10-08-2008 07:11 AM - edited 03-03-2019 11:50 PM
Hi
Can anyone tell me what Cisco means when then said "Double ACL scenario".
Does they means that the packet pass in the standard ACL and then pass in the CBAC dynamic ACL ?
Thank you very much for your help
p.s. It's regarding a possible related bug on my cisco routeur : CSCsr15518
10-08-2008 01:14 PM
Hello Martin,
the bug detailed info is not accessible outside Cisco at the moment.
May you describe your issue and your current config in order to get better help ?
Hope to help
Giuseppe
10-09-2008 06:13 AM
Here is the bug detail that I printed out before it become unavailable outside Cisco :
CSCsr15518 Bug Details
Packet drops in cef switching while enabling double ACL
The Fast counter validation failed in cef switching after applying Double ACL.
Condition:
This failure occurred in Double ACL scenario.
Workaround:
none
-----------------------------------------
Our network is a DMVPN network
Hubs router that may be affected with the bug are configured like this :
- Wan interface with inbound extended ACL that deny everything except "ESP", "GRE", "ISAKMP", "established tcp session" etc. We have also an outbound ip inspect policy.
- Tunnel interface (linked with the WAN interface).
10-09-2008 06:14 AM
Sorry, I also have cef switching activated on my wan and tunnel interface.
Thank you very much :)
10-09-2008 06:32 AM
Hello Martin,
I would consider to disable CEF on the wan interface to see if the behaviour changes
Hope to help
Giuseppe
10-09-2008 07:07 AM
I'll probably disable it like you say. But I can't see if packet are dropped like they said in the Bug detail.
But I want also know if the term "Double ACL" is a extended ACL with ip inspect configured on an interface ?
Thank you very much for your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide