Preview Tool

Cisco Bug: CSCvt13518 - QoS ACL matching incorrectly when udp range is used

Last Modified

Oct 04, 2020

Products (1)

  • Cisco Catalyst 3650 Series Switches

Known Affected Releases

16.6.5 16.9.4

Description (partial)

Traffic is not properly re-marked with policy map configured correctly. Most packets match incorrect class-map.

show policy-map interface <> will show packets increasing in incorrect class.

Empty ACL usage in the class-map configured within policy-map.

class-map matching with ACL using range operand: "permit udp any any range <> <>"

Switch#show access-lists THREE-ACL
Extended IP access list THREE-ACL
    10 permit udp any any range 1000 1100
Switch#show access-list FOUR-ACL

 class-map match-any THREE
  match access-group name THREE-ACL
 class-map match-any FOUR
  match access-group name FOUR-ACL
 policy-map TEST
 class ONE
  set dscp ef
  police cir 512000 bc 32000
 class TWO
  set dscp af41
 class THREE
  set dscp cs3
 class FOUR
  set dscp cs2
 class FIVE
  set dscp cs1
 class SIX
  set dscp af21
 class SEVEN
  set dscp af11
 class class-default
  set dscp default

In the above example, class THREE matches THREE-ACL and class FOUR matches an emtpy/non-existing ACL.

class THREE will operate as a "permit udp any any"
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.