Owner's Manual
IronWare Software Release R04.2.00b for Brocade TurboIron 24X
Series Switches Release Notes v1.00 Page 22 of 22
Feature:
TI ACL
Function:
ACL Deny Logging
Reported In Release:
FI TI 04.2.00
Probability:
Medium
Defect ID:
DEFECT000298123
Technical Severity:
Medium
Summary:
If a mac-filter is configured on a port and then 802.1x attaches another mac-filter on the same port,
then 802.1x does not allow the original mac-filter to be removed.
Symptom:
Removal of mac-filters applied before 802.1x authentication is not smooth when 802.1x itself attaches
a mac filter on that port.
Workaround:
Disable 802.1x on the port. Now you should be able to remove the mac filter from that port.
Feature:
TI Security
Function:
Dot1x
Reported In Release:
FI TI 04.2.00
Probability:
Medium
Defect ID:
DEFECT000298129
Technical Severity:
Medium
Summary:
802.1x allows only 1 host to apply dynamic Mac filters on the port, and rejects all other hosts with a
dynamic Mac filter
Symptom:
Multiple hosts with dynamic mac filters cannot be authenticated using 802.1x. Only the first one with
dynamic mac filter is authenticated. Later hosts with dynamic mac filters are not authenticated.
Workaround:
802.1x with Dynamic MAC Filters can only be used for 1 host per port.
Feature:
TI Security
Function:
Dot1x
Reported In Release:
FI TI 04.2.00
Probability:
Medium
Defect ID:
DEFECT000298899
Technical Severity:
Medium
Summary:
On Dual mode ports, even though a host is supposed to be authenticated only on tagged vlan, it gets
authenticated for both tagged as well as untagged (dual-mode) vlans.
Symptom:
If the port receives untagged traffic, the host is authenticated on untagged vlan as well and this traffic is
allowed by the port. This traffic should have been dropped.
Workaround:
Do not configure dual-mode on a port that has dynamic VLAN configured for mac authentication.
Feature:
TI Security
Function:
Dot1x
Reported In Release:
FI TI 04.2.00
Probability:
Medium
Defect ID:
DEFECT000287700
Technical Severity:
Medium
Summary:
Removing dual-mode configuration from a port may not remove ACL in dual-mode vlan permanently
Symptom:
Upon deletion and creation of 'dual-mode' configuration of a port, ACL configured previously ( before
deletion) re-appears automatically on the port.
Workaround:
Remove the per-vlan ACL on the port for the dual-mode port first, then remove the dual-mode
configuration (OR) remove the unwanted per-vlan ACL after re-enabling the dual-mode on a port.
Feature:
TI ACL
Function:
IPv4
Reported In Release:
FI TI 04.2.00
Probability:
Low