Guest

Preview Tool

Cisco Bug: CSCvs62003 - In COPP policy, ARP traffic should be classified under the "system-cpp-police-forus" class

Last Modified

Sep 01, 2020

Products (14)

  • Cisco IOS
  • Cisco ASR 1000 Series IOS XE SD-WAN
  • Cisco 4221 Integrated Services Router
  • Cisco 4331 Integrated Services Router
  • Cisco 4321 Integrated Services Router
  • Cisco ASR 1002-X Router
  • Cisco ASR 1001-X Router
  • Cisco 4351 Integrated Services Router
  • Cisco ISR 4000 Series IOS XE SD-WAN
  • Cisco ISR 1000 Series IOS XE SD-WAN
View all products in Bug Search Tool Login Required

Known Affected Releases

16.9.3

Description (partial)

Symptom:
In the COPP Policy present in Polaris, we have a class specifically for ARP traffic.
Switch#sh platform software qos copp class-info
ACL representable classmap filters are displayed:
class-map match-any system-cpp-police-data
   description ICMP_GEN and BROADCAST
   match access-group name system-cpp-mac-match-police-data
    mac access-list extended system-cpp-mac-match-police-data
      permit any host FFFF.FFFF.FFFF
      permit any any arp arp-reply
      permit any any arp arp-request
                This shows that any Broadcast or ARP packet should go to the "system-cpp-police-data" class.
                However, it always falls in the "system-cpp-police-forus" class :            
                
This classification is wrong, and ARP always should go to FORUS Class (as per the current architecture).
So, this defect has been used to fix the output of the command "sh platform software qos copp class-info", where ARP is now shown to be inside the FORUS Class.

Conditions:
When there's lot of ARP traffic being sent to the Switch (ARP poisoning).
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.