04-04-2023 03:29 AM
Hello community,
we are currently testing dynamic ACLs in combination with X440-G2 switches and for this we followed the documentation in this GTAC article
https://extremeportal.force.com/ExtrArticleDetail?an=000099716&q=exos%20dynamic%20acl
In our tests with a X440-G2-12p switch everything worked fine.
Now we have enabled the configuration on multiple stacks and find that three stacks (2 and 3 units) reboot irregularly.
The coreDump shows that the process policy crashed.
core_dump_info storage: 8/5120 used [EMPTY]
failure: process crash
time: Tue Apr 4 09:51:26 2023
process policy
pid 2148
signal 6
The switches are running version 31.7.1.4-patch1-77
In the user guide for version 32.1 I have now read that IP address and port masking are supported only with release 32.1 (page 913)
Beginning with Release 32.1, masking IPv4 addresses, L4 ports, and IP protocol numbers are supported.
The mask is a required value and must be greater than zero and less than or equal to the maximum
number of bits in the field being masked. For example, an IPv4 address mask value must be between 1
and 32
In the above article, however, IP addresses are already masked in the dACL and 31.2 is specified as the minimum version.
Do I understand something wrong here and can a dACL bring a switch in the version 31.7.1.4-patch1-77 to the reboot?
04-04-2023 05:32 AM
This requires deeper investigation and possibly analysis of the core-dump file, so I suggest opening a case with GTAC to have this looked into.