OPERATIONAL DEFECT DATABASE
...
...
C9300 G1/0/1-----------G0/0/0 ISR4451 I set it as below to allow ICMP packets from ISR to pass through, but the permit entry is not working. ISR4451#sh run in g0/0/0 Building configuration... interface GigabitEthernet0/0/0 ip address 10.xx.xx.125 255.255.255.192 negotiation auto end C9300 interface Vlan910 ip address 10.xx.xx.126 255.255.255.192 no ip unreachables no ip proxy-arp ip access-group ACL-vlan910 in ip access-list extended ACL-vlan910 10 permit object-group ICMP object-group Test01 object-group Test02 9999 deny ip any any log interface GigabitEthernet1/0/1 switchport access vlan 910 switchport mode access object-group service ICMP icmp object-group network Test01 host 10.xx.xx.125 object-group network Test02 host 10.xx.xx.126 *Dec 28 22:27:11.397: %SEC-6-IPACCESSLOGDP: list ACL-vlan910 denied icmp 10.xx.xx.125 -> 10.xx.xx.126 (8/0), 8 packets
Set the G-ACL on C9300 16.12.4.
permit icmp host 10.xx.xx.125 host 10.xx.xx.126 Communication is possible by defining ACE as described above.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
