Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
0
Helpful
3
Replies

DNAC 2.3.7.6 new multicast features?

Go to solution
Andrii Oliinyk
VIP
VIP

‎11-25-2024 02:15 AM

noticed DNAC preparing config like below which affecting some multicast applications in the overlay. cannot find it in any RNs. currently it looks like this only fixable via Day-N template with allowing affected subnets with ACE in ACL. Anybody can explain details on this configuration?
interface L2LISP0
ip access-group SDA-FABRIC-LISP in
ip access-group SDA-FABRIC-LISP out
exit
ip access-list extended SDA-FABRIC-LISP
10 deny ip any host 224.0.0.22 //deny IGMPv3
20 deny ip any host 224.0.0.13 //deny PIM routers
30 deny ip any host 224.0.0.1 //deny all hosts
40 permit ip any any

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Andrii Oliinyk
VIP
VIP

‎11-26-2024 07:07 AM

not new actually... CSCvx70122 : Bug Search Tool

Some of the things to note:-

  • We are not automating ACL push on devices < 17.6
  • Once a customer upgrades DNAC to the release where the fix goes, a banner would be shown indicating the new behavior.
  • If the banner is not yet accepted:
    • ◦            A customer can add devices < 17.6 to the fabric. We wont be pushing any ACLs on these devices
    • ◦            For newly added devices >=17.6, we will be pushing the ACL and apply the ACL on the LISP interface
    • ◦            The devices which are upgraded to 17.6 wont get the new configs till the banner is accepted.
  • Once the banner is accepted:
    • ◦            All the devices must be able to support the new CLI, meaning all devices must have 17.6 This triggers a push on new clis on all devices.
  • For Greenfield scenarios, we will always show a banner. Devices below 17.6 can be added to the fabric as long as the banner is not accepted.

  • removable with network template

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Andrii Oliinyk
VIP
VIP

‎11-26-2024 07:07 AM

not new actually... CSCvx70122 : Bug Search Tool

Some of the things to note:-

  • We are not automating ACL push on devices < 17.6
  • Once a customer upgrades DNAC to the release where the fix goes, a banner would be shown indicating the new behavior.
  • If the banner is not yet accepted:
    • ◦            A customer can add devices < 17.6 to the fabric. We wont be pushing any ACLs on these devices
    • ◦            For newly added devices >=17.6, we will be pushing the ACL and apply the ACL on the LISP interface
    • ◦            The devices which are upgraded to 17.6 wont get the new configs till the banner is accepted.
  • Once the banner is accepted:
    • ◦            All the devices must be able to support the new CLI, meaning all devices must have 17.6 This triggers a push on new clis on all devices.
  • For Greenfield scenarios, we will always show a banner. Devices below 17.6 can be added to the fabric as long as the banner is not accepted.

  • removable with network template
0 Helpful

Go to solution
Andrii Oliinyk
VIP
VIP

‎11-26-2024 07:09 AM

well, i understand the point to block PIM-routers but still didnt got n idea behind IGMPv3 & all-hosts-on-link...

0 Helpful

Go to solution
jedolphi
Cisco Employee
Cisco Employee

‎11-26-2024 08:40 AM

Hi Andy, the blocked addresses came from TAC escalation team. Offhand I don't know exactly what problems lead to this, but the blocks are in response to real problems that have been seen in multiple customer networks. Regards, Jerome

 

0 Helpful
Customers Also Viewed These Support Documents