BugZero | Cisco BugID CSCvq05865 - Cat3K/9K-16.6.6 "% Hardware failure" DT trunk poli...

Cisco - Defect ID: CSCvq05865

Cat3K/9K-16.6.6 "% Hardware failure" DT trunk policy fails to be applied if ARP gleaning is disabled

Cisco - Defect ID: CSCvq05865

Cat3K/9K-16.6.6 "% Hardware failure" DT trunk policy fails to be applied if ARP gleaning is disabled

Last updated on 11/23/2020

Overall: 5.65.6

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 5.65.6

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

Cat3k/9300/9400- 16.6.x Note- It is NOT a hardware failure, just an error message to indicate that policy failed to be attached to interface. If ARP gleaning is diasbled in DT trunk policy (which is used to disable tracking on trunk interfaces), interface configuration fails to accept the command "device-tracking attach-policy " ! But if the policy is already attached (ARP gleaning enabled) and then policy is modified to NOT glean ARP, it continues working fine. F340.26.11-3800-1(config)#int te1/0/1 F340.26.11-3800-1(config-if)#device-tracking attach-policy disable_ipdt % Hardware failure ! Policy disable_ipdt configuration: trusted-port security-level guard device-role node NOT gleaning from Neighbor Discovery NOT gleaning from DHCP NOT gleaning from ARP <<<<<<<<<<<<<<<<< gleaning from DHCP4 NOT gleaning from protocol unkn !

Conditions

This is seen only when "protocol ARP" gleaning is set to be disabled. it is enabled by default so customers won't see this issue, if ARP gleaning is not disabled manually. Policy disable_ipdt configuration: trusted-port security-level guard device-role node NOT gleaning from Neighbor Discovery NOT gleaning from DHCP NOT gleaning from ARP <<<<<<<<<<<<<<<<< only when this is set to be disabled

Workaround

Workaround- "Enable protocol ARP", attach the policy to required interfaces and then disable protocol ARP again. F340.26.11-3800-1(config)#device-tracking policy disable_ipdt F340.26.11-3800-1(config-device-tracking)#protocol arp ! F340.26.11-3800-1(config)#interface te1/0/1 F340.26.11-3800-1(config-if)#device-tracking attach-policy disable_ipdt ! F340.26.11-3800-1(config)#device-tracking policy disable_ipdt F340.26.11-3800-1(config-device-tracking)#no protocol arp !

Further Problem Description

If the condition matches, issue might be seen after reload as well. follow the workaround after reload, to attach the policy again. Until the sofwtare fix is available, you may also choose to configure an EEM script on switch to automate that process after reload. Please contact TAC for any assistance needed with the EEM.

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvq05865

Cat3K/9K-16.6.6 "% Hardware failure" DT trunk policy fails to be applied if ARP gleaning is disabled

Cisco - Defect ID: CSCvq05865

Cat3K/9K-16.6.6 "% Hardware failure" DT trunk policy fails to be applied if ARP gleaning is disabled

Last updated on 11/23/2020

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?