Cisco Bug: CSCvu53554 - ARP is not generated when object group is on outbound ACL
Jun 23, 2020
- Cisco Catalyst 4000 Series Switches
Known Affected Releases
Symptom: Unable to ping some IP addresses on end users connected to Cat4k switch due to ARP not resolving This happens when the end device doesn't send a gratuitous ARP or the device has a secondary IP. Conditions: This problem occurs when there is ObjectGroup ACL [OGACL] present in the outbound direction on the interface [SVI] where the end device is connected. this problem is seen starting from 15.2(6)E2 and later releases ! interface Vlan33 ip address 172.20.33.1 255.255.255.0 ip access-group TAC out ! object-group network TAC2 0.0.0.0 126.96.36.199 188.8.131.52 184.108.40.206 ! ip access-list extended TAC permit ip any object-group TAC2 ! If a permit ip any any is present at the end ACL, the issue disappears.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases