Guest

Preview Tool

Cisco Bug: CSCvv87067 - Unicast ARP traffic gets classified to the default arp class-map even with separate copp class-maps

Last Modified

Oct 05, 2020

Products (1)

  • Cisco Nexus 3000 Series Switches

Known Affected Releases

7.0(3)I7(8)

Description (partial)

Symptom:
Unicast L2 ARP traffic coming to the switch are punted to CPU as per the DDTS CSCug39787.
However if you have a dedicated arp access list and modify the copp with a class map that rate limit this traffic, these transit L2 unicast ARP (for which the dmac is already learnt) get policed in the default class and you will still see the traffic in ethanalyzer.


STLD1-630-02-02-N3K-RU39(config)# sh arp access-lists ;  ethanalyzer local  interface inband display-filter arp limit-captured-frames 10 ; sh policy-map interface control-plane class meraki_arp ;  sh policy-map interface control-plane class copp-s-arp

ARP access list arp_meraki
10 permit ip host 10.6.128.1 mac any >>>>>>>>>>>>>>>capturing this specific stream
Capturing on inband
2002-03-22 00:15:00.754836 cc:03:d9:6c:01:44 -> 70:ea:5a:7a:31:20 ARP Who has 10.6.152.115?  Tell 10.6.128.1
2002-03-22 00:15:00.754848 cc:03:d9:6c:01:44 -> 70:ea:5a:7a:31:20 ARP Who has 10.6.152.115?  Tell 10.6.128.1
2002-03-22 00:15:00.754856 cc:03:d9:6c:01:44 -> 70:ea:5a:7a:31:20 ARP Who has 10.6.152.115?  Tell 10.6.128.1
2002-03-22 00:15:00.754865 cc:03:d9:6c:01:44 -> 70:ea:5a:7a:31:20 ARP Who has 10.6.152.115?  Tell 10.6.128.1
2002-03-22 00:15:00.754873 cc:03:d9:6c:01:44 -> 70:ea:5a:7a:31:20 ARP Who has 10.6.152.115?  Tell 10.6.128.1
5 packets captured
Control Plane

  service-policy  input: copp-system-policy

    class-map meraki_arp (match-any)
      match access-group name arp_meraki
      police pps 0 
        OutPackets    0
        DropPackets   0
Control Plane

  service-policy  input: copp-system-policy

    class-map copp-s-arp (match-any)
      police pps 2500 
        OutPackets    1215193
        DropPackets   6903334633 >>>>>>>>>>>>>>>>>>>>traffic is policed in the default class

Conditions:
When L2 transit unicast ARP traffic is coming to the switch for which the dmac is already learnt.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.