Guest

Preview Tool

Cisco Bug: CSCvv82322 - Link inssue when using macsec

Last Modified

Oct 07, 2020

Products (1)

  • Cisco ASR 1000 Series Aggregation Services Routers

Known Affected Releases

16.9.3

Description (partial)

Symptom:
Issue only happens when doing shut/no shut on PE side (ASR 9k). Shut needs to be for a few mins.

After this if we do port bounce on CE side (ASR 1001) then it recovers. In the testing we had to remove macsec from both sides and re-add it to recover links but normally bounce on CE side was enough.

I did notice tat when issue happens on the 9K MKA session is Init and on the ASR 1001 the session shows as secured.

We tried clearing MKA session on CE ASR 1001 but didn't recover. After this we have to remove macsec completely from both ends for it to re-esdtablish and then macsec can be added back.

Conditions:
Hostname:bi51wegr02
Model: ASR1001-X
Version:16.9.3
F340.10.16-ASR1001X-2 / ASR1001-X / 01484FA
telnet F340-10-15-COMM 2033
SSH: 10.122.164.227 (user/pass: cisco/cisco)
Port going to ASR 9k: GigabitEthernet0/0/1

=============================
Using fiber
9922-B[Gi0/0/0/30]<>[Gi0/0/1]F340.10.16-ASR1001X-2
=============================

Hostname: nw05megr20
Model: ASR9K (9910)
ASR 9910 8 Line Card Slot Chassis
Version: 6.6.2
 http://172.18.104.30/rtp_xr.html
 ssh://172.18.87.36/
CEC credentials
Port going to ASR 1001-X: GigabitEtherneti0/0/0/30
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.