Cisco Bug: CSCvt13518 - QoS ACL matching incorrectly when udp range is used
Oct 04, 2020
- Cisco Catalyst 3650 Series Switches
Known Affected Releases
Symptom: Traffic is not properly re-marked with policy map configured correctly. Most packets match incorrect class-map. show policy-map interface <> will show packets increasing in incorrect class. Conditions: Empty ACL usage in the class-map configured within policy-map. class-map matching with ACL using range operand: "permit udp any any range <> <>" Switch#show access-lists THREE-ACL Extended IP access list THREE-ACL 10 permit udp any any range 1000 1100 Switch#show access-list FOUR-ACL Switch# class-map match-any THREE match access-group name THREE-ACL class-map match-any FOUR match access-group name FOUR-ACL policy-map TEST class ONE set dscp ef police cir 512000 bc 32000 class TWO set dscp af41 class THREE set dscp cs3 class FOUR set dscp cs2 class FIVE set dscp cs1 class SIX set dscp af21 class SEVEN set dscp af11 class class-default set dscp default In the above example, class THREE matches THREE-ACL and class FOUR matches an emtpy/non-existing ACL. class THREE will operate as a "permit udp any any"
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases