ExtremeWare Release Notes Software Version 7.3.1b3 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.
Alpine, Altitude, BlackDiamond, EPICenter, Ethernet Everywhere, Extreme Ethernet Everywhere, Extreme Networks, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, GlobalPx Content Director, the Go Purple Extreme Solution Partners Logo, ServiceWatch, Summit, the Summit7i Logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries.
Contents Chapter 1 Overview New and Enhanced Features in ExtremeWare 7.3 Cable Diagnostics Port Aggregate Bandwidth Control Standard Multinetting PIM Snooping IP Address Security 13 13 13 14 14 14 CPU DoS Protect Enhancements SNMP Traps and MIBs for CPU DoS Protect 14 14 IPDA Subnet Lookup sFlow Stand-alone ELRP RADIUS Server Configuration Enhancements in ExtremeWare 7.
Contents Tested Third-Party Products Tested NICs 36 36 WPA-Compliant Wireless NICs 38 Tested RADIUS Servers Tested Third-Party Clients Tested Laptops Tested PDAs Tested Tablets Tested Scanner Tested IP Phones Tested Embedded WNIC Modules Tested Spectralink Supported Handsets Tested Spectralink Gateway Legacy IP Phones Legacy Phones with Dongle Chapter 2 39 39 40 40 40 40 40 40 40 41 41 42 Upgrading to ExtremeWare 7.3 Staying Current 43 Upgrading ExtremeWare Upgrading Switches to ExtremeWare 7.
Contents Downloaded Configuration Might Cause Syntax Error With Enable Web Command Wireless Error Messages Display During Bootup show pim snooping Command Shows an Incomplete List of Packets Snooped MSM-Failover Link-Down Not Working on the Remote Side ExtremeWare 7.
Contents Memory Corruption with RRO on PATH Message No Longer Display Stale TLS NHLFE Entries MPLS Module Might Not Be Recognized LSP NHLFE Not Updated Removing Second MPLS Module Causes Traffic to Stop Disabling One MSM Might Cause Loss of Throughput Cannot Delete an LSP Previously Referenced by a TLS Tunnel EAPS Trap Not Sent if Connection is Through I/O Port The card-down Option 10 Gigabit Ethernet and CMT XENPAK with the BlackDiamond 6816 Cross-Module Trunking Not Supported on MSM64i’s Cross-Module Tru
Contents Command Line Interface (CLI) Mirroring Cannot be Disabled Console Does Not Wait for User Input Command Does Not Function show fdb vpls Command Does Not Accurately Show the Total of FDB Entries clear counters Command Does Not Clear Number Transmitted in a MPLS Health Check show fdb port Command Does Not Reflect Correct FDB Data for that Port Maximum Number of ESRP Groups Supported in the ESRP MIB is Incorrect Not All configure debug-trace Options Are Displayed SNMP Trap Commands Not Supported The s
Contents ELSM 78 Spurious Error Message with ELSM 78 Spanning Tree 78 Adding or Deleting a Port from a VLAN Flushes FDB on All STP Protected VLANs show vlan STP Output is not Correct STP Topology Change in One STP Domain (S1) Flushes FDB in Other STP Domain (S2) STP CPU Utility Usage Increases and Drops Ping Packets Disabling ignore-bpdu Adds CPU MAC Entry to FDB Enabling STP on MAC-based VLANs Might Cause Connectivity Loss Incorrect Log Message RSTP Does Not Detect Topology Change Disabling STP Migh
Contents Creating Access Lists from Multiple Sessions 5,120 Access Lists and SNMP Monitoring QoS and the show port qos Command MPLS Cannot Delete TLS VLAN After Deleting TLS Tunnel When MPLS is Disabled IP Interface of Local End-point VLAN for TLS Tunnel or VPLS Can be Modified Clear Counters Command Does Not Clear RSVP LSP Count Targeted LDP Sessions Become Operational When MPLS is Disabled Targeted LDP Sessions do not Come Up When OSPF is Disabled and Router ID is Automatic Bi-Directional Rate Shaping
Contents IP Multicast Routing 89 PIM SM Switch Reboot will not Re-establish the Existing Multicast Traffic Present Before Reboot89 PIM DM Switch Reboot Might Delay Re-establishment of Traffic 89 (S,G) Packets are Sent to CPU When Route to Source is Lost in Last Hop Router 89 The unconfigure igmp Command Does Not Unconfigure All Parameters 90 If PIM-Snooping is Enabled on Current Traffic, All (S,G) Entries Will be Marked as Invalid 90 Enable or Disable IGMP Snooping on a Sub-VLAN 90 Do Not Disable IGMP Sn
Contents Use CLI to Configure SNMPv3 Incorrect Minimum Limit on OSPF Page Cannot Create User Accounts Cannot Enable STP Alpine 3808 Erroneously Displays Four PSUs Cannot Add Trap Receiver or Community String Blackhole Flag Missing Multicast Address Display Configuration Statistics PSU Display Vista and RADIUS Configuration Options with Large Number of Interfaces SNMP Performing an SNMP Mibwalk and Polling qBridgeMIB Might Cause High Utilization ESRP SNMP MIB Table Election Algorithms Missing The configure
Contents Configuring Diagnostics Mode Off Disable Remote Syslog Before Enabling IPARP Debug-Tracing 102 102 Bridging 102 Extended Diagnostics Does Not Include Backplane Connection 102 Documentation 102 Summit48si LED Description Incorrect reauth-period Range is Not Correct EAPS is now supported with Basic Layer 3 License VRRP and ESRP Can Be Simultaneously Enabled The Auto-Recovery Threshold Applies only to BlackDiamond I/O Modules Configure Auto Negotiation to Recognize Single Fiber Failure as Por
Contents Security and Access Policies Switching and VLANs Network Login Diagnostics VRRP ExtremeWare 7.3.
Contents 14 ExtremeWare 7.3.
1 Overview These Release Notes document ExtremeWare® 7.3.1b3. ExtremeWare 7.3 enables new hardware products and software features. NOTE You can only load ExtremeWare 7.0 (or later) on a switch running ExtremeWare 6.2.2 (or later). To install ExtremeWare 7.3, see “Upgrading ExtremeWare” on page 43. This chapter contains the following sections: • New and Enhanced Features in ExtremeWare 7.3 on page 13 • Supported Hardware on page 22 New and Enhanced Features in ExtremeWare 7.
Overview Standard Multinetting Multinetting provides a way of assigning multiple subnets to a routing interface. This benefits networks that outgrow their allocated subnets. When the network grows due to a lack of address ranges in the original subnet, a new subnet is allocated. In the Extreme Networks implementation, routing interfaces can be assigned multiple subnets. IP routing occurs between the different subnets of the same interface, as well as between the subnets of different interfaces.
New and Enhanced Features in ExtremeWare 7.3 Stand-alone ELRP Extreme Loop Recovery Protocol (ELRP) is used to detect network loops in an L2 network. A switch running ELRP transmits multicast packets with a special MAC destination address out of some, or all, of the ports belonging to a VLAN. All the other switches in the network treat this packet as a regular, multicast packet and flood it to all the ports belonging to the VLAN.
Overview Configuring a RADIUS Server for Network Login Users (Wired and Wireless) If you want to configure RADIUS for Network Login users only and do not want to configure RADIUS for management access, do the following: 1 Configure the first primary or secondary RADIUS server. 2 Configure the second primary or secondary RADIUS server using a fictitious IP address. 3 Configure authentication to the fictitious IP address using the config auth mgmt-access radius command. 4 Login to the switch.
New and Enhanced Features in ExtremeWare 7.3 IP address: 10.201.30.9 Server IP Port: 1645 Client address: 10.201.56.3 Radius Server Connect Timeout sec: 3 Shared secret: qijxou Access Requests: 0 Access Accepts: Access Challenges: 0 Access Retransmits: Bad authenticators: 0 Unknown types: Server name: 1.1.1.1 Server type: Primary IP address: 1.1.1.1 Server IP Port: 1645 Client address: 10.201.56.
Overview Output 2: * mars:36 # show auth Session Type : mgmt-access Authentication Server Type Primary Authentication Server Secondary Authentication Server Primary Accounting Server Secondary Accounting Server Session Type : netlogin Authentication Server Type Primary Authentication Server Secondary Authentication Server Primary Accounting Server Secondary Accounting Server * mars:37 # : : : : : : : : : : Tacacs 1.1.1.1 None None None Radius 10.201.30.8 10.201.30.
New and Enhanced Features in ExtremeWare 7.3 Figure 1 shows the sequence of operation for the trusted OUI feature. Figure 1: Trusted OUI sequence of operation Figure 1 DHCP request Untagged Untagged Switch 802.1x client Figure 2 DHCP response DHCP response packet options carry the VLAN id Untagged Untagged Switch 802.1x client Figure 3 Tagged Untagged Switch 802.
Overview create trusted-mac-address {mask dd:ee:ff:gg:hh:kk>} vlan {port } {protocol[DHCP|ARP]} • Use the delete trusted-mac-address to delete a MAC address. If you do not specify the MAC address to be deleted, all the MAC addresses in the VLAN are deleted.
New and Enhanced Features in ExtremeWare 7.3 Figure 2: show trusted-mac-address Command Sequence 1:4 8:5 PC 10.36.11.187 DHCP server IP phone Alpine 3808 XM_057 Command sequence create vlan "voice" configure vlan "voice" tag 120 configure vlan "voice" ipaddress 20.36.11.1 255.255.255.0 configure vlan "voice" add port 8:5 tagged enable ipforwarding vlan "voice" create vlan "corp" configure vlan "corp" tag 9 configure vlan "corp" ipaddress 10.36.11.186 255.0.0.
Overview Unified Access Feature Support ExtremeWare 7.
Supported Hardware Table 2: Software for supported hardware (continued) Extreme Hardware ExtremeWare Filename BootROM Filename/Version Summit1i/1iT v731b3.Bxtr or v731b3.SBxtr Ngboot8.2.bin/8.2 Summit5i/5iT/5iLX v731b3.Bxtr or v731b3.SBxtr Ngboot8.2.bin/8.2 Summit48i v731b3.Bxtr or v731b3.SBxtr Ngboot8.2.bin/8.2 Summit48si v731b3.Bxtr or v731b3.SBxtr Ngboot8.2.bin/8.2 ARM module v731b3.arm v731b3.nprom/1.18 OC3 PoS module v731b3.oc3 v731b3.nprom/1.18 OC12 PoS module v731b3.
Overview Table 3: BlackDiamond component support (continued) BlackDiamond Component ExtremeWare Required F48Ti 6.1.2 F96Ti 6.1.8 WDMi 6.1.5 10GLRi 7.0 10GX3 7.2.0b18 MPLS 7.0 ARM 7.0 P3cMi 7.0 P3cSi 7.0 P12cMi 7.0 P12cSi 7.0 A3cMi 7.0 A3cSi 7.0 DC Power Supply 6.1.5 110 VAC Power Supply 6.1.5 220 VAC Power Supply 6.1.5 1. Older switches do not require ExtremeWare 6.2.2b56. To determine the minimum revision required for your switch, see Field Notice 115A, here: http://www.
Supported Hardware Table 4: Alpine component support (continued) Alpine Component ExtremeWare Required FM-24Ti 6.1.7 FM-24SFi 6.1.7 FM-32Pi 7.2.0b18 GM-WDMi 6.1.8 WM-4T1i 7.0.1 WM-4E1i 7.0.1 WM-1T3i 7.0.1 FM-8Vi 7.0.1 AC Power Supply 6.1 DC Power Supply 6.1.5 1. Older switches do not require ExtremeWare 6.2.2b56. To determine the minimum revision required for your switch, see Field Notice 115A, here: http://www.extremenetworks.
Overview GBIC Support GBICs supported with ExtremeWare 7.3, and the minimum ExtremeWare version required, include: Table 6: GBIC support GBIC ExtremeWare Required SX parallel ID 1.0 SX serial ID 2.0 LX parallel ID 1.0 LX serial ID 2.0 ZX 6.2.2 ZX Rev 03 6.2.2 LX70 2.0 LX100 6.1.9 UTP 6.1.9 SX Mini 7.0.1b11 LX Mini 7.0.1b11 ZX Mini 7.0.
Channel Mapping XENPAK Module Support XENPAK modules supported with ExtremeWare 7.3, the minimum ExtremeWare version required, and the manufacturers supported include: Table 8: XENPAK support XENPAK Module ExtremeWare Required Manufacturers Supported LR 7.2.0b18 Intel, Opnext ER 7.2.0b18 Intel, Opnext Channel Mapping Table 9 lists the channel mapping for Altitude 300-2i wireless ports connected to a Alpine 3800 series switch using ExtremeWare 7.3.
Overview Table 9: Altitude 300-2i channel mapping (continued) Country Country 802.11a Channels Code 802.11g 802.
Channel Mapping Table 9: Altitude 300-2i channel mapping (continued) Country Country 802.11a Channels Code 802.11g 802.
Overview Table 9: Altitude 300-2i channel mapping (continued) Country 802.11a Channels Code 802.11g 802.
Channel Mapping Table 10: Altitude 300-2d indoor channel mapping (continued) Country Code 802.11a Channels 802.11g Channels 802.
Overview Table 10: Altitude 300-2d indoor channel mapping (continued) Country Country Code 802.11a Channels 802.11g Channels 802.
Channel Mapping Table 10: Altitude 300-2d indoor channel mapping (continued) Country Country Code Spain SP 36/40/44/48/52/56/60/64/100/104/108/112/116/120/124/128/ 1-13 132/136/140 1-13 Sweden SE 36/40/44/48/52/56/60/64/100/104/108/112/116/120/124/128/ 1-13 132/136/140 1-13 Switzerland CH 36/40/44/48/52/56/60/64 1-13 1-13 Syria SY None 1-13 1-13 Thailand TH 149/153/157/161 1-13 1-13 Trinidad y Tobago TT 36/40/44/48/52/56/60/64 1-13 1-13 Tunisia TN 36/40/44/48/52/56/60/64 1-
Overview Table 11: Altitude 300-2d outdoor channel mapping (continued) Country Country Code 802.11a Channels 802.11g Channels 802.
Channel Mapping Table 11: Altitude 300-2d outdoor channel mapping (continued) Country Country Code 802.11a Channels 802.11g Channels 802.
Overview Table 11: Altitude 300-2d outdoor channel mapping (continued) Country Country Code 802.11a Channels 802.11g Channels 802.
Tested Third-Party Products Table 13: 802.11 a/b wireless NICs NIC Driver OS Third-Party Software Authentication Method Linksys WPC51AB 2.0.1.254 W2K SP4 Odyssey 2.2 WinXP SP1 Orinoco Gold A/B 7.64.1.316 W2K SP4 PEAP/TLS/TTLS PEAP/TLS/TTLS Odyssey 2.2 WinXP SP1 PEAP/TLS/TTLS PEAP/TLS/TTLS Table 14: 802.11a wireless NICs NIC Driver OS Third-Party Software Authentication Method Cisco 11a-only Air-CB20A 3.4.19.0 W2K SP4 Odyssey 2.2 WinXP SP1 PEAP/TLS PEAP/TLS Table 15: 802.
Overview Table 17: 802.11g MiniPCI wireless NIC NIC Driver Broadcom 54G MaxPerformance 3.20.23.0 OS Third-Party Software Third-Party Software Card Utility Odyssey 2.2 The wireless PCI cards in Table 18 are tested with the listed software (or later) and authentication method. Table 18: Wireless PCI cards NIC Driver OS Third-Party Software Authentication Method Linksys WMP54G 3.30.15.0 W2K SP4 Odyssey 2.2/Card Utility PEAP/TLS/TTLS NetGear WAG311 Tri-mode 2.4.0.72 W2K SP4 Odyssey 2.
Tested Third-Party Products Table 20: Wireless 802.11g NICs (WPA compliant) NIC Driver OS Third-Party Software Authentication Method Buffalo WLI-CB-G54 3.10.53.6 W2K SP4 Odyssey 2.2 PEAP/TLS/TTLS NetGear WG511T 3.0.0.43 Odyssey PEAP/TLS/TTLS Linksys WPC54G 3.20.21.0 WinXP SP1 Odyssey 2.2 PEAP/TLS/TTLS D-Link DWL-G650-B2 1.0.0.5 W2K SP4 Odyssey 2.2 PEAP/TLS/TTLS Microsoft MN-720 3.20.21.0 Odyssey 2.2 PEAP/TLS/TTLS WinXP SP1 WinXP SP1 W2K SP4 WinXP SP1 Table 21: Wireless 802.
Overview Tested Laptops These laptops are fully tested: • IBM Thinkpad T40 (Intel Centrino-based 802.11b) • IBM Thinkpad T41 (Intel Centrino-based 802.11b) • Dell Latitude D800 (Intel Centrino-based 802.
Tested Third-Party Products Tested Spectralink Gateway • Netlink SVP Avaya Voice Priority Processor • Netlink SVP100 Gateway Legacy IP Phones These wired IP phones have been verified for PoE power up only: • Avaya 4610SW IP • Avaya 4620 IP New 03-016A/B • Avaya 4620SW IP • Super tex PD1 v1 • Super PD+PS • TI PTB48540 CL003ENG • 3COM NJ105 • 3COM NJ220 • 3COM NJ200 Old • 3COM NJ200 New • 3COM NJ100 New • 3COM NJ100 Old • 3COM 3C10248B with 3CNJVOIPMOD-NBX • 3COM 3C10248PE IP Phone • 3COM 3C10226PE IP Phone
Overview • Siemens Optipoint 410 Entry FV • Polycom SoundPoint IP LAN/Power Cable Legacy Phones with Dongle • Cisco 7910 • Cisco 7940 • Cisco 7960 • Cisco 7970 42 ExtremeWare 7.3.
2 Upgrading to ExtremeWare 7.3 This chapter contains the following sections: • Staying Current on page 43 • Upgrading ExtremeWare on page 43 • Downgrading Switches on page 49 Staying Current If you are an Extreme Assist customer, the latest release and release notes are available after logging in to the Tech Support web site: http://www.extremenetworks.com/go/esupport.htm. Upgrading ExtremeWare You can only load ExtremeWare 7.0 (or later) on a switch running ExtremeWare 6.2.2b56 (or later).
Upgrading to ExtremeWare 7.3 Upgrading Switches to ExtremeWare 7.3 To install ExtremeWare 7.3, you must: 1 Save the configuration to a TFTP server. 2 Upgrade the BootROM to Version 8.2 as described on page 45. 3 Upgrade to ExtremeWare 6.1.9 as described on page 45. 4 Upgrade to ExtremeWare 6.2.2b56 as described on page 45. 5 Upgrade to ExtremeWare 7.3 as described on page 46. 6 Upgrade T1, E1, or T3 Modules from a Release Prior to ExtremeWare 6.1.8b79 as described on page 47.
Upgrading ExtremeWare 5 Verify that all of the above procedures were completed successfully with the show switch command. 6 Upload the configuration to a TFTP server for safekeeping using the upload configuration command. Upgrade the BootROM to Version 8.2 Before you upgrade ExtremeWare, upgrade to BootROM 8.2 (BootROM 8.2 is compatible with all ExtremeWare versions back to ExtremeWare 6.1.9): 1 Download the BootROM using the download bootrom [ | ] command.
Upgrading to ExtremeWare 7.3 NOTE ExtremeWare 6.2.2b56 (and later) stores 75 static log entries. Previous versions stored 100 entries. To accommodate the new entry limit, ExtremeWare 6.2.2b56 clears the static log after your first reboot. To preserve your static log entries, use the show log command and save the output. 3 Verify that the correct BootROM and ExtremeWare version are loaded using the show switch and show version commands.
Upgrading ExtremeWare NOTE If you are using EAPS and are upgrading from a version prior to ExtremeWare 6.2.2b134 or from ExtremeWare 7.0, the default failtimer expiry action changes to sending an alert. This keeps your ring from failing over when there is no break in the ring, such as in the event of a broadcast storm, busy CPU, or misconfigured control VLAN.
Upgrading to ExtremeWare 7.3 5 Download the BootROM using the download bootrom slot command. 6 Reboot the module using the reboot slot command. NOTE If you are upgrading multiple modules, skip step 6, upgrade every module, then reboot the switch. 7 Download the latest ExtremeWare to the primary image space. 8 Reboot the module using the reboot slot command. Upgrade T1, E1, or T3 Modules from ExtremeWare 6.1.8b79 or Later If you are using a T1, E1, or T3 module with ExtremeWare 6.1.
Downgrading Switches Upgrading an Alpine 3802 to ExtremeWare 7.3 To upgrade an Alpine 3802 to ExtremeWare 7.3: 1 Upload the configuration to your TFTP server using the upload configuration command. 2 Upgrade to BootROM 8.2 using the download bootrom command. 3 Reboot the switch using the reboot command. 4 If you are using an image prior to ExtremeWare 6.1.8b79, TFTP download ExtremeWare 6.1.8w3.0.1 b79 to the primary image space using the download image primary command.
Upgrading to ExtremeWare 7.3 5 Downgrade to the appropriate BootROM version. The show version command displays the BootROM version as “Unknown” when the BootROM is downgraded. 6 Reboot the switch. NOTE When downgrading to a previous version of ExtremeWare, ensure that the switch configuration matches that version of ExtremeWare or below. Pointing the configuration to a new version of ExtremeWare and using a previous version of ExtremeWare is not supported.
3 Supported Limits This chapter summarizes the supported limits in ExtremeWare 7.3. Supported Limits The table below summarizes tested metrics for a variety of features. These limits may change but represent the current status. The contents of this table supersede any values mentioned in the ExtremeWare 7.3 Software User Guide. Table 23: Supported limits Metric Description Limit Access List rules Maximum number of Access Lists (best case).
Supported Limits Table 23: Supported limits (continued) Metric Description Limit BGP—routes, Alpine Maximum number of routes received and contained in the BGP route table (best case). 335,000 BGP—routes, Summit7i Maximum number of routes received and contained in the BGP route table (best case). 410,000 BGP—routes, Summit48i Maximum number of routes received and contained in the BGP route table (best case).
Supported Limits Table 23: Supported limits (continued) Metric Description Limit ESRP—maximum instances Maximum number of ESRP supported VLANs for a single switch. 64 ESRP—maximum ESRP groups Maximum number of ESRP groups within a broadcast domain. 4 ESRP—maximum ESRP groups with bi-directional rate shaping Maximum number of ESRP groups within a broadcast domain when bi-directional rate shaping is enabled.
Supported Limits Table 23: Supported limits (continued) Metric Description Limit IPX Access control lists Maximum number of Access Lists in which all rules utilize all available options. worst case: 255 IS-IS—maximum routing interfaces Maximum IS-IS routing interfaces. 255 IS-IS—maximum routes Maximum IS-IS routes. 25,000 IS-IS—maximum adjacencies Maximum IS-IS adjacencies per routing interface. 64 IS-IS—maximum domain summary addresses Maximum IS-IS domain summary addresses.
Supported Limits Table 23: Supported limits (continued) Metric Description Limit OSPF external routes—Summit1i, Summit5i, Summit48i, Summit48si Recommended maximum number of external routes contained in an OSPF LSDB of an internal router in the OSPF domain. 27,000 OSPF intra-area routes—Summit1i, Summit5i, Summit48i, Summit48si Recommended maximum number of intra-area routes contained in an OSPF LSDB of an ABR router in the OSPF domain.
Supported Limits Table 23: Supported limits (continued) Metric Description Limit SNMPv3—Target addresses Maximum number of SNMPv3 target addresses. 16 SNMPv3—Target parameters Maximum number of SNMPv3 target parameters. 16 SNMPv3—Notifications Maximum number of SNMPv3 notifications. 8 SNMPv3—Filter profiles Maximum number of SNMPv3 notify filter profiles. 16 SNMPv3—Filters Maximum number of SNMPv3 notify filters.
Supported Limits Table 23: Supported limits (continued) Metric Description Limit VRRP—maximum VRIDs Maximum number of unique VRID numbers per switch. 4 VRRP—maximum VRIDs with bi-directional rate shaping Maximum number of unique VRID numbers per switch when bi-directional rate shaping is enabled. 3 VRRP—maximum VLANs/switch Maximum number of VLANs per switch. 64 VRRP—maximum VRIDs/VLAN Maximum number of VRIDs per VLAN. 4 VRRP—maximum ping tracks Maximum number of ping tracks per VLAN.
Supported Limits 58 ExtremeWare 7.3.
4 Clarifications, Known Behaviors, and Resolved Issues This chapter describes items needing further clarification, behaviors that might not be intuitive, and issues that have been resolved since the last release. Numbers in parentheses are for internal reference and can be ignored. This chapter contains the following sections: • Clarifications and Known Behaviors on page 59 • Issues Resolved in ExtremeWare 7.3.1b3 on page 104 • Issues Resolved in ExtremeWare 7.3.
Clarifications, Known Behaviors, and Resolved Issues Cannot Ping localHost Loopback Interface You cannot ping the localHost loopback interface (PD3-2791311). Hot-swapping an MSM3 Causes Invalid MAC Address on Backplane EEPROM When you hot-swap an MSM-3, the following log message is generated: CRITICAL ERROR: Backplane EEPROM has invalid MAC Address.
Clarifications and Known Behaviors MSM-Failover Link-Down Not Working on the Remote Side The MSM-failover link-down does not bring down the link on the remote side of the switch. It only brings down the link on the fiber ports (PD2-246448118). ExtremeWare 7.3 introduces the concept of QoS profiles on a VLAN QoS profiles refer to the queue configuration of physical ports. The standard way to configure QoS profiles for ports is by using port numbers.
Clarifications, Known Behaviors, and Resolved Issues Autonegotiation Between Fiber Optic Ports is not Possible A port from a Fast Ethernet switch, when connected to any gigabit port, does not recognize the speed mismatch. The port appears active even though the gigabit port is inactive (PD3-2073971). show log Command Memory Error When running debug-trace for AgentX-APi, the show log command output shows an AP failure due to the switch being “out of memory,” even though it is not (PD3-2617791).
Clarifications and Known Behaviors The show log Command Truncates Long Commands If you download a configuration, the output of the show log command might not completely display commands longer than 240 characters. This is a display problem; the configuration loads correctly (PD2-171470611). The show log Display Truncates Configuration Parsing If you download a configuration and use the show log command to view the parsing of the configuration, the log does not display the entire parsing.
Clarifications, Known Behaviors, and Resolved Issues debug-trace command to display the configuration. You can either re-configure manually, or download the ExtremeWare 6.2.2 configuration instead of doing a direct upgrade (PD2-106733988). Upgrading to ExtremeWare 7.0 and OSPF If you upgrade directly from ExtremeWare 6.2.2 to ExtremeWare 7.0 (or later), the OSPF metric for 10 Gigabit interfaces is incorrect.
Clarifications and Known Behaviors • Static FDB entries If the switch reaches the limit of available port tags, the following messages appear in the syslog: tNetTask: Reached maximum otp index allocation tBGTask: Reached maximum otp index allocation If this occurs, you must compromise some features (for example, mirroring) in order to expand your use of other functionality. (1-E5U7Y). WinSCP2 Not Supported The application WinSCP2.exe is not supported.
Clarifications, Known Behaviors, and Resolved Issues Workaround. Do not allow IP address changes to be made to the VLAN transmitting BGP traffic (PD2-238197001). CMT Group Will Not Forward Traffic Without a Master Slot When you create a cross-module trunk (CMT) group with the master slot missing or disabled, the group will not forward traffic. A save and reboot will resolve the problem.
Clarifications and Known Behaviors Workaround. Disable the Label Recording Request on the non-Extreme Networks MPLS switch and reboot. No Longer Display Stale TLS NHLFE Entries Using an LSP tunnel label that is no longer valid creates stale TLS NHLFE entries that might cause lost date packets. This can be caused by a configuration change, by an LSP going down and back up, or when the label for a tunnel LSP is changed without the LSP going down and back up (PD2-203414601). Workaround.
Clarifications, Known Behaviors, and Resolved Issues expected. To work around this, use the configure sys-health-check auto recovery 3 offline command (PD2-105991401). 10 Gigabit Ethernet and CMT If you use 10GLRi or XENPAK ports with the address-based or round robin load-sharing algorithms and the master link is lost, FDB entries are not learned (PD2-197753713).
Clarifications and Known Behaviors Cross module trunking is not supported on WDMi modules (PD2-176314520). Master Slot Must Be Active for CMT The slot with the master load-sharing port must be populated and active when you configure a cross-module load-sharing group. If the master slot is unavailable at configuration, cross-module load-sharing traffic is not forwarded (PD2-175825901, PD2-175854401).
Clarifications, Known Behaviors, and Resolved Issues ExtremeWare 7.0 (and Later) Does Not Support xmodem You cannot use xmodem to transfer ExtremeWare 7.0 (or later) to an MSM (PD2-137101701). 4,000 VLANs on a BlackDiamond If you configure more than 4,000 VLANs, EDP might crash, causing ESRP to fail (PD2-153821210). E1 Module and the restart port Command After you use the restart port command, E1 modules occasionally fail to establish a physical link (PD2-85857901).
Clarifications and Known Behaviors Alpine Mirroring Failure on an Alpine 3808 with GM4x Module After a Save and Reboot Port mirroring might fail on the Alpine 3808 with a Gigabit Ethernet, 4-port, GBIC module after saving and rebooting the switch. As a workaround, disable and enable the mirroring port after rebooting the switch (PD3-1025737). With IE5.0 Vista Page is not Accessible Through HTTPS Using IE5.0, you cannot access the Vista page through HTTPS.
Clarifications, Known Behaviors, and Resolved Issues You can safely ignore these messages (PD2-208576301). Output of the show log Command The most common reason for transceiver diagnostics failure is heat. Thus the show log output displays the TRXDIAG tag in the temperature log message (PD2-147462529). The unconfigure switch all Command Clears the Default VLAN from s0 After you reset the switch to the factory defaults using the unconfigure switch all command, s0 does not contain the default VLAN.
Clarifications and Known Behaviors Workarounds. • Connect through the Management port. • Change your terminal setting to Ctrl+M instead of CR+LF (TELNET new line) if using PuTTY version 0.54. • Use Tera Term. When using Tera Term, CR is sent by default instead of CR+LF. (PD2-247002201) Command Does Not Function The functionality associated with the command configure wireless ports x:x interface x client-scan keep-ies [on|off] is not implemented.
Clarifications, Known Behaviors, and Resolved Issues SNMP Trap Commands Not Supported The disable snmp trap port-up-down port mgmt and enable snmp trap port-up-down port mgmt commands are not supported by the CLI. To enable or disable SNMP port-up-down traps on the management port, use SNMP (PD2-162482918). The show ports mgmt info Output Missing Flags The output of the show ports mgmt info command does not display the flags (PD2-156475701).
Clarifications and Known Behaviors primary load share group even though the primary load share group has fewer active ports. However, if another port in the primary group fails, traffic correctly fails over to the redundant load share group. For example, ports 1:1-1:5 are the primary load share group and ports 2:10-2:15 are the redundant load share group. If you remove the cables from ports 1:1-1:3, the load share group fails over to ports 2:10-2:15.
Clarifications, Known Behaviors, and Resolved Issues FDB FDB Entries Disappear Before Aging Timeout If you configure fdb agingtime to 100,000 seconds, the FDB entries disappear before the 100,000 seconds. The values disappear around 200+ seconds (PD2-248579601). Cannot Add FDB Entry for Management VLAN You cannot add an FDB entry for the management VLAN (PD2-156475718) MAC Security The source FDB address configuration will not discard ICMP packets (16340). FDB Aging Timer In ExtremeWare 6.2.
Clarifications and Known Behaviors Round Robin Load Sharing If a port in a round robin load share group is removed, the traffic that was being transmitted on that link will be distributed on only 1 of the other active load share links in the round robin group. The traffic is not distributed evenly between the remaining ports (6977).
Clarifications, Known Behaviors, and Resolved Issues Do Not Configure Port Mirroring While Port is Down If you reconfigure port mirroring while the physical port is down, switched traffic that crosses a routing boundary is duplicated (PD2-147476551).
Clarifications and Known Behaviors Incorrect Log Message If you reboot after enabling STP and VLANs, the device might log the following incorrect message: Port=8:2: Illegal message age (65517) This is a display issue only; functionality is not affected (PD2-208909326). RSTP Does Not Detect Topology Change If a physical link transitions from down to up when the ports are configured with point-to-point links and 802.1w, RSTP does not detect a topology change (PD2-197365089).
Clarifications, Known Behaviors, and Resolved Issues Output of show stpName port detail Command in Hex Format The output of the show stpName port detail command displays the PortID in hex format instead of decimal format. If you do not specify the detail parameter, the output correctly displays in decimal format (PD2-136044001).
Clarifications and Known Behaviors ESRP ESRP Master Does Not Change to the Neutral State The ESRP Master might not change to the neutral state on the super-VLAN, even though there are no active ports on any of the sub-VLANs. Workaround. Disable the ESRP on the VLAN and enable it again (PD2-251147301). The disable slot all Command Generates EDP Errors If you have ESRP enabled, the disable slot all command generates EDP errors. You can safely ignore the error messages (PD2-166105101).
Clarifications, Known Behaviors, and Resolved Issues ELRP ELRP and Ingress Rate Shaping Do not use ingress rate shaping on an ELRP-enabled VLAN (PD2-133066184). VRRP Proxy ARP Replies on VRRP Enabled VLANs Are Incorrect When sending out proxy ARP replies on a VRRP enabled VLAN, the sender MAC address in the ARP Reply contains “System MAC” instead of “VRRP MAC” (PD3-1275521).
Clarifications and Known Behaviors Access List FDB Entries not Cleaned Up If you delete an access list with the “f” flag (flow rule), the associated FDB entries might not be cleared (PD2-110082518). Access Lists Using the IP Deny Any Rule When using an access control list with an IP deny any rule, all ICMP traffic will be blocked within a VLAN (Layer 2). If using an access list with an IP deny any rule across VLANs (Layer 3), ICMP traffic will not be blocked.
Clarifications, Known Behaviors, and Resolved Issues when either the TLS tunnel or VPLS is using the VLAN as a local end-point. The IP address of the VLAN can be changed or unconfigured when a VPLS is using the VLAN as the local end-point, but not the TLS tunnel (PD2-243426413). Clear Counters Command Does Not Clear RSVP LSP Count The clear counters command does not clear the RSVP LSP count (PD3-3250311).
Clarifications and Known Behaviors Table 25: Bandwidth Configuration for Hierarchical Rate Shaping Suggested Bandwidth Configuration Requited Bandwidth Fixed Frame Size Random Frame Size 40 40 40* 45 45 40 50 50* 50 55 55* 50 60 65 60 65 65 65 70 70* 70* 75 75 70 80 80 80 85 85 80* 90 90 85* 95 95 95 100 100 100 NOTE Numbers marked with an asterisk (*) have appreciable discrepancy on the higher side.
Clarifications, Known Behaviors, and Resolved Issues Shared-Port Link ID Limits When you configure a shared-port link ID, the CLI does not enforce a limit. However, if you input a value greater than 65535, the value is chopped to be within the range 1 - 65535 (PD2-243424458). EAPS Performance Statistics Table 26 lists the EAPS performance statistics for a single EAPS domain with the default filter.
Clarifications and Known Behaviors IP Unicast Routing Reset the FDB Aging Timer When you disable multinetting, you must reset the FDB aging timer to 300 seconds using the configure fdb agingtime command (PD2-160697401). No Static ARP Entries The use of Static ARP entries associated with superVLANs or sub-VLANs is not supported in this release (5106). ARP Entry Age The age of ARP entries changes to a large value when system time is changed (1-E7FIV).
Clarifications, Known Behaviors, and Resolved Issues RIPv2 Authentication The authentication feature of RIPv2 is not supported. RIP in Conjunction with other Routing Protocols It is recommended that RIP be enabled only on routers running with less than 10,000 routes from other routing protocols, such as BGP or OSPF. OSPF OSPF Originate Default Cost Can Be Set Incorrectly When configuring OSPF Originate Default, an incorrect cost of 0 (zero) is accepted.
Clarifications and Known Behaviors BGP A Session Down Due to Max Prefix Limit Will Not Re-establish BGP peering Session that goes down as a result of exceeding the peer maximum prefix limit restriction without the Hold timeout option, will fail to re-establish itself, unless that BGP peer session is disabled and enabled again (PD3-3333831).
Clarifications, Known Behaviors, and Resolved Issues The unconfigure igmp Command Does Not Unconfigure All Parameters The unconfigure igmp command does not set the forward-mcrouter-only or flood-list parameters to the default values (PD2-141266115). If PIM-Snooping is Enabled on Current Traffic, All (S,G) Entries Will be Marked as Invalid If traffic is present before PIM-Snooping is enabled, or the PIM-Snooping switch reboots as traffic is present, all (S,G) entries will be marked as invalid.
Clarifications and Known Behaviors Unconfiguring a Slot will not Remove the Ports from Network Login and Network Login Cannot be Disabled When unconfiguring a slot with Network Login enabled on a port, Network Login is not removed. However, the ports are removed from the default VLAN, and Network Login cannot be disabled on the port because the VLAN does not contain the port.
Clarifications, Known Behaviors, and Resolved Issues Special Characters Accepted in WEP Plaintext Key While configuring the WEP Plaintext key, the following characters are accepted in the CLI and are also stored as part of the key: • - (hyphen) • _ (underscore) • . (dot) For example, eg.con sec open64wep wep key add 0 plaintext a-_.. would be an accepted key. The following character is accepted in CLI but not stored as part of the key: • # (hash) For example, eg.
Clarifications and Known Behaviors Do Not Upload a Configuration Containing Authenticated Clients In network login campus mode, do not save and upload a configuration containing authenticated clients. Doing so can corrupt the configuration. To back up a configuration: 1 Disable network login using the disable netlogin command. 2 Unauthenticate all client ports using the clear netlogin state ports vlan command. 3 Verify that all ports are unauthenticated using the show netlogin and show vlan commands.
Clarifications, Known Behaviors, and Resolved Issues • PEAP (802.1x only) Network Login Supplicant Software Interoperability The following supplicant software applications are tested and supported with Network Login: • Web-Based: Internet Explorer 6 web browser • Web-Based: Netscape Navigator 7 web browser • 802.1x: Microsoft Windows XP native OS client • 802.1x: Microsoft Windows 2000 Professional native OS client (patch 313664) • 802.1x: Funk Odyssey Client, version 2.0 • 802.
Clarifications and Known Behaviors Enumeration Mode Redirects ICMP Packets When you create a flow redirection rule for source address based on a subnet mask of /24, enumeration mode is selected, and all ICMP packets are redirected to the next hop. To work around this, use a subnet mask of /16 (PD2-118471863). Cache Servers Set To “Down” Under Sustained High Traffic Loads Under very high sustained loads flow redirection might fail and set a cache server to the “down” state and then bring it back up.
Clarifications, Known Behaviors, and Resolved Issues Use CLI to Configure SNMPv3 You cannot configure SNMPv3 community authentication, information, or trap receivers via Vista. To work around this, use the CLI (PD2-208635101). Incorrect Minimum Limit on OSPF Page The Miscellaneous Parameters on the OSPF page lists a minimum of zero for the costs and timers. The minimum limit is one (PD2-194279901).
Clarifications and Known Behaviors Configuration Options with Large Number of Interfaces When selecting a configuration applet with a large number of configured interfaces, the traversal of the VLAN interfaces by Vista can cause a Watchdog reset due to the task utilization of Vista during the interface data collection. It is recommended that Vista not be used for configurations with Watchdog enabled where the Vista Configuration applet is used with a large number of VLAN interfaces.
Clarifications, Known Behaviors, and Resolved Issues extremeVlanGlobalMappingTable Exists only for Backward Compatibility The extremeVlanGlobalMappingTable exists only for backward compatibility and has no specific value (PD2-204237301). ExtremeEapsTable Not Browsable The ExtremeEapsTable is not browsable. It is used only for SNMP traps (PD2-176373732).
Clarifications and Known Behaviors Trap Receivers as Broadcast Entry Although it is possible to enter a broadcast or IP multicast address as an SNMP trap receiver, it will not function (2545). Bridge MIB Attributes The IEEE Bridge MIB dot1dTpPortEntry PortInDiscards and dot1dBasePortEntry counters do not increment (4937). SNMP Time-out Setting SNMP management stations might need to set the SNMP time-out value to 10 seconds as some large configuration operations take longer to perform (7151).
Clarifications, Known Behaviors, and Resolved Issues Diagnostics and Troubleshooting OC12 Module Might Report False External Loopback Failure on External Test When running normal or extended diagnostics on an OC12 module, the switch might incorrectly report that the specified port fails when performing the external loopback diagnostic test (PD3-796908). A3ci Running Normal Diagnostics Hangs in the "diag" State Repeatedly running normal diagnostics on an A3ci hangs the switch in the diag state.
Clarifications and Known Behaviors Packet Diagnostics Display Backplane Incorrectly When you run packet diagnostics on the Alpine 3804, the console displays the backplane as slot 5. The display is wrong: the diagnostics are correctly running on the backplane. The extended diagnostics console display is correct (PD2-151752701). Packet Diagnostics Display Wrong Slot Name When you run packet diagnostics on the MSM in slot B, the console displays the slot as slot 10, instead of MSM-B.
Clarifications, Known Behaviors, and Resolved Issues Configuring Diagnostics Mode Off If you configure diagnostics mode OFF, and then execute the unconfigure switch all command, when the switch returns to the active state the diagnostics mode is still set to OFF. The default diagnostics mode should be fastpost. To verify which diagnostics mode is set for the switch, use the show switch command (1-97NL1).
Clarifications and Known Behaviors The Auto-Recovery Threshold Applies only to BlackDiamond I/O Modules The auto-recovery threshold in the configure sys-health-check command applies only to BlackDiamond I/O modules. Configure Auto Negotiation to Recognize Single Fiber Failure as Port Failure If you want the switch to recognize a single fiber failure as a port failure, configure autonegotiation on both ends of the link (PD2-210751796).
Clarifications, Known Behaviors, and Resolved Issues Issues Resolved in ExtremeWare 7.3.1b3 The following issues were resolved in ExtremeWare 7.3.1b3. Numbers in parentheses are for internal use and can be ignored. ExtremeWare 7.3 includes all fixes up to and including ExtremeWare 6.2.2b156, 7.1.1b16, and ExtremeWare 7.2.0b33. For information on those fixes, see the release notes for those releases.
Issues Resolved in ExtremeWare 7.3.0b49 VLANs With 100+ IP VLANs, control packets such as VRRP, are now processed in a timely manner, no longer causing VRRP to flip (PD3-16694591, PD3-1601045). Issues Resolved in ExtremeWare 7.3.0b49 The following issues were resolved in ExtremeWare 7.3.0b49. Numbers in parentheses are for internal use and can be ignored. ExtremeWare 7.3 includes all fixes up to and including ExtremeWare 6.2.2b156, 7.1.1b16, and ExtremeWare 7.2.0b33.
Clarifications, Known Behaviors, and Resolved Issues A range check is no longer needed to avoid system failures during snmpsetv (PD3-3455551). You can now configure SSL HTTPS is enabled (PD3-2956151). The show security-profile unsecure command no longer displays ports that are not capable of wireless transmission and no longer displays interface 2 twice in the command output (PD3-3429031, PD3-3197291). UAA Off channel AP scan now runs when the ALL channel option is selected (PD3-3839591).
Issues Resolved in ExtremeWare 7.3.0b44 Issues Resolved in ExtremeWare 7.3.0b44 The following issues were resolved in ExtremeWare 7.3. Numbers in parentheses are for internal use and can be ignored. ExtremeWare 7.3 includes all fixes up to and including ExtremeWare 6.2.2b156, 7.1.1b16, and ExtremeWare 7.2.0b33. For information on those fixes, see the release notes for those releases.
Clarifications, Known Behaviors, and Resolved Issues If you specify a VLAN as the local end point for an RSVP-TE path, the switch no longer allows you to change the VLAN’s IP address, unconfigure the IP address, or delete the VLAN. Use the show mpls rsvp-te path command to verify the local end point configuration (PD2-164224901, PD2-229594005). Removing the MSM in a BlackDiamond switch doing MPLS TLS no longer causes some of the FDB entries to start aging (PD2-199171614).
Issues Resolved in ExtremeWare 7.3.0b44 Network Login When you enable Network Login on a port, the switch now behaves as a full DHCP server, sending all DHCP NAK packets to the port when you enable DHCP (PD2-195081355, PD2-249660679). The order in which you configure web-based Network Login settings no longer causes configuration errors when parsing downloaded configurations (PD2-160278607, PD2-180726753).
Clarifications, Known Behaviors, and Resolved Issues 110 ExtremeWare 7.3.