Guest

Preview Tool

Cisco Bug: CSCvs28177 - ACL is dropping Packets incorretly

Last Modified

Jan 16, 2020

Products (1)

  • Cisco XE SD-WAN Routers

Known Affected Releases

16.12.1b

Description (partial)

Symptom:
Packet Drops

Conditions:
* cEdge devices (c1111), version 16.12.1b
* ACL config over VLAN interface
* ACL Configuration on cEDGE
interface Vlan121
  access-list APT_POS_IN in
exit

access-list APT_POS_IN
  sequence 11
   match
    destination-ip   194.200.200.129/32
    destination-port 2100
    protocol         6
   !
   action accept
   !
  !
  default-action drop
 !

*Packet Capture

Summary
  Input     : GigabitEthernet0/1/0
  Output    : Vlan121
  State     : DROP 480 (SdwanAclDrop)

Path Trace
  Feature: IPV4(Input)
    Input       : GigabitEthernet0/1/0
    Output      : <unknown>
    Source      : 10.121.40.28
    Destination : 194.200.200.129
    Protocol    : 6 (TCP)
      SrcPort   : 27061
      DstPort   : 2100

Feature: SDWAN ACL IN
    Interface    : Vlan121
    CG           : 2
    Seq          : 65535
    Policy Flags : 0x3
    Action : DROP_PKT
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.