Symptom
A Nexus device may report the following error when an access-list applied to the management interface and contains an unsupported option. In this example, remark is not supported in an ACL applied to the management interface. Also, the Seq number reported in the warning message is incorrect.
%NPACL-2-IPT_WARNING: npacl [21659] WARNING: Mgmt ACL: ACL-NAME Seq 0 has ACL option that is not supported in kernel stack. Hence that option is not added in its filter rule.
Only use supported options in an ACL applied to the management interface:
protocol, source-ip, destination-ip, source-port, and destination-port
Conditions
An ACL configured with remark sequences and applied to the management interface.
Example: N9K-C93240YC-FX2 with NX-OS 10.2(3)
ip access-list acl-cisco-tac
10 remark Cisco <<<<<<<<<<< REMARK #1
20 allow tcp any any eq 443
30 remark TAC <<<<<<<<<<< REMARK #2
40 allow ip any any
interface mgmt0
ip access-group ACL-Cisco-TAC in
Workaround
Only supported options must be used on management interface ACLs, such as protocol, source-ip, destination-ip, source-port, and destination-port.
There is no workaround for the correcting the Seq number displayed.
Further Problem Description
The cosmetic defect and will not have any functional impact on the Nexus platform.
