Guest

Preview Tool

Cisco Bug: CSCvv07864 - Multicast EIGRP traffic not seen on internal FTD interface

Last Modified

Oct 06, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.6(4.42)

Description (partial)

Symptom:
On a FXOS platform with FTD inline pair, multicast traffic is dropped by FXOS before forwarding it to inline pair interfaces.

"show fp" output in FXOS shows that mac-flag is "uc_all" for inline pair interfaces. Here's sample output from lab.

FPR-4110-1(fxos)# show fp | in Eth3

3   Eth3/1       133  0       1     1   uni_ecmp                 1     present uc_all   ecmp           
4   Eth3/1       133  0       63    1   l2_ecmp                  1     present install  ecmp           
5   Eth3/2       134  0       1     1   uni_ecmp                 1     present uc_all   ecmp           
6   Eth3/2       134  0       63    1   l2_ecmp                  1     present install  ecmp           
7   Eth3/3       135  0       1     1   uni_ecmp                 1     present uc_all   ecmp           
8   Eth3/3       135  0       63    1   l2_ecmp                  1     present install  ecmp           
9   Eth3/4       136  0       1     1   uni_ecmp                 1     present uc_all   ecmp           
10  Eth3/4       136  0       63    1   l2_ecmp                  1     present install  ecmp           
20  VP1          133  0       0     0   vlan_port   Eth3/1       0     present ign_mac  intf           
21  VP1          134  0       0     0   vlan_port   Eth3/2       0     present ign_mac  intf           
22  VP1          135  0       0     0   vlan_port   Eth3/3       0     present ign_mac  intf           
23  VP1          136  0       0     0   vlan_port   Eth3/4       0     present ign_mac  intf           

Expected flag is "prom" that should allow all traffic received in FXOS to inline pair interfaces. 

Also from snm_4987_debug.log (from chassis show tech, IOCard nxos logs) we see sometimes the mac-flag is set to "uc_all" (unicast all):

[15942] [2020-07-18 04:51:57.002795][snm_process_single_l2_msg:2559][5th]:yes l2-config static 0000.0000.0000 vlan 102 ingress Eth1/2 ingress-vlan-grp 0 mac-flag uc_all dst-flag ecmp fwd-group 1

Conditions:
Observed in these version:
FXOS 2.6.1.192
FTD 6.4.0.9

Other versions may be affected as well.

FTD in routed mode, "multicast-routing" command must be present in the LINA config and failover should be configured. Impact to clusters is not known currently. 

Symptoms (uc_all flag) do not appear on all interfaces of inline pair immediately. They appear gradually as more failover events occur.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.