Reset Search
 

 

Article

All traffic are denied by dynamic ACL when the deny rule is removed and added back in EXOS 15.3 or higher

« Go Back

Information

 
TitleAll traffic are denied by dynamic ACL when the deny rule is removed and added back in EXOS 15.3 or higher
Symptoms
If there are multiple dynamic rules permitting specific traffic and denying the rest of the traffic, if we remove and add the deny rule in 15.4 or higher version, all the traffic gets denied.
Environment
Summit and Blackdiamond series.
EXOS 15.4 or higher
Dynamic ACL rules are used.
Cause
In newer EXOS(15.3 and higher), dynamic ACL rules should get installed with the policy index value of 1 in the xml configuration file. However, when a switch is upgraded from EXOS 15.2 to higher version, the policy index is set to the incorrect value of 0 and from this point, dynamic ACL rules are not properly deleted from a switch due to an improper policy index value in the xml configuration file.
 
<aclRuleAppl><aclIfDirection>0</aclIfDirection><ruleName><![CDATA[iDALL]]></ruleName><vlanIfInstance>1000717</vlanIfInstance><applName><![CDATA[Cli]]></applName><application>1</application><polIndex>0</polIndex><priority>0</priority><ruleAction>2</ruleAction><vlan><![CDATA[v1753_10-64-7-128_26_II_SDNBHT3]]></vlan><zone><![CDATA[SYSTEM]]></zone></aclRuleAppl>

 
Resolution
Work-around:
Remove all the ACL rules and re-add them in the newer version.

Permanent Solution:
CR xos0064490 has been created to address this issue. Fix is available in the SW version, 16.1.3.6 patch 1-8.
Please check the release notes of the corresponding release to verify if the fix is included or not.
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255