KB Release Notes

Similar documents
KB Release Notes

RA Release Notes

HPE FlexFabric 5950 Switch Series

ArubaOS-Switch Software Feature Support Matrix KA/KB/RA/WB/WC/YC/YA-YB Switches (minimum firmware versions)

HP 6125 Blade Switch Series

HP 6125 Blade Switch Series

HPE ArubaOS-Switch Advanced Traffic Management Guide for WC.16.02

HPE ArubaOS-Switch Advanced Traffic Management Guide for WB.16.03

About the H3C S5130-HI configuration guides

WC Release Notes

HPE FlexNetwork MSR Router Series

KB Release Notes

ArubaOS-Switch Management and Configuration Guide for YA/YB.16.04

About the H3C S5130-EI configuration guides

YA-YB Software Fix List

HPE ArubaOS-Switch IPv6 Configuration Guide YA/YB.16.02

HPE FlexFabric 7900 Switch Series

HPE FlexNetwork MSR Router Series

HP Switch Software Management and Configuration Guide K/KA/KB.15.16

Aruba 2530 Management and Configuration Guide for ArubaOS- Switch 16.05

About the HP A7500 Configuration Guides

HP 5920 & 5900 Switch Series FAQ

Management and Configuration Guide for WB.15.16

HPE ArubaOS-Switch Software Multicast and Routing Guide WB.16.02

HPE FlexNetwork HSR6800 Routers

48-Port 10/100/1000BASE-T + 4-Port 100/1000BASE-X SFP Gigabit Managed Switch GS T4S

Product features. Applications

Management and Configuration Guide WB.16.01

HPE ArubaOS-Switch Management and Configuration Guide for YA/ YB.16.02

ArubaOS-Switch Advanced Traffic Management Guide for WC.16.04

L Release Notes

HP 6125G & 6125G/XG Blade Switches

Software Feature Index for the ProCurve Switch 3500yl/5400zl/6200yl Series

Management and Configuration Guide YA/ YB.15.18

Aruba 2920 Multicast and Routing Guide for ArubaOS-Switch 16.05

HPE FlexFabric 5940 Switch Series

HPE ArubaOS-Switch Multicast and Routing Guide for WB.16.03

Chapter 3 Command List

HPE FlexFabric 12900E & 12900

HP FlexFabric 5700 Switch Series

AT-GS950/10PS Switch Web Interface User s Guide AT-S110 [ ]

ArubaOS-Switch Multicast and Routing Guide for YC.16.04

WB xxxx Software Fix List

ArubaOS-Switch IPv6 Configuration Guide for YA/YB.16.04

HP Load Balancing Module

HP VPN Firewall Appliances

Gigabit Managed Ethernet Switch

FortiSwitch - Release Notes 3.6.2

HP 5120 SI Switch Series

HP FlexFabric 5700 Switch Series

About the HP MSR Router Series

About the HP 830 Series PoE+ Unified Wired-WLAN Switch and HP 10500/ G Unified Wired-WLAN Module

Management and Configuration Guide WB.15.18

About the Configuration Guides for HP Unified

AT-GS950/8. AT-GS950/8 Web Interface User Guide AT-S113 Version [ ] Gigabit Ethernet Switch Rev A

Index. Numerics. Index 1

HP 3600 v2 Switch Series

HPE FlexNetwork 5510 HI Switch Series FAQ

HP A3100 v2 Switch Series

PSGS-2610F L2+ Managed GbE PoE Switch

HP MSR Router Series. EVI Configuration Guide(V7) Part number: b Software version: CMW710-R0304 Document version: 6PW

Release Notes PK.1.34

HPE FlexNetwork 5510 HI Switch Series

HP 3600 v2 Switch Series

HP 5500 HI Switch Series

HP 6125 Blade Switch Series

Aruba 8320 Configuring ACLs and Classifier Policies Guide for ArubaOS- CX 10.00

Gigabit Managed Ethernet Switch

Gigabit Managed Ethernet Switch

Viewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418

VSC6812SDK and VSC6813SDK

HP A5120 EI Switch Series IRF. Command Reference. Abstract

ArubaOS-Switch Multicast and Routing Guide for RA.16.04

3Com Switch 4800G Series, Version Release Notes. Customer Support. Documentation

W Software Fix List

ArubaOS-Switch IPv6 Configuration Guide for WC.16.03

Switch shall have 4 SFP 1000 Mb/s ports (2 Port dual-personality ports; 10/100/1000BASE-T or SFP and 2 Fixed 1G SFP port)

HP FlexFabric 5700 Switch Series

ASIT-33018PFM. 18-Port Full Gigabit Managed PoE Switch (ASIT-33018PFM) 18-Port Full Gigabit Managed PoE Switch.

EstiNet L2/SDN Switch Web User Interface USER GUIDE

Cisco Small Business SF200E Series Advanced Smart Switches

Access Security Guide for YA/YB.16.01

GS-2610G L2+ Managed GbE Switch

JetStream T2500G Series L2 Managed Switches

HP Routing Switch Series

Ethernet Routing Switch 4800 Series Software Release

ProCurve Switch G ProCurve Switch G

HPE VAN SDN Controller and Applications Support Matrix

Appendix A Command Index A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

HP V1905 Switch Series Release Notes

ZCOMAX S2900 Series 10GE Switches

Peplink SD Switch User Manual

Managed Gigabit PoE Switch PS2460GM

JetStream T2500G Series L2 Managed Switches

Management Software AT-S101. User s Guide. For use with the AT-GS950/8POE Gigabit Ethernet WebSmart Switch. Version Rev.

Lenovo ThinkSystem NE Release Notes. For Lenovo Cloud Network Operating System 10.6

TECH. MGS2924G: 16-Port SFP + 8-Port Combo GbE L2 Plus Managed Switch

Troubleshooting. Contents

ZyXEL ES-3124F V3.80(AIV.2)C0 Release Note/Manual Supplement

LSW6600 are the industry's highest performance 1U stackable data center switch, featuring with 1.28Tbps

Transcription:

KB.16.01.0012 Release Notes Part Number: 5200-2951a Published: May 2017 Edition: 2

2016, 2017 Hewlett Packard Enterprise Development LP Notices The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website. Acknowledgments Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Contents Chapter 1 KB.16.01.0012 Release Notes... 7 Description... 7 Important information... 7 Version history... 7 Products supported...9 Compatibility/interoperability... 9 Minimum supported software versions... 10 Enhancements... 11 Version KB.16.01.0012...11 VLAN... 11 Version KB.16.01.0011...12 Event Log... 12 TCP Push Preserve...12 Version KB.16.01.0010... 12 Version KB.16.01.0009... 12 Version KB.16.01.0008... 12 FIPS-140-2... 12 Version KB.16.01.0007... 12 Version KB.16.01.0006... 12 ACLs...12 Authentication...13 BootROM...13 Event Log... 13 RADIUS...13 Routing... 13 VxLAN... 13 Version KB.16.01.0005... 14 Version KB.16.01.0004... 14 3810M... 14 64 MSTP instances... 14 ACL Grouping...14 AirWave...14 ARP Attack Detection...14 Aruba Rebranding for Web UI... 15 Auto Configuration with Aruba AP...15 BFD... 15 Bonjour Gateway...15 Captive Portal for ClearPass... 15 Chromecast Gateway...16 Fault Finder (Per Port Enable)... 16 IGMPv3... 16 Instrumentation Enhancements...16 Job Scheduler... 17 LLDP over OOBM... 17 Max VLANs... 17 MVRP... 18 ND Snooping... 18 NTP... 18 OpenFlow... 18 Password Complexity...19 Contents 3

Preview Mode...19 PVLAN...19 RADIUS Service tracking... 19 RBAC... 19 REST...20 RIPng... 20 Time Domain Reflectometry...20 VSF... 20 VxLAN... 20 Fixes... 20 Version KB.16.01.0012... 21 Banner...21 Cable Diagnostic... 21 DHCP... 21 DHCP Server...21 DHCP Snooping... 22 Event Log... 22 Fans... 22 Job Scheduler... 22 Loop Protection... 23 OSPF...23 QinQ... 23 SNMP... 23 Spanning Tree...24 Stacking...24 Terminal...24 TFTP... 25 Trunking...25 VSF... 25 Version KB.16.01.0011...25 ACLs...25 Console... 25 MAC Authentication...26 mdns...26 Multicast... 26 OOBM... 26 OpenFlow... 26 PBR... 27 PIM... 27 SNMP... 27 Stacking...27 Switch Module... 27 Temperature... 28 Web UI...28 Version KB.16.01.0010... 28 BootROM...28 GVRP... 29 IGMP... 29 IP Directed Broadcast... 29 MACsec...29 Redundancy... 30 REST...30 SSH... 30 Stacking...30 Trunking...30 Version KB.16.01.0009... 31 Version KB.16.01.0008... 31 4 KB.16.01.0012 Release Notes

BFD... 31 CLI...31 Distributed Trunking... 31 GVRP... 31 MAC Authentication...32 PoE...32 Spanning Tree...32 Switch Module... 32 TACACS... 32 Transceivers...33 Trunking...33 USB... 33 Version KB.16.01.0007... 33 Display Issue... 33 Distributed Trunking... 33 Event Log... 34 NTP... 34 OOBM... 34 OpenFlow... 35 PIM... 35 PoE...35 SNMP... 35 Spanning Tree...35 Supportability...36 Switch Module... 36 VRRP... 36 VSF... 36 Version KB.16.01.0006... 37 Airwave...37 Authentication...37 Authorization... 37 Banner...37 Console... 38 Counters...38 DHCP... 38 DHCP Snooping... 38 DNS...38 Generic Configuration... 38 IGMP... 39 IPv6... 39 IPv6 ND... 39 MAC Authentication...39 MAC-Based VLANs...39 MVRP... 40 OSPF...40 PoE...40 Policies... 41 Port Connectivity... 42 Spanning Tree...42 Stacking...42 Supportability...43 Syslog...43 Time...43 VRRP... 43 VSF... 43 Web UI...43 Version KB.16.01.0005... 44 Contents 5

Version KB.16.01.0004... 44 BGP...44 CLI...44 Config... 44 DHCP... 44 DHCP Snooping... 45 Display Issue... 45 IPv6... 45 MAC Authentication...45 Menu Interface... 45 OSPF...45 PBR... 45 PoE...46 Policy Based Routing... 46 Port Connectivity... 46 Port Counters... 46 Routing... 46 Security Vulnerability...47 SNMP... 47 Spanning Tree...47 Stacking...47 Switch Initialization... 47 TACACS... 47 Temperature... 48 TFTP... 48 Transceivers...48 VLAN... 48 Issues and workarounds... 49 Event Log... 49 CR_0000218695... 49 Direct Attach Cables... 49 CR_0000218616... 49 Upgrade information... 49 Chapter 2 Hewlett Packard Enterprise security policy... 51 Finding Security Bulletins...51 Security Bulletin subscription service...51 Chapter 3 Websites... 52 Chapter 4 Support and other resources... 53 Accessing Hewlett Packard Enterprise Support... 53 Accessing updates...53 Customer self repair...53 Remote support... 54 Warranty information...54 Regulatory information...54 Documentation feedback... 55 6 KB.16.01.0012 Release Notes

Chapter 1 KB.16.01.0012 Release Notes Description This release note covers software versions for the KB.16.01 branch of the software. Version KB.16.01.0004 was the initial build of Major version KB.16.01 software. KB.16.01.0004 includes all enhancements and fixes in the 15.18.0007 software, plus the additional enhancements and fixes in the KB. 16.01.0004 enhancements and fixes sections of this release note. Product series supported by this software: Aruba 5400R Switch Series Aruba 3810 Switch Series Important information To avoid damage to your equipment, do not interrupt power to the switch during a software update. Firmware downgrade is not allowed if MSTP instances configured are greater than 16, or the max-vlans value is greater than 2048, or this system is part of a VSF stack. Unconfigure these features before attempting to downgrade from KB.16.01 to an earlier version of the firmware. For information on best practices when updating software or rolling back to previous versions of software, see the "Best practices for software updates" section of the HPE ArubaOS-Switch Basic Operations Guide Version 16.01. Version history All released versions are fully supported by Hewlett Packard Enterprise, unless noted in the table. Version number Release date Based on Remarks KB.16.01.0012 2017-01-27 KB.16.01.0011 Released, fully supported, and posted on the web. KB.16.01.0011 2016-11-15 KB.16.01.0010 Released, fully supported, and posted on the web. KB.16.01.0010 2016-09-13 KB.16.01.0009 Released, fully supported, and posted on the web. KB.16.01.0009 n/a KB.16.01.0008 Never released. KB.16.01.0008 2016-08-02 KB.16.01.0007 Released, fully supported, and posted on the web. KB.16.01.0007 2016-05-31 KB.16.01.0006 Released, fully supported, and posted on the web. KB.16.01.0006 2016-03-28 KB.16.01.0005 Released, fully supported, and posted on the web. KB.16.01.0005 n/a KB.16.01.0004 Never released. Table Continued Chapter 1 KB.16.01.0012 Release Notes 7

Version number Release date Based on Remarks KB.16.01.0004 2016-01-20 KB.15.18.0007 Released, fully supported, and posted on the web. KB.15.18.0013 2016-09-13 KB.15.18.0012 Please see the KB.15.18.0013 release note for detailed information on the KB.15.18 branch. Released, fully supported, and posted on the web. KB.15.18.0012 2016-08-02 KB.15.18.0011 Released, fully supported, and posted on the web. KB.15.18.0011 2016-05-31 KB.15.18.0010 Released, fully supported, and posted on the web. KB.15.18.0010 2016-03-28 KB.15.18.0009 Released, fully supported, and posted on the web. KB.15.18.0009 n/a KB.15.18.0008 Never released. KB.15.18.0008 2016-01-19 KB.15.18.0007 Released, fully supported, and posted on the web. KB.15.18.0007 2015-11-10 KB.15.18.0006 Released, fully supported, and posted on the web. KB.15.18.0006 2015-08-15 KB.15.17.0003 Initial release of the KB.15.18 branch. Released, fully supported, and posted on the web. KB.15.17.0013 2016-05-25 KB.15.17.0012 Please see the KB.15.17.0013 release note for detailed information on the KB.15.17 branch. Released, fully supported, and posted on the web. KB.15.17.0012 2016-03-28 KB.15.17.0011 Released, fully supported, and posted on the web. KB.15.17.0011 n/a KB.15.17.0010 Never released. KB.15.17.0010 2016-01-19 KB.15.17.0009 Released, fully supported, and posted on the web. KB.15.17.0009 2015-11-10 KB.15.17.0008 Released, fully supported, and posted on the web. KB.15.17.0008 2015-08-29 KB.15.17.0007 Released, fully supported, and posted on the web. KB.15.17.0007 2015-06-22 KB.15.17.0006 Released, fully supported, and posted on the web. KB.15.17.0006 n/a KB.15.17.0005 Never released. KB.15.17.0005 2015-05-11 KB.15.17.0004 Released, fully supported, but not posted on the web. Table Continued 8 KB.16.01.0012 Release Notes

Version number Release date Based on Remarks KB.15.17.0004 2015-04-23 KB.15.17.0003 Released, fully supported, but not posted on the web. KB.15.17.0003 n/a KB.15.16.0004 Initial release of the KB.15.17 branch. Never released. Products supported This release applies to the following product models: Product number J9821A J9824A J9823A J9868A J9822A J9826A J9825A JL001A JL002A JL003A JL095A JL075A JL071A JL073A JL076A JL072A JL074A Description Aruba 5406R zl2 Switch Aruba 5406R 44G PoE+/4SFP (No PSU) v2 zl2 Switch Aruba 5406R 44G PoE+/2SFP+ (No PSU) v2 zl2 Switch Aruba 5406R 8XGT/8SFP+ (No PSU) v2 zl2 Switch Aruba 5412R zl2 Switch Aruba 5412R 92G PoE+/4SFP (No PSU) v2 zl2 Switch Aruba 5412R 92G PoE+/2SFP+ (No PSU) v2 zl2 Switch Aruba 5412R 92GT PoE+ / 4SFP+ (No PSU) v3 zl2 Switch Aruba 5406R 8 port 1/2.5/5/10GBASE T PoE+ / 8 port SFP+ (No PSU) v3 zl2 Switch Aruba 5406R 44GT PoE+ / 4SFP+ (No PSU) v3 zl2 Switch Aruba 5406R 16 port SFP+ (No PSU) v3 zl2 Switch Aruba 3810M 16SFP+ 2 slot Switch Aruba 3810M 24G 1 slot Switch Aruba 3810M 24G PoE+ 1 slot Switch Aruba 3810M 40G 8 HPE Smart Rate PoE+ 1 slot Switch Aruba 3810M 48G 1 slot Switch Aruba 3810M 48G PoE+ 1 slot Switch Compatibility/interoperability The switch web agent supports the following web browsers: Chapter 1 KB.16.01.0012 Release Notes 9

Browser Supported versions Internet Explorer Edge 11 Chrome 53 52 Firefox 49 48 Safari (MacOS only) 10 9 Minimum supported software versions If your switch or module is not listed in the below table, it runs on all versions of the software. Product number Product name Minimum software version J9986A HPE 24-port 10/100/1000BASE-T PoE+ MACsec v3 zl2 Module KB.15.17.0003 J9987A HPE 24-port 10/100/1000BASE-T MACsec v3 zl2 Module KB.15.17.0003 J9988A HPE 24-port 1GbE SFP MACsec v3 zl2 Module KB.15.17.0003 J9989A J9990A J9991A J9992A HPE 12-port 10/100/1000BASE-T PoE+ / 12-port 1GbE SFP MACsec v3 zl2 Module HPE 20-port 10/100/1000BASE-T PoE+ / 4-port 1G/10GbE SFP+ MACsec v3 zl2 Module HPE 20-port 10/100/1000BASE-T PoE+ / 4p 1/2.5/5/10GBASE-T PoE+ MACsec v3 zl2 Module HPE 20-port 10/100/1000BASE-T PoE+ MACsec / 1-port 40GbE QSFP+ v3 zl2 Module KB.15.17.0003 KB.15.17.0003 KB.15.17.0003 KB.15.17.0003 J9993A HPE 8-port 1G/10GbE SFP+ MACsec v3 zl2 Module KB.15.17.0003 J9995A HPE 8-port 1/2.5/5/10GBASE-T PoE+ MACsec v3 zl2 Module KB.15.17.0003 J9996A HPE 2-port 40GbE QSFP+ v3 zl2 Module KB.15.17.0003 JH231A HPE X142 40G QSFP+ MPO SR4 Transceiver KB.15.17.0003 Table Continued 10 KB.16.01.0012 Release Notes

Product number Product name Minimum software version JH232A HPE X142 40G QSFP+ LC LR4 SM Transceiver KB.15.17.0003 JH233A HPE X142 40G QSFP+ MPO esr4 300M XCVR KB.15.17.0003 JH234A HPE X242 40G QSFP+ to QSFP+ 1m DAC Cable KB.15.17.0003 JH235A HPE X242 40G QSFP+ to QSFP+ 3m DAC Cable KB.15.17.0003 JH236A HPE X242 40G QSFP+ to QSFP+ 5m DAC Cable KB.15.17.0003 JL001A Aruba 5412R 92GT PoE+ / 4SFP+ (No PSU) v3 zl2 Switch KB.15.17.0003 JL002A Aruba 5406R 8-port 1/2.5/5/10GBASE-T PoE+ / 8-port SFP + (No PSU) v3 zl2 Switch KB.15.17.0003 JL003A Aruba 5406R 44GT PoE+ / 4SFP+ (No PSU) v3 zl2 Switch KB.15.17.0003 JL095A Aruba 5406R 16-port SFP+ (No PSU) v3 zl2 Switch KB.15.17.0003 JL075A Aruba 3810M 16SFP+ 2-slot Switch KB.16.01.0004 JL071A Aruba 3810M 24G 1-slot Switch KB.16.01.0004 JL073A Aruba 3810M 24G PoE+ 1-slot Switch KB.16.01.0004 JL076A Aruba 3810M 40G 8 HPE Smart Rate PoE+ 1-slot Switch KB.16.01.0004 JL072A Aruba 3810M 48G 1-slot Switch KB.16.01.0004 JL074A Aruba 3810M 48G PoE+ 1-slot Switch KB.16.01.0004 For information on networking application compatibility, see the HPE ArubaOS-Switch Software Feature Support Matrix. Enhancements This section lists enhancements added to this branch of the software. Software enhancements are listed in reverse-chronological order, with the newest on the top of the list. Unless otherwise noted, each software version listed includes all enhancements added in earlier versions. Version KB.16.01.0012 VLAN Switch design does not allow a port to be orphaned when it is removed from the port's last assigned VLAN. The port has to be manually re-assigned to any other existing VLAN to make sure the port is always assigned to a VLAN. If removing a port from its last VLAN, the port is now automatically untagged to the DEFAULT VLAN, eliminating the previous 2-step process - move port to another VLAN prior to removing the port's last assigned VLAN. Chapter 1 KB.16.01.0012 Release Notes 11

Version KB.16.01.0011 Event Log Added the following new informational event log message to the switch event log when packets with non-standard Ethernet preamble are detected by a V3 switch module or 3810 switch. Port <port-num> is receiving excessive non-standard Ethernet preambles. If this reoccurs frequently, check the connected device to ensure it complies with the Ethernet standard. TCP Push Preserve Starting with this build, the TCP Push Preserve mode is set to DISABLED by default. The TCP Push Preserve mode determines the queuing of the TCP packets that have the PUSH flag set. When this mode is enabled and the egress queue is full, TCP packets with the PUSH flag set are queued at the head of the ingress queue for egress queue space. This may delay subsequent incoming packets in the same queue and create a head-of-line blocking situation. When this mode is disabled and the egress queue is full, TCP packets with the PUSH flag set are dropped from the head of the ingress queue. If the current switch TCP Push Preserve mode has been set to DISABLED, it will be preserved as DISABLED and the corresponding configuration entries will be suppressed. If the current switch TCP PUSH preserve mode has been set to ENABLED, it will be changed to DISABLED and the change will be noted in system event logs as The tcp-push-preserve feature was disabled. This is a change to default configuration. The CLI command show tcp-push-preserve indicates the status of TCP push mode ENABLED/DISABLED. CLI command [no] tcp-push-preserve changes the status of TCP push mode. Version KB.16.01.0010 No enhancements were included in version KB.16.01.0010. Version KB.16.01.0009 Version KB.16.01.0009 was never released. Version KB.16.01.0008 FIPS-140-2 Symptom/Scenario: Added CLI command to allow installation and activation of the Opacity Shield Kit, when compliance with FIPS 140 security level 2 is needed. The CLI command can be executed only from a Console Session and it will cause the system threshold temperature to be decreased to 35 C. Usage: [no] opacity-shields Version KB.16.01.0007 No enhancements were included in version KB.16.01.0007. Version KB.16.01.0006 ACLs CR_0000190834 Added persistent debug support to ACL logging facility for matching ACE events. The following CLI command is added [no] sys-debug acl. 12 KB.16.01.0012 Release Notes

Authentication CR_0000181093 Increase maximum password length for local user from 16 to 64 characters. BootROM CR_0000193106 BootROM version updated to KB.16.01.0006. Event Log CR_0000189525 Added audit log message to the system logging for the following events: termination of a secure session failure to negotiate the cipher suite due to cipher mismatch for SSL and SSH sessions CR_0000190131 Added RMON audit log messages when SNTP is disabled using CLI command no sntp. CR_0000190134 Added an audit log message regarding the console inactivity timer when the console idle-timeout command is used. CR_0000190141 Added audit log messages when default gateway IP address is configured or modified. RADIUS CR_0000183521 New options added to CLI command to configure replay protection for dynamic authorization messages "positivetime-window" and "plus-or-minus-time-window". Usage: [no] radius-server host <IP-ADDR> time-window <Seconds> radius-server host <IP-ADDR> time-window positive-time-window radius-server host <IP-ADDR> time-window plus-or-minus-time-window When replay protection is enabled and positive-time-window is set, messages from the server must contain an Event-Timestamp attribute that differs from the current time by no more than the specified number of seconds. When replay protection is enabled and plus-or-minus-time-window is set, messages from the server must contain an Event-Timestamp attribute that differs from the current time by no more than the (+/-) specified number of seconds. The positive-time-window option is default with 300 seconds as its default value. Routing CR_0000190835 A new <logging> option is added to static IP routing configuration CLI command to turn ON logging facility for IP traffic destined to blackhole. The event log information provides information such as source IP, destination IP. Example: [no] ip route <IP-ADDR/MASK-LENGTH> blackhole logging [no] sys-debug ip blackhole VxLAN Chapter 1 KB.16.01.0012 Release Notes 13

CR_0000189100 Private VLAN and VxLAN features are mutually exclusive. Added CLI checks to prevent Private VLAN and VxLAN from being configured simultaneously. Version KB.16.01.0005 Version KB.16.01.0005 was never released. Version KB.16.01.0004 3810M The new Aruba 3810M switch is supported by KB.16.01. 64 MSTP instances Multiple Spanning Tree (MST) was created to allow for multiple spanning tree topologies while preserving scalability. MST enables an administrator to map an arbitrary number of VLANs to a single MST instance, resulting in the minimum number of instances needed to satisfy a design. If, for example, you have six VLANs but only two unique layer two topologies, you need only two MST instances. For more information, see the HPE ArubaOS-Switch Advanced Traffic Management Guide for your switch. Platform support: 3800, 3810, 5400R ACL Grouping In general, for each of the x ACEs configured on the switch will consume x*n hardware resources. If the ACEs are shared under a common group the hardware resource consumption can be reduced to n. Hence share/ group ACL reduces the hardware resource usage when the same ACL is applied to multiple ports/vlans, hence making maximum hardware resource usage. For more information, see the HPE ArubaOS-Switch Access Security Guide and the HPE ArubaOS-Switch Advanced Traffic Management Guide for your switch. Platform support: 2920, 3800, 3810, 5400R AirWave AirWave is a Network Management Solution (NMS) tool. Once connected to AirWave, the user can Configure Aruba switches using Zero Touch Provisioning (ZTP) Configure Aruba switches using the CLI Troubleshoot Aruba switches Monitor Aruba switches Upgrade Aruba firmware for your switches For more information, see the HPE ArubaOS-Switch Management and Configuration Guide for your switch. Platform: 2530, 2620, 2920, 3800, 3810, 5400R ARP Attack Detection Source-MAC based ARP attack detection protects the switch CPU from ARP attacks by enabling restriction of the overall number of ARP packets the CPU receives from a given client. An ARP attack occurs when the switch receives more ARP packets from the same source MAC address than allowed by the configured threshold setting. IP ARP-throttle uses a "remediation mode" to determine whether IP ARP-throttle simply monitors the frequency of ARP packets or actually restricts the ARP-packet traffic from a given client. In cases where normal operation of a device in your network exceeds the configured IP ARP-throttle threshold, and you do not want to blacklist the device, you can configure IP ARP throttling to exclude that device from being monitored. For more information, see the HPE ArubaOS-Switch Multicast and Routing Guide for your switch. 14 KB.16.01.0012 Release Notes

Platform: 2530, 2620, 2920, 3500, 3810, 5400, 5400R Aruba Rebranding for Web UI The 2530, 2920, and 5400R switches have taken on the Aruba sub-brand. The products are now called the Aruba 2530 Switch Series, the Aruba 2920 Switch Series, and the Aruba 5400R zl2 Switch Series. Auto Configuration with Aruba AP Auto device detection and configuration The auto device detection and configuration detects a directly connected Aruba AP dynamically and applies predefined configurations to ports on which the Aruba AP is detected. The following parameters are supported: untagged-vlan tagged-vlan ingress-bandwidth egress-bandwidth cos speed-duplex poe-max-power poe-priority Auto VLAN configuration VLAN configuration on Aruba APs are learned automatically using GVRP protocol. Rogue AP isolation The Rogue AP Isolation feature detects and blocks any unauthorized APs in the network. You can either log or block the rogue device. If the action requested is to log the rogue device, the MAC address of the rogue device is logged in the system logs (RMON). If the action is to block the rogue device, the traffic to and from the MAC address of the rogue device is blocked. The MAC is also logged in the system log. Platform: 2530, 2620, 2920, 3800, 3810, 5400R BFD Bidirectional forwarding detection (BFD), RFC 5880, provides low-overhead, short-duration detection of failures in the path between adjacent forwarding devices. BFD allows a single mechanism to be used for failure detection over any media and at any protocol layer, with a wide range of detection times. For more information, see the HPE ArubaOS-Switch Multicast and Routing Guide for your switch. Platform support: 5400R (only V3 modules), 3810 Bonjour Gateway Hewlett Packard Enterprise's mdns Gateway solution supports Apple's Bonjour protocol to the switch. The mdns gateway, running on a switch, will listen for Bonjour responses and Bonjour queries and forward them to different subnets. Its main function is to forward Bonjour traffic between different subnets (reflector). For more information, see the HPE ArubaOS-Switch Multicast and Routing Guide for your switch. Platform: 2530, 2620, 2920, 3500, 3800, 3810, 5400, 5400R Captive Portal for ClearPass The Captive Portal feature allows the support of the ClearPass Policy Manager (CCPM) into the ArubaOS-Switch product line. The switch provides configuration to allow you to enable or disable the Captive Portal feature. Chapter 1 KB.16.01.0012 Release Notes 15

By default, Captive Portal is disabled to avoid impacting existing installations as this feature is mutually exclusive with the following web-based authentication mechanisms: Web Authentication EWA MAFR BYOD Redirect Platform: 5400 (V2 only), 2620, 2920, 3800, 5400R, 3810 5400 (V1), and 3500: only CoA Port Bounce not Captive Portal Redirect Chromecast Gateway Chromecast is a line of digital media players developed by Google. Designed as small dongles, the devices play audio/video content on a high-definition television or home audio system by directly streaming it via Wi-Fi from the Internet or a local network. Users select the media to play using mobile apps and web apps that support the Google Cast technology. Chromecast uses a simple multicast protocol for mdns discovery and launch that enables users to mirror their devices on a second screen. Hewlett Packard Enterprise supports mdns protocol, implemented as a server. mdns is the primary method of discovering a Chromecast that supports the v2 API. For more information, see the HPE ArubaOS-Switch Multicast and Routing Guide for your switch. Platform: 2530, 2620, 2920, 3500, 3800, 3810, 5400, 5400R Fault Finder (Per Port Enable) Per port enable fault-finder link flap detection detects link flaps on a port at three different sensitivity levels, High (3 flaps in 10 seconds), Medium (6 link flaps in 10 seconds), and Low (3 link flaps in 10 seconds). It can be configured to either just log a warning or disable the port according to the configured sensitivity. We can also configure automatic re-enabling of the port after a specified timer expires. For more information, see the HPE ArubaOS-Switch Management and Configuration Guide for your switch. Platform support: 3500, 3800, 3810 IGMPv3 The Internet Group Management Protocol (IGMP) is used by IPv4 systems (hosts and routers)to report their IP multicast group membership to any neighboring multicast routers. Version 1, specified in [RFC-1112], was the first widely-deployed version. Version 2, specified in [RFC-2236], added support for low leave latency, that is, a reduction in the time it takes for a multicast router to learn that there are no longer any members of a particular group present on an attached network. Version 3 adds support for source filtering, that is, the ability for a system to report interest in receiving packets only from specified source addresses, or from all but specified source addresses, sent to a particular multicast address. Version 3 is designed to be interoperable with Versions 1 and 2. For more information, see the HPE ArubaOS- Switch Multicast and Routing Guide for your switch. Platform support: 2920, 3800, 3810, 5400R Instrumentation Enhancements Supportability Infrastructure: User Initiated Diagnostic Reset via Clear button This feature allows the switch's front panel button (Clear) to manually initiate a diagnostic reset. User can perform reliable diagnostic reset via the front panel button (Clear) which will capture information needed to debug application hang. Diagnostic reset is controlled via the Front Panel Security (FPS) options. 16 KB.16.01.0012 Release Notes

Supportability infrastructure: User Initiated Diagnostic Reset via Serial Console This supportability feature remotely triggers a diagnostic reset via serial console to reboot the switch and collect diagnostic data to debug switch application hang or system hang or any other rare occurrences (which is seen rarely in the lab, field, or customer setups). This feature improves the service availability of the switch by providing remote diagnostic reset option via serial console attached to the accessible console server and provide the diagnostic data to quickly analyze the issue and debug. Diagnostic reset is controlled via FPS options. The serial sequence to initiate User Initiated Diagnostic Reset via Serial console is Ctrl+S, Ctrl+T, Ctrl+Q, Ctrl+T, Ctrl+S. For more information, see the HPE ArubaOS-Switch Management and Configuration Guide for your switch. Platform: 2530, 2620, 2920, 3500, 3800, 3810, 5400, 5400R Job Scheduler The Job Scheduler feature enables the user to schedule commands or jobs on the switch for one time or multiple times. This is similar in concept to the UNIX cron utility. The user can schedule any CLI command that the user would otherwise enter interactively. This includes commands to enable or disable ports, LEDs, and Power-Over- Ethernet. Jobs can also be scheduled to be triggered by certain pre-defined events such as switch reboot. The only major restriction on commands is the user cannot prompt for user input. For more information, see the HPE ArubaOS-Switch Management and Configuration Guide for your switch. Platform support: 2530, 2620, 2920, 3800, 3810, 5400R LLDP over OOBM The Link Layer Discovery Protocol (LLDP) provides a standards-based method for enabling the switch to advertise itself to adjacent devices and to learn about adjacent LLDP devices. Standard LLDP frames are sent over regular Ethernet ports on the switch. LLDP over OOBM is an extension that allows LLDP frames to be sent over an OOBM port. For more information, see the HPE ArubaOS-Switch Management and Configuration Guide for your switch. Platform support: 2920, 3800, 3810, 5400R Max VLANs A maximum of 4K VLANs can be configured on supported switches. This support is for 5400R, 3800 and 3810 platforms. For 2920 the support is limited to 1022. The existing scale numbers for IP VLAN and Static route has been changed. For more information, see the HPE ArubaOS-Switch Advanced Traffic Management Guide for your switch. Platform Attribute 15.18 16.01 5400R, 3800, 3810 VLAN 2048 4094 IP VLAN 512 1024 total with up to: 1024 IPv4 512 IPv6 Static Route 256 1024 total with up to: 2920 VLAN 256 1022 256 interface-based 1024 gateway-based Table Continued Chapter 1 KB.16.01.0012 Release Notes 17

Platform Attribute 15.18 16.01 IP VLAN 256 512 total with up to: 512 IPv4 256 IPv6 Static Route 256 256 Total Platform support: 2920, 3800, 3810, 5400R MVRP The Multiple VLAN Registration protocol (MVRP) provides a mechanism of dynamically propagating VLAN information from a source switch to other switches in the LAN. MVRP is similar to GVRP where by which it helps administrators to maintain the VLAN topology in an efficient way. GVRP by itself is not optimized for VLAN propagation when the scale of VLAN grows. To address this IEEE has come up with MVRP, the new multi registration protocol to propagate VLANs. For more information, see the HPE ArubaOS-Switch Advanced Traffic Management Guide for your switch. Platform support: 2530, 2620, 2920, 3800, 3810, 5400R ND Snooping Neighbor Discovery Protocol uses the Internet Control Message Protocol version 6 (ICMPv6) for the purpose of router solicitation, router advertisement, neighbor solicitation, neighbor advertisement, and network redirects. The Neighbor Discovery Protocol packets can be easily exploited by the spoofers/attackers in the ipv6 network if there are no security mechanisms. ND snooping provides security against different kind of attacks. For more information, see the HPE ArubaOS-Switch IPv6 Configuration Guide for your switch. Platform support: 2920, 3800, 3810, 5400, 5400R NTP The Network Time Protocol (NTP) synchronizes the time of day among a set of distributed time servers in order to correlate events when system logs and other time-specific events from multiple network devices received. NTP uses the User Datagram Protocol (UDP) as its transport protocol. All NTP communications use Coordinated Universal Time (UTC). For more information, see the HPE ArubaOS-Switch Management and Configuration Guide for your switch. Platform support: 2530, 2620, 2920, 3500, 3800, 3810, 5400, 5400R OpenFlow OpenFlow rules have been enhanced to support matching on TCP Flags and L4 port ranges in Custom Match Mode. TCP Flags matching is supported in both FFE TCAM and Hash tables. However Port Range matching is not supported on Hash Tables. Only matching on the lower 8-bits of TCP flags is supported in Hash and TCAM tables in FFE. The HASH table doesn t support masking of match fields. As the HASH only supports custom matches whose sizes are a multiple of 8-bits, only the lower 8-bits of TCP Flags matching is supported. Though TCAM can support masking, for uniformity only the lower 8-bits matching has been supported. The default Custom Match Mode pipeline is not supported to match on TCP Flags or L4 port ranges (& hence the same will not be advertised in TABLE features reply message). However the switch will honor a TABLE features 18 KB.16.01.0012 Release Notes

request message from the controller with these match parameters in the OFPTFPT_MATCH property. For more information, see the HPE OpenFlow 1.3 Administrator Guide K/KA/KB/WB.16.01. Platform support: 5400R (only V3 modules), 3810 Password Complexity In current provision software, the user is not enforced to configure a complex password. As per UCR 2008 requirements there are few checks that are to be performed while configuring the password. Also, to provide some alert mechanisms to the user based on the configuration at the expiry of the password. The password configuration and password complexity check will be implemented as per Section 5.4.6.2.1.2 of UCR- 2008. The password expiry helps as a proactive security measure to protect the user credentials. The introduction of password history, complex check and minimum length ensures that the password is complex enough so that it cannot be easily cracked. The user will be mandated to configure the password consisting of alpha numeric characters along with the supported special characters. The authentication requirement (entry of old password) while configuration of the password increases the security level. For more information, see the HPE ArubaOS-Switch Access Security Guide for your switch. Platform support: 2530, 2620, 2920, 3800, 3810, 5400R Preview Mode Preview mode allows the user to experience upcoming features and provide early feedback. The Multicast Offload Engine (MOE, supported only on the 5400R v3) is the first feature introduced within Preview Mode. Enabling MOE prevents multiple copies of a packet being sent across the ingress node chip s fabric interface. When you enable MOE, the request or reply process to each destination node chip still occurs, but the packet is forwarded once to the fabric chip, and the fabric chip replicates the packet to all other destination nodes that has to receive the packet. For more information, see the HPE ArubaOS-Switch Basic Operation Guide. Platform support: 3810, 5400R PVLAN Private VLANs feature partitions a VLAN by grouping multiple sets of ports that need traffic isolation from one another into independent broadcast sub domains. The VLAN that is being partitioned is referred to as the Primary VLAN and the sub domains carved out of this primary VLAN are referred to as Secondary VLANs. These Secondary VLANs are also regular VLANs, constituted by a subgroup of ports of the original VLAN and identified by a unique VLAN ID. However, they are usually local to a switch whose Primary VLAN is being partitioned or in cases where it needs to be extended to multiple switches, it is restricted to the downstream (access) layers. Upstream switches need not have to be aware of these Secondary VLAN IDs. For more information, see the HPE ArubaOS-Switch Advanced Traffic Management Guide for your switch. Platform support: 2920, 3800, 3810, 5400, 5400R RADIUS Service tracking This feature helps to track the availability of radius servers configured on the switch. If the primary server is not available, it will move to the next available server that minimizes the delay in authentication. Note that this feature is disabled by default. For more information, see the HPE ArubaOS-Switch Access Security Guide for your switch. Platform support: 2530, 2620, 2920, 3500, 3800, 3810, 5400, 5400R RBAC The Role Based Access Control (RBAC) is a runtime database that consists of roles and rules that are mapped to users. RBAC lets you secure the management of your network infrastructure by defining the roles for each network administrator for their specific function. The resource access permissions ensure that the network administrator of one department cannot modify the configuration of another department. The feature access Chapter 1 KB.16.01.0012 Release Notes 19

permission allows creation of roles based on the function of the user. For more information, see the HPE ArubaOS-Switch Access Security Guide for your switch. Platform support: 2920, 3800, 3810, 5400R REST Representational State Transfer (REST) is a software architecture style consisting of guidelines and best practices for creating scalable web services. RESTful systems typically, but not always, communicate over the Hypertext Transfer Protocol with the same HTTP verbs (GET, POST, UT, DELETE, etc.) used by web browsers to retrieve web pages and send data to remote servers. The REST Interface will be enabled by default in Aruba switches and user is provided with an option to disable it if required. HTTP/HTTPS server should be running in the switch to process rest requests. Platform support: 2530, 2620, 2920, 3500, 3800, 3810, 5400, 5400R RIPng RIP is a distance vector Interior Gateway Protocol (IGP) which is used in small-size IPv4 networks. To route IPv6 packets, IETF developed RIPng based on RIP. Hence RIPng is the Routing Information Protocol for IPv6. The fundamental mechanisms of RIP remain unchanged. However, differences between RIP and RIPng include support for IPv6 addresses and prefixes, different packet formats and lengths, no authentication in RIPng, etc. RIPng is specified by RFC 2080 and RFC 2081. For more information, see the HPE ArubaOS-Switch Multicast and Routing Guide for your switch. Platform support: 2920, 3800, 3810, 5400, 5400R Time Domain Reflectometry Time Domain Reflectometry (TDR) is a new feature added to detect copper cable faults on 100BASE-TX, 1000BASE-T ports. Signal initiated by PHY is sent across the ports and the reflections are measured to test the port. Platform support: 3810, 5400R with v3 blades. 10BASE-T (SmartRate) not supported. VSF HPE Virtual Switching Framework (VSF) technology virtualizes two physical devices in the same layer into one Virtual Fabric that provides high availability and scalability. A Virtual Fabric is therefore two physical devices in the same layer that utilize VSF technology. VSF allows supported switches connected to each other through normal Ethernet connections (copper or fiber) to behave like a single switch. For more information, see the HPE ArubaOS-Switch Management and Configuration Guide for your switch. Platform: 5400R with v3 blades VxLAN Virtual Extensible LAN (VxLAN) is a network virtualization technology that allows the extension of L2 networks over L3 UDP tunnels. Endpoints are configured at the entry and exit points that will tunnel traffic through the L3 network extending the broadcast domain of the subnet. Platform: 3810, 5400R with v3 blades Fixes This section lists released builds that include fixes found in this branch of the software. Software fixes are listed in reverse-chronological order, with the newest on the top of the list. Unless otherwise noted, each software version listed includes all fixes added in earlier versions. 20 KB.16.01.0012 Release Notes

The Symptom statement describes what a user might experience if this is seen on the network. The Scenario statement provides additional environment details and trigger summaries. When available, the Workaround statement provides a workaround to the issue for customers who decide not to update to this version of software. The number that precedes the fix description is used for tracking purposes. Version KB.16.01.0012 Banner CR_0000225460 Symptom: SNMPv3 get request on the switch login banner SNMP OID fails with toobig error message. Scenario: When switch post-login banner or MOTD banner is configured with more than 1300 characters, running an SNMPv3 get request on the corresponding banner SNMP OID will fail with the error message Reason:[tooBig]. Workaround: Use SNMPv2 get request on SNMP banner OID when the configured login banner size is larger than 1300 characters. Cable Diagnostic CR_0000222089 Symptom: Non-support for cable diagnostic tests is not indicated prior to executing the tests. Scenario: When executing the CLI command test cable-diagnostics <PORT-LIST>, on a switch port that does not support this feature, the following execution warning message is displayed for non-supported ports: This command will cause a loss of link on all tested ports and will take several seconds per port to complete. Use the 'show cable-diagnostics' command to view the results. Continue (y/n)? Y. The non-support for such test is indicated only when displaying the test results using CLI command 'show cable-diagnostics' command', in a report message such as Port <port-number> does not support cable diagnostics. DHCP CR_0000222120 Symptom: The switch DHCP server may delay honoring IP address renewal requests. Scenario: When a client which acquired an IP address from the switch DHCP server is roaming to a different VLAN also managed by the switch DHCP server, a fresh new DHCP client request process is initiated in place of the DHCP renewal request process, resulting in a longer delay for the DHCP client to acquire the new IP address. Workaround: Using an external DHCP server may help resolve the delay in DHCP client IP renewal when roaming from one VLAN to another. DHCP Server CR_0000216603 Symptom: DHCP clients are not able to obtain IP addresses from the switch's locally configured DHCP server address pool. Scenario: When the default route (0.0.0.0/0) is configured with a VLAN as the next hop, the DHCP request packets are being dropped and the DHCP clients are not able to obtain IP address from the switch DHCP server. Workaround: Configure the default route's next hop value with an IP address instead of a VLAN. Chapter 1 KB.16.01.0012 Release Notes 21

DHCP Snooping CR_0000218841 Symptom: The DHCP snooping bindings information may not be properly updated. Scenario: After a boot event in a multi-management configuration, such as redundant management module or stack configuration, the DHCP snooping lease binding from a TFTP/SFTP stored database may fail to be updated. Workaround: Disable/enable DHCP snooping globally after the config synchronization with standby is completed. Event Log CR_0000225392 Symptom: The proper event log message is not generated when a port is blocked due to a link failure detection protocol. Scenario: When a port is configured for Device Link Detection Protocol (DLDP) or Uni-directional Link Detection (UDLD) and a link failure is detected, the switch fails to log corresponding event log messages similar to: 00435 ports: port <NUM> is Blocked by DLDP 00435 ports: port <NUM> is Blocked by UDLD Fans CR_0000222931 Symptom: The switch is not updating the fan status after PSU replacement. Scenario: When a 5400R switch encounters an issue with one of both the fans in a PSU and the failing PSU is replaced, the switch continues to indicate that a PSU fan is failing. The following symptoms are observed: Fan failure LEDs are not cleared Switch continues to count and report in event log fan failures on replaced PSU/fan failure: Fan: <ID> Failures: <COUNT>. Workaround: The switch can be restarted via the reload command to clear the error. CR_0000223176 Symptom: The Thermal Monitoring System reports incorrect Fan Failure error messages. The Fan Failures counter displays incorrect information for the working fan. Scenario: When one fan of a 5400R PSU fails, a message is recorded in event log system every polling interval for both fans of the PSU, including the working fan. As a result two messages like below are recorded in the system log every 10 seconds: I 10/25/16 12:03:29 00070 chassis: AM1: Fan OK: Fan: 1 Failures: 29 W 10/25/16 12:03:29 00070 chassis: AM1: Fan failure: Fan: 2 Failures: 30 Workaround: Replace the PSU with the failing fan to ensure enough cooling is provided to the chassis. Job Scheduler CR_0000221236 Symptom: The switch does not execute scheduled jobs at expected scheduled time. Scenario: When the switch time settings are adjusted for time protocol, time zone or daylight savings time rule (daylight-time-rule), the Job Scheduler fails to execute scheduled jobs at the configured time. This is triggered when switch time is (re-)adjusted, following a time settings change. For example, adding a daylight-time-rule would trigger a time re-adjustment, but the job scheduler time is not re-adjusted with the new switch time settings and it will not trigger job execution at the expected time. 22 KB.16.01.0012 Release Notes

Workaround: Remove and re-configure the jobs after making configuration changes to the switch time settings. CR_0000222032 Symptom: The switch may crash with an error message similar to Health Monitor: Read Error Restr Mem Access <...> Task='tCron000001' <...> when executing a scheduled job. Scenario: If a job is scheduled to copy data files to/from a remote server configured via hostname, the switch may crash with an error message similar to Health Monitor: Read Error Restr Mem Access <...> Task='tCron000001' <...> when executing the job at scheduled time. Example: job <name> at [HH:]MM] "copy running-config tftp mytftpserver.com FILENAME- STR". Workaround: Configure the job to copy data files using IP address instead of hostname. Example: job <name> at [HH:]MM] "copy running-config tftp 192.168.0.1 FILENAME-STR". Loop Protection CR_0000224518 Symptom: Port disable is delayed when loop protection detects a loop. Scenario: When an IP enabled VLAN comes up, the switch sends a gratuitous ARP looking for a duplicate IP on the network. This ARP request loops and switch detects it as a duplicate IP. The detected duplicate IP, in turn, floods the event logs with messages similar to the following. W 01/01/90 00:05:39 02581 ip: IPv4: Duplicate IPv4 address 5.1.1.1 is detected on VLAN 10 with a MAC address of 009c02-63a080 The resulting CPU consumption leads to a delay in loop protection detecting the loop and disabling the port. Workaround: The affected switch port is disabled, but not at expected detection time. OSPF CR_0000198534 Symptom: IPv6 routes may not be properly redistributed into OSPFv3. Scenario: When withdrawing/removing from the routing table, before the LSA age expires, the switch may not be able to properly update redistributed routes into OSPFv3 routing table. Workaround: Restart the OSPFv3 to resolve this issue. QinQ CR_0000225416 Symptom: Switch fails to restore configuration from backup. Scenario: Switch configuration with Q-in-Q cannot be restored from a backup file. The file transfer will fail and the switch will return an error message similar to: line: 15. Cannot configure qinq port-type for cvlan ports. Corrupted download file. Workaround: Remove Q-in-Q related configuration from the backup file before restoring it, then afterwards apply the respective Q-in-Q configuration from the CLI command. SNMP CR_0000217437 Symptom: Switch does not report the information regarding IPv6 loopback interface reported in MIB object ipaddressifindex. Chapter 1 KB.16.01.0012 Release Notes 23

Scenario: After an IPv6 link-local address is configured on a VLAN, the switch no longer reports the information regarding IPv6 loopback interface reported in MIB object ipaddressifindex when executing CLI command walkmib ipaddressifindex. Spanning Tree CR_0000217382 Symptom: Switch ports enabled for BPDU protection are not properly flagged as administratively down in show interface brief output when BPDU traffic is detected. Scenario: When BPDU traffic is detected on a BPDU protected port, the port is being operationally brought down (logically disabled) due to BPDU detection, although it is still being maintained enabled for administrative purposes in the output of CLI command show interface brief. Administrative status of the port is mainly intended to be changed by manually enabling/disabling the port from CLI command interface <PORT-LIST> enable disable. Port Type Alert Enabled Status Mode Mode Ctrl ----- ---------- + --------- ------- ------ ---------- ---- ---- 1 10/100TX No Yes Down 100FDx MDI off The BPDU protected port is operationally disabled when BPDU traffic is detected and only its administrative state is enabled. ifadminstatus.1 = 1 ifoperstatus.1 = 2 (up) (down) Stacking CR_0000197626 Symptom: A stack might fail to split according to the configured split policy. Scenario: In a 2-member stack configuration, when the OOBM interface is configured for dynamic DHCP IP address, a stack might fail to split according to the configured split policy. Workaround: Configure any of the OOBM interfaces with static assigned IP address. CR_0000215139 Symptom: Configured static routes are lost after an inactive VSF stack-fragment joins the stack. Scenario: When OOBM-MAD is enabled in a VSF stack topology, in the event that the stack is split in two fragments, the static routes are correctly re-installed when the full stack becomes active again. CR_0000224045 Symptom: A VSF stack does not connect MAD assist devices via LACP trunk. Scenario: After a new root is elected in a spanning-tree topology with a VSF stack along with LACP -MAD configuration, the VSF stack may not be able to connect MAD-assist devices via LACP trunk. The MAD status will be reported in failure state in the output of CLI command show vsf lldp mad-parameter. Workaround: Disabling and re-enabling the lldp-mad trunk port on the VSF switch should clear the issue. Terminal CR_0000223941 Symptom: The terminal command line is not working properly after terminating a session to the switch. Scenario: After a VT100 terminal session to the switch is terminated, the terminal line wrap-around configuration is disabled. 24 KB.16.01.0012 Release Notes

Workaround: Re-enable "line-wrap" mode via SNMP command setmib hpicfprivatetermlinewrap.0 -i 6 followed by configuration save and reboot. TFTP CR_0000183103 Symptom: The switch is not retaining TFTP server status in configuration after a switch software upgrade or downgrade. Scenario: When an operator or manager password is set on the switch, the TFTP server is automatically disabled in the switch configuration (no tftp server). When the switch is upgraded or downgraded to this major software version (xx.16.01.xxxx), the disabled TFTP server configuration is not retained, hence TFTP server configuration is restored to its default enabled status. Workaround: Manually disable TFTP server after the switch software upgrade or downgrade, using CLI command no tftp server. Trunking CR_0000211583 Symptom: In a certain scenario, the switch allows to create a trunk interface with more than a maximum of 8 ports. Scenario: When a fast copy and paste operation with multiple port addition entries to the same trunk interface is used to create a trunk interface, more than the maximum 8 allowed ports can be added to the trunk. Once such invalid trunk interface is created, no other changes to the trunk interface are allowed from CLI. Example: Copy & Paste from text file: trunk 1-4 trk1 trunk 5-9 trk1 Workaround: To avoid triggering, do not use a fast copy and paste function to configure the trunk group. Once triggered, use the Menu interface to remove additional ports exceeding the maximum of 8 from the invalid trunk interface. VSF CR_0000223311 Symptom: In certain scenarios, stack member priority is not working correctly. Scenario: In a VSF stack, during a split-merge scenario, the commander switch in the active fragment may reboot, if it is configured with a lower VSF priority than the member re-merging to the VSF domain. Workaround: The networking functions serviced by the VSF commander may be interrupted during the failover to the new VSF commander switch. Version KB.16.01.0011 ACLs CR_0000216846 Symptom: ACLs for unlearned traffic may deny permitted traffic. Scenario: After an ARP cache entry times out or is cleared, the switch does not send ARP request when an inbound routed packet is received with ACL applied on the VLAN. Console Chapter 1 KB.16.01.0012 Release Notes 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback