Preview Tool

Cisco Bug: CSCvv15013 - FXOS sending additional internal VLAN TAG leading to ARP update failure on devices.

Last Modified

Sep 02, 2020

Products (1)

  • Cisco Firepower 9300 Series

Known Affected Releases


Description (partial)

a FP9300/4100 chassis with Multi-Instance configuration, port-cannel traffic may be dropped by the peer device because of double VLAN tag traffic when a uesr moves one port channel member from a port channel with subinterface, to another port channel without subinterface. 

1. After rolling back from the engineering fxos build to cco build the ping to the switch ip was not working from the firewall
2. The ping was initiated from the po12 interface of master unit . We then cleared the arp entry for the switch ip and could see the arp entry was not being built
3. Applied elam capture on switch and could see that we were not stripping the outer vlan 1012 while sending arp request as a result switch was dropping it
4. We then bounced the po12 interface but that did not helped . Also reloaded the ftd app but that also did not helped
5. We then reloaded chassis 1 and tested the same tests from chassis 2 ftd app on po12 interface and the ping was working fine and we were sending arp request by stripping vlan tag of 1012
6. After the chassis 1 came up we tested the ping again and it was working fine with the arp request being sent by stripping outer vlan tag of 1012

1. The system has Multi-Instances configuration (with or without clustering)
2. When user moves one port channel member from one port channel with subinterfaces, to another port channel without subinterface, then traffic drops by peer device because of the traffic with double VLAN tag is seen with the port-channel member being moved.
3. The member ports of port channel could be the fix front ports or on the netmods.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.