cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
782
Views
3
Helpful
5
Replies

Double ACL term

Hi

Can anyone tell me what Cisco means when then said "Double ACL scenario".

Does they means that the packet pass in the standard ACL and then pass in the CBAC dynamic ACL ?

Thank you very much for your help

p.s. It's regarding a possible related bug on my cisco routeur : CSCsr15518

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Martin,

the bug detailed info is not accessible outside Cisco at the moment.

May you describe your issue and your current config in order to get better help ?

Hope to help

Giuseppe

Here is the bug detail that I printed out before it become unavailable outside Cisco :

CSCsr15518 Bug Details

Packet drops in cef switching while enabling double ACL

The Fast counter validation failed in cef switching after applying Double ACL.

Condition:

This failure occurred in Double ACL scenario.

Workaround:

none

-----------------------------------------

Our network is a DMVPN network

Hubs router that may be affected with the bug are configured like this :

- Wan interface with inbound extended ACL that deny everything except "ESP", "GRE", "ISAKMP", "established tcp session" etc. We have also an outbound ip inspect policy.

- Tunnel interface (linked with the WAN interface).

Sorry, I also have cef switching activated on my wan and tunnel interface.

Thank you very much :)

Hello Martin,

I would consider to disable CEF on the wan interface to see if the behaviour changes

Hope to help

Giuseppe

I'll probably disable it like you say. But I can't see if packet are dropped like they said in the Bug detail.

But I want also know if the term "Double ACL" is a extended ACL with ip inspect configured on an interface ?

Thank you very much for your help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: