[c-nsp] [c3560g] Not in truth table when modyfing ACL

Tim tim at selfnet.de
Fri Jul 3 13:13:15 EDT 2009 

Hi,

Mateusz Blaszczyk wrote:
> This error message shows up every now end then when adding or modyfing
> an ACL (with or without access-group config on the SVI):
> 
> Jun  4 03:33:23.347: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9
> RACL 9 Rtprot 9 Mcb 13 Feat 3
> Jun  4 03:33:23.347: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9
> RACL 9 Rtprot 9 Mcb 13 Feat 3
> Jun  4 03:33:23.355: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9
> RACL 9 Rtprot 9 Mcb 13 Feat 3
> Jun  4 03:33:23.355: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9
> RACL 9 Rtprot 9 Mcb 13 Feat 3
> 
> Can anyone tell me what is the severity of that problem? google is
> quite quiet apart from link to cisco's error messages list, which is
> not really helpful.

I am getting this on several C3750G, but only with inbound ACLs.  Beside
the error messages, there is indeed a big impact:  the router will
(sometimes) drop IP packets with a destination IP address located on the
interface (e.g., a BGP session - the BGP session will NOT come up
again).  Transit traffic were not affected.  I can reproduce the error
in my Lab.

I decided to downgrade to 12.2(46)SE, because I need the BGP sessions...

But maybe someone found a solution and/or knows, that Cisco will fix it
(soon)?

Regards,
	Tim
####################

For the sake of completeness my setup:

IP Service 12.2(50)SE and 12.2(50)SE2
  on a WS-C3750G-12S-S and WS-C3750G-24TS-S

%ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9 Rtprot 9 Mcb 13
Feat 3

When I configure an ACL inbound on a routed interface, the Router
throws this error message.

Also, the router will (sometimes) drop IP packets with a destination IP
address located on the router (e.g., a BGP session).

Transit traffic is - as far as I can see - not affected.

I can reproduce the error.  With the older IP Advanced Service
12.2(46)SE it works fine.

Setup (IP addresses were anonymised):
              Gi1/0/12
C3750G-12S-S --------------------------- Uplink Provider
 |            2.0.0.1/30     2.0.0.2/30
 |
1.16.0.0/16

Config snips:

router bgp 65454
 bgp router-id 2.0.1.1
 bgp log-neighbor-changes
 neighbor 2.0.0.2 remote-as 65000
 neighbor 2.0.0.2 transport path-mtu-discovery
 !
 address-family ipv4
  neighbor 2.0.0.2 activate
  neighbor 2.0.0.2 soft-reconfiguration inbound
  neighbor 2.0.0.2 prefix-list from-UPLINK in
  neighbor 2.0.0.2 distribute-list 10 out
  no auto-summary
  no synchronization
  network 1.16.0.0 mask 255.255.0.0
 exit-address-family
!
interface GigabitEthernet1/0/12
 description Uplink
 no switchport
 ip address 2.0.0.1 255.255.255.252
 ip access-group uplink-inbound in
 ip access-group uplink-outbound out
 no cdp enable
 spanning-tree portfast
!
ip access-list extended uplink-inbound
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 permit ip any 2.0.0.0 0.0.0.3
 permit ip any 1.16.0.0 0.0.255.255
!
ip access-list extended uplink-outbound
 deny   ip any 127.0.0.0 0.255.255.255
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip 2.0.0.0 0.0.0.3 any
 permit ip 1.16.0.0 0.0.255.255 any
!

It only affects the inbound ACL, example log output:

Jul  3 12:31:14: %PARSER-5-CFGLOG_LOGGEDCMD: User:tim  logged
command:interface GigabitEthernet1/0/28
Jul  3 12:31:20: %PARSER-5-CFGLOG_LOGGEDCMD: User:tim  logged command:ip
access-group uplink-inbound in
Jul  3 12:31:20: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9
Rtprot 9 Mcb 13 Feat 3
Jul  3 12:31:20: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9
Rtprot 9 Mcb 13 Feat 3

The error message comes also with an ACL, which does not exist:

Jul  3 12:32:45: %PARSER-5-CFGLOG_LOGGEDCMD: User:tim  logged command:ip
access-group doesnotexists in
Jul  3 12:32:45: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9
Rtprot 9 Mcb 13 Feat 3
Jul  3 12:32:45: %ACLMGR-3-INTTABLE: Not in truth table: VLMAP 9 RACL 9
Rtprot 9 Mcb 13 Feat 3


The only statement from Cisco says:
"""
Explanation    An unrecoverable software error occurred while trying to
merge the configured input features. [dec] are internal action codes.
""" [1]

Also, the "Output Interpreter" does not help.  And the "Bug Toolkit"
does not show any bug.

[1]
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/system/message/msg_desc.html

More information about the cisco-nsp mailing list