A3 Version V4.0.0 Release Notes

View descriptions of the newest features and review the known and addressed A3 issues on this page.

New Features and Enhancements

The A3 Web Admin interface is accessed through the https://<ip_address>:1443 URL, where <ip_address> is the IP address of the A3 virtual machine.

This release of ExtremeCloudA3 adds several features and includes several bug fixes.

Before installing or upgrading ExtremeCloudA3, ensure that the host that A3 will be installed on has connectivity to the following external services:
Port Application/Protocol Usage
UDP 123 NTPv4 Time synchronization
TCP 443 SSL Communication with ExtremeCloud IQ
TCP 25, 465 or 587 SMTP Email access. Port depends on service used.
TCP 636 LDAP Directory access, if used.
UDP 53 DNS Host name lookup.

A significant feature of A3 version 4.0 is the replacement of licenses with NAC entitlements managed by ExtremeCloud IQ. This feature is covered in more detail in the A3 Licensing document. Please note that A3 version 4.0 is not compatible with Connect level ExtremeCloud IQ accounts. Once an ExtremeCloud IQ account is provisioned with NAC entitlements, that account is automatically upgraded to Pilot level. Customers who wish to remain at the Connect level can use a separate ExtremeCloud IQ account for ExtremeCloud A3.

The upgrade process is a very CPU intensive task. Before upgrading, make sure that each of the cluster node has sufficient idle CPU cycles. If messages similar to those below are displayed in the GUI window after upgrade, then either configuration files could not be backed up within the 2 minute window or configuration changes occurred while the system was trying to perform a backup. If this is the case, you will need to try again with the system in a more quiescent state.During the upgrade process, database backup requires intensive disk I/O. If the A3 virtual disk I/O throughput is below 100Mb/s, then the upgrade may fail. Log file messages can be used to determine if poor disk I/O throughput performance is the cause; these log files should be examined by Extreme Networks support. You can determine your virtual disk I/O throughput by using the steps outlined in Testing VM Disk Performance. If the performance is below 100Mb/s, consult your IT department.

After upgrading to A3 version 4.0, if your A3 3.x version was previously connected to the cloud, you will be required to provide the password for your configured cloud admin. After doing this, you may have to wait for up to an hour for your device certificate to be auto-generated. Alternatively, unlink and re-link your A3 to the cloud to avoid having to re-enter the password for your configured cloud admin, or having to wait for your device certificate to be auto-generated.

Changes in Behavior or Appearance

This version of A3 features the following changes in behavior and appearance:

ID Description
A3-2452, A3-2364, A3-2965 A3 licenses are now distributed from the ExtremeCloud IQ. A3 can still be installed with a trial period of local license, but only for 90 days.
A3-2912 Management access to VOSS-based devices may now be performed via A3.
A3-2741, A3-2933, A3-3143 The Tools menu is now available in the ExtremeCloud A3 interface opened from ExtremeCloud IQ
A3-2932 The verbosity level of logs send to tech support in the Tools > TECH DATA > LOGS can now be selected.
A3-2944 A HyperV version of the A3 software is now available and supported.
A3-2987 EAP-PEAP local user authentication through a specified local Users repository may now be enabled via the Tools > Authentication dialog.
A3-3000 The web session associated with an upgrade will no longer time out.
A3-3005 Configuration > Advanced Access > PKI Providers > A3 PKI Provider logic has been augmented to include the use of templates for use in the creation of new PKIs.
A3-3016 Both Role and VLAN messages can be included in CoA messages for XCC associated devices.
A3-3037 The Tools drop-down menu (wrench) now includes a Patch software options that is used to apply patches.
A3-3049 The "Refresh Fingerbank" and "Restart Switch Port" buttons have been removed from the Client edit page.
A3-3051 VMware associated optimizations have been documented in the Installation and Usage Manuals in the Advanced Topics chapter.
A3-3056 Google Workspace LDAP Integration is available and detailed in Google Workspace LDAP Integration.
A3-3085 An end-user license agreement must be acknowledged during the installation.
A3-3110 The A3 inventory displayed in ExtremeCloud IQ shows a yellow warning status for a node if it can be reached through HTTP, but not through its proxy.
A3-3116 Following an upgrade for an A3 cluster connected to an ExtremeCloud IQ account, an administrator may see a message at the top of the page asking for the Cloud Password. Select the Cloud Integration text or navigate to Configuration > System Configuration > Cloud Integration to enter the required password.
A3-3144 A3 automatically generates a device certificate to authenticate the A3 server to ExtremeCloud IQ. The status of the certificate can be found at Configuration > System Configuration > Cloud Integration.
A3-3145 When accessing the A3 GUI from ExtremeCloud IQ, no additional login is required. ExtremeCloud IQ implements single sign-on for all A3 instances.

Software Limitations

Limitations are not necessarily software issues, but might affect workflow, and are presented here for your reference and consideration.

The following are known software limitations in this release of ExtremeCloudA3:

When setting up a cluster, only one node should be added to the cluster at a time. Additional nodes should only be added after the previous join process has completed.
When linking to an ExtremeCloud IQ cloud account, reports only include data from that moment onward, and do not include historical data prior to linking.
You cannot change the management network interface of an A3 cluster using the UI after initial configuration. Ensure the accuracy of your setup when you initially configure the management network interface.
Administrators might not be able to log in to A3 if the clock on the A3 system is not accurate.
When you remove a node from an A3 cluster, it can neither rejoin the cluster, nor function as a standalone and must be discarded.

Known Issues

The following are known issues in this release of ExtremeCloud A3:

ID Description
  Prior to upgrading from a pre-V3.x version, Extreme Networks recommends powering down your server or cluster members. If the RAM associated with the A3 VM still uses the old default of 8 GB, it should be increased to 16 GB.
  This issue pertains to A3 instances in which the A3 server or cluster was connected to ExtremeCloud IQ prior to the upgrade. After performing the upgrade, the administrator should log into the local A3 GUI and unlink the server or cluster from Hive Manager. The setting for this is at Configuration > System Configuration > Cloud Integration. After a moment, the server can be relinked to the HiveManager account. This can be necessary if an administrator can not log into the ExtremeCloud A3 GUI from ExtremeCloud IQ.
  Profile installation on macOS requires the captive web portal to be opened using the Safari browser.
  The Network Detection feature of the Captive Portal is always enabled, regardless of the setting of the switch in Configuration > Advanced Access Configuration > Captive Portal.
A3-99 When creating an Active Directory entry, the identifier must be alpha-numeric with no spaces.
A3-125 After a successful Join AD Domain, a spurious "An error occurred while contacting the server" can be shown.
A3-910 If the initial setup is not completed by the time the current DHCP lease expires, A3 loses its IP address.
A3-1179 A3 sometimes prompts the admin to enter a user name and password when performing authentication tests using sources that do not require this type of authentication. Enter any value.
A3-1277 When two SSID filters are used in a single connection profile, 802.1x logins fail.
A3-2249 Administrative rules cannot be configured for EAP-TLS authentication.
A3-2510 A3 servers with prior versions can be allowed to join a cluster.
A3-3049 The Refresh Fingerbank and Restart Switch Port buttons are no longer available on the Clients configuration pages.
A3-3169 After deploying a new cluster linked to the ExtremeCloudin the in the installation wizard, use of Go-to-A3 or SSO buttons in ExtremeCloud IQ's A3 Inventory page may fail. If this happens, in the A3 administrator unlink and re-link the A3 cluster to the cloud.
A3-3177 When A3 is managed from the cloud by clicking on the "Go-to-A3" or "SSO" buttons on the A3-inventory page, any existing cloud-sessions to another A3 instance will become invalid. Before launching a cloud-session to an A3, close any existing cloud-session to an A3 that are currently opened.

Addressed Issues

The following issues have been addressed in this release of ExtremeCloud A3:

ID Description
A3-1180 Authentication tests do not change prompts to be applicable with the Authentication Source. Enter appropriate values into the Username and Password fields.
A3-2579 The Captive Portal redirection delay can be too short. The redirection can have occurred in spite of an error message.
A3-2624 Roles can be deleted as long as they are not in use.
A3-2653 Backup from the Backup & Restore page must be done on the primary A3 node.
A3-2722 The copy to clipboard option for the Tech Data logs does not work.
A3-2748 Restart services pop-ups no longer opened after they are needed.
A3-2785 When using the graphics Network View, hovering over an A3 server can show "PacketFence" instead of A3.
A3-3016 CoA messages may not include both a Role and VLAN ID (TGID) change at the same time.
A3-3060 VMware performance tuning is discussed in the Advanced Topics section of the A3 Installation and Usage Guide.

Testing VM Disk Performance

Use the following steps to test your VM disk performance:
  1. Initialize the A3 VM.
  2. Open the netdata screen from http://<A3 address>:19999.
  3. In the A3 interface at Tools > Network Tools, enable SSH.
  4. Using an SSH tool, login as sshuser and then run the script shown below.
Click to expand in new window

Copyright © 2021 Extreme Networks. All rights reserved. Published April 2021.