Known Issues for this Release

This section identifies the known issues in this release.

Issue number

Description

Workaround

HTTPS connection fails for CA-signed certificate with certificate inadequate type error on FF.

Ensure End-Entity, Intermediate CA and Root CA certificates are all SHA256 based and RSA2048 key signed, and Extended key usage field is set to TLS webserver Auth only for subject and root. For intermediate, it must be set with other required bits to avoid this issue. Add the root, intermediate CAs in the trust store of the browser for accessing the EDM with HTTPS.

VOSS-1265

On the port that is removed from a T-UNI LACP MLT, non T-UNI configuration is blocked as a result of T-UNI consistency checks.

When a port is removed from a T-UNI LACP MLT, the LACP key of the port must be set to default.

VOSS-1280

The following error message occurs when performing shutdown/no-shutdown commands continuously: IO1 [05/02/14 06:59:55.178:UTC] 0x0011c525 00000000 GlobalRouter COP-SW ERROR vsp4kTxEnable Error changing TX disable for SFP module: 24, code: -8

None. When this issue occurs, the port in question can go down, then performs a shutdown/no-shutdown of the port to bring it up and resumes operation.

VOSS-1285

CAKs are not cleared after setting the device to factory-default.

None. Currently this is the default behavior and does not affect functionality of the MACsec feature.

VOSS-1288

Shutting down the T1 link from one end of the link does not shut down the link at the remote end. You could experience traffic loss if the remote side of the link is not shut down.

This issue occurs only when a T1 SFP link from one end is shutdown. Enable a dynamic link layer protocol such as LACP or VLACP on both ends to shut the remote end down too. As an alternative, administratively disable both ends of the T1 SFP link to avoid the impact.

VOSS-1289

On a MACsec-enabled port, you can see delayed packets when the MACsec port is kept running for more than 12 hours. This delayed packet counter can also increment when there is complete reordering of packets so that the application might receive a slow response. But in this second case, it is a marginal increase in the packet count, which occurs due to PN mismatch sometimes only during Key expiry, and does not induce any latency.

None.

VOSS-1309

You cannot use EDM to issue ping or traceroute commands for IPv6 addresses.

Use CLI to initiate ping and traceroute commands.

VOSS-1310

You cannot use EDM to issue ping or traceroute commands for IPv4 addresses.

Use CLI to initiate ping and traceroute commands.

VOSS-1335

In an IGMP snoop environment, after dynamically downgrading the IGMP version to version 2 (v2), when you revert back to version 3 (v3), the following is observed:

  • The multicast traffic does not flow.

  • The sender entries are not learned on the local sender switch.

  • The Indiscard packet count is incremented on the show int gig error statistics command.

Use a v3 interface as querier in a LAN segment that has snoop-enabled v2 and v3 interfaces.

VOSS-1344

In EDM, you cannot select multiple 40 gigabit ports or a range of ports that includes 40 gigabit ports to graph or edit. You need to select them and edit them individually.

None.

VOSS-1349

On EDM, the port LED for channelized ports only shows the status of sub-port #1, but not the rest of the sub-ports. When you remove sub-port #1, and at least one other sub-port is active and online, the LED color changes to amber, when it should be green because at least one other sub-ports is active and online. The LED only shows the status of sub-port #1.

None.

VOSS-1354

An intermittent link-flap issue can occur in the following circumstance for the copper ports. If you use a crossover cable and disable auto-negotiation, the port operates at 100 Mbps. A link flap issue can occur intermittently and link flap detect will shut down the port.

Administratively shutdown, and then re-enable the port. Use auto-negotiation. Disabling auto-negotiation on these ports is not a recommended configuration.

VOSS-1358

Traffic is forwarded to IGMP v2 SSM group, even after you delete the IGMP SSM-map entry for the group.

If you perform the delete action first, you can recreate the SSM-map record, and then disable the SSM-map record. The disabled SSM-map record causes the receiver to timeout because any subsequent membership reports that arrive and match the disabled SSM-map record are dropped. You can delete the SSM-map record after the receivers time out.

VOSS-1359

The 4 byte AS confederation identifier and peers configuration are not retained across a reboot. This problem occurs when 4 Byte AS is enabled with confederation.

Reconfigure the 4 byte AS confederation identifier and peers on the device, and reboot.

VOSS-1360

After you enable enhanced secure mode, and log in for the first time, the system prompts you to enter a new password. If you do not meet the minimum password requirements, the system displays the following message: Password should contain a minimum of 2 upper and lowercase letters, 2 numbers and 2 special characters like !@#$%^*().  Password change aborted. Enter the New password:

The system output message does not display the actual minimum password requirements you need to meet, which are configured on your system. The output message is an example of what the requirements need to meet. The actual minimum password requirements you need to meet are configured on your system by the administrator.

None.

VOSS-1367

The configuration file always includes the router ospf entry regardless of whether OSPF is configured. This line does not perform any configuration and has no impact on the running software.

None.

VOSS-1368

When you use Telnet or SSH to connect to the switch, it can take up to 60 seconds for the log in prompt to appear. However, this situation is very unlikely to happen, and it does not appear in a standard normal operational network.

Do not provision DNS servers on a switch to avoid this issue altogether.

VOSS-1370

If you configure egress mirroring on NNI ports, you do not see the MAC-in-MAC header on captured packets. 

Use an Rx mirror on the other end of the link to see the packets. 

VOSS-1371

A large number of IPv6 VRRP VR instances on the same VLAN can cause high CPU utilization.

Do not create more than 10 IPv6 VRRP VRs on a single VLAN. 

VOSS-1389

If you disable IPv6 on one RSMLT peer, the switch can intermittently display COP-SW ERROR and RCIP6 ERROR error messages. This issue has no impact.

None.

VOSS-1390

If you delete the SPBM configuration and re-configure SPBM using the same nickname but a different IS-IS system ID without rebooting, the switch displays an error message.

Reboot the switch after you delete the SPBM configuration.

VOSS-1403

EDM displays the user name as Admin, even though you log in using a different user name.

None.

VOSS-1406

When you re-enable insecure protocols in the CLI SSH secure mode, the switch does not display a warning message.

None.

VOSS-1418

EDM displays the IGMP group entry that is learned on a vIST MLT port as TX-NNI.

Use CLI to view the IGMP group entry learned on a vIST MLT port.

VOSS-1428

When port-lock is enabled on the port and re-authentication on the EAP client fails, the port is removed from the RADIUS-assigned VLAN. This adds the port to the default VLAN and displays an error message. This issue has no impact.

The error message is incorrect and can be ignored.

VOSS-1433

When you manually enable or disable IS-IS on 40 Gbps ports with CR4 direct attach cables (DAC), the port bounces one time.

Configure IS-IS during the maintenance period. Bring the port down, configure the port and then bring the port up.

VOSS-1438

In a rare scenario in Simplified vIST configuration when vIST state is toggled immediately followed by vIST MLT ports are toggled, one of the MLT ports will go into blocking state resulting in failure to process data packets hashing to that link.

Before enabling vIST state ensure all vIST MLT ports are shut and re-enabled after vIST is enabled on the DUT.

VOSS-1440

VOSS-1441

When you configure a scaled Layer 3 VSN (24 Layer 3 VSN instances), route leaking from GRT to VRF on the local DUT does not happen. The switch displays an incorrect error message: Only 24 Layer 3 VSNs can be configured.

None.

VOSS-1463

VOSS-1471

When you use Fabric Extend over IP (FE-IP) and Fabric Extend over Layer 2 VLAN (FE-VID) solution, if you change the ingress and egress .1p map, packets cannot follow correct internal QoS queues for FE tunnel to FE tunnel, or FE tunnel to regular NNI traffic.

Do not change the default ingress and egress .1p maps when using Fabric Extend. With default ingress and egress .1p maps, packets follow the correct internal QoS when using the Fabric Extend feature.

VOSS-1473

If the I-SID associated with a Switched UNI or Fabric Attach port does not have a platform VLAN association and you disable Layer 2 Trusted, then the non IP traffic coming from that port does not take the port QoS and still uses the .1p priority in the packet.

None.

VOSS-1530

If you improperly close an SSH session, the session structure information does not clear and the client can stop functioning.

Disable and enable SSH.

VOSS-1584

The show debug-file all command is missing.

None.

VOSS-1585

The system does not generate a log message, either in the log file or on screen, when you run the flight-recorder command.

None.

VOSS-1608

If you use an ERS 4850 FA Proxy with a VOSS or Fabric Engine FA Server, a mismatch can exist in the show output for tagged management traffic. The ERS device always sends traffic as tagged. The VOSS or Fabric Engine FA Server can send both tagged and untagged. For untagged, the VOSS and Fabric Engine FA Servers send VLAN ID 4095 in the management VLAN field of the FA element TLV. The ERS device does not recognize this VLAN ID and so still reports the traffic as tagged.

There is no functional impact.

VOSS-1706

EAPOL: Untagged traffic is not honoring the port QOS for Layer 2 trusted/ Layer 3 untrusted.  This issue is only seen on EAPOL-enabled ports.

None.

VOSS-2014

IPv6 MLD Group is learned for Link-Local Scope Multicast Addresses. This displays additional entries in the Multicast routing tables.

None.

VOSS-2033

The following error messages appear when you use the shutdown and no shutdown commands on the MLT interface with ECMP and BGP+ enabled:

CP1 [01/23/16 11:10:16.474:UTC] 0x00108628 00000000 GlobalRouter RCIP6 ERROR rcIpReplaceRouteNotifyIpv6:FAIL ReplaceTunnelRec conn_id 2

CP1 [12/09/15 12:27:02.203:UTC] 0x00108649 00000000 GlobalRouter RCIP6 ERROR  ifyRpcOutDelFibEntry: del FIB of Ipv6Route failed with 0: ipv6addr: 201:6:604:0:0:0:0:0, mask: 96, nh: 0:0:0:0:0:0:0:0 cid 6657 owner BGP

CP1 [12/09/15 12:20:30.302:UTC] 0x00108649 00000000 GlobalRouter RCIP6 ERROR  ifyRpcOutDelFibEntry: del FIB of Ipv6Route failed with 0: ipv6addr: 210:6:782:0:0:0:0:0, mask: 96, nh: fe80:0:0:0:b2ad:aaff:fe55:5088 cid 2361 owner OSPF

Disable the alternate path.

VOSS-2117

If you configure static IGMP receivers on an IGMPv3 interface and a dynamic join and leave are received on that device from the same destination VLAN or egress point, the device stops forwarding traffic to the static receiver group after the dynamic leave is processed on the device. The end result is that the IGMP static groups still exist on the device but traffic is not forwarded.

Disable and re-enable IGMP Snooping on the interface.

VOSS-2128

EAP Security and Authentication EDM tabs display additional information with internal values populated, which is not useful for the end user.

There is no functional impact. Ignore the additional information in EDM. Use the CLI command show eapol port interface to see port status.

VOSS-2207

You cannot configure an SMTP server hostname that begins with a digit. The system displays the following error: Error: Invalid IP Address or Hostname for SMTP server

None.

VOSS-2208

While performing CFM Layer 2 traceroute between two BEBs using a transit BCB, the transit BCB hop is not seen, if the transit BCB has ISIS adjacencies over FE l3core with both source BEB and destination BEB.

None.

VOSS-2253

Trace level command does not list module IDs when '?' is used.

To get the list of all module IDs, type trace level, and  then press Enter.

VOSS-2285

When on BEB, continuously pinging IPv6 neighbor address using CLI command ping -s, ping packets do not drop, but instead return no answer messages.

Restart the ping. Avoid intensive CPU processing.

VOSS-2333

Layer 2 ping to Virtual BMAC (VBMAC) fails, if the VBMAC is reachable using Layer 2 core.

None.

VOSS-2422

When a BGP Neighbor times out, the following error message occurs: CP1 [03/11/16 13:43:39.084:EST] 0x000b45f2 00000000 GlobalRouter SW ERROR ip_rtdeleteVrf: orec is NULL!

There is no functional impact. Ignore the error message.

VOSS-2859

You cannot modify the port membership on a protocol-based VLAN using EDM, after it has been created.

Use CLI to provision the port membership on the protocol-based VLAN or delete the protocol-based VLAN, and then re-create it with the correct port member setting. 

VOSS-4255

If you run IP traceroute from one end host to another end host with a DvR Leaf in between, an intermediate hop will appear as not responding because the Leaf does not have an IP interface to respond. The IP traceroute to the end host will still work.

None.

VOSS-4728

If you remove and recreate an IS-IS instance on an NNI port with auto-negotiation enabled in addition to vIST and R/SMLT enabled, it is possible that the NNI port will briefly become operationally down but does recover quickly. 

This operational change can lead to a brief traffic loss and possible reconvergence if non-ISIS protocols like OSPF or BGP are also on the NNI port.

If you need to remove and recreate an IS-IS instance on an auto-negotiation enabled NNI port that also has non-ISIS traffic, do so during a maintenance window to minimize possible impact to other non-ISIS traffic.

VOSS-4840

If you run the show fulltech command in an SSH session, do not disable SSH on the system. Doing so can block the SSH session.

None.

VOSS-5130

Disabling and immediately enabling IS-IS results in the following log message: PLSBFIB ERROR: /vob/cb/nd_protocols/plsb/lib/ plsbFib.cpp(line 1558) unregisterLocalInfo() local entry does not exist. key(0xfda010000fffa40)

There is no functional impact. Ignore the error message.

VOSS-5159 & VOSS-5160

If you use a CLIP address as the management IP address, the switch sends out 127.1.0.1 as the source IP address in both SMTP packets and TACACS+ packets.

None.

VOSS-5173

A device on a DvR VLAN cannot authenticate using RADIUS if the RADIUS server is on a DvR VLAN on a DvR Leaf using an in-band management IP address.  

Place the RADIUS server in a non-DvR VLAN off a DvR Leaf or DvR Controller.

VOSS-5331

When you enable FHS ND inspection on a VLAN, and an IPv6 interface exists on the same VLAN, the IPv6 host client does not receive a ping response from the VLAN.

None.

VOSS-5603

In a scaled DvR environment (scaled DvR VLANs), you could see a higher CPU utilization while deleting a DvR leaf node from the DvR domain (no dvr leaf). The CPU utilization stays higher for several minutes on that node only and then returns to normal after deleting all the internal VLANs on the leaf node. 

It is recommended to use a maintenance window when removing leaf(s) from a DvR domain.

VOSS-5627

The system does not currently restrict the number of VLANs on which you can simultaneously configure NLB and Directed Broadcast, resulting in resource hogging.

Ensure that you configure NLB and Directed Broadcast on not more than 100 VLANs simultaneously, assuming one NLB cluster for each VLAN. Also, ensure that you configure NLB on a VLAN first, and then Directed Broadcast, so as to not exhaust the NLB and Directed Broadcast shared resources. The shared resources are NLB interfaces and VLANs with Directed Broadcast enabled. The permissible limit for the shared resources is 200.

VOSS-6189

When you connect to EDM using HTTPS in Microsoft Edge or Mozilla Firefox, the configured values for the RADIUS KeepAliveTimer and CFM SBM MepId do not appear. 

Use Internet Explorer when using an HTTPS connection.

VOSS-6928

On VSP 8000 Series platforms, IPv4 Filters with redirect next hop action do not forward when a default route is not present or a VLAN common to ingress VLAN of the filtered packet is not present.

Configure a default route if possible.

VOSS-7139

DHCPv6 Snooping is not working in an SPB network as the DHCPv6 Snooping entries are not being displayed.

Administrator should add manual entries.

VOSS-7457

The switch can experience an intermittent traffic loss after you disable a Fabric Extend tunnel. 

Bounce the tunnel between the devices.

VOSS-7472

EDM shows incorrect guidance for ACL TCP flag mask. EDM reports 0…63 as hexadecimal. CLI correctly shows <0-0x3F | 0-63> Mask value <Hex | Decimal>. This is a display issue only with no functional impact.

Use CLI to see the correct unit values.

VOSS-8424

A fragmented ping from an external device to a switch when the VLAN IP interface is tied to a non-default VRF fails.

None.

VOSS-8516

Secure Copy (SCP) cannot use 2048-bit public DSA keys from Windows.

Use 1024/2048-bit RSA keys or 1024-bit DSA keys.

VOSS-9516

When you connect to EDM using HTTPS, you can see multiple SSL negotiation with client successful messages during your EDM session. The system displays this message, each time a successful SSL_Handshake occurs between the web browser and the web server. The log file cannot show as many messages as the console and the timing between messages can be different because logging does not occur in real time.

None.

VOSS-9921

Bootup redirection timeout is longer than the UNI port (SMLT) unlock timer. If both vIST nodes boot together in factory default configuration fabric mode or without a nickname, the vIST ports will not enable for up to 4 minutes. During the delay the nickname server is unreachable and vIST is not online.

None.

VOSS-10380

If you enable and configure IPv6 Source Guard and EAPoL on a port, and create and configure a Guest VLAN on the same port without DHCP Snooping and ND-inspection, no error is shown. The port is not added to the Guest VLAN.

Configure DHCP Snooping and ND-inspection are not configured on the Guest VLAN.

VOSS-10381

If you enable and configure IPv6 Source Guard and EAPoL MHSA on a port, and create and configure RAVs for Non-EAP clients on the same port without DHCP Snooping and ND-inspection, no error is shown. The client displays as authenticated into RAV, even when port is not a member of RAV.

None.

VOSS-10574

IS-IS sys-name output is not truncated for show isis spbm nick-name or show ip route commands. If a long character sys-name is in use, the full sys-name display can cause misalignment of the output columns.

None.

VOSS-10815

DvR over SMLT: Traffic is lost at failover on SMLT towards ExtremeXOS or Switch Engine switches. DvR hosts are directly connected to the DvR controllers vIST pair on SMLT LAG and switched-UNIs are dynamically added using Fabric Attach. Only occurs when the access SMLT is LACP MLT and all the ports in the MLT are down.

When all ports in the MLT down and an ARP request is received over an NNI link, there is no physical port that can be associated with the ARP request. The ARP entry is learned against NNI link, and MAC syncs from vIST peer or from a non-vIST peer when bouncing vIST.

None.

VOSS-11895

In a vIST SMLT environment where streams are both local and remote, if source and receiver port links are removed and reinserted several times, eventually traffic will not be forwarded to local single-homed receivers on one peer if the traffic is ingressing from the vIST peer over the NNI link. If the stream ingresses locally, it is received by the local UNI receivers.

Disable and re-enable Fabric Multicast (spbm <1–100> multicast enable) on the source VLAN to be able to delete the streams and come back in properly.

VOSS-11943

This release does not support per-port configuration of Application Telemetry. Because the feature is enabled globally and VSP 7432CQ supports 32 100 Gbps ports, an undesirable condition could be encountered when an exceeded amount of Application Telemetry mirrored packets are sent to the collector.

None.

VOSS-12330

When accessing the on-switch RESTCONF API documentation in a web browser, the page does not render correctly.

Ensure you include the trailing slash (/) in the URL: http(s)://<ip-address>:8080/apps/restconfdoc/. For more information, see VOSS User Guide.

VOSS-12405

To reach a VM, all front panel traffic must travel through an Insight port, which is a 10 Gbps port. If front panel port traffic is over 10 Gbps, this situation represents an over subscription on the Insight port and some of the packets will be dropped. As a result, ExtremeCloud IQ Site Engine can lose connectivity to the Analytics engine if Application Telemetry is enabled.

None.

VOSS-13159

The ixgbevf Ethernet device driver within the TPVM does not correctly handle the interface MTU setting. Specifically, if you configure the interface in SR-IOV mode, packets larger than the MTU size are allowed.

To avoid this problem, configure the desired MTU size on both the relevant front-panel port and Insight port from the NOS CLI.

VOSS-13667

An intermittent issue in SMLT environments, where ARPs or IPv6 neighbors are resolved with delay can cause a transient traffic loss for the affected IPv6 neighbors. The situation auto-corrects.

None.

VOSS-13794

You cannot use SFTP to transfer files larger than 2 GB to the switch.

Use SCP.

VOSS-13904

VOSS-13932

VOSS-16503

VSP 4900 Series has 2 GB memory in a 64-bit system so the RESTCONF VLAN scaling number is smaller than on VSP 7400 Series, which has 16 GB physical memory. Using RESTCONF on VSP4900-48P or VSP4900-24S reduces the number of port-based VLANs on those platforms:

  • 2,000 for VSP4900-48P with RESTCONF

  • 1,000 for VSP4900-24S with RESTCONF

None.

VOSS-13947

After you enable MSTP-Fabric Connect Multi Homing (spbm 1 stp-multi-homing enable), you cannot view the configuration, role, or statistics for the STP virtual port.

None.

VOSS-14597

Ping (originated from local CP) fails for jumbo frames on Layer 3 VSN interface.

None.

VOSS-15079

The Extreme Networks 10 meter SFP+ passive copper DAC (Model Number 10307) does not function on ports 2/3 and 2/4 of the VIM5-4X.

Use the Extreme Networks SFP+ active optical DAC (Model Number AA1403018-E6) with the VIM5-4X.

VOSS-15112

BFD sessions associated with static routes could flap one time before remaining up, when shutting down and bringing back up a BFD peer port.

None. Ignore the extra BFD session flap.

VOSS-15391

An SNMP walk on the rcIgmpSnoopTraceTable table will fail with an OID not increasing error. CLI and EDM are unaffected by this issue.

None.

VOSS-15541

You can experience temporary traffic loss when shutting down an LACP SMLT port (and therefore causing the local SMLT to go down), in a network with scaled Multicast traffic over an SPB cloud, while the datapath processes all dpm letter messages during LCAP recovery. This slow LACP recovery situation is only seen with scaled Multicast traffic over an SPB cloud.

Use static MLTs.

VOSS-15812

Layer 3VSN IPv4 BGP (and static) routes having their next-hops resolved using IS-IS routes could result in traffic loss.

Choose the following workarounds, based on your deployment and needs:

  • Use static routes to reach the loopbacks used as BGP peers, (static routes having better preference than IS-IS); use static routes with next-hops reachable on the UNI side (L2VSN).

  • Use OSPF to reach the loopbacks used as BGP peers, but take care to ensure that the OSPF route towards the BGP peer is chosen as the “best route” (as IS-IS has a better preference than OSPF). There are several ways to accomplish this—either don‘t redistribute that route in IS-IS if it is not needed, or control the redistribution with a route-map, etc.

  • Have BGP peers reachable directly using a C-VLAN; do not use loopback interfaces as BGP peer addresses.

  • If none of the workaround scenarios are suitable for your deployment, do not use internal Border Gateway Protocol (iBGP) peering.

VOSS-15878

VSP 4900 Series and VSP 7400 Series do not boot with just the serial console cable connected and no terminating device, for example, a terminal server, PC, or Mac.

Either attach terminal equipment or disconnect the console cable.

VOSS-16971

On VSP4900-24S, VSP4900-24XE, andVSP4900-12MXU-12XE devices, and on the VIM5-4XE, if a copper SFP is plugged in with the cable inserted and the remote end is also plugged in, the peer box could see a link flap and take 6-8 seconds to link up.

First, plug in the SFP, and then insert the cable. The link up then happens in 3-4 seconds.

VOSS-17567

Do not use the inter-vrf /32 static routes defined with a next-hop IP address that resides in a different destination next-hop-vrf context.

None.

VOSS-18023

The management port on the 5520 switch does not support Auto-MDIX (the automatic detection of transmit and received twisted pairs).

As a best practice, enable the default auto-negotiation setting on the management port.

Because the management port does not support Auto-MDIX, when auto-negotiation is disabled, a crossover cable might be necessary to have the port link up and pass traffic.

Note: If the peer device supports Auto-MDIX, then either a straight through or crossover will work. The issue occurs only if both ends of the connection do not support Auto-MDIX.

None.

VOSS-18238

When a management VLAN with DHCP is used to reach a RADIUS server, and the RADIUS server cannot be reached, the system waits for 15 minutes before attempting to reach the RADIUS server again. This is true even if the RADIUS server becomes reachable before the 15 minutes have elapsed.

None.

VOSS-18278

On the 5520 switch, when you make any change relating to port speed, the port statistics are cleared. This applies to all front panel fiber and copper ports as well as VIM ports.

The following are examples of changes relating to port speed:
  • Changing the auto-negotiation configuration settings on a copper port
  • Different negotiated speed on a copper port
  • Changing out an optical device for one having a different speed, for example changing from 1 Gb to 10 Gb

None.

VOSS-18360

This is an intermittent issue on the VSP 7400 Series with no impact to functionality, ISIS is disabled while the show fulltech command is running on a telnet session. Due to this the fulltech command will not find the expected I-SID value, as it is removed by the no isis command.

None.

VOSS-19212

After upgrading a VSP 7432CQ switch to VOSS 8.2.5 and rebooting, the presence of a faulty power supply unit will cause the system to terminate. A message in the debug log will report that the software could not read the contents of the power supply's EEPROM (carbonatelib_ps_read_eeprom operation).

Replace the power supply unit in the switch.

VOSS-19260

Port mirroring does not work on port 1/s1 of VSP 7400-48Y if the connection type is OVS/SR-IOV.

Use a connection type of VT-d for port 1/s1.

VOSS-19827

LLDP IPv6 neighbors do not display in EDM. LLDP IPv6 is only supported in CLI.

To display LLDP IPv6 neighbors, use the show lldp neighbor summary command.

VOSS-20455

As the switch starts, it can display the following log messages due to incomplete initialization of the management stack when trying to send the first RADIUS packet:

  • 1 2021-02-17T23:32:16.810+01:00 DIST-H9-E3.1-01 CP1 - 0x000a45ae - 00000000 GlobalRouter RADIUS ERROR rad_sendRequest: unable to send a UDP packet. error 51, S_errno_ENETUNREACH

  • 1 2021-02-17T23:32:16.811+01:00 DIST-H9-E3.1-01 CP1 - 0x000a45ac - 00000000 GlobalRouter RADIUS ERROR rad_processPendingRequest: unable to send request

None. This issue has no functional impact.

VOSS-20456

Although the Management Router is not supported in the NOS, you can add a static route for VRF 512 using EDM. The route does not become active even if the next-hop address is reachable from the OOB management interface.

None. This issue has no functional impact.

VOSS-21097

In Multi-Area where vIST peers are boundary nodes, vIST can briefly flap during connection formation when IS-IS is disabled and then reenabled on both vIST peers.

None.

VOSS-21123

Brouters on UNIs of VSP 7400 vIST peers cannot ping each other.

Add a static ARP for the Brouter of the VIST peer.

VOSS-21233

Clearing DvR host entries in a highly scaled Multi-Area DvR environment can trigger DBSYNC WARNING messages (0x00390606 - 00000000 GlobalRouter DBSYNC WARNING Message queue length from DB Sync to tMain reached warning threshold) but these can be expected in a scaled environment and are not a malfunction.

None.

VOSS-21964

When using Windows SCP application on a switch to transfer a file, an error message displays even if a file transfers successfully.

VOSS-22255

Ping, which originates from a local CP, fails for ICMP packets bigger than 1500 sent from Layer 3 VSN interface.

Initiate ping with packets size smaller than 1500.

VOSS-22522

RESTCONF is delayed in a scaled setup with 2,000 VLANs.

None.

VOSS-22858

LLDP neighbor should not be discovered with mismatch in MKA MACsec on 5520 Series ports.

Disable MKA on both sides or shut down the port on both sides.

VOSS-23146

Multi-area DvR/SPBM configuration: Timeout: No response message is returned during snmpwalk on one of the DvR controllers.

Run the snmpwalk command with an increased timeout. You can also run snmpwalk for a specific object.

VOSS-23181

When you enable the boot config flags macsec command, the indiscard counter increments on SPBM-enabled ports.

None. There is no functional impact.

VOSS-23216

If you do not enable the DvR interface when you configure a dvr-one-ip interface, the dvr-one-ip interface does not display when you issue the show dvr interfaces command.

Enable the DvR interface.

VOSS-23229

In an E-Tree scenario, IPv6 packets are forwarded between isolated ports on 5520 Series, 5420 Series, and VSP 7400 Series.

None.

VOSS-24777

In the following port configurations on 5520 Series, 5420 Series, VSP 4900 Series, and VSP 7400 Series, inVSN ACL entries match ingressing packets that have the same VID as the VLAN associated with the ACL I-SID even if the ACL inVSN I-SID is different:

  • on an S-UNI port without a platform VLAN

  • on a T-UNI port VLAN

None.

VOSS-24872

If the collector reachability path changes for Application Telemetry, it is not reflected properly in CLI. Packets remain mirrored towards the correct path but CLI does not reflect the next hop.

None. There is no functional impact.

VOSS-25023

5520 Series, 5420 Series, and 5320 Series platforms can reach 100% CPU utilization during inband transfer (FTP, SFTP, and SCP).

None.

VOSS-25162

RESTCONF ARP and MAC data: on 5x20 switches with 5K ARP entries and 5K MAC entries, it takes approximately 1 minute to retrieve data. The time increases based on the number of entries.

The same occurs on VSP 7400 Series with over 15K entries.

None.

VOSS-25288

Secure boot information for 5720 Series, 7520 Series , and 7720 Series does not display when you issue the show sys-info command.

None.

VOSS-25728

You cannot assign a second disk to the second virtual service on the following switches:

  • VSP 4900 Series

  • VSP 7400 Series

  • 5720 Series

None.

VOSS-25874

Intermittent issue that causes inconsistency in show output.

None.

VOSS-25959

On the VSP 4900 Series, VSP 7400 Series, and 5720 Series, the virtual service does not operate properly when you configure e1000 Network Interface Card (NIC) type for SR-IOV and VT-d connect types.

None.

VOSS-26028

On the VSP 4900 Series, VSP 7400 Series, and 5720 Series, the virtual service does not operate properly when you configure more than 16 virtual ports per Extreme Integrated Application Hosting port.

None.

VOSS-26032 NNI port remains in STP blocking state in a very specific scenario and configuration. Bounce the NNI port.
VOSS-26099

MACsec Key Agreement (MKA) MACsec does not operate properly when you enable and disable MKA MACsec on the port 15-20 times.

None.

VOSS-26122

Intermittently, some CLI commands related to sFlow functionality do not display in the CLI log.

None.

VOSS-26151

MACsec Key Agreement (MKA) does not operate between Fabric Engine 5520 Series and 5720 Series switches and ExtremeXOS 5520 Series and 5720 Series switches when you use GCM-AES-256 MACsec encryption cipher suite on copper ports.

As a workaround, use GCM-AES-128 MACsec encryption cipher suite to connect Fabric Engine 5520 Series and 5720 Series switches and Switch Engine 5520 Series and 5720 Series switches.

VOSS-26526

After you format a USB drive and issue the ls command, the current date and time does not display.

None.

VOSS-26527

Intermittently, the show sys-info command does not display the correct part number or serial number for the 2000 W AC PoE power supply (Model XN-ACPWR-2000W with front-to-back ventilation airflow).

None.

VOSS-26665

Password hash sha2 is present in show running-config and save config. This is the default value. None.

VOSS-26692

The entry for VLAN used to send/receive VXLAN packets to/from FIGW (for IPSec encapsulation) is missing from my_station_tcam table. In this case, traffic over the corresponding FE tunnel is lost. Shut/no shut of the used sideband port fixes the problem.

VOSS-26822

Configuration tab for Ports 53-54 (VSP 7400-48Y) cannot be accessed from the first attempt. Select menu options on your Mozilla Firefox browser. Alternatively, use another browser: Google Chrome, Safari, or Microsoft Edge.

VOSS-27235

If you delete a VLAN IP interface, the switch does not delete the associated DvR gateway IP address.

Manually delete the DvR gateway IP address.

VOSS-27643

On 5320 Series, packet port statistics do not increment for multicast traffic ingressing Layer 3 Fabric Extend NNI.

As a workaround, calculate the number of packets from the total number of bytes received.

VOSS-27784

Layer 3 VSN traffic continues to flow after you delete IP addresses in dual stack scenarios.

None.

VOSS-27875

On 7520-48XT-6C copper ports(1/1-1/48) with SLPP enabled, the port LED state is off.

None.

VOSS-28101

The loss of IP BGP in-route-map and out-route-map from config when you upgrade to Release 8.5.x or later is due to the removal of the following legacy commands in Release 8.5.x that were not needed on newer platforms:
  • ip bgp out-route-map
  • ip bgp out-route-map

As a workaround, apply incoming and outgoing route-maps for BGB peers or peer groups.

VOSS-28437

Layer 3 routed traffic is discarded in a square topology with two pairs of vIST DVR controllers in different domains when traffic should reach the diagonal switch.

As a workaround, save the configuration file with the NNI-MSTP flag configured and reboot the system.

VOSS-28241

For a routed Gigabit Ethernet interface, traffic doubles on vIST peers if you issue the action flushALL command.

None.

VOSS-28525

DHCP clients fail to receive an IP address in scenarios with VRRP over SMLT when SMLT goes down and the DHCP interface is configured to broadcast.

As a workaround, disable broadcast on the DHCP relay.

VOSS-28625

Boundary Nodes return VRRP packets into the originating area and cause warning messages to display. The issue occurs if you create the following ACL rule on a Multi-area SPB Boundary Node:

filter acl 1 type inVsn matchType both
filter acl i-sid 1 12990020
filter acl ace 1 1
filter acl ace action 1 1 permit monitor-isid-offset 1
filter acl ace ethernet 1 1 ether-type eq ip
filter acl ace 1 1 enable

The issue is caused by the interoperability of this specific ACL configured to mirror the I-SID traffic, and the Multi-area filters.

Remove the ACL used to mirror I-SID traffic on the boundary node. Use Fabric RSPAN (Mirror to I-SID) to achieve similar functionality.

Alternatively, use matchtype "uniOnly" instead of “both".

VOSS-28672

IPFIX does not learn MCoSPB NNI-UNI flows on 7520 Series, 7720 Series, and VSP 7400 Series.

None.

VOSS-29287

Interoperability issues can occur between VOSS/Fabric Engine switches and ExtremeXOS/Switch Engine switches when you use MACsec MKA and disable SCI tagging on both ends.

Disabling SCI tagging on both ends works for ExtremeXOS/Switch Engine if the VOSS/Fabric Engine version is earlier than 8.7.

None.

VOSS-29711 If you enter a delayed reboot command for a device with at least one active RADIUS Accounting session, the switch does not send the RADIUS Accounting Stop or RADIUS Accounting Off packets, and console traces display on the screen. None.
VOSS-30195 A potential LLDP flood issue can occur with certain third-party unmanaged devices on Auto-sense ports. Eliminate the cause of flooding.
VOSS-30222 SSH connection is currently unavailable through Layer 2 FE Tunnel or Layer 3 FE Tunnel on the 5320 Series and 5420 Series. Enable IPv6 Shortcuts.
VOSS-30287

An intermittent connectivity issue occurs over a Fabric Extend destination tunnel in a failover scenario when the IS-IS unicast FIB computation does not point to the shortest path.

This situation is temporary. You can perform an action, such as configuring any same I-SID on the Fabric Extend tunnel ends to trigger an IS-IS computation. Wait for the IS-IS computation to generate.

VOSS-30292 If IPv6 Shortcuts are explicitly disabled, SSH connections will not work on VSP 4900 Series. Enable IPv6 Shortcuts.
VOSS-30864 After the switch boots, for a short period of time, some IP Shortcut and IP VPN routes may not be installed if the IP Shortcut or IP VPN restart is not immediately followed by an IS-IS computation. This situation is temporary. After the next IS-IS computation, whether triggered or periodic, all routes are installed in the RTM as expected.

If the issue occurs, you can:

  • Wait for the IS-IS computation to be triggered, with a maximum waiting period of 900 seconds.

    OR

  • Disable and reenable IS-IS.

To avoid the issue, configure an IP source address for IP Shortcuts.

VOSS-30903

The following message displays temporarily when you configure your switch from Zero Touch Provisioning mode to SPBM mode:

COP-SW INFO Impossible case counter = 1, Thread ID = 2601, l2addr_tail = 3, l2addr_head = 4, Invalid MIM port = 1073741830 vid = 4051 MAC Addr = b0:27:cf:43:44:8c Operation = 1

None. This issue has no functional impact.

VOSS-30980

After you enable an IP VPN instance on a VRF that you configure for the IS-IS logical interface and the adjacency establishes through the Fabric Extend tunnel with a nickname server, Dynamic Nickname Offers are discarded on the port with the Fabric Extend tunnel.

As a workaround, disable and then reenable IP VPN on the VRF or use the automatic nickname.
VOSS-30990

When you change the advanced-fabric-bandwidth-reservation flag from low to high, you cannot enable Auto-sense on ports reserved as loopback ports after you reboot the switch.

An example of the message that displays is as follows:

Cleanup for auto-sense failed on port: 1/10, reason: VLAN cleanup failed!
As a workaround, disable Auto-sense on reserved loopback ports before you reboot the switch.
VOSS-31145

When you configure Anycast IP Gateway in a Multi-area SPBM network with four boundary nodes of different platform types, an intermittent issue occurs where an ARP entry points towards TX-NNI instead of the proper NNI.

As a workaround, flush the MAC address of the ARP entry to recover the traffic.

To prevent the issue, use a topology where:

  • routed traffic is not redirected between boundary nodes to reach the other area
  • the same traffic is routed by the same boundary node in both directions (for example, disable Anycast IP Gateway on the other boundary node traversed by the traffic)
VOSS-31226

In a Multi-area SPBM network with four boundary nodes, virtual links can remain down when you disable IS-IS remote adjacencies on each boundary node.

As a workaround, disable IS-IS remote and then reenable IS-IS remote on the affected boundary node.
VOSS-31315

The following message displays when you upgrade to VOSS Release 9.1 on VSP 4900 Series:

DMAR: [Firmware Bug]: No firmware reserved region can cover this RMRR [0x000000003e2e0000-0x000000003e2fffff], contact BIOS vendor for fixes.

None.

VOSS-31352

When you disconnect a Fabric Attach client from an Auto-sense port and reconnect a device that does not transmit LLDP packets, the device displays the wrong port default VLAN ID when the port transitions from the WAIT to UNI state.

As a workaround, bring the port down and then bring the port up to restart the Auto-sense state on the switch to display the correct default VLAN ID when the port transitions to the UNI state.

VOSS-31465

When an IPv6 RSMLT in the forwarding state cannot ping the IPv6 link-local address of the vIST peer in that particular RSMLT VLAN, local routes whose next-hop is the link-local address of the vIST peer can fail.

None.

VOSS-31668

For the 16-port and 24-port 5320 Series switches, RESTCONF is available approximately 60 seconds after the switch restarts.

None.
VOSS-31763

When you enable MACsec on the 5520 Series VIM port, the link goes down and comes back up.

None. This issue has no functional impact.

VOSS-31814

A duplicate timestamp displays when you issue the show io l2-tables or show io l3-tables commands.

None. This issue has no functional impact.