取消
显示结果 
搜索替代 
您的意思是: 
cancel
5396
查看次数
0
有帮助
6
回复

关于object-group定义的network组关联到ACL中后被识别为any的问题

iosvip_163_com
Spotlight
Spotlight
各位坛友,大家好! 感谢支持!
问题现象:在object-group定义的network组中,不管配置的地址段是啥?数量多少?,
其关联到ACL中并应用到接口,其均被识别为any。
一、object-group基础配置:
****-7609(config)#do show obj name test_a //创建网络对象组 test_a
Network object group test_a
192.168.1.0 255.255.255.0
192.168.2.0 255.255.255.0
****-7609(config)#do show obj name test_c
Network object group test_c
192.168.12.0 255.255.255.0
192.168.13.0 255.255.255.0
****-7609(config)#do show obj name test_srv //创建协议&服务对象组 test_srv
Service object group test_srv
tcp-udp eq 80
tcp-udp eq 22
tcp-udp eq 23
tcp-udp eq 161
tcp-udp eq 162
二、配置IP-ACL并应用在某接口入方向
****-7609#sh ip access-lists test_obj_group
Extended IP access list test_obj_group
5 permit ip object-group test_a 192.168.24.0 0.0.1.255
10 deny ip object-group test_a 192.168.10.0 0.0.1.255
20 permit object-group test_srv 192.168.1.0 0.0.0.255 object-group test_c
三、基于接口在TCAM中查询分配情况
****-7609#show tcam int g1/4 acl in ip
* Global Defaults shared
Entries from Bank 0
permit ip any 192.168.24.0 0.0.1.255 -> 5 permit ip object-group test_a 192.168.24.0 0.0.1.255 //将对网络象组 test_a 识别为 any
deny ip any 192.168.10.0 0.0.1.255
permit ip 192.168.1.0 0.0.0.255 any -> 20 permit object-group test_srv 192.168.1.0 0.0.0.255 object-group test_c
//将协议&服务对象组 test_srv 识别为 ip,将网络对象组 test_c 识别为 any
deny ip any any (10 matches) //隐含拒绝
Entries from Bank 1
说明:经实际测试,非对像组test_a中的地址段,均能访问目标192.168.24.0/24该地址段。




四、基础信息
设备型号,S7609-S
设备版本,
Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVENTERPRISEK9-M), Version 15.5(3)S5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 18-Jan-17 06:12 by prod_rel_team
ROM: System Bootstrap, Version 12.2(33r)SRD6, RELEASE SOFTWARE (fc1)
BOOTLDR: Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVENTERPRISEK9-M), Version 15.5(3)S5, RELEASE SOFTWARE (fc1)
五、TCAM调试信息


// 增加ACL条目


****-7609#debug tcam messages
TCAM message debugging is on
****-7609#conf t
Enter configuration commands, one per line. End with CNTL/Z.
****-7609(config)#ip access-list extended test_obj_group
****-7609(config-ext-nacl)# 10 deny ip object-group test_a 192.168.10.0 0.0.1.255
****-7609(config-ext-nacl)#end
Aug 29 19:51:36.777 BeiJing: %SYS-5-CONFIG_I: Configured from console by xtepc on vty0 (10.232.106.93)
Aug 29 19:51:36.777 BeiJing: TCAM-MSG: tm_get_counts called for addr 0x6, tcam 0
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_send_message
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending message (size 392) with number 1135 -> slot 0
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending message mcast non-blocking, addr = 0x7
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xB is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: sending to sfib mcast group
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: invoking mcast xmit xform for grp 0xC tlv type TM_REPLACE_BANK_ACL_REQ
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xC is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_get_counts called for addr 0x6, tcam 0
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: merging resp 22FAFBE8 22FB42E8
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1AB4F804, ref 1 for response from 0x5 type TM_ACK_RESP
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: pak after xform on pak 1AB4F804 ref 1
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1B78D894, ref 1 for response from 0x6 type TM_ACK_RESP
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: pak after xform on pak 1B78D894 ref 1
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_send_message
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending message (size 392) with number 1137 -> slot 0
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending message mcast non-blocking, addr = 0x7
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xB is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: sending to sfib mcast group
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: invoking mcast xmit xform for grp 0xC tlv type TM_REPLACE_BANK_ACL_REQ
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xC is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:51:36.797 BeiJing: TCAM-MSG: merging resp 22FAFBE8 22FB42E8
****-7609#show tc
Aug 29 19:51:36.797 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1B762A88, ref 1 for response from 0x6 type TM_ACK_RESP
Aug 29 19:51:36.797 BeiJing: TCAM-MSG: pak after xform on pak 1B762A88 ref 1
Aug 29 19:51:36.797 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1AB3BDEC, ref 1 for response from 0x5 type TM_ACK_RESP
Aug 29 19:51:36.797 BeiJing: TCAM-MSG: pak after xform on pak 1AB3BDEC ref 1


//删除ACL条目


****-7609#debug tcam all
****-7609(config)#ip access-list extended test_obj_group
****-7609(config-ext-nacl)#
****-7609(config-ext-nacl)#no 10
****-7609(config-ext-nacl)# 10 deny ip object-group test_a 192.168.10.0 0.0.1.255
****-7609(config-ext-nacl)#
****-7609(config-ext-nacl)#
****-7609(config-ext-nacl)#int g1/4
****-7609(config-if)#
Aug 29 19:53:56.652 BeiJing: TCAM-MSG: tm_get_counts called for addr 0x6, tcam 0
Aug 29 19:53:56.652 BeiJing: tm_issu_xmit_transform: xform not invoked for tlv TM_FRAGMENT_HDR_MSG_TYPE dest 0x6
Aug 29 19:53:56.652 BeiJing: tm_issu_xmit_transform: xform not invoked for tlv TM_GET_COUNTS_REQ dest 0x6
Aug 29 19:53:56.652 BeiJing: tm_issu_rcv_transform: xform not invoked for tlv TM_GET_COUNTS_RESP src 0x6
Aug 29 19:53:56.652 BeiJing: TCAM-REQ: tm_replace_static_int_bank_aces
Aug 29 19:53:56.652 BeiJing: TCAM-REQ: intf:1031 if_type:0 lkup:0 appid:20211 prot:0
Aug 29 19:53:56.652 BeiJing: TCAM-MSG: tm_send_message
Aug 29 19:53:56.652 BeiJing: TCAM-MSG: Sending message (size 392) with number 1139 -> slot 0
Aug 29 19:53:56.652 BeiJing: TCAM-API message dump :
Aug 29 19:53:56.652 BeiJing: 00 23 01 88 00 00 4e f3 00 00 04 07 00 00 00 00 .#....Ns........
Aug 29 19:53:56.652 BeiJing: 00 00 00 00 00 00 00 02 00 00 00 00 00 01 00 01 ................
Aug 29 19:53:56.652 BeiJing: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.652 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.652 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.652 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.652 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.652 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.652 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.652 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.652 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.652 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.652 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: c0 a8 18 00 00 00 00 00 00 00 00 00 00 00 00 00 @(..............
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 ff ff fe 00 00 00 00 00 00 00 00 00 ......~.........
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 08 00 01 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 ........
Aug 29 19:53:56.656 BeiJing:
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: Sending message mcast non-blocking, addr = 0x7
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xB is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:53:56.656 BeiJing: tm_issu_xmit_transform: xform not invoked for tlv TM_FRAGMENT_HDR_MSG_TYPE mcast dest 0xB
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:53:56.656 BeiJing: TCAM-API fragment dump :
Aug 29 19:53:56.656 BeiJing: 00 23 01 88 00 00 4e f3 00 00 04 07 00 00 00 00 .#....Ns........
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 02 00 00 00 00 00 01 00 01 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: c0 a8 18 00 00 00 00 00 00 00 00 00 00 00 00 00 @(..............
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 ff ff fe 00 00 00 00 00 00 00 00 00 ......~.........
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 08 00 01 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 ........
Aug 29 19:53:56.656 BeiJing:
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: sending to sfib mcast group
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: invoking mcast xmit xform for grp 0xC tlv type TM_REPLACE_BANK_ACL_REQ
Aug 29 19:53:56.656 BeiJing: tm_issu_xmit_transform: xform successful for tlv TM_REPLACE_BANK_ACL_REQ mcast dest 0xC
Aug 29 19:53:56.656 BeiJing: tm_get_msg_mtu: MTU size 24 for tlv_type TM_FRAGMENT_HDR_MSG_TYPE
Aug 29 19:53:56.656 BeiJing: tm_get_msg_mtu: MTU size 24 for tlv_type TM_FRAGMENT_HDR_MSG_TYPE
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xC is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:53:56.656 BeiJing: tm_issu_xmit_transform: xform successful for tlv TM_FRAGMENT_HDR_MSG_TYPE mcast dest 0xC
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:53:56.656 BeiJing: TCAM-API fragment dump :
Aug 29 19:53:56.656 BeiJing: 00 23 01 88 00 00 4e f3 00 00 04 07 00 00 00 00 .#....Ns........
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 02 00 00 00 00 00 01 00 01 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: c0 a8 18 00 00 00 00 00 00 00 00 00 00 00 00 00 @(..............
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 ff ff fe 00 00 00 00 00 00 00 00 00 ......~.........
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 08 00 01 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.656 BeiJing: 00 00 00 00 00 00 00 00 ........
Aug 29 19:53:56.656 BeiJing:
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: tm_get_counts called for addr 0x6, tcam 0
Aug 29 19:53:56.656 BeiJing: tm_issu_xmit_transform: xform not invoked for tlv TM_FRAGMENT_HDR_MSG_TYPE dest 0x6
Aug 29 19:53:56.656 BeiJing: tm_issu_xmit_transform: xform not invoked for tlv TM_GET_COUNTS_REQ dest 0x6
Aug 29 19:53:56.660 BeiJing: tm_issu_rcv_transform: xform not invoked for tlv TM_GET_COUNTS_RESP src 0x6
Aug 29 19:53:56.660 BeiJing: TCAM-REQ: tm_replace_static_int_bank_aces
Aug 29 19:53:56.660 BeiJing: TCAM-REQ: intf:1030 if_type:0 lkup:3 appid:20210 prot:0
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: tm_send_message
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: Sending message (size 392) with number 1141 -> slot 0
Aug 29 19:53:56.660 BeiJing: TCAM-API message dump :
Aug 29 19:53:56.660 BeiJing: 00 23 01 88 00 00 4e f2 00 00 04 06 00 00 00 00 .#....Nr........
Aug 29 19:53:56.660 BeiJing: 00 03 00 00 00 00 00 02 00 00 00 00 00 01 00 01 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: c0 a8 18 00 00 00 00 00 00 00 00 00 00 00 00 00 @(..............
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 ff ff fe 00 00 00 00 00 00 00 00 00 ......~.........
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 08 00 01 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 ........
Aug 29 19:53:56.660 BeiJing:
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: Sending message mcast non-blocking, addr = 0x7
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xB is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:53:56.660 BeiJing: tm_issu_xmit_transform: xform not invoked for tlv TM_FRAGMENT_HDR_MSG_TYPE mcast dest 0xB
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:53:56.660 BeiJing: TCAM-API fragment dump :
Aug 29 19:53:56.660 BeiJing: 00 23 01 88 00 00 4e f2 00 00 04 06 00 00 00 00 .#....Nr........
Aug 29 19:53:56.660 BeiJing: 00 03 00 00 00 00 00 02 00 00 00 00 00 01 00 01 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: c0 a8 18 00 00 00 00 00 00 00 00 00 00 00 00 00 @(..............
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 ff ff fe 00 00 00 00 00 00 00 00 00 ......~.........
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 08 00 01 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 ........
Aug 29 19:53:56.660 BeiJing:
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: sending to sfib mcast group
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: invoking mcast xmit xform for grp 0xC tlv type TM_REPLACE_BANK_ACL_REQ
Aug 29 19:53:56.660 BeiJing: tm_issu_xmit_transform: xform successful for tlv TM_REPLACE_BANK_ACL_REQ mcast dest 0xC
Aug 29 19:53:56.660 BeiJing: tm_get_msg_mtu: MTU size 24 for tlv_type TM_FRAGMENT_HDR_MSG_TYPE
Aug 29 19:53:56.660 BeiJing: tm_get_msg_mtu: MTU size 24 for tlv_type TM_FRAGMENT_HDR_MSG_TYPE
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xC is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:53:56.660 BeiJing: tm_issu_xmit_transform: xform successful for tlv TM_FRAGMENT_HDR_MSG_TYPE mcast dest 0xC
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:53:56.660 BeiJing: TCAM-API fragment dump :
Aug 29 19:53:56.660 BeiJing: 00 23 01 88 00 00 4e f2 00 00 04 06 00 00 00 00 .#....Nr........
Aug 29 19:53:56.660 BeiJing: 00 03 00 00 00 00 00 02 00 00 00 00 00 01 00 01 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: c0 a8 18 00 00 00 00 00 00 00 00 00 00 00 00 00 @(..............
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 ff ff fe 00 00 00 00 00 00 00 00 00 ......~.........
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 08 00 01 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Aug 29 19:53:56.660 BeiJing: 00 00 00 00 00 00 00 00 ........
Aug 29 19:53:56.660 BeiJing:
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: merging resp 22FB1B28 22FAC9E8
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1AB89E08, ref 1 for response from 0x5 type TM_ACK_RESP
Aug 29 19:53:56.660 BeiJing: tm_issu_rcv_transform: xform successful for tlv TM_ACK_RESP src 0x5
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: pak after xform on pak 1AB89E08 ref 1
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1B7FB0E4, ref 1 for response from 0x6 type TM_ACK_RESP
Aug 29 19:53:56.660 BeiJing: tm_issu_rcv_transform: xform not invoked for tlv TM_ACK_RESP src 0x6
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: pak after xform on pak 1B7FB0E4 ref 1
Aug 29 19:53:56.660 BeiJing: TCAM-VERBOSE: tm_extract_sp_resp:: ignore resp from standby sp
Aug 29 19:53:56.660 BeiJing: TCAM-VERBOSE: tm_extract_sp_resp:: sp slot 6 sp proc 0
Aug 29 19:53:56.664 BeiJing: TCAM-MSG: merging resp 22FAB0E8 22FAB9E8
Aug 29 19:53:56.664 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1AAE725C, ref 1 for response from 0x5 type TM_ACK_RESP
Aug 29 19:53:56.664 BeiJing: tm_issu_rcv_transform: xform successful for tlv TM_ACK_RESP src 0x5
Aug 29 19:53:56.664 BeiJing: TCAM-MSG: pak after xform on pak 1AAE725C ref 1
Aug 29 19:53:56.664 BeiJing: TCAM-MSG:
****-7609(config-if)#
****-7609(config-if)#invoking mcast rx xform on pak 1B7674EC, ref 1 for response from 0x6 type TM_ACK_RESP
Aug 29 19:53:56.664 BeiJing: tm_issu_rcv_transform: xform not invoked for tlv TM_ACK_RESP src 0x6
Aug 29 19:53:56.664 BeiJing: TCAM-MSG: pak after xform on pak 1B7674EC ref 1
Aug 29 19:53:56.664 BeiJing: TCAM-VERBOSE: tm_extract_sp_resp:: ignore resp from standby sp
Aug 29 19:53:56.664 BeiJing: TCAM-VERBOSE: tm_extract_sp_resp:: sp slot 6 sp proc 0
1 个已接受解答

已接受的解答

YilinChen
Spotlight
Spotlight
iosvip@163.com 发表于 2018-8-31 09:43
汇总地址段啊,192.168.24.0 0.0.1.255 - > 192.168.24.0 255.255.254.0 其包含,192.168.24.0/24 和 ...

这是目标地址段吧,看着怪怪的,如果找不出其它问题,那就是考虑升版本了:P

在原帖中查看解决方案

6 条回复6

YilinChen
Spotlight
Spotlight
iosvip@163.com 发表于 2018-8-31 09:43
汇总地址段啊,192.168.24.0 0.0.1.255 - > 192.168.24.0 255.255.254.0 其包含,192.168.24.0/24 和 ...

这是目标地址段吧,看着怪怪的,如果找不出其它问题,那就是考虑升版本了:P

YilinChen
Spotlight
Spotlight
192.168.24.0 0.0.1.255 :o
192.168.10.0 0.0.1.255 :o

iosvip_163_com
Spotlight
Spotlight
YilinChen 发表于 2018-8-31 09:03
192.168.24.0 0.0.1.255
192.168.10.0 0.0.1.255

汇总地址段啊,192.168.24.0 0.0.1.255 - > 192.168.24.0 255.255.254.0 其包含,192.168.24.0/24 和 192.168.25.0/24 ,你是指啥问题?

iosvip_163_com
Spotlight
Spotlight
本帖最后由 iosvip@163.com 于 2018-8-31 11:04 编辑
YilinChen 发表于 2018-8-31 10:05
这是目标地址段吧,看着怪怪的,如果找不出其它问题,那就是考虑升版本了

是的,是目标地址段;
升级能解决?
设备当前版本,c7600rsp72043-adventerprisek9-mz.155-3.S5.bin
最新可升级版本,c7600rsp72043-adventerprisek9-mz.155-3.S7.bin (推荐) 或 s8;

Suggested Release
7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinkshttps://software.cisco.com/download/home/281939433/type/280805680/release/15.5.3S7

Resolved Bugs—Cisco IOS Release 15.5(3)S7
This section lists the resolved bugs for Cisco IOS Release 15.5(3)S7. All the bugs have a link to the Bug Search Tool where you can find details of the specific bug. This section describes only severity 1, severity 2, and select severity 3 bugs.
https://www.cisco.com/c/en/us/td ... _15_5_3s.html#30597
CSCuy50298,Empty object-group permitting all traffic 4331

上述CSCuy50298,只是针对空的object-group 对象组允许所有流量通过,进行了修复。
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy50298

13nash
Level 8
Level 8
哈哈哈,升级是绝招

iosvip_163_com
Spotlight
Spotlight
13nash 发表于 2018-9-6 13:57
哈哈哈,升级是绝招

别无他法???
能否帮忙建个CASE。
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接