It seems it's a bug that appeared first in 12.2(50)SE and later releases. To be fixed in SE3, scheduled for release on 23th July.
Best Regards, -mat 2009/7/3 Tim <[email protected]>:
Hi, Mateusz Blaszczyk wrote:This error message shows up every now end then when adding or modyfing an ACL (with or without access-group config on the SVI): Jun 4 03:33:23.347: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9 Rtprot 9 Mcb 13 Feat 3 Jun 4 03:33:23.347: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9 Rtprot 9 Mcb 13 Feat 3 Jun 4 03:33:23.355: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9 Rtprot 9 Mcb 13 Feat 3 Jun 4 03:33:23.355: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9 Rtprot 9 Mcb 13 Feat 3 Can anyone tell me what is the severity of that problem? google is quite quiet apart from link to cisco's error messages list, which is not really helpful.I am getting this on several C3750G, but only with inbound ACLs. Beside the error messages, there is indeed a big impact: the router will (sometimes) drop IP packets with a destination IP address located on the interface (e.g., a BGP session - the BGP session will NOT come up again). Transit traffic were not affected. I can reproduce the error in my Lab. I decided to downgrade to 12.2(46)SE, because I need the BGP sessions... But maybe someone found a solution and/or knows, that Cisco will fix it (soon)? Regards, Tim #################### For the sake of completeness my setup: IP Service 12.2(50)SE and 12.2(50)SE2 on a WS-C3750G-12S-S and WS-C3750G-24TS-S %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9 Rtprot 9 Mcb 13 Feat 3 When I configure an ACL inbound on a routed interface, the Router throws this error message. Also, the router will (sometimes) drop IP packets with a destination IP address located on the router (e.g., a BGP session). Transit traffic is - as far as I can see - not affected. I can reproduce the error. With the older IP Advanced Service 12.2(46)SE it works fine. Setup (IP addresses were anonymised): Gi1/0/12 C3750G-12S-S --------------------------- Uplink Provider | 2.0.0.1/30 2.0.0.2/30 | 1.16.0.0/16 Config snips: router bgp 65454 bgp router-id 2.0.1.1 bgp log-neighbor-changes neighbor 2.0.0.2 remote-as 65000 neighbor 2.0.0.2 transport path-mtu-discovery ! address-family ipv4 neighbor 2.0.0.2 activate neighbor 2.0.0.2 soft-reconfiguration inbound neighbor 2.0.0.2 prefix-list from-UPLINK in neighbor 2.0.0.2 distribute-list 10 out no auto-summary no synchronization network 1.16.0.0 mask 255.255.0.0 exit-address-family ! interface GigabitEthernet1/0/12 description Uplink no switchport ip address 2.0.0.1 255.255.255.252 ip access-group uplink-inbound in ip access-group uplink-outbound out no cdp enable spanning-tree portfast ! ip access-list extended uplink-inbound deny ip 127.0.0.0 0.255.255.255 any deny ip 10.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 192.168.0.0 0.0.255.255 any permit ip any 2.0.0.0 0.0.0.3 permit ip any 1.16.0.0 0.0.255.255 ! ip access-list extended uplink-outbound deny ip any 127.0.0.0 0.255.255.255 deny ip any 10.0.0.0 0.255.255.255 deny ip any 172.16.0.0 0.15.255.255 deny ip any 192.168.0.0 0.0.255.255 permit ip 2.0.0.0 0.0.0.3 any permit ip 1.16.0.0 0.0.255.255 any ! It only affects the inbound ACL, example log output: Jul 3 12:31:14: %PARSER-5-CFGLOG_LOGGEDCMD: User:tim logged command:interface GigabitEthernet1/0/28 Jul 3 12:31:20: %PARSER-5-CFGLOG_LOGGEDCMD: User:tim logged command:ip access-group uplink-inbound in Jul 3 12:31:20: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9 Rtprot 9 Mcb 13 Feat 3 Jul 3 12:31:20: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9 Rtprot 9 Mcb 13 Feat 3 The error message comes also with an ACL, which does not exist: Jul 3 12:32:45: %PARSER-5-CFGLOG_LOGGEDCMD: User:tim logged command:ip access-group doesnotexists in Jul 3 12:32:45: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9 Rtprot 9 Mcb 13 Feat 3 Jul 3 12:32:45: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9 Rtprot 9 Mcb 13 Feat 3 The only statement from Cisco says: """ Explanation An unrecoverable software error occurred while trying to merge the configured input features. [dec] are internal action codes. """ [1] Also, the "Output Interpreter" does not help. And the "Bug Toolkit" does not show any bug. [1] http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/system/message/msg_desc.html
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
