Cisco Bug: CSCvs62003 - In Polaris COPP, ARP traffic should use "system-cpp-police-data"
Jan 24, 2020
- Cisco IOS
Known Affected Releases
Symptom: In the COPP Policy present in Polaris, we have a class specifically for ARP traffic. Switch#sh platform software qos copp class-info ACL representable classmap filters are displayed: class-map match-any system-cpp-police-data description ICMP_GEN and BROADCAST match access-group name system-cpp-mac-match-police-data mac access-list extended system-cpp-mac-match-police-data permit any host FFFF.FFFF.FFFF permit any any arp arp-reply permit any any arp arp-request This shows that any Broadcast or ARP packet should go to the "system-cpp-police-data" class. However, it always falls in the "system-cpp-police-forus" class : The ARP Traffic should go to the "system-cpp-police-data" class instead of the "system-cpp-police-forus" class. This causes issues when there's an ARP poisoning happening, then all control traffic / traffic being punted to the CPU (which takes the "system-cpp-police-forus") will also be dropped. Conditions: When there's lot of ARP traffic being sent to the Switch (ARP poisoning).
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases