "show platform software fed active acl iifid <endpoint_iifid>" will show that affected interface is associated with correct DACL and Group GCID.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases