cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1293
Views
0
Helpful
5
Replies

ACL with DAI bug for SG300-10 10-Port

Peter __
Level 1
Level 1

I have yet to double check this bug but I'm sure thats what happened

Firmware 1.4.5.02

So I don't reboot this switch much but I had to re-cable so everything went offline.

Everything got back on line but their was something wrong and yes the config was saved before power off but on power up one ACL rule did not correctly apply as in it was listed as being their on the given port but did not do what it was meant to for some reason and the block rules did not work. My other ACL rules seem fine but why this one ACL did not get applied on boot up. Well this port is part of a DAI I setup and its the port IP source Guard is set to Yes on so thats the only reason I can think of.

My current workaround that seems to work so far is clear ACL for that port then re-add the same ACL rule for that port.

Just wondering if anyone knows about this? I think but have yet to test that firmware 1.4.1.3 is fine?

5 Replies 5

Peter,

the only bug I could find is this one:

SG300: ACL rules not applied until reboot
CSCva32739
Description
Symptom:
ACLs are not taking effect properly when edited.

Conditions:
SG300 switch running 1.4.2.

Workaround:
Reboot switch when editing ACEs.

Further Problem Description:
Known Affected Releases:
1.4.2.4
1.4.5.x

Peter __
Level 1
Level 1

It must be this then or closely related thanks very much for finding this.

I think some thing that 1.4.1.3 did that the new firmware does not do is when it starts up it then does another reboot by itself I think?

Its likely to do with the port having source Guard is set to Yes on it and with this new firmware stops the ACL from being set on that port on boot up but with 1.4.1.3 it does another reboot after power up to then have the ACL apply.

I might go back to 1.4.1.3 at some point but for the time being as long as its on and powered up it should now be fine.

But I would think now Cisco might upgrade the Severity?

Hello Peter,

the listed bug might or might not be related to your specific issue. Do you have a support contract with Cisco ? If so, you could report your problem as a bug (I think you have to open a TAC case to do so).

I would if I could open a case but the page gets stuck loading.

Peter __
Level 1
Level 1

Just to report as of 1.4.7.06 this looks to be fixed :)

Review Cisco Networking for a $25 gift card