Open Issues
The following are new open issues for supported features found in ExtremeXOS 16.1.2.
CR Number | Description |
---|---|
General | |
xos0061053 |
ExtremeXOS supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness. If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext. |
xos0061052 | ExtremeXOS accepts connections encrypted using SSL 2.0 and/or SSL 3.0, which reportedly suffer from several cryptographic flaws. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients. |
xos0060993 | Nessus scan detects the following medium vulnerabilities
in ExtremeXOS:
|
xos0060930 | When ONEPolicy is enabled and you reach the configured maximum number of authenticated sessions, sessions continue to attempt to authenticate, and then terminate if successful. |
xos0061027 | For SummitStacks, creating or deleting non-default QoS profiles may cause some ports to flap. |
xos0061492 |
For the Summit X430 series switches, you can only create around 3,900 VLANs, which is short of the limit of 4,094. For Summit X440 series switches, you can only create 4,094 VLANs and 40–43K VPIF, whereas 53K VPIF was obtainable in ExtremeXOS 15.7.1. |
BlackDiamond 8800 Series Switches | |
xos0060136 | With NetLogin with MAC enabled and with dynamic VLAN configured, if FDB ageout timer is configured as 50, sometimes FDB does not synchronize and the command show netlogin mac shows clients authenticated on nlvlan itself. |
Summit X450-G2 Series Switches | |
xos0061097 | On Summit X450G2 stack of eight, back-to-back failovers
while sending slow-path traffic across eight slots, produce the following
error:04/01/2015 13:36:33.65 <Erro:Kern.Card.Error> Slot-5: bcm_tx_list() returned -4: Invalid parameterIssue does not occur, if slow-path traffic is stopped. |
Summit X670 Series Switches | |
xos0062312 | On Summit X670V-48x-VIM4-40G4X switches, when you
disable ports on a peer switch, additional 40G ports may go down. Configuring the debounce timer to 4 seconds on these ports may resolve this issue. |
Summit Series Switches | |
xos0060283 | The SMON MIB (RFC 2613) which was used to configure mirroring using SNMP is not available in ExtremeXOS. |
ACLs | |
xos0061183 | On BlackDiamond X8 and 8800 series switches, if failover occurs during an active ESVT test, sometimes it might persist in "running" state. |
BGP | |
xos0060352 | BGP speaker accepts invalid updates (for example, invalid IP addresses such as 0.0.0.0/24). These are installed in BGP LOCAL RIB, as well as in route table. |
Clocking (1588v2) | |
xos0060785 | Precision time feature limitations for ExtremeXOS 16.1:
|
MPLS | |
xos0061018 | After failover, traffic fails across VPLS configured with 64 LSPs across LAG. |
xos0061276 | MPLS LSP (LDP/RSVP) is not formed when BGP is used as IGP routing protocol. |
xos0061374 | With an L2VPN session between two Label Edge Routers (LERs), broadcast packets egressing the LERs are corrupted. |
xos0062314 | Detour LSP counters display incorrect values in the output of the commands show mpls rsvp-te lsp and show mpls rsvp-te lsp fast-reroute. |
NetLogin | |
xos0060488 | With upload and download of NetLogin with UPM XSF file, UPM profile is not executed for the user-authenticate and unauthenticate events. |
xos0060280 | Enabling NetLogin mac on mirrored ports does not produce an error. |
xos0061546 | Client goes unauthenticated after VLAN VSA move from
untagged to tagged in MAC base. The following error message
appears:<Info:nl.ClientAuthFailure> MSM-B: Authentication failed for Network Login MAC user 000000000005 Mac 00:00:00:00:00:05 port 8:19 |
xos0061797 | Dot1x client moves to authentication failure VLAN if authentication failed due to incorrect supplicant password or framework failure, such as error in VLAN movement, etc.; even if web-based NetLogin is enabled. |
xos0061375 | Re-authentication fails for some NetLogin authenticated clients after changing the EXTREME_NETLOGIN_EXTENDED_VLAN VSA (211) with scaled number of NetLogin authenticated clients. |
xos0061116 | After disabling NetLogin dot1x, attempting to enable NetLogin dot1x produces an error indicating that NetLogin is already enabled on a port. |
OSPF | |
xos0061100 | CPU utilization monitor incorrectly displays 99% CPU usage for OSPF while restarting OSPF process. |
xos0060463 | OSPFv3 external routes are flushed after the restart ports all command is executed in area border router. |