OPERATIONAL DEFECT DATABASE
...
...
Packets received by one side of an inline set are sent back out through the same interface. If an adjacent L2 device is sensitive to MAC flaps through different interfaces, such as ACI fabrics, it could trigger a MAC loop policy, generate a message like the following and shut down the interface that receives the packet. Error: epmc_loop_detect_action:1937:E] Disabling learn on vlan 10 mac 0050.56b3.d3d3 due to loop between 0x18010004 and 0x16000001 ts 01:45:55.632572 Similar behavior can be detected on Cisco Switches logs: %SW_MATM-4-MACFLAP_NOTIF: Host 0050.56b3.d3d3 in vlan 102 is flapping between port Te1/1/4 and port Te1/1/2
FTD on transparent mode with Inline set enabled Traffic is hair-pinned of a Layer 3 device and traverses the FTD twice. If packets have no change on Source/Destination IP, Source/Destination Port, and VLAN the second time the packet hits the firewall on the other interface from the same inline set, this problem can be faced for segmented packets from the first time the packet reached the firewall being inspected by the detection engine. This scenario can occur if multiple subnets are being shared on the same VLAN such as Routers with Secondary IP working as gateways on a router-on-a-stick setup or ACI environments where multiple subnets can live on the same domain. Offloaded traffic is not affected. The problem does not occur when the interfaces are in "tap" mode. Flows from one VLAN to another aren't affected. If Syslogs are enabled on Platform settings, the following message is logged. %ASA-6-110004: Egress interface changed from Inside to Outside on tcp connection 364 for INLINE_PAIR/Outside:10.17.15.204/58081 (10.17.15.204/58081) to INLINE_PAIR/Inside:10.16.100.224/80 (10.16.100.224/80)
Apply a pre-filter rule to fastpath this traffic on platforms supporting offloading such as FPR4100 and FPR9300 platforms. Example: Network Object: VLAN_102 10.17.15.204 10.16.100.224 Source Network: VLAN_102 Destination Network: VLAN_102 Action: Fastpath
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
