05-19-2020 11:20 PM
Hi All,
Here i have a 3-switches Catalyst 2960XR stack which were newly purchased.
I tried upgrading their IOS from 15.2(2) to 15.2(7), after finished upgrading, i also reloaded the stacked machines.
But after that my console screen will show as below:
File "flash:c2960x-universalk9-mz.152-7.E2.bin" uncompressed and installed, entry point: 0x3000
executing
Press RETURN to get started!
% % Duplicate sequence number.
%Failed to add ace to access-list
% % Duplicate sequence number.
%Failed to add ace to access-list
% % Duplicate sequence number.
%Failed to add ace to access-list
% % Duplicate sequence number.
%Failed to add ace to access-list
% % Duplicate sequence number.
%Failed to add ace to access-list
% % Duplicate sequence number.
%Failed to add ace to access-list
I have no idea how to deal with it, is there anyone who met the same symptom before??? and how to resolve???
06-03-2020 03:35 PM - edited 06-03-2020 03:38 PM
It looks like the way the old IOS dealt with certain lines of your ACLs has changed from one version to the next.
I would remove each one, one at a time, and re-add them back in. Make sure to remove them from any access-groups on interfaces that may be in use or you may lock yourself out, or run each ACL add/delete as a script so that each can complete if it does isolate you from the device.
Example:
A file you apply as:
copy tftp://192.168.0.123/acltest1.txt running-config
and the file will look like this inside (but with the lines you are wanting to use):
no ip access-list extended MY_ACL ip access-list extended MY_ACL permit ip host 192.168.0.112 192.168.0.0 0.0.255.255 permit ip host 192.168.0.113 192.168.0.0 0.0.255.255 deny ip any any log-input ! end
Make sure you use something like Notepad++ that will let you set the EOL to a Unix style.
It should let you see which ACL the current IOS has an issue with and then remove or review them until you can find the line that is causing the error.
I get those on purpose when I apply a baseline script written to work on a couple of different IOSes, the older ones fail on the lines they don't know how to import and the newer ones just complain that you have already set it by displaying that error. I expect it to error on each but for different reasons but it lets me maintain one baseline script instead of 5 so I'm fine with it.
ip access-list extended MY_ACL permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 deny udp any any eq 3544 log-input deny udp any any eq 3544 log deny udp any eq 3544 any log-input deny udp any eq 3544 any log deny ip any any log-input deny ip any any log
The above will do it every time. (as it should :) )
06-04-2020 07:22 PM
08-25-2020 12:33 PM
I have the same issue. Stacking 4 2960X switches together,
3x ws-c2960x-48ts-l (1 of these is the master switch)
1x ws-c2960x-48fps-l
All 3 of the non-master switches do this. Tried reloading and have reset the config to factory defaults.
Tried c2960x-universalk9-mz.152-7.E0a and c2960x-universalk9-mz.152-7.E2.
Can't verify anymore, but I'm pretty sure when I was on the older version above only 2 of the switches had these messages. After upgrading though it is all 3 non-master switches.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: