Guest

Preview Tool

Cisco Bug: CSCvt02738 - Non-Fragmented IPv4 packet is matching against egress ACE with "fragments" kewrd

Last Modified

Oct 07, 2020

Products (1)

  • Cisco ASR 9000 Series Aggregation Services Routers

Known Affected Releases

7.1.1.BASE 7.2.1.BASE

Description (partial)

Symptom:
Non-fragmented ipv4 packets matching against egress fragments ACE. The below counters are incrementing for non-frag packets:

RP/0/RP0/CPU0:PE1-Tor#show access-lists ipv4 ipv4_egress_deny1 hardware egress sequence 200 location 0/0/CPU0
Mon Feb 10 19:35:37.121 UTC
ipv4 access-list ipv4_egress_deny1
200 deny ipv4 any any fragments (15169 matches)
RP/0/RP0/CPU0:PE1-Tor#show access-lists ipv4 ipv4_egress_deny1 hardware egress sequence 200 location 0/0/CPU0
Mon Feb 10 19:35:39.812 UTC
ipv4 access-list ipv4_egress_deny1
200 deny ipv4 any any fragments (15503 matches)

Conditions:
Any IPv4 ACE defined and applied with the "fragments" keyword has this issue for packets flowing in the egress direction.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.