Guest

Preview Tool

Cisco Bug: CSCvu59031 - ACL same on all cluster but error seen "Number of ace is not consistent across the cluster"

Last Modified

Jun 22, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.9(2.52)

Description (partial)

Symptom:
Four ASAs Logical Devices installed on FirePower 4120 devices

Working an inter-site cluster with 2 sites(Data Centers), 2 devices per Data Center (routed mode with Spanned EtherChannel interfaces)

 - After we issue the command: "show cluster access-list vlan4out" the error is seen: 
 "Error: Number of ace is not consistent across the cluster. access-list configuration should be same across the cluster."
 - The output is on all devices, and the configuration is consistent on all cluster's members.
 - The issue is observed not for all access-lists configured, only for several.

Conditions:
The ACEs number was the same but there is a difference in order (in the ACLs, not the entries inside the ACL)
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.