请选择 进入手机版 | 继续访问电脑版

设为首页 收藏本站
思科社区 关注
思科社区

  思科 CCO 登录
 找回密码
 立即注册

扫一扫,访问微社区

搜索
热搜: 邮件服务器
查看: 473|回复: 6

关于object-group定义的network组关联到ACL中后被识别为any的问题

[复制链接]
发表于 2018-8-30 17:40:36 | 显示全部楼层 |阅读模式
88可用金钱
各位坛友,大家好!    感谢支持!

问题现象:在object-group定义的network组中,不管配置的地址段是啥?数量多少?,
其关联到ACL中并应用到接口,其均被识别为any。

一、object-group基础配置:

****-7609(config)#do show obj name test_a       //创建网络对象组 test_a
Network object group test_a
192.168.1.0 255.255.255.0
192.168.2.0 255.255.255.0

****-7609(config)#do show obj name test_c   
Network object group test_c
192.168.12.0 255.255.255.0
192.168.13.0 255.255.255.0

****-7609(config)#do show obj name test_srv     //创建协议&服务对象组 test_srv
Service object group test_srv
tcp-udp eq 80
tcp-udp eq 22
tcp-udp eq 23
tcp-udp eq 161
tcp-udp eq 162


二、配置IP-ACL并应用在某接口入方向

****-7609#sh ip access-lists test_obj_group
Extended IP access list test_obj_group
    5 permit ip object-group test_a 192.168.24.0 0.0.1.255     
    10 deny ip object-group test_a 192.168.10.0 0.0.1.255
    20 permit object-group test_srv 192.168.1.0 0.0.0.255 object-group test_c

三、基于接口在TCAM中查询分配情况

****-7609#show tcam  int g1/4 acl in ip

* Global Defaults shared


Entries from Bank 0

    permit       ip any 192.168.24.0 0.0.1.255     ->   5 permit ip object-group test_a 192.168.24.0 0.0.1.255      //将对网络象组 test_a 识别为 any
    deny         ip any 192.168.10.0 0.0.1.255
    permit       ip 192.168.1.0 0.0.0.255 any      ->    20 permit object-group test_srv 192.168.1.0 0.0.0.255 object-group test_c
                                                                                //将协议&服务对象组 test_srv 识别为 ip,将网络对象组 test_c 识别为 any

    deny         ip any any (10 matches)                    //隐含拒绝

Entries from Bank 1


说明:经实际测试,非对像组test_a中的地址段,均能访问目标192.168.24.0/24该地址段。




四、基础信息

设备型号,S7609-S
设备版本,
Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVENTERPRISEK9-M), Version 15.5(3)S5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 18-Jan-17 06:12 by prod_rel_team

ROM: System Bootstrap, Version 12.2(33r)SRD6, RELEASE SOFTWARE (fc1)
BOOTLDR: Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVENTERPRISEK9-M), Version 15.5(3)S5, RELEASE SOFTWARE (fc1)


五、TCAM调试信息



// 增加ACL条目


****-7609#debug tcam messages
TCAM message debugging is on
****-7609#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
****-7609(config)#ip access-list extended test_obj_group
****-7609(config-ext-nacl)# 10 deny ip object-group test_a 192.168.10.0 0.0.1.255
****-7609(config-ext-nacl)#end
Aug 29 19:51:36.777 BeiJing: %SYS-5-CONFIG_I: Configured from console by xtepc on vty0 (10.232.106.93)
Aug 29 19:51:36.777 BeiJing: TCAM-MSG: tm_get_counts called for addr 0x6, tcam 0
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_send_message
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending message (size 392) with number 1135 -> slot 0
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending message mcast non-blocking, addr = 0x7
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xB is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: sending to sfib mcast group
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: invoking mcast xmit xform for grp 0xC tlv type TM_REPLACE_BANK_ACL_REQ
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xC is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_get_counts called for addr 0x6, tcam 0
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: merging resp 22FAFBE8 22FB42E8
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1AB4F804, ref 1 for response from 0x5 type TM_ACK_RESP
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: pak after xform on pak 1AB4F804 ref 1
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1B78D894, ref 1 for response from 0x6 type TM_ACK_RESP
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: pak after xform on pak 1B78D894 ref 1
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_send_message
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending message (size 392) with number 1137 -> slot 0
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending message mcast non-blocking, addr = 0x7
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xB is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: sending to sfib mcast group
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: invoking mcast xmit xform for grp 0xC tlv type TM_REPLACE_BANK_ACL_REQ
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xC is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:51:36.781 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:51:36.797 BeiJing: TCAM-MSG: merging resp 22FAFBE8 22FB42E8
****-7609#show tc
Aug 29 19:51:36.797 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1B762A88, ref 1 for response from 0x6 type TM_ACK_RESP
Aug 29 19:51:36.797 BeiJing: TCAM-MSG: pak after xform on pak 1B762A88 ref 1
Aug 29 19:51:36.797 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1AB3BDEC, ref 1 for response from 0x5 type TM_ACK_RESP
Aug 29 19:51:36.797 BeiJing: TCAM-MSG: pak after xform on pak 1AB3BDEC ref 1



//删除ACL条目


****-7609#debug tcam all  
****-7609(config)#ip access-list extended test_obj_group
****-7609(config-ext-nacl)#
****-7609(config-ext-nacl)#no 10
****-7609(config-ext-nacl)#  10 deny ip object-group test_a 192.168.10.0 0.0.1.255
****-7609(config-ext-nacl)#
****-7609(config-ext-nacl)#
****-7609(config-ext-nacl)#int g1/4
****-7609(config-if)#
Aug 29 19:53:56.652 BeiJing: TCAM-MSG: tm_get_counts called for addr 0x6, tcam 0
Aug 29 19:53:56.652 BeiJing: tm_issu_xmit_transform: xform not invoked for tlv TM_FRAGMENT_HDR_MSG_TYPE  dest 0x6
Aug 29 19:53:56.652 BeiJing: tm_issu_xmit_transform: xform not invoked for tlv TM_GET_COUNTS_REQ  dest 0x6
Aug 29 19:53:56.652 BeiJing: tm_issu_rcv_transform: xform not invoked for tlv TM_GET_COUNTS_RESP src 0x6
Aug 29 19:53:56.652 BeiJing: TCAM-REQ: tm_replace_static_int_bank_aces
Aug 29 19:53:56.652 BeiJing: TCAM-REQ: intf:1031 if_type:0 lkup:0 appid:20211 prot:0
Aug 29 19:53:56.652 BeiJing: TCAM-MSG: tm_send_message
Aug 29 19:53:56.652 BeiJing: TCAM-MSG: Sending message (size 392) with number 1139 -> slot 0
Aug 29 19:53:56.652 BeiJing: TCAM-API message dump :
Aug 29 19:53:56.652 BeiJing:    00 23 01 88 00 00 4e f3 00 00 04 07 00 00 00 00   .#....Ns........   
Aug 29 19:53:56.652 BeiJing:    00 00 00 00 00 00 00 02 00 00 00 00 00 01 00 01   ................   
Aug 29 19:53:56.652 BeiJing:    00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.652 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.652 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.652 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.652 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.652 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.652 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.652 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.652 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.652 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.652 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    c0 a8 18 00 00 00 00 00 00 00 00 00 00 00 00 00   @(..............   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 ff ff fe 00 00 00 00 00 00 00 00 00   ......~.........   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 08 00 01 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00                           ........           
Aug 29 19:53:56.656 BeiJing:
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: Sending message mcast non-blocking, addr = 0x7
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xB is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:53:56.656 BeiJing: tm_issu_xmit_transform: xform not invoked for tlv TM_FRAGMENT_HDR_MSG_TYPE mcast dest 0xB
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:53:56.656 BeiJing: TCAM-API fragment dump :
Aug 29 19:53:56.656 BeiJing:    00 23 01 88 00 00 4e f3 00 00 04 07 00 00 00 00   .#....Ns........   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 02 00 00 00 00 00 01 00 01   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    c0 a8 18 00 00 00 00 00 00 00 00 00 00 00 00 00   @(..............   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 ff ff fe 00 00 00 00 00 00 00 00 00   ......~.........   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 08 00 01 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00                           ........           
Aug 29 19:53:56.656 BeiJing:
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: sending to sfib mcast group
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: invoking mcast xmit xform for grp 0xC tlv type TM_REPLACE_BANK_ACL_REQ
Aug 29 19:53:56.656 BeiJing: tm_issu_xmit_transform: xform successful for tlv TM_REPLACE_BANK_ACL_REQ mcast dest 0xC
Aug 29 19:53:56.656 BeiJing: tm_get_msg_mtu: MTU size 24 for tlv_type TM_FRAGMENT_HDR_MSG_TYPE
Aug 29 19:53:56.656 BeiJing: tm_get_msg_mtu: MTU size 24 for tlv_type TM_FRAGMENT_HDR_MSG_TYPE
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xC is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:53:56.656 BeiJing: tm_issu_xmit_transform: xform successful for tlv TM_FRAGMENT_HDR_MSG_TYPE mcast dest 0xC
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:53:56.656 BeiJing: TCAM-API fragment dump :
Aug 29 19:53:56.656 BeiJing:    00 23 01 88 00 00 4e f3 00 00 04 07 00 00 00 00   .#....Ns........   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 02 00 00 00 00 00 01 00 01   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    c0 a8 18 00 00 00 00 00 00 00 00 00 00 00 00 00   @(..............   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 ff ff fe 00 00 00 00 00 00 00 00 00   ......~.........   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 08 00 01 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.656 BeiJing:    00 00 00 00 00 00 00 00                           ........           
Aug 29 19:53:56.656 BeiJing:
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:53:56.656 BeiJing: TCAM-MSG: tm_get_counts called for addr 0x6, tcam 0
Aug 29 19:53:56.656 BeiJing: tm_issu_xmit_transform: xform not invoked for tlv TM_FRAGMENT_HDR_MSG_TYPE  dest 0x6
Aug 29 19:53:56.656 BeiJing: tm_issu_xmit_transform: xform not invoked for tlv TM_GET_COUNTS_REQ  dest 0x6
Aug 29 19:53:56.660 BeiJing: tm_issu_rcv_transform: xform not invoked for tlv TM_GET_COUNTS_RESP src 0x6
Aug 29 19:53:56.660 BeiJing: TCAM-REQ: tm_replace_static_int_bank_aces
Aug 29 19:53:56.660 BeiJing: TCAM-REQ: intf:1030 if_type:0 lkup:3 appid:20210 prot:0
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: tm_send_message
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: Sending message (size 392) with number 1141 -> slot 0
Aug 29 19:53:56.660 BeiJing: TCAM-API message dump :
Aug 29 19:53:56.660 BeiJing:    00 23 01 88 00 00 4e f2 00 00 04 06 00 00 00 00   .#....Nr........   
Aug 29 19:53:56.660 BeiJing:    00 03 00 00 00 00 00 02 00 00 00 00 00 01 00 01   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    c0 a8 18 00 00 00 00 00 00 00 00 00 00 00 00 00   @(..............   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 ff ff fe 00 00 00 00 00 00 00 00 00   ......~.........   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 08 00 01 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00                           ........           
Aug 29 19:53:56.660 BeiJing:
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: Sending message mcast non-blocking, addr = 0x7
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xB is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:53:56.660 BeiJing: tm_issu_xmit_transform: xform not invoked for tlv TM_FRAGMENT_HDR_MSG_TYPE mcast dest 0xB
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:53:56.660 BeiJing: TCAM-API fragment dump :
Aug 29 19:53:56.660 BeiJing:    00 23 01 88 00 00 4e f2 00 00 04 06 00 00 00 00   .#....Nr........   
Aug 29 19:53:56.660 BeiJing:    00 03 00 00 00 00 00 02 00 00 00 00 00 01 00 01   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    c0 a8 18 00 00 00 00 00 00 00 00 00 00 00 00 00   @(..............   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 ff ff fe 00 00 00 00 00 00 00 00 00   ......~.........   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 08 00 01 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00                           ........           
Aug 29 19:53:56.660 BeiJing:
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: sending to sfib mcast group
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: invoking mcast xmit xform for grp 0xC tlv type TM_REPLACE_BANK_ACL_REQ
Aug 29 19:53:56.660 BeiJing: tm_issu_xmit_transform: xform successful for tlv TM_REPLACE_BANK_ACL_REQ mcast dest 0xC
Aug 29 19:53:56.660 BeiJing: tm_get_msg_mtu: MTU size 24 for tlv_type TM_FRAGMENT_HDR_MSG_TYPE
Aug 29 19:53:56.660 BeiJing: tm_get_msg_mtu: MTU size 24 for tlv_type TM_FRAGMENT_HDR_MSG_TYPE
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: Total # of frags for mcast dest 0xC is 1, frag hdr = 24, max frag data size = 1436
Aug 29 19:53:56.660 BeiJing: tm_issu_xmit_transform: xform successful for tlv TM_FRAGMENT_HDR_MSG_TYPE mcast dest 0xC
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: tm_send_message_multicast: sending fragment 1 of size 392
Aug 29 19:53:56.660 BeiJing: TCAM-API fragment dump :
Aug 29 19:53:56.660 BeiJing:    00 23 01 88 00 00 4e f2 00 00 04 06 00 00 00 00   .#....Nr........   
Aug 29 19:53:56.660 BeiJing:    00 03 00 00 00 00 00 02 00 00 00 00 00 01 00 01   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    c0 a8 18 00 00 00 00 00 00 00 00 00 00 00 00 00   @(..............   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 ff ff fe 00 00 00 00 00 00 00 00 00   ......~.........   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 08 00 01 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
Aug 29 19:53:56.660 BeiJing:    00 00 00 00 00 00 00 00                           ........           
Aug 29 19:53:56.660 BeiJing:
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: Sending last fragment out via Shim
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: merging resp 22FB1B28 22FAC9E8
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1AB89E08, ref 1 for response from 0x5 type TM_ACK_RESP
Aug 29 19:53:56.660 BeiJing: tm_issu_rcv_transform: xform successful for tlv TM_ACK_RESP src 0x5
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: pak after xform on pak 1AB89E08 ref 1
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1B7FB0E4, ref 1 for response from 0x6 type TM_ACK_RESP
Aug 29 19:53:56.660 BeiJing: tm_issu_rcv_transform: xform not invoked for tlv TM_ACK_RESP src 0x6
Aug 29 19:53:56.660 BeiJing: TCAM-MSG: pak after xform on pak 1B7FB0E4 ref 1
Aug 29 19:53:56.660 BeiJing: TCAM-VERBOSE: tm_extract_sp_resp:: ignore resp from standby sp
Aug 29 19:53:56.660 BeiJing: TCAM-VERBOSE: tm_extract_sp_resp:: sp slot 6 sp proc 0
Aug 29 19:53:56.664 BeiJing: TCAM-MSG: merging resp 22FAB0E8 22FAB9E8
Aug 29 19:53:56.664 BeiJing: TCAM-MSG: invoking mcast rx xform on pak 1AAE725C, ref 1 for response from 0x5 type TM_ACK_RESP
Aug 29 19:53:56.664 BeiJing: tm_issu_rcv_transform: xform successful for tlv TM_ACK_RESP src 0x5
Aug 29 19:53:56.664 BeiJing: TCAM-MSG: pak after xform on pak 1AAE725C ref 1
Aug 29 19:53:56.664 BeiJing: TCAM-MSG:
****-7609(config-if)#
****-7609(config-if)#invoking mcast rx xform on pak 1B7674EC, ref 1 for response from 0x6 type TM_ACK_RESP
Aug 29 19:53:56.664 BeiJing: tm_issu_rcv_transform: xform not invoked for tlv TM_ACK_RESP src 0x6
Aug 29 19:53:56.664 BeiJing: TCAM-MSG: pak after xform on pak 1B7674EC ref 1
Aug 29 19:53:56.664 BeiJing: TCAM-VERBOSE: tm_extract_sp_resp:: ignore resp from standby sp
Aug 29 19:53:56.664 BeiJing: TCAM-VERBOSE: tm_extract_sp_resp:: sp slot 6 sp proc 0




  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
发表于 2018-8-31 09:03:11 | 显示全部楼层
192.168.24.0 0.0.1.255
192.168.10.0 0.0.1.255
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
 楼主| 发表于 2018-8-31 09:43:17 | 显示全部楼层
YilinChen 发表于 2018-8-31 09:03
192.168.24.0 0.0.1.255
192.168.10.0 0.0.1.255

汇总地址段啊,192.168.24.0 0.0.1.255  - >  192.168.24.0 255.255.254.0   其包含,192.168.24.0/24 和 192.168.25.0/24 ,你是指啥问题?
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
发表于 2018-8-31 10:05:37 | 显示全部楼层
iosvip@163.com 发表于 2018-8-31 09:43
汇总地址段啊,192.168.24.0 0.0.1.255  - >  192.168.24.0 255.255.254.0   其包含,192.168.24.0/24 和 ...

这是目标地址段吧,看着怪怪的,如果找不出其它问题,那就是考虑升版本了
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
 楼主| 发表于 2018-8-31 10:47:58 | 显示全部楼层
本帖最后由 iosvip@163.com 于 2018-8-31 11:04 编辑
YilinChen 发表于 2018-8-31 10:05
这是目标地址段吧,看着怪怪的,如果找不出其它问题,那就是考虑升版本了

是的,是目标地址段;
升级能解决?
设备当前版本,c7600rsp72043-adventerprisek9-mz.155-3.S5.bin

最新可升级版本,c7600rsp72043-adventerprisek9-mz.155-3.S7.bin (推荐) 或 s8;

Suggested Release
7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinkshttps://software.cisco.com/download/home/281939433/type/280805680/release/15.5.3S7

Resolved Bugs—Cisco IOS Release 15.5(3)S7
This section lists the resolved bugs for Cisco IOS Release 15.5(3)S7. All the bugs have a link to the Bug Search Tool where you can find details of the specific bug. This section describes only severity 1, severity 2, and select severity 3 bugs.
https://www.cisco.com/c/en/us/td ... _15_5_3s.html#30597

CSCuy50298,Empty object-group permitting all traffic 4331

上述CSCuy50298,只是针对空的object-group 对象组允许所有流量通过,进行了修复。

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy50298



  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
发表于 2018-9-6 13:57:06 | 显示全部楼层
哈哈哈,升级是绝招
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
 楼主| 发表于 2018-9-6 15:04:31 | 显示全部楼层
13nash 发表于 2018-9-6 13:57
哈哈哈,升级是绝招

别无他法???
能否帮忙建个CASE。
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver | 思科社区  

GMT+8, 2018-9-24 02:56 , Processed in 0.091621 second(s), 50 queries .

京ICP备09041801号-187

版权所有 :copyright:1992-2019 思科系统  重要声明 | 保密声明 | 隐私权政策 | 商标 |

快速回复 返回顶部 返回列表