Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1
Fixed In:
14.0.0, 13.1.1.2
Opened: Sep 05, 2017 Severity: 3-Major
TMSH does not block modify FDB commands that add a multicast MAC addresses.
There is not enough information to map the outgoing MAC address to a multi-cast group, and therefore it gets a default entry added that has no ports mapped. The result is that the frame will not go out the interface indicated in the tmsh command yet no warning is provided.
This occurs when the following is configured using tmsh commands when the mac-address is multicast: fdb vlan <vlan> records add {<mac-address> {interface <slot>/<port>}}.
None.
TMSH modify FDB command is no longer permitted to add multicast MAC addresses, so this issue no longer occurs.