Symptom
This is an enhancement to the behavior of how LISP IPv4 tables are populated. Prior to 17.4+ we used strictly CEF to populate the entries for MAC:IP bindings. This could lead to more IP-to-MAC bindings then what is expected in 17.4 onward. In addition, this also was not a very secure method of populating the tables hence the behavioral change
Conditions
Customer is using bridged VM and upgrades to 17.4+, customer will see the new method of LISP IPv4 tables and how they are populated
Workaround
The behavior moves from CEF only --> utilizing IPDT tables to populate the entries. In this scenario, 21:1 IP:MAC bindings is supported in 17.4 and starting in 17.10 we up this to 1000:1
If customers upgrade and only see a 1:1 entry in IPDT, then they will need to go under the instance-id (or issue the command globally under router listp to impact all VLANs) and allow multiple mac to ip bindings
router lisp
Instance-id 8191
Service ethernet
dynamic-eid detection multiple-addr
*Note* - DNAC does not push these configurations unless you are on a code combination of 17.10/2.3.5. If you are on a release prior to this, then the configurations above will need to be entered manually
Further Problem Description
N/A
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and determined it does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
