Loading...
Loading...
- Two cat9k access switches directly connected to c9600X chassis as an example below: c9200----c9600X(sup2)----c9300 - ping from c9200 to c9300 via ipv6 is not working - ping from c9200 to c9300 via ipv4 is working - pings from c9200 and c9300 to c9600 works fine via ipv6 and ipv4.
- Both access switches are directly linked to the core with the trunk links. - All devices have SVI Vlan1, correct trunk configuration and IPv6 unicast-routing is enabled. - While trying to ping between access switches by IPv6 it fails. However, while pinging by IPv4 the reachability is successful. - Issue is seen first on 17.13.1 and confirmed on 17.9.4, 17.12.1 - Issue is only seen if there is a C9600X-SUP-2 between. (Tested with c9500X and issue is there as well) - Issue is not present if the core is c9500 or any other L3 device.
N/A
Troubleshooting Done so far: - Changed the native VLAN on all devices. - Configured/removed link-local on all SVI's. - Assigned static ip route to the destinations - Changed SDM template on each box - Enabled/disabled ipv6 unicast-routing, re-configured SVI's, re-configured trunk ports. - Rebooted all boxes. - No pending objects. - Punt captures verifies that IPV6 ND is reaching to c9600-sup2 - EPC captures and IPv6 ND debugs verifies the both access switches do not receive any response packets back for their ping requests. - Tested the same setup by using different images on c9600-sup2 with 17.9.4 , 17.12.1, 17.13.1 and the issue is still seen. + Removed the C9600-SUP2 between and connected a C9500 with the same configurations. + With the c9500 in between, all ipv4/ipv6 connectivity started to work just fine. + Therefore, we are suspecting the S1 SUP-2 on c9600X chassis is dropping the IPv6 ND packets which is causing IPv6 connectivity failure with in the same VLAN. PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and determined it does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.