User guide
Open Problem Reports and Feature Exceptions
OmniSwitch 6600/7000/8800—Release 5.1.5.R04 page 83
PR 65449
Reflexive policies, on the OS7000, do not work properly if the drop rule that denies the "reverse" traffic
coming from the outside is created first or has a higher precedence. With "qos default routed disposition
drop", it works fine.
Example
Inside Network 10.0.0.0 -- SWITCH -- Outside Network 192.0.0.0
policy condition cOut source ip 192.0.0.0
policy action deny disposition deny
policy rule rOut condition cOut action deny
policy condition cIn ip 192.0.0.0
policy action accept disposition accept
policy rule rIn reflexive condition cIn action accept
qos apply
This will not work because the "drop" rule is created first (with the same precedence, the first rule is taken
first).
Workaround: Make sure the "reflexive" rules ALWAYS have a higher precedence than ANY "drop"
rules that can deny "reflexive" traffic.
policy rule rIn precedence 1
qos apply
PR 66077
Sometimes, it can take a reflexive flow 3 seconds before being accepted on the OS7000. This is due to the
TCP timeout configured on PC/sun IP stack (standard value). The first "open request" will hit the switch
but the response of this request could be dropped before the reflexive policy gets really applied. Then the
PC will retry 3 seconds after.
Workaround: There is no known workaround at this time.
PR 66914
Drop and deny are synonymous key words for QoS ACL disposition on an OS6624/6648.
Workaround: There is no known workaround at this time.
PR 67871
The show active policy rule command does not display rule matches for a given flow once that flow is
learned and handled on an OS6624/6648.
Workaround: There is no known workaround at this time.
PR 67882
show qos queue does not display Xmit or Drop Packets for any port queue on an OS6624/6648.
Workaround: There is no known workaround at this time.