Nexus 7k – show running-config aclmgr inactive-if-config for SVI ACL

I recently ran into an issue where I was preparing for a 7k ISSU. One of the first steps in the document from Cisco talks about running “show running-config aclmgr inactive-if-config”. After I ran this I noticed that it listed an SVI with an ACL as inactive. After running “show interface vlan X” I saw that the ACL was indeed active.

Eventually I found this article which explained what could be happening.

https://quickview.cloudapps.cisco.com/quickview/bug/CSCui96165

So I looked for inactive ports in that VLAN which could be causing this.I ran  “show vlan id X” and wrote down all of the ports in that vlan. Then I ran “show port-channel summary” to determine which POs had no members or inactive members. For the links which had inactive members I removed them from the PO. For the links which were down, I untagged them from the VLANs. Then after running the “show running-config aclmgr inactive-if-config” it was cleared.

 

Leave a comment

Exit mobile version