Home > A3 Version V4.1.0 Release Notes
|
View descriptions of the newest features and review the known and addressed A3 issues on this page.
The A3 Web Admin interface is accessed through the https://<ip_address>:1443 URL, where <ip_address> is the IP address of the A3 virtual machine.
This release of ExtremeCloudA3 adds several features and includes several bug fixes.
| Port | Application/Protocol | Usage |
|---|---|---|
| UDP 123 | NTPv4 | Time synchronization |
| TCP 443 | SSL | Communication with ExtremeCloud IQ |
| TCP 25, 465 or 587 | SMTP | Email access. Port depends on service used. |
| TCP 636 | LDAP | Directory access, if used. |
| UDP 53 | DNS | Host name lookup. |
A significant feature of the previous A3 version, A3 4.0 was the replacement of licenses with NAC entitlements managed by ExtremeCloud IQ. If you are upgrading from an A3 version prior to A3 4.0, no additional licensing action is required. This feature is covered in more detail in the A3 Licensing document. Please note that A3 version 4.0 and later are not compatible with Connect level ExtremeCloud IQ accounts. Once an ExtremeCloud IQ account is provisioned with NAC entitlements, that account is automatically upgraded to Pilot level. Customers who wish to remain at the Connect level can use a separate ExtremeCloud IQ account for ExtremeCloud A3.
After upgrading to A3 version 4.0 or later from an A3 3.x version, if your previous version was connected to the cloud, you will be required to provide the password for your configured cloud admin. After doing this, you may have to wait for up to an hour for your device certificate to be auto-generated. Alternatively, unlink and re-link your A3 to the cloud to avoid having to re-enter the password for your configured cloud admin, or having to wait for your device certificate to be auto-generated.
Changes in Behavior or Appearance
This version of A3 features the following changes in behavior and appearance:
| ID | Description |
|---|---|
| A3-2927 | The Configuration > System Configuration > Backup and Restore facility is a new option which performs system backups, exports/downloads the backup, imports/uploads backups and restores system backup. The restore option is only available on a single-node cluster, i.e., a fresh install. Restoration of system backups from a formed multi-node cluster is not supported. |
| A3-3067 | New alarms have been created to help identify when CPU power is insufficient. These include 10 min. average CPU usage, 10 min. average CPU iowait, and 20 min. average steal CPU alarms. |
| A3-3068, A3-3076, A3-3196, A3-3201 | A new tab has been added to the Status > Dashboard page, named Health. This tab displays current and historic performance information for CPU Usage, RAM Usage, Disk I/O, cluster latency, and cluster compliance. |
| A3-3073 | Names are now displayed in the Device Identifier column of the Clients page and updated on a regular basis for the following switch types: Extreme::XCC, Extreme::VOSS, Extreme::Summit, and Aerohive::APSwitch. |
| A3-3172 | In the System Configuration > Cloud Integration page, an A3 instance may now be unlinked from the A3-Cloud account even if the A3-Cloud cannot be reached. |
| A3-3189 | A3 system IDs are now displayed on the License management page in ExtremeCloud IQ. |
| A3-3197 | The database upgrade process associated with an A3 upgrade has been moved to the post upgrade phase, avoiding timeouts associated with the DB upgrade step. |
| A3-3209 | Azure Active Directory may now be used as an internal authentication source. The use of this type of authentication is covered in Active AD and in the A3 Installation and Usage Manual. |
| A3-3210 | An additional RADIUS authentication on management option is available in the System Configuration > Cluster page controlling whether or not the management server will process RADIUS authentication requests in addition to proxying them to other servers. |
| A3-3218 | Added support for two new network Operating Systems: Extreme Networks Switch Engine and Extreme Networks Fabric Engine. |
| A3-3220 | Outdated ciphers (SWEET32) are no longer used in A3. |
Limitations are not necessarily software issues, but might affect workflow, and are presented here for your reference and consideration.
The following are known software limitations in this release of ExtremeCloudA3:
| Description |
|---|
| When setting up a cluster, only one node should be added to the cluster at a time. Additional nodes should only be added after the previous join process has completed. |
| When linking to an ExtremeCloud IQ cloud account, reports only include data from that moment onward, and do not include historical data prior to linking. |
| You cannot change the management network interface of an A3 cluster using the UI after initial configuration. Ensure the accuracy of your setup when you initially configure the management network interface. |
| Administrators might not be able to log in to A3 if the clock on the A3 system is not accurate. |
| When you remove a node from an A3 cluster, it can neither rejoin the cluster, nor function as a standalone and must be discarded. |
The following are known issues in this release of ExtremeCloud A3:
| ID | Description |
|---|---|
| Prior to upgrading from a pre-V3.x version, Extreme Networks recommends powering down your server or cluster members. If the RAM associated with the A3 VM still uses the old default of 8 GB, it should be increased to 16 GB. | |
| If upgrading from an A3 version prior to 4.0 in which an A3 server or cluster was connected to ExtremeCloud IQ prior to the upgrade, then after the upgrade the administrator should log into the local A3 GUI and provide the password for the ExtremeCloud IQ account or unlink and re-link the A3 server or cluster with ExtremeCloud IQ. This can be done from the Configuration > System Configuration > Cloud Integration page. | |
| Profile installation on macOS requires the captive web portal to be opened using the Safari browser. | |
| The Network Detection feature of the Captive Portal is always enabled, regardless of the setting of the switch in Configuration > Advanced Access Configuration > Captive Portal. | |
| A3-99 | When creating an Active Directory entry, the identifier must be alpha-numeric with no spaces. |
| A3-125 | After a successful Join AD Domain, a spurious "An error occurred while contacting the server" can be shown. |
| A3-910 | If the initial setup is not completed by the time the current DHCP lease expires, A3 loses its IP address. |
| A3-1179 | A3 sometimes prompts the admin to enter a user name and password when performing authentication tests using sources that do not require this type of authentication. Enter any value. |
| A3-1277 | When two SSID filters are used in a single connection profile, 802.1x logins fail. |
| A3-2249 | Administrative rules cannot be configured for EAP-TLS authentication. |
| A3-2510 | A3 servers with prior versions can be allowed to join a cluster. |
| CFD-7661 | In special situations, the CPU on a cluster member goes to 100% and the cluster node is largely unresponsible. The CPU is consumed by the mysql process. Customers who experience this should contact Extreme GTAC for a customer patch or fix procedure. |
The following issues have been addressed in this release of ExtremeCloud A3:
| ID | Description |
|---|---|
| A3-3023 | Status > Network View details were off screen. |
| A3-3024 | Search filters in Nodes > Search were persistent, but not displayed. |
| A3-3049 | The Refresh Fingerbank and Restart Switch Port buttons are no longer available on the Clients configuration pages. |
| A3-3058 | The Connected Clients per Connection Type report was blank the the A3-Cloud. |
| A3-3126 | Labels have been changed to clarify RADIUS vs. HTTP certificate elements. |
| A3-3169 | If you are deploying a new A3 cluster and choose to link the cluster to ExtremeCloud IQ during the installation wizard, use of the Go-to-A3 and SSO buttons from the A3-Cloud Inventory page may fail. If this happens, simply unlink and relink your A3 cluster to the Cloud from the Configuration > System Configuration > Cloud Integration page |
| A3-3177, A3-3184, A3-3192, A3-3193 | When A3 is managed from the cloud by clicking on the "Go-to-A3" or "SSO" buttons on the A3-inventory page, any existing cloud-sessions to another A3 instance will become invalid. Before launching a cloud-session to an A3, close any existing cloud-session to an A3 that are currently opened. |
| A3-3185 | An A3 cluster could not be deleted from the A3 Cloud even though all nodes were down. |
| A3-3195 | The CVE-2021-44790 vulnerability for Apache has been remediated. |
| A3-3200 | Command line management access to an EXOS device with LDAP was not possible. |
| A3-3202 | The captive portal was displayed using HTTP instead of HTTPS with secure redirect enabled. |
| A3-3203 | The RADIUS process, radiusd, would not start due to a missing ca.pem certificate. |
| A3-3213 | NTLM Authentication under Tools > Authentication > NTLM Authentication did not work due to a change in API. |
| A3-3214, A3-3125 | TLS 1.0 and 1.1 are no longer used for TLS negotiations. Port 9393 is no longer open. |
| A3-3216 | Device groups were not visible when adding filters in connection profiles. |
| A3-3224, A3-3227, A3-3228 | Coverity path manipulation vulnerabilities have been addressed. |
Copyright © 2022 (your brand here) Published May 2022.