OPERATIONAL DEFECT DATABASE
...
...
Console, Telnet/SSH sessions to the switch hang up and the condition does not clear until a reload is done.
Vlan configuration change/add/delete events executed at the time ARP hits the CPU. device-tracking is enabled either explicitly through command line "device-tracking [attach-policy]" on port or vlan) or implicitly by some other feature such as LISP or cli "ip dhcp snooping vlan X". Run "show device-tracking policies" to confirm. Switch freezes, drops end user traffic and also stops executing. Show run/ Show tech-support command is executed. Affects 16.6.3 and 16.3.6. across all platforms. Code versions earlier to each of the mentioned releases are not impacted
The switch will not be recoverable once the condition is hit. Switch will have to be reloaded. Run the following steps to avoid running into the issue, Option 1: 1) Disable IP DHCP snooping No ip dhcp snooping vlan 2-4094 No ip dhcp snooping 2) Disable IPDT/ SISF policy if applied on the interfaces. Int no device-tracking attach-policy 3) Make all the desired vlan config changes, restore the cli's remove from step 1) and 2) above. Option 2 (Intrusive Method, not recommended): - Enable MAC ACL to temporarily block ARP packets. - Apply the ACL on all the ports on the switch or modify the respective CoPP policy. - Make the VLAN changes. - Remove the MAC ACL from the interface, restore CoPP policy if copp is modified. Option 3( Intrisive Method): - Shut down all interfaces - Make VLAN Changes - Unshut all the interfaces
Switch freezes, drops end user traffic and also does not execute CLI's
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
