BugZero | Cisco BugID CSCwa85257 - SDA:VXLAN Encapsulated Unicast DHCP ACK packet, af...

Cisco - Defect ID: CSCwa85257

SDA:VXLAN Encapsulated Unicast DHCP ACK packet, after arriving at Fabric Edge is silently dropped

Cisco - Defect ID: CSCwa85257

SDA:VXLAN Encapsulated Unicast DHCP ACK packet, after arriving at Fabric Edge is silently dropped

Last updated on 4/28/2025

Overall: 7.97.9

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 66.0

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 7.97.9

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 66.0

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

- VXLAN Encapsulated Unicast DHCP ACK packet, after arriving at Fabric Edge is rewritten to FFF... and silently dropped - Packet arriving at FE Ethernet II, Src: XX:XX:78:f4:ce:5f (XX:XX:78:f4:ce:5f), Dst: XX:XX:1f:b0:f2:c6 (XX:XX:1f:b0:f2:c6) Internet Protocol Version 4, Src: XX.30.255.1, Dst: XX.30.130.65 User Datagram Protocol, Src Port: 65415, Dst Port: 4789 Virtual eXtensible Local Area Network Ethernet II, Src: XX:XX:78:f4:00:00 (XX:XX:78:f4:00:00), Dst: XX:XX:cd:f4:ad:38 (XX:XX:cd:f4:ad:38) Internet Protocol Version 4, Src: XX.30.80.1, Dst: XX.30.3.14 User Datagram Protocol, Src Port: 67, Dst Port: 68 Bootstrap Protocol (ACK) Message type: Boot Reply (2) Hardware type: Ethernet (0x01) Hardware address length: 6 Hops: 0 Transaction ID: 0x3d07218f Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) Client IP address: XX.30.3.14 Your (client) IP address: 0.0.0.0 Next server IP address: 0.0.0.0 Relay agent IP address: XX.30.3.254 Client MAC address: XX:XX:ab:c4:58:e9 (XX:XX:ab:c4:58:e9) <<<-- client MAC Client hardware address padding: 00000000000000000000 edge-01#show platform dhcpsnooping client stats XXXX.abc4.58e9 DHCPSN: DHCP snooping server DHCPD: DHCP protocol daemen L2FWD: Transmit Packet to driver in L2 format FWD: Transmit Packet to driver (B): Dhcp message's response expected as 'B'roadcast (U): Dhcp message's response expected as 'U'nicast 2022/01/27 12:16:27.697 XXXX.583A.206D XX.30.80.1 0 DHCPINFO INJECT:RECEIVED 2022/01/27 12:16:27.697 XXXX.583A.206D XX.30.80.1 0 DHCPINFO INJECT:TO_L2FWD 2022/01/27 12:16:27.698 FFFF.FFFF.FFFF XX.30.3.14 0 DHCPACK(U) PUNT:RECEIVED <<-- packet is with flag U but destination FFFF.FFFF.FFFF 2022/01/27 12:16:27.698 FFFF.FFFF.FFFF XX.30.3.14 0 DHCPACK(U) PUNT:TO_DHCPD - packets are not seen in FED captures nor DHCP snooping debugs - the drop can be observed after enabling "debug ip errors" 085471: Jan 28 19:45:09.992: %IP-6-PHYBCASTDROP: Physical broadcast packet detected and dropped, src=XX.30.80.1, dst=XX.30.3.14

Conditions

- problem applies only to unicast DHCP ACK packets sent as a response to additional INFORM messages, after obtaining IP by a host - all other regular DORA DHCP packets are forwarded correctly

Workaround

none

Further Problem Description

Fixed in 17.3.6, 17.6.4 , 17.9.1

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwa85257

SDA:VXLAN Encapsulated Unicast DHCP ACK packet, after arriving at Fabric Edge is silently dropped

Cisco - Defect ID: CSCwa85257

SDA:VXLAN Encapsulated Unicast DHCP ACK packet, after arriving at Fabric Edge is silently dropped

Last updated on 4/28/2025

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?