Header Only - DO NOT REMOVE - Extreme Networks

S-Series f/w 8.11.01 can Remove Inbound ACLs after Upgrade


Userlevel 3
Article ID: 15104

Products
S-Series; firmware 8.11.01.0014, 8.11.01.0015

Changes
Created one or more Inbound ACLs, then upgraded to firmware version 8.11.01.001x, then made one or more additional ACL changes.

Symptoms
Any IP or IPv6 ACL applied (prior to upgrade) inbound on a VLAN interface has been removed from both global and VRF routers.
Outbound ACLs and host access ACLs are unaffected.

Solution/Workaround
Due to the potential for this issue, the 8.11.01.001x releases have been removed from the Enterasys firmware download site.
Instead of upgrading to f/w 8.11.01.0014 (S180, S155, S150, S140, S130), upgrade to f/w 8.11.02.0001 or higher.
Instead of upgrading to f/w 8.11.01.0015 (S155, S150, S130), upgrade to f/w 8.11.02.0002 or higher.
Release notes state, in the 'Problems Corrected in 8.11.02.000x' section:
code:
After updating to 8.11.01, inbound ACLs (IPv4 and IPv6) are no longer functional. This occurs after a reboot when changes have been made to the ACL configuration.


Workaround: If Inbound ACLs exist(ed) prior to upgrade to the 8.11 firmware line, then...
    avoid the 8.11.01.001x releases entirely, using 8.11.02.000x or higher instead; -or- save the configuration prior to upgrade and restore it after upgrade; -or- avoid making ACL configuration changes while running 8.11.01 firmware; -or- manually reconfigure the missing Inbound ACLs.

0 replies

Be the first to reply!

Reply