- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cannot edit ACLs on MS250
I am unable to add or edit any ACLs on our MS250 switch. Upon saving any changes, including just adding a comment, I receive a long stream of errors like these:
Must be 'both', 'ipv4', or ipv6''
For ACL rules applied to both IPv4 and IPv6, Destination address must be 'any'
Must be 'both', 'ipv4', or ipv6''
For ACL rules applied to both IPv4 and IPv6, Destination address must be 'any'
Must be 'both', 'ipv4', or ipv6''
For ACL rules applied to both IPv4 and IPv6, Source address must be 'any'
Must be 'both', 'ipv4', or ipv6''
For ACL rules applied to both IPv4 and IPv6, Source address must be 'any'
Must be 'both', 'ipv4', or ipv6''
For ACL rules applied to both IPv4 and IPv6, Destination address must be 'any'
Per Meraki support, they think it is a bug because of a similar case they have open and have referred my case on to developers.
So I need to get some ACLs set up for a new subnet and I have been stuck for a week now waiting for Meraki to figure out what is wrong. Has anyone else run into this? Any advice?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That does indeed sound like a bug. Are you using any rules with "IPv6" or "both"?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What code are you running, if a bug the support can up/downgrade you to a working version, even if it isn't on the web UI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's a good suggestion. We are running MS 11.17 firmware. Looks like 11.22 is available on the Stable Channel.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nope. All rules are IPv4.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you definately got a layer 3 VLAN configured?
Could you post a screenshot of the ACL when the error happens?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The MS250 is configured to route traffic between VLANs, and has been doing so for over a year and a half. The current ACLs have been working. I did just recently add a new VLAN which is the one I want to add ACLs for. But, I cannot even add a comment to an existing ACL without the errors.
I just added the comment to the following rule and receive the errors upon trying to save the change.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apart from trying a fw update I'm at a loss. It really seems like a bug. Nag helpdesk daily, this really should just work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@SchoolTechFW we have been running 11.22 on 225s and 210s for a while with no issues, but we don't do L3 so I can't comment on the stability of that layer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is nothing wrong with what you are doing. Time for a Meraki support ticket.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for all the inputs!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So it's been 2 week now since Meraki decided my ACL issue was a bug and forwarded it onto developers, which seems to be a black hole of some sort where things go in, but nothing (like information, or status reports) ever comes out. The support staff seems unable to get a status or any info at all on this.
The only workaround Meraki support can suggest is deleting all ACLs and trying to add them back. I am not going to do that since it could leave me much worse off if I am unable to add the current ACLs back. So I am still stuck with our core switch missing key functionality - unable to add or edit ACLs. Wondering if I should explore a switch from another vendor and if I can find a more reliable one.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you upgrade to 11.22? If so perhaps worth trying 11.25, just in case it fixes it (you can always roll back).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have not upgraded. It might help, although I didn't see anything in the release notes that mentioned my issue. This is our central routing/gateway switch so if I botch it, it will be a major problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've had a think about this. If it was me I would clone the network, and then in the cloned copy try some experiments to see what resolves it.
You could also try cloning the network, get it working correctly, and then just move the kit to the new network. If all goes well, delete the original network. If it doesn't go well, move the kit back (aka a rollback plan).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cloning the network is a thought! Maybe I could do that safely, without endangering all that is actually working now.
Thank you for the idea!
![](/skins/images/BA03AD7B95353A00DC47083EDDA5D825/responsive_peak/images/icon_anonymous_message.png)