S-Series f/w 8.11.01 can Remove Inbound ACLs after Upgrade

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 15104 

Products
S-Series; firmware 8.11.01.0014, 8.11.01.0015 

Changes
Created one or more Inbound ACLs, then upgraded to firmware version 8.11.01.001x, then made one or more additional ACL changes. 

Symptoms
Any IP or IPv6 ACL applied (prior to upgrade) inbound on a VLAN interface has been removed from both global and VRF routers.
Outbound ACLs and host access ACLs are unaffected. 

Solution/Workaround
Due to the potential for this issue, the 8.11.01.001x releases have been removed from the Enterasys firmware download site.
Instead of upgrading to f/w 8.11.01.0014 (S180, S155, S150, S140, S130), upgrade to f/w 8.11.02.0001 or higher.
Instead of upgrading to f/w 8.11.01.0015 (S155, S150, S130), upgrade to f/w 8.11.02.0002 or higher.
Release notes state, in the 'Problems Corrected in 8.11.02.000x' section:
After updating to 8.11.01, inbound ACLs (IPv4 and IPv6) are no longer functional. This occurs after a reboot when changes have been made to the ACL configuration.

Workaround: If Inbound ACLs exist(ed) prior to upgrade to the 8.11 firmware line, then...
    avoid the 8.11.01.001x releases entirely, using 8.11.02.000x or higher instead;
        -or-
    save the configuration prior to upgrade and restore it after upgrade;
        -or-
    avoid making ACL configuration changes while running 8.11.01 firmware;
        -or-
    manually reconfigure the missing Inbound ACLs.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.