Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Double ACL term

Hi

Can anyone tell me what Cisco means when then said "Double ACL scenario".

Does they means that the packet pass in the standard ACL and then pass in the CBAC dynamic ACL ?

Thank you very much for your help

p.s. It's regarding a possible related bug on my cisco routeur : CSCsr15518

5 REPLIES
Hall of Fame Super Silver

Re: Double ACL term

Hello Martin,

the bug detailed info is not accessible outside Cisco at the moment.

May you describe your issue and your current config in order to get better help ?

Hope to help

Giuseppe

New Member

Re: Double ACL term

Here is the bug detail that I printed out before it become unavailable outside Cisco :

CSCsr15518 Bug Details

Packet drops in cef switching while enabling double ACL

The Fast counter validation failed in cef switching after applying Double ACL.

Condition:

This failure occurred in Double ACL scenario.

Workaround:

none

-----------------------------------------

Our network is a DMVPN network

Hubs router that may be affected with the bug are configured like this :

- Wan interface with inbound extended ACL that deny everything except "ESP", "GRE", "ISAKMP", "established tcp session" etc. We have also an outbound ip inspect policy.

- Tunnel interface (linked with the WAN interface).

New Member

Re: Double ACL term

Sorry, I also have cef switching activated on my wan and tunnel interface.

Thank you very much :)

Hall of Fame Super Silver

Re: Double ACL term

Hello Martin,

I would consider to disable CEF on the wan interface to see if the behaviour changes

Hope to help

Giuseppe

New Member

Re: Double ACL term

I'll probably disable it like you say. But I can't see if packet are dropped like they said in the Bug detail.

But I want also know if the term "Double ACL" is a extended ACL with ip inspect configured on an interface ?

Thank you very much for your help

123
Views
3
Helpful
5
Replies