Preview Tool

Cisco Bug: CSCvu53554 - ARP is not generated when object group is on outbound ACL

Last Modified

Jun 23, 2020

Products (1)

  • Cisco Catalyst 4000 Series Switches

Known Affected Releases


Description (partial)

Unable to ping some IP addresses on end users connected to Cat4k switch due to ARP not resolving
This happens when the end device doesn't send a gratuitous ARP or the device has a secondary IP.

This problem occurs when there is ObjectGroup ACL [OGACL] present in the outbound direction on the interface [SVI] where the end device is connected.
this problem is seen starting from 15.2(6)E2 and later releases

interface Vlan33
 ip address
 ip access-group TAC out
object-group network TAC2
ip access-list extended TAC
 permit ip any object-group TAC2
If a permit ip any any is present at the end ACL, the issue disappears.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.