Cisco Bug: CSCvt72401 - MACSEC protected link no longer passes traffic.
Sep 10, 2020
- Cisco Catalyst 9500 Series Switches
- Cisco Catalyst 9300-48T-A Switch
- Cisco Catalyst 9400 Supervisor Engine-1XL-Y
- Cisco Catalyst C9500-16X-E Switch
- Cisco Catalyst 9300-48P-A Switch
- Cisco Catalyst 9300-48U-A Switch
- Cisco Catalyst 9300-48UXM-A Switch
- Cisco Catalyst 9300-48UN-A Switch
- Cisco Catalyst 9300-48P-E Switch
- Cisco Catalyst C9500-24Q-A Switch
Known Affected Releases
Symptom: A MACSEC protected link that was up and passing traffic will stop passing traffic after a period of time. The MKA session will remain up but no traffic including LLDP/CDP/ARP will pass across the link. Additionally the MACSEC protected link was configured to use replay protection and the configured value of the replay-protection window-size was larger than 2^30-1 Conditions: MACSEC protected link utilizing XPN (extended packet numbering) ciphers and having a replay-protection window-size value larger than 2^30-1 configured.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases