General
Symptoms:
Conditions:
Workaround:
Further Problem Description:
Symptom
All IP SLA ICMP-ECHO probes within the VRF fail when a ping test to an unknown destination is executed from the CLI.
### TERMINAL 1 ###
n7k(config)# sh clock ; ping 1.1.1.1 vrf VRF-100
11:05:10.091 UTC Fri Mar 14 2014
PING 1.1.1.1 (1.1.1.1): 56 data bytes
ping: sendto 1.1.1.1 64 chars, No route to host
Request 0 timed out
SNIP
--- 1.1.1.1 ping statistics ---
5 packets transmitted, 0 packets received, 100.00% packet loss
### TERMINAL 2 (with terminal monitor enabled) ###
n7k# 2014 Mar 14 11:05:12 n7k %EEM_ACTION-6-INFORM: Tracking object 101 went DOWN
2014 Mar 14 11:05:12 n7k %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by admin on vsh.12903
2014 Mar 14 11:05:19 n7k %EEM_ACTION-6-INFORM: Tracking object 108 went DOWN
2014 Mar 14 11:05:19 n7k %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by admin on vsh.12915
Conditions
Nexus 7000 switch is running NX-OS greater or equal than 6.2(2).
Exact conditions are unknown at the moment, but the following features were enabled on the switch during the TAC repro:
feature-set mpls
feature bgp
feature pim
feature isis
feature mpls l3vpn
feature mvpn
feature mpls ldp
feature pbr
feature interface-vlan
feature dot1x
feature hsrp
feature lacp
feature dhcp
feature cts
feature vpc
feature sla sender
feature sla responder
Workaround
Use UDP/TCP IP SLA probes instead.
Further Problem Description
None.
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution
channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
