%CABLE_MODEM_HWIC-3-CONTROL_PLANE_FAIL: RBCP failure : Adding service flow ACE failed - Ethernet type not supported

Answered Question
Jan 13th, 2010
User Badges:
  • Bronze, 100 points or more

Hello all...

I'm getting %CABLE_MODEM_HWIC-3-CONTROL_PLANE_FAIL: RBCP failure : Adding service flow ACE failed - Ethernet type not supported

on my 1841 which is currently setup for L2L via cable internet. Has anyone seen this before? I can't seem to find anything on Cisco related to this.
The tunnel comes up and I had the same configs using DSL except the interfaces are different. THANKS...
My configs are below:
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key #### address a.a.a.a
crypto isakmp keepalive 20 periodic
!
crypto ipsec security-association lifetime seconds 28800
!
crypto ipsec transform-set xform esp-3des esp-md5-hmac
crypto ipsec df-bit clear
!
crypto map VPN 10 ipsec-isakmp
set peer a.a.a.a
set transform-set xform
set pfs group2
match address CRYPTO_ACL
!
interface Cable-Modem0/1/0
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 98.x.x.x 255.255.255.224
ip virtual-reassembly
crypto map VPN
Correct Answer by Giuseppe Larosa about 7 years 6 months ago

Hello DialerString,

I'm afraid that the ACL is not related to the issue so I would not expect to see anything in debug output


Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
Giuseppe Larosa Wed, 01/13/2010 - 09:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello,

the message:

%CABLE_MODEM_HWIC-3-CONTROL_PLANE_FAIL: RBCP failure : Adding service flow ACE failed - Ethernet type not supported


says that cable modem HWIC had a problem at layer 3, an ACL line also named ACE is not compatible with HWIC, the ACL line may be trying to match on ethertype (protocol over ethernet)


How is configured the ACL used in the crpyto map?


Hope to help

Giuseppe

DialerString_2 Wed, 01/13/2010 - 09:09
User Badges:
  • Bronze, 100 points or more

Well the crypto acl is below and I don't have anything on my router that has "ACE". Do you think it could be a broadcast coming of that links since it's configure for bridging?


ip access-list extended CRYPTO_ACL 10.1.17 is my lan

remark Encrypted Traffic

permit ip 10.1.17.0 0.0.0.255 10.0.0.0 0.255.255.255

permit ip 10.1.17.0 0.0.0.255 any


This acl is applied to the BVI1 interface which is bridged to the c0/1/0


ip access-list extended INET_ACL 38.x.x.x is my firewall that terminates the vpn.

remark Internet Traffic

permit udp host 38.x.x.x any eq isakmp

permit esp host 38.x.x.x any

permit tcp host 38.x.x.x any eq 22

Giuseppe Larosa Wed, 01/13/2010 - 09:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello DialerString,

ACE stays for ACL control element and is the equivalent of ACL line/statement


I agree that your ACLs are  IP ACLs so the message looks like somewhat not related to your current setup.


Also you are using IRB so it is possible that layer 2 frames like broadcast try  to go between physical interfaces.


There is an impact on service or your connectivity is fine?



hope to help

Giuseppe

DialerString_2 Wed, 01/13/2010 - 11:04
User Badges:
  • Bronze, 100 points or more

Thanks for the reply Guislar. Yes, it does impact service but for a brief moment 10-30 seconds are so but the tunnels don't drop. I guess I can debug the ACL on that interface, bring the int down and back up. Hopefully I can reproduce the error on the fly. What do you think, Guislar?

Correct Answer
Giuseppe Larosa Thu, 01/14/2010 - 00:23
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello DialerString,

I'm afraid that the ACL is not related to the issue so I would not expect to see anything in debug output


Hope to help

Giuseppe

DialerString_2 Thu, 01/14/2010 - 11:50
User Badges:
  • Bronze, 100 points or more

Figured out what he problem was and come to find out there's an issue the providers CMTS that causing the link to go down for 7 seconds and back up again. Thanks Guislar!

Actions

This Discussion