Re: New 2960XR stacked 3 switches Error after booted

Oliver.Gao36 · ‎05-19-2020

Hi All,

Here i have a 3-switches Catalyst 2960XR stack which were newly purchased.

I tried upgrading their IOS from 15.2(2) to 15.2(7), after finished upgrading, i also reloaded the stacked machines.

But after that my console screen will show as below:

File "flash:c2960x-universalk9-mz.152-7.E2.bin" uncompressed and installed, entry point: 0x3000
executing

Press RETURN to get started!

% % Duplicate sequence number.

%Failed to add ace to access-list
% % Duplicate sequence number.

%Failed to add ace to access-list

I have no idea how to deal with it, is there anyone who met the same symptom before??? and how to resolve???

hemmerling · ‎06-03-2020

It looks like the way the old IOS dealt with certain lines of your ACLs has changed from one version to the next.

I would remove each one, one at a time, and re-add them back in. Make sure to remove them from any access-groups on interfaces that may be in use or you may lock yourself out, or run each ACL add/delete as a script so that each can complete if it does isolate you from the device.

Example:

A file you apply as:

copy tftp://192.168.0.123/acltest1.txt running-config

and the file will look like this inside (but with the lines you are wanting to use):

no ip access-list extended MY_ACL
ip access-list extended MY_ACL
 permit ip host 192.168.0.112 192.168.0.0 0.0.255.255
 permit ip host 192.168.0.113 192.168.0.0 0.0.255.255
 deny ip any any log-input
!
end

Make sure you use something like Notepad++ that will let you set the EOL to a Unix style.

It should let you see which ACL the current IOS has an issue with and then remove or review them until you can find the line that is causing the error.

I get those on purpose when I apply a baseline script written to work on a couple of different IOSes, the older ones fail on the lines they don't know how to import and the newer ones just complain that you have already set it by displaying that error. I expect it to error on each but for different reasons but it lets me maintain one baseline script instead of 5 so I'm fine with it.

 ip access-list extended MY_ACL
 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
 deny   udp any any eq 3544 log-input
 deny   udp any any eq 3544 log
 deny   udp any eq 3544 any log-input
 deny   udp any eq 3544 any log
 deny   ip any any log-input
 deny   ip any any log

The above will do it every time. (as it should :) )

Oliver.Gao36 · ‎06-04-2020

Hi Hemmerlingsh, Actually these switches are all newly out-of-box ones, no ACL configurations in them, because i prefer upgrading switches' IOS software once i get the new devices.

HealthPoint · ‎08-25-2020

I have the same issue. Stacking 4 2960X switches together,

3x ws-c2960x-48ts-l (1 of these is the master switch)
1x ws-c2960x-48fps-l

All 3 of the non-master switches do this. Tried reloading and have reset the config to factory defaults.

Tried c2960x-universalk9-mz.152-7.E0a and c2960x-universalk9-mz.152-7.E2.

Can't verify anymore, but I'm pretty sure when I was on the older version above only 2 of the switches had these messages. After upgrading though it is all 3 non-master switches.