S-Series; firmware 8.11.01.0014, 8.11.01.0015
Created one or more Inbound ACLs, then upgraded to firmware version 8.11.01.001x, then made one or more additional ACL changes.
Any IP or IPv6 ACL applied (prior to upgrade) inbound on a VLAN interface has been removed from both global and VRF routers.
Outbound ACLs and host access ACLs are unaffected.
Due to the potential for this issue, the 8.11.01.001x releases have been removed from the Enterasys firmware download site.
Instead of upgrading to f/w 8.11.01.0014 (S180, S155, S150, S140, S130), upgrade to f/w 8.11.02.0001 or higher.
Instead of upgrading to f/w 8.11.01.0015 (S155, S150, S130), upgrade to f/w 8.11.02.0002 or higher.
Release notes state, in the 'Problems Corrected in 8.11.02.000x' section:
After updating to 8.11.01, inbound ACLs (IPv4 and IPv6) are no longer functional. This occurs after a reboot when changes have been made to the ACL configuration.
Workaround: If Inbound ACLs exist(ed) prior to upgrade to the 8.11 firmware line, then...
- avoid the 8.11.01.001x releases entirely, using 8.11.02.000x or higher instead;
save the configuration prior to upgrade and restore it after upgrade;
avoid making ACL configuration changes while running 8.11.01 firmware;
manually reconfigure the missing Inbound ACLs.