Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
154
Views
1
Helpful
1
Replies

Cisco 9300 - Multicast, Network Objects and ACL Issues

Othacon
Level 1
Level 1

‎11-19-2025 03:57 AM - edited ‎11-19-2025 04:04 AM

Hi all,

Hope to find everyone well. 

I'm configuring in a Cisco Catalyst 9300 with 17.12.6, several ACLs that are being applied in the a VLAN SVI in the input. 

I've configured several network objects, but found that initially with the multicast it works well and the ACL allows the traffic through, but after some days the multicast stops working and I see that the ACL starts blocking the multicast stream. 

I've seen that theres some bugs in the IOS that don't handle well the network objects with the TCAM and can start blocking stuff that it shouldn't but I believed this had been fixed in the version I had. 

The only way for me to bypass and correct this is to create entries manualy and not use the network objects. The only issue with this is, my ACLs grow immensively by doing this and become more confusing.

please is anyone aware of this or know how to correct it? 

Thank you

 

Labels:
0 Helpful
1 Reply 1

Enes Simnica
Spotlight
Spotlight

‎11-20-2025 07:06 AM

gDay @Othacon This is most likely the Tcam/network-object bug on the 9300. Even in 17.12.x, ACLs with object groups can stop matching multicast after a few days, which is why it works at first and then starts blocking.

Which means that ur workaround is the only reliable fix until Cisco patches it. What i would do, is upgrade to the newest 17.12 build and/or open a TAC case so they can confirm the exact bug.........

hope it helps and PEACE!

 

-Enes

more Cisco?!
more Gym?!



If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!
Customers Also Viewed These Support Documents