Guest

Preview Tool

Cisco Bug: CSCvs97799 - Configuring ACL with HTTP option + VLAN ID should not be allowed

Last Modified

Mar 26, 2020

Products (1)

  • Cisco Nexus Data Broker

Known Affected Releases

NDB-03.8

Description (partial)

Symptom:
In NDB, it is possible to configure a filter to redirect traffic using both HTTP tcp-length-option and vlan ID.
This should not be allowed as per defect CSCvs79437. It can lead to traffic being incorrectly matched against the ACL.

Note that starting with NXOS 7.0(3)I7(8) and 9.3(4), such ACL (Http options + VLAN ID) are not going to be allowed to be configured. An error messages will be prompted and logged. NDB should align with this limitation.

Conditions:
NDB filter used to redirect traffic using both:
 - HTTP tcp-length-option
 - vlan id
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.