Logo

A3 Version 5.0.0 Release Notes

This release of ExtremeCloud A3 adds several features and resolves several issues.

Web Interface

You can access the ExtremeCloud A3 web interface at https://<ip-address>:1443, where <ip-address> is the IP address of the A3 virtual machine.

Installation and Upgrade

Before installing or upgrading ExtremeCloud A3, ensure that the host on which A3 will be installed has connectivity to the following external services.
Port Application/Protocol Usage
UDP 123 NTPv4 Time synchronization
TCP 443 SSL Communication with ExtremeCloud IQ
TCP 25, 465 or 587 SMTP Email access. Port depends on service used.
TCP 636 LDAP Directory access, if used
UDP 53 DNS Host name look-up

A significant feature of A3 version 4.0 was the replacement of licenses with NAC entitlements managed by ExtremeCloud IQ. No additional licensing action is required for upgrades from A3 4.0. For more information, see A3 Licensing. Note that A3 versions 4.0 and later are not compatible with Connect-level ExtremeCloud IQ accounts. After an ExtremeCloud IQ account is provisioned with NAC entitlements, it is automatically upgraded to Pilot level. To remain at the Connect level, you can use a separate ExtremeCloud IQ account for ExtremeCloud A3.

For more information about upgrading to version 5.0.0, see ExtremeCloud A3 Upgrade Guide, 5.0.0.

Changes in Behavior or Appearance

Table 1. Changes in this release
ID Description
A3 - 3282 Replacement of the A3 HTTPS server certificate no longer requires a manual cluster restart.
A3 - 3257 A new Japanese language option for the built-in captive portal languages.
A3 - 3239 A new option (">>") lets you fast forward to the last page of the "Search Clients" and "Search RADIUS Audit Logs" results.
A3 - 3234 Manually entered dates are now validated, to prevent invalid dates from being entered and breaking product functionality.
A3 - 3127 New report with the distribution of roles.
A3 - 3075 A3 now updates existing wireless clients in ExtremeCloud IQ with information related to NAC. A3 does not create new clients in ExtremeCloud IQ.
A3 - 3287 Support for WMI is removed from the product.
A3 - 3330 A new memberOf condition is supported in the authentication rules of the Open ID authentication source.

Software Limitations

Limitations are not necessarily software issues, but might affect work flow, and are presented here for your reference and consideration.

Table 2. Limitations in this release
Description
Only one node should be added to the cluster at a time. Additional nodes should only be added after the previous join process has completed.
When linking to an ExtremeCloud IQ cloud account, reports only include data from that moment onward, and do not include historical data prior to linking.
You cannot change the management network interface of an A3 cluster using the UI after initial configuration. Ensure the accuracy of your setup when you initially configure the management network interface.
Administrators might not be able to log in to A3 if the clock on the A3 system is not accurate.
When you remove a node from an A3 cluster, it can neither rejoin the cluster, nor function as a standalone and must be discarded.

Known Issues

Table 3. Known issues in this release
ID Description
The direct upgrade to version 5.0.0 is not available. After version 5.0.0 is installed, the backup from version 4.1.1 can be restored. For more information, see ExtremeCloud A3 Upgrade Guide, 5.0.0.
Profile installation on macOS requires the captive web portal to be opened using the Safari browser.
The Network Detection feature of the Captive Portal is always enabled, regardless of the setting of the switch in Configuration > Advanced Access Configuration > Captive Portal.
A3 - 99 For Active Directory entries, the identifier must be alpha-numeric with no spaces.
A3 - 125 After a successful Join AD Domain, a spurious "An error occurred while contacting the server" can be shown.
A3 - 910 If the initial setup is not completed by the time the current DHCP lease expires, A3 loses its IP address.
A3 - 1179 A3 sometimes prompts the admin to enter a user name and password when performing authentication tests using sources that do not require this type of authentication. Enter any value.
A3 - 1277 When two SSID filters are used in a single connection profile, 802.1x log-ins fail.
A3 - 2249 Administrative rules cannot be configured for EAP-TLS authentication.
A3 - 2510 A3 servers with earlier versions can be allowed to join a cluster.
CFD-9079 Do not use special characters or spaces in file names of files uploaded to A3. The configuration backup may fail when the file name of the file uploaded to A3 contains special characters or spaces. For example, the name of the captive portal image file.

Addressed Issues

Table 4. Issues addressed in this release
ID Description
CFD-8670 Linking A3 to ExtremeCloud IQ does not fail if the password contains an ampersand (&) character.
CFD - 8530, CFD - 8467 Regardless of an A3's status, let it be deleted from the Cloud if its HTTP connectivity to the Cloud is down.
CFD - 8425 Removed unnecessary warning in situations where it is not appropriate: Internal networks not defined! networks.conf is empty but services.dhcp is enabled. Disable it to remove this warning.
CDF - 7942 For EAP-TTLS/PAP authentications, A3 is reporting the outer-tunnel user name as "anonymous@xxxxx" instead of the inner-tunnel user name of "username@xxxxx". Enable the new "EAP-TTLS-PAP-username-from-tunnel" RADIUS filter to expose this information.
CFD - 7661 In special situations, the CPU on a cluster member goes to 100% and the cluster node is largely unresponsive.

Copyright © 2023 Extreme Networks. All rights reserved. Published March 28, 2023.