Home > A3 Version V4.0.0 Release Notes
|
View descriptions of the newest features and review the known and addressed A3 issues on this page.
The A3 Web Admin interface is accessed through the https://<ip_address>:1443 URL, where <ip_address> is the IP address of the A3 virtual machine.
This release of ExtremeCloudA3 adds several features and includes several bug fixes.
| Port | Application/Protocol | Usage |
|---|---|---|
| UDP 123 | NTPv4 | Time synchronization |
| TCP 443 | SSL | Communication with ExtremeCloud IQ |
| TCP 25, 465 or 587 | SMTP | Email access. Port depends on service used. |
| TCP 636 | LDAP | Directory access, if used. |
| UDP 53 | DNS | Host name lookup. |
A significant feature of A3 version 4.0 is the replacement of licenses with NAC entitlements managed by ExtremeCloud IQ. This feature is covered in more detail in the A3 Licensing document. Please note that A3 version 4.0 is not compatible with Connect level ExtremeCloud IQ accounts. Once an ExtremeCloud IQ account is provisioned with NAC entitlements, that account is automatically upgraded to Pilot level. Customers who wish to remain at the Connect level can use a separate ExtremeCloud IQ account for ExtremeCloud A3.
After upgrading to A3 version 4.0, if your A3 3.x version was previously connected to the cloud, you will be required to provide the password for your configured cloud admin. After doing this, you may have to wait for up to an hour for your device certificate to be auto-generated. Alternatively, unlink and re-link your A3 to the cloud to avoid having to re-enter the password for your configured cloud admin, or having to wait for your device certificate to be auto-generated.
Changes in Behavior or Appearance
This version of A3 features the following changes in behavior and appearance:
| ID | Description |
|---|---|
| A3-2452, A3-2364, A3-2965 | A3 licenses are now distributed from the ExtremeCloud IQ. A3 can still be installed with a trial period of local license, but only for 90 days. |
| A3-2912 | Management access to VOSS-based devices may now be performed via A3. |
| A3-2741, A3-2933, A3-3143 | The Tools menu is now available in the ExtremeCloud A3 interface opened from ExtremeCloud IQ |
| A3-2932 | The verbosity level of logs send to tech support in the Tools > TECH DATA > LOGS can now be selected. |
| A3-2944 | A HyperV version of the A3 software is now available and supported. |
| A3-2987 | EAP-PEAP local user authentication through a specified local Users repository may now be enabled via the Tools > Authentication dialog. |
| A3-3000 | The web session associated with an upgrade will no longer time out. |
| A3-3005 | Configuration > Advanced Access > PKI Providers > A3 PKI Provider logic has been augmented to include the use of templates for use in the creation of new PKIs. |
| A3-3016 | Both Role and VLAN messages can be included in CoA messages for XCC associated devices. |
| A3-3037 | The Tools drop-down menu ( ) now includes a Patch software options that is used to apply patches. |
| A3-3049 | The "Refresh Fingerbank" and "Restart Switch Port" buttons have been removed from the Client edit page. |
| A3-3051 | VMware associated optimizations have been documented in the Installation and Usage Manuals in the Advanced Topics chapter. |
| A3-3056 | Google Workspace LDAP Integration is available and detailed in Google Workspace LDAP Integration. |
| A3-3085 | An end-user license agreement must be acknowledged during the installation. |
| A3-3110 | The A3 inventory displayed in ExtremeCloud IQ shows a yellow warning status for a node if it can be reached through HTTP, but not through its proxy. |
| A3-3116 | Following an upgrade for an A3 cluster connected to an ExtremeCloud IQ account, an administrator may see a message at the top of the page asking for the Cloud Password. Select the Cloud Integration text or navigate to Configuration > System Configuration > Cloud Integration to enter the required password. |
| A3-3144 | A3 automatically generates a device certificate to authenticate the A3 server to ExtremeCloud IQ. The status of the certificate can be found at Configuration > System Configuration > Cloud Integration. |
| A3-3145 | When accessing the A3 GUI from ExtremeCloud IQ, no additional login is required. ExtremeCloud IQ implements single sign-on for all A3 instances. |
Limitations are not necessarily software issues, but might affect workflow, and are presented here for your reference and consideration.
The following are known software limitations in this release of ExtremeCloudA3:
| Description |
|---|
| When setting up a cluster, only one node should be added to the cluster at a time. Additional nodes should only be added after the previous join process has completed. |
| When linking to an ExtremeCloud IQ cloud account, reports only include data from that moment onward, and do not include historical data prior to linking. |
| You cannot change the management network interface of an A3 cluster using the UI after initial configuration. Ensure the accuracy of your setup when you initially configure the management network interface. |
| Administrators might not be able to log in to A3 if the clock on the A3 system is not accurate. |
| When you remove a node from an A3 cluster, it can neither rejoin the cluster, nor function as a standalone and must be discarded. |
The following are known issues in this release of ExtremeCloud A3:
| ID | Description |
|---|---|
| Prior to upgrading from a pre-V3.x version, Extreme Networks recommends powering down your server or cluster members. If the RAM associated with the A3 VM still uses the old default of 8 GB, it should be increased to 16 GB. | |
| This issue pertains to A3 instances in which the A3 server or cluster was connected to ExtremeCloud IQ prior to the upgrade. After performing the upgrade, the administrator should log into the local A3 GUI and unlink the server or cluster from Hive Manager. The setting for this is at Configuration > System Configuration > Cloud Integration. After a moment, the server can be relinked to the HiveManager account. This can be necessary if an administrator can not log into the ExtremeCloud A3 GUI from ExtremeCloud IQ. | |
| Profile installation on macOS requires the captive web portal to be opened using the Safari browser. | |
| The Network Detection feature of the Captive Portal is always enabled, regardless of the setting of the switch in Configuration > Advanced Access Configuration > Captive Portal. | |
| A3-99 | When creating an Active Directory entry, the identifier must be alpha-numeric with no spaces. |
| A3-125 | After a successful Join AD Domain, a spurious "An error occurred while contacting the server" can be shown. |
| A3-910 | If the initial setup is not completed by the time the current DHCP lease expires, A3 loses its IP address. |
| A3-1179 | A3 sometimes prompts the admin to enter a user name and password when performing authentication tests using sources that do not require this type of authentication. Enter any value. |
| A3-1277 | When two SSID filters are used in a single connection profile, 802.1x logins fail. |
| A3-2249 | Administrative rules cannot be configured for EAP-TLS authentication. |
| A3-2510 | A3 servers with prior versions can be allowed to join a cluster. |
| A3-3049 | The Refresh Fingerbank and Restart Switch Port buttons are no longer available on the Clients configuration pages. |
| A3-3169 | After deploying a new cluster linked to the ExtremeCloudin the in the installation wizard, use of Go-to-A3 or SSO buttons in ExtremeCloud IQ's A3 Inventory page may fail. If this happens, in the A3 administrator unlink and re-link the A3 cluster to the cloud. |
| A3-3177 | When A3 is managed from the cloud by clicking on the "Go-to-A3" or "SSO" buttons on the A3-inventory page, any existing cloud-sessions to another A3 instance will become invalid. Before launching a cloud-session to an A3, close any existing cloud-session to an A3 that are currently opened. |
The following issues have been addressed in this release of ExtremeCloud A3:
| ID | Description |
|---|---|
| A3-1180 | Authentication tests do not change prompts to be applicable with the Authentication Source. Enter appropriate values into the Username and Password fields. |
| A3-2579 | The Captive Portal redirection delay can be too short. The redirection can have occurred in spite of an error message. |
| A3-2624 | Roles can be deleted as long as they are not in use. |
| A3-2653 | Backup from the Backup & Restore page must be done on the primary A3 node. |
| A3-2722 | The copy to clipboard option for the Tech Data logs does not work. |
| A3-2748 | Restart services pop-ups no longer opened after they are needed. |
| A3-2785 | When using the graphics Network View, hovering over an A3 server can show "PacketFence" instead of A3. |
| A3-3016 | CoA messages may not include both a Role and VLAN ID (TGID) change at the same time. |
| A3-3060 | VMware performance tuning is discussed in the Advanced Topics section of the A3 Installation and Usage Guide. |
Copyright © 2021 Extreme Networks. All rights reserved. Published April 2021.