BugZero | Cisco BugID CSCws61810 - N9k: After the upgrade, the PBR becomes inactive.

Cisco - Defect ID: CSCws61810

N9k: After the upgrade, the PBR becomes inactive.

Cisco - Defect ID: CSCws61810

N9k: After the upgrade, the PBR becomes inactive.

Last updated on May 20th, 2026

BugZero Risk Score
7.8 High

Overall: 7.8

Severity: 8.2

Lifecycle: 9.1

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

General

This bug was found by a customer, so it needs to be published.

Symptom

After the upgrade, the PBR becomes inactive.

Conditions

- The customer is using pbr on N9K with 10.4(2) - After upgrade, pbr does not work. - `show ip policy vrf all` shows pbr as inactive. Interface Route-map Status VRF-Name Vlan100 Temp-Test-PBR Inactive -- - rpm output following log %RPM-2-PPF_SES_VERIFY: rpm [9135] PPF session verify failed in client npacl(Line card 64/VDC 1/UUID 725) with an error 0xffffffff(Device Name:[0x3FF] Instance:[63] Error Type:[(null)] code:[255])

Workaround

Scenario 1: Before upgrade 1. Before upgrade, disable acllog (no logging ip access-list detailed). This will help PBR to avoid NPACL client verification step. 2. Perform upgrade. Now all PBR policy should be active post upgrade. 3. Then enable acllog again (logging ip access-list detailed) Scenario 2: Recovering PBR policy on already upgraded node 1. Disable acllog (no logging ip access-list detailed) 2. Remove and re-add affected PBR policy on SVI interface and make sure PBR policy is active post that operation. 3. Then enable acllog again (logging ip access-list detailed)

Further Problem Description

Change history

2026-01-16 Added: 10.4(6), 10.5(3), 10.5(4), 10.6(2)

Relevant Products

Click on a version to see all relevant bugs

Affected versions:10.4(6), 10.5(3), 10.5(4), 10.6(2)

Fixed versions: 10.6(2n), 10.6(3)

Relevant Products

Click on a version to see all relevant bugs

Affected versions:10.4(6), 10.5(3), 10.5(4), 10.6(2)

Fixed versions: 10.6(2n), 10.6(3)

Top Cisco Defects

9.7Defect ID: CSCwt50498
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
9.7Defect ID: CSCun06260
XE3.13 Gatekeeper Hardening
9.7Defect ID: CSCwa82553
ISE 3.1 default route is on the incorrect interface if bonding is configured
9.7Defect ID: CSCvs91869
FPR-1000 Series Random Number Generation Error
9.7Defect ID: CSCvq12070
Not able to establish more than 2 simultaneous ASDM sessions

Ready to prevent the next vendor outage?

Get a demo

Cisco - Defect ID: CSCws61810

N9k: After the upgrade, the PBR becomes inactive.

Cisco - Defect ID: CSCws61810

N9k: After the upgrade, the PBR becomes inactive.

Last updated on May 20th, 2026

BugZero Risk Score7.8 High

Bug Details

General

Symptom

Conditions

Workaround

Further Problem Description

Top Cisco Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
7.8 High