Symptom

The stack of Cat9300 switches are experiences booting loop issue during upgrade to 16.12.3a from 16.9.3 if the policy-map and some specific ACL are applied.

Conditions

When both of the following are configured: 1. "service-policy input copp-policy" is applied on the uplink. 2. If you configure an access list such as: ip access-list extended coppacl-interactivemanagement permit tcp host 192.x.x.x host 172.x.x.x established permit tcp host 192.x.x.61 host 172.x.x.x established permit udp host 192.x.x.x host 172.x.x.x eq snmp permit udp host 10.x.x.x host 172.x.x.x eq ntp

Workaround

The only way to recover it from the bootloop it's by removing "service-policy input copp-policy" or removing "established" command from each line the policy is applied on the stack switch.

Further Problem Description