Guest

Preview Tool

Cisco Bug: CSCvs10147 - Nexus 5596 crash in aclmgr

Last Modified

Jun 16, 2020

Products (1)

  • Cisco Nexus 5000 Series Switches

Known Affected Releases

7.3(2)N1(1)

Description (partial)

Symptom:
A nexus 5596 running 7.3(2)N1(1) may crash in aclmgr

The switch may show output such as below:

`show system reset-reason`
----- reset reason for Supervisor-module 1 (from Supervisor in slot 1) ---
1) At 55688 usecs after Sat Oct 26 01:24:22 2019
    Reason: Reset triggered due to HA policy of Reset
    Service: aclmgr hap reset
    Version: 7.3(2)N1(1)


'show logging log'
<snip>
%SYSMGR-2-SERVICE_CRASHED: Service "aclmgr" (PID 4057) hasn't caught signal 6 (core will be saved).
<snip>


`show cores`
VDC  Module  Instance  Process-name     PID       Date(Year-Month-Day Time)
---  ------  --------  ---------------  --------  -------------------------
1    1       1         aclmgr           4057      2019-10-26 01:31:13

Conditions:
The issue is believed to be educed via modification of the forescout_acl. For some unknown reason, the modification of the acl is not entirely successful and it creates a memory leak situation which ultimately crashes aclmgr. 

To see if the issue is ongoing , Check access-list  modification status in "show accounting log"

Example:
Sat Oct 26 01:23:35 2019:type=update:id=<snip>@pts/1:user=svc_forescout:cmd=configure terminal ; ip access-list forescout_acl ; 200380 deny tcp host <snip> any eq 443 (REDIRECT))
Sat Oct 26 01:23:35 2019:type=update:id=<snip>@pts/1:user=svc_forescout:cmd=configure terminal ; ip access-list forescout_acl ; 200380 deny tcp host <snip> any eq 443 (FAILURE)
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.