Solved: Re: %CABLE_MODEM_HWIC-3-CONTROL_PLANE_FAIL: RBCP failure : Addin

DialerString_2 · ‎01-13-2010

Hello all...

I'm getting %CABLE_MODEM_HWIC-3-CONTROL_PLANE_FAIL: RBCP failure : Adding service flow ACE failed - Ethernet type not supported

on my 1841 which is currently setup for L2L via cable internet. Has anyone seen this before? I can't seem to find anything on Cisco related to this.

The tunnel comes up and I had the same configs using DSL except the interfaces are different. THANKS...

My configs are below:

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key #### address a.a.a.a

crypto isakmp keepalive 20 periodic

!

crypto ipsec security-association lifetime seconds 28800

!

crypto ipsec transform-set xform esp-3des esp-md5-hmac

crypto ipsec df-bit clear

!

crypto map VPN 10 ipsec-isakmp

set peer a.a.a.a

set transform-set xform

set pfs group2

match address CRYPTO_ACL

!

interface Cable-Modem0/1/0

no ip address

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 98.x.x.x 255.255.255.224

ip virtual-reassembly

crypto map VPN

Giuseppe Larosa · ‎01-14-2010

Hello DialerString,

I'm afraid that the ACL is not related to the issue so I would not expect to see anything in debug output

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎01-13-2010

Hello,

the message:

%CABLE_MODEM_HWIC-3-CONTROL_PLANE_FAIL: RBCP failure : Adding service flow ACE failed - Ethernet type not supported

says that cable modem HWIC had a problem at layer 3, an ACL line also named ACE is not compatible with HWIC, the ACL line may be trying to match on ethertype (protocol over ethernet)

How is configured the ACL used in the crpyto map?

Hope to help

Giuseppe

DialerString_2 · ‎01-13-2010

Well the crypto acl is below and I don't have anything on my router that has "ACE". Do you think it could be a broadcast coming of that links since it's configure for bridging?

ip access-list extended CRYPTO_ACL 10.1.17 is my lan

remark Encrypted Traffic

permit ip 10.1.17.0 0.0.0.255 10.0.0.0 0.255.255.255

permit ip 10.1.17.0 0.0.0.255 any

This acl is applied to the BVI1 interface which is bridged to the c0/1/0

ip access-list extended INET_ACL 38.x.x.x is my firewall that terminates the vpn.

remark Internet Traffic

permit udp host 38.x.x.x any eq isakmp

permit esp host 38.x.x.x any

permit tcp host 38.x.x.x any eq 22

Giuseppe Larosa · ‎01-13-2010

Hello DialerString,

ACE stays for ACL control element and is the equivalent of ACL line/statement

I agree that your ACLs are IP ACLs so the message looks like somewhat not related to your current setup.

Also you are using IRB so it is possible that layer 2 frames like broadcast try to go between physical interfaces.

There is an impact on service or your connectivity is fine?

hope to help

Giuseppe

DialerString_2 · ‎01-13-2010

Thanks for the reply Guislar. Yes, it does impact service but for a brief moment 10-30 seconds are so but the tunnels don't drop. I guess I can debug the ACL on that interface, bring the int down and back up. Hopefully I can reproduce the error on the fly. What do you think, Guislar?

Giuseppe Larosa · ‎01-14-2010

Hello DialerString,

I'm afraid that the ACL is not related to the issue so I would not expect to see anything in debug output

Hope to help

Giuseppe

DialerString_2 · ‎01-14-2010

Figured out what he problem was and come to find out there's an issue the providers CMTS that causing the link to go down for 7 seconds and back up again. Thanks Guislar!