New in this Document

The following sections detail what is new in this document.

Network Operating System Personalities

Extreme Networks offers universal hardware products that support more than one Network Operating System (NOS) personality. These hardware products ship with a default NOS personality but you can select a non-default personality.

The primary method to select a NOS personality for the hardware is by using ExtremeCloud IQ. If the network is not accessible, or if you do not use Extreme Networks management software, you can change the NOS personality by using CLI commands in the running NOS. For more information about ExtremeCloud IQ, go to https://www.extremenetworks.com/extremecloud-iq/.

The first universal hardware product to support more than one NOS personality is the 5520 Series.

For more information, see Network Operating System Personalities.

256-bit IPsec Encryption for Fabric Extend Tunnels on XA1400 Series and Fabric IPsec Gateway

This release adds support to configure the IPsec encryption key length as either 128 bit or 256 bit.

This enhancement was originally available as a demonstration feature in VOSS 8.2. This enhancement is generally available in VOSS Release 8.3.

For more information, see the following sections:

5520 Series

5520 Series is a new hardware family of switches that supports both ExtremeXOS and VOSS. VOSS 8.2.5 supports the following models:

Each model provides one Versatile Interface Module (VIM) slot. You can install any one of the following VIMs in the VIM slot to provide flexible linkage to other switches or devices over a range of media:

Feature documentation is updated to include support statements specific to the new hardware.

Certificate Enhancements

XA1400 Series, VSP 4900 Series, and VSP 7400 Series switches support IPsec authentication and encryption of Fabric Extend tunnels using pre-shared keys for authentication. This release introduces a more secure authentication method through digital certificate support for IPsec.

This release enhances digital certificate support on all switches. You can configure an encrypted SHA-256 fingerprint to validate the certificate authority (CA) certificate chain and to avoid manual transfer of the root certificate file.

For more information, see Digital Certificates for IPsec Authentication and Digital Certificate/PKI.

DvR One IP Enhancement

This enhancement was originally available as a demonstration feature in VOSS 8.2; this enhancement is now generally available and can be used in production environments. You can now use a single IP address in a subnet shared by all Controllers by configuring the DvR IP to be the same as the DvR gateway IP.

This feature does not apply to VSP 4450 Series or XA1400 Series.

For more information, see Distributed Virtual Routing.

Dynamic Nickname Assignment Enhancement

This release extends the Dynamic Nickname Assignment behavior, and provides the user with a prefix parameter to assign up to 256 groups with 4,096 nicknames each.

For more information, see Dynamic Nickname Assignment.

Extreme Integrated Application Hosting (IAH) Enhancements

Extreme Integrated Application Hosting (IAH) enhancements were originally available as a demonstration feature in VOSS 8.2; these enhancements are now generally available and can be used in production environments. The enhancements are provided on the following platforms:

You can configure the following enhancements:

For more information, see Extreme Integrated Application Hosting.

Fabric Extend Enhancements

For XA1400 Series, to improve throughput of an FE tunnel over a WAN circuit, VOSS added IPsec compression and the ability to adjust the TCP maximum segment size (MSS).

For more information, see the following:

Fabric IPsec Gateway

The Fabric IPsec Gateway feature introduces a Virtual Machine that supports aggregation of Fabric Extend Tunnels with fragmentation, reassembly, and Internet Protocol Security (IPsec) encryption functions. Starting with VOSS 8.3, the Fabric IPsec Gateway feature is available for VSP 4900 Series switches. The same virtual machine continues to be available for VSP 7400 Series switches.

For more information, see Fabric IPsec Gateway Fundamentals.

MAC Security Limit-Learning

VSP 4900 Series and 5520 Series add support for MAC security limit-learning. Use this feature to limit the number of MAC addresses a port can learn.

For more information, see VLAN MAC-layer Filtering Database and MAC Security.

Mask Password for SNMPv3 and Web Server Commands

This release modifies the following commands, which previously displayed the password in clear text as part of the configuration method, to instead prompt for the password and hide the characters as you type them:

For more information, see the following sections:

PoE Support for Classes 5 and 6 on VSP 4900

VOSS Release 8.3 provides 60W PoE support for classes 5 and 6 on VSP 4900-12MXU-12XE.

For more information, see Power over Ethernet Fundamentals.

VLAN IP Address as Fabric Extend Tunnel Source

Fabric Extend (FE) enables the extension of Fabric Connect networking over Layer 2 or Layer 3 core IP networks. You can configure a VLAN IP interface as the FE tunnel source IP address on a device. You must configure the VLAN in the same VRF as the ISIS tunnel source IP address.

Note

Note

This feature is generally available for the following products in VOSS Release 8.3:

  • 5520 Series

  • VSP 4450 Series

  • VSP 4900 Series

  • VSP 7200 Series

  • VSP 7400 Series

  • VSP 8200 Series

  • VSP 8400 Series

This feature was previously generally available on XA1400 Series only.

For more information, see the following sections:

VOSS Switch Support on the Network Edge

This release expands support for VOSS switches to the network edge and simplifies deployment and network operation processes. For information about feature support, see VOSS Feature Support Matrix.

The system implements a port-based Auto-sense functionality to support zero touch capabilities when deploying a fabric-based network. Auto-sense introduces a port state machine that allows the port to change its state based on sensing what it is connected to. Port states can be IS-IS links, FA links, IP Phone links, and user links with or without network access control enabled. Additionally, Auto-sense establishes an automatic onboarding I-SID 15999999 on VLAN 4048 for automatic reachability of the network management segment.

Note

Note

For bridged or routed reachability of the management servers (DHCP, RADIUS, Extreme Management Center, or ExtremeCloud IQ) the onboarding I-SID must be manually mapped to the management segment on at least one BEB in the network prior to zero touch deployments of new switches. Additionally, you must enable a Dynamic Nickname server on at least one node.

The following features and enhancements are introduced to support VOSS switches on the network edge and to support network automation: