Guest

Preview Tool

Cisco Bug: CSCvt00231 - Stale entry in HW due an incorrect policy-tcam entry move which caused traffic to be policy dropped

Last Modified

Oct 03, 2020

Products (22)

  • Cisco Nexus 9000 Series Switches
  • Cisco Nexus 9516 Switch
  • Cisco Nexus 9396PX Switch
  • Cisco Nexus 9396TX Switch
  • Cisco Nexus 93108TC-FX Switch
  • Cisco Nexus 93120TX Switch
  • Cisco Nexus 9372TX-E Switch
  • Cisco Nexus 93108TC-EX Switch
  • Cisco Nexus 9504 Switch
  • Cisco Nexus 9332PQ Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

13.2(4d)

Description (partial)

Symptom:
Traffic destined to a switch is policy dropped.  The contracts configured on the switch look correct, but the ELAM drop reason shows a clear SECURITY_GROUP_DENY. If you dump the FPC and FPB pt.index results of the ELAM, the values are different. Specifically, the FPC index is wrong when you check the Stats Idx under the specific ACLQOS rule. FPC should be the summary of the final result. In this case, there are two hits, but there is one stable entry in TCAM and one that is not stable.

Conditions:
This is a corner case. This bug is hit due to an incorrect internal TCAM shuffling logic that resulted in a stale entry. The probability of hitting this in real network is very low.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.