Guest

Preview Tool

Cisco Bug: CSCvs81835 - Switch Crash @ sisf_snooping_policy_get_seclvl

Last Modified

Aug 29, 2020

Products (1)

  • Cisco Catalyst 3650 Series Switches

Known Affected Releases

16.9.4

Description (partial)

Symptom:
multiple 3650 Switches  in an stack may crash after sometime at the sisf_snooping_policy_get_seclvl function

Conditions:
The conditions leading to the crash involve:

-client mac and IP gets learned because of a snooping policy such as "ip dhcp snooping vlan x"
-authentication fails and client entry gets moved to a new vlan because of a configuration such as:
   interface <if>
      authentication event fail action authorize vlan y
-the snooping policy configuration is deleted on vlan x
    no ip dhcp snooping vlan x
-some time later, the client authentication succeeds then fails. The crash is caused by the client entry having a reference to a policy that was deleted.

The problem is specific to client device-tracking entries being move across VLANs (for example as a result of Sanet authentication change, or integrated wireless controller changes.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.