|
This release of ExtremeCloud A3 adds several features and resolves several issues.
You can access the ExtremeCloud A3 web interface at https://<ip-address>:1443, where <ip-address> is the IP address of the A3 virtual machine.
| Port | Application/Protocol | Usage |
|---|---|---|
| UDP 123 | NTPv4 | Time synchronization |
| TCP 443 | SSL | Communication with ExtremeCloud IQ |
| TCP 25, 465 or 587 | SMTP | Email access. Port depends on service used. |
| TCP 636 | LDAP | Directory access, if used |
| UDP 53 | DNS | Host name look-up |
A significant feature of A3 version 4.0 was the replacement of licenses with NAC entitlements managed by ExtremeCloud IQ. No additional licensing action is required for upgrades from A3 4.0. For more information, see A3 Licensing. Note that A3 versions 4.0 and later are not compatible with Connect-level ExtremeCloud IQ accounts. After an ExtremeCloud IQ account is provisioned with NAC entitlements, it is automatically upgraded to Pilot level. To remain at the Connect level, you can use a separate ExtremeCloud IQ account for ExtremeCloud A3.
For more information about upgrading to version 5.0.0, see ExtremeCloud A3 Upgrade Guide, 5.0.0.
| ID | Description |
|---|---|
| A3 - 3282 | Replacement of the A3 HTTPS server certificate no longer requires a manual cluster restart. |
| A3 - 3257 | A new Japanese language option for the built-in captive portal languages. |
| A3 - 3239 | A new option (">>") lets you fast forward to the last page of the "Search Clients" and "Search RADIUS Audit Logs" results. |
| A3 - 3234 | Manually entered dates are now validated, to prevent invalid dates from being entered and breaking product functionality. |
| A3 - 3127 | New report with the distribution of roles. |
| A3 - 3075 | A3 now updates existing wireless clients in ExtremeCloud IQ with information related to NAC. A3 does not create new clients in ExtremeCloud IQ. |
| A3 - 3287 | Support for WMI is removed from the product. |
| A3 - 3330 | A new memberOf condition is supported in the authentication rules of the Open ID authentication source. |
Limitations are not necessarily software issues, but might affect work flow, and are presented here for your reference and consideration.
| Description |
|---|
| Only one node should be added to the cluster at a time. Additional nodes should only be added after the previous join process has completed. |
| When linking to an ExtremeCloud IQ cloud account, reports only include data from that moment onward, and do not include historical data prior to linking. |
| You cannot change the management network interface of an A3 cluster using the UI after initial configuration. Ensure the accuracy of your setup when you initially configure the management network interface. |
| Administrators might not be able to log in to A3 if the clock on the A3 system is not accurate. |
| When you remove a node from an A3 cluster, it can neither rejoin the cluster, nor function as a standalone and must be discarded. |
| ID | Description |
|---|---|
| The direct upgrade to version 5.0.0 is not available. After version 5.0.0 is installed, the backup from version 4.1.1 can be restored. For more information, see ExtremeCloud A3 Upgrade Guide, 5.0.0. | |
| Profile installation on macOS requires the captive web portal to be opened using the Safari browser. | |
| The Network Detection feature of the Captive Portal is always enabled, regardless of the setting of the switch in . | |
| A3 - 99 | For Active Directory entries, the identifier must be alpha-numeric with no spaces. |
| A3 - 125 | After a successful Join AD Domain, a spurious "An error occurred while contacting the server" can be shown. |
| A3 - 910 | If the initial setup is not completed by the time the current DHCP lease expires, A3 loses its IP address. |
| A3 - 1179 | A3 sometimes prompts the admin to enter a user name and password when performing authentication tests using sources that do not require this type of authentication. Enter any value. |
| A3 - 1277 | When two SSID filters are used in a single connection profile, 802.1x log-ins fail. |
| A3 - 2249 | Administrative rules cannot be configured for EAP-TLS authentication. |
| A3 - 2510 | A3 servers with earlier versions can be allowed to join a cluster. |
| CFD-9079 | Do not use special characters or spaces in file names of files uploaded to A3. The configuration backup may fail when the file name of the file uploaded to A3 contains special characters or spaces. For example, the name of the captive portal image file. |
| ID | Description |
|---|---|
| CFD-8670 | Linking A3 to ExtremeCloud IQ does not fail if the password contains an ampersand (&) character. |
| CFD - 8530, CFD - 8467 | Regardless of an A3's status, let it be deleted from the Cloud if its HTTP connectivity to the Cloud is down. |
| CFD - 8425 | Removed unnecessary warning in situations where it is not appropriate: Internal networks not defined! networks.conf is empty but services.dhcp is enabled. Disable it to remove this warning. |
| CDF - 7942 | For EAP-TTLS/PAP authentications, A3 is reporting the outer-tunnel user name as "anonymous@xxxxx" instead of the inner-tunnel user name of "username@xxxxx". Enable the new "EAP-TTLS-PAP-username-from-tunnel" RADIUS filter to expose this information. |
| CFD - 7661 | In special situations, the CPU on a cluster member goes to 100% and the cluster node is largely unresponsive. |
Copyright © 2023 Extreme Networks. All rights reserved. Published March 28, 2023.