The following sections detail what is new in this document.
You can configure the area name for home and remote areas.
For more information, see Configure an IS-IS Area Name.
In earlier releases, 5520 Series switches automatically reserved Universal Ethernet ports (24 ports: 1/25 and 1/26, 48 ports: 1/49 and 1/50) as loopback ports for advanced features. Now, if a VIM is not present, 5520 Series switches automatically reserve the VIM slot as loopback ports for advanced features. When used as regular ports, the Universal Ethernet port speed is 40 Gbps as a single channel port. Although the maximum supported single channel port speed is 40 Gbps, the ports can be channelized to operate as four 10 or 25 Gbps channels.
If a VIM is present, the Universal Ethernet ports are used for SPB internal loopback.
For more information, see, advanced-feature-bandwidth-reservation Boot Flag
This release includes the following Auto-sense enhancements:
In earlier releases, you could not enable Auto-sense on a port that included conflicting feature configuration. Now, if you enable Auto-sense on a port, the software automatically deletes the conflicting configuration from the port. Also, if you disable Auto-sense on a port, the software removes all Auto-sense state configuration and reverts the port to the default configuration.
Auto-sense supports a port-specific data I-SID to separate the data traffic of one device from another device. Previously, you could only configure a global data I-SID to apply to all Auto-sense enabled ports.
Auto-sense support for Fabric Attach (FA) is enhanced to match the abilities of Zero Touch Configuration. Depending on the device that the Auto-sense port detects (FA-capable access point, camera, open virtual switch, or FA proxy switch), the software can apply different FA-specific configurations that you define. The I-SID priority for untagged traffic on a port in the FA state is also modified.
With this release, an Auto-sense port in the UNI state now remains in PVLAN isolated mode when any additional untagged I-SID is applied to the port. Previously, the port changed automatically to PVLAN promiscuous mode. With this change, not only can you assign the onboarding I-SID to an Auto-sense port with PVLAN isolation functionality, but you can also assign other untagged PVLAN isolated pvlan/I-SIDs to an Auto-sense port.
Auto-sense logical flowcharts to describe the port state detection, how the system configurations can change the logic decision path, and the Auto-sense configuration results.
You can configure the Auto-sense wait interval, which controls the time to wait for a Link Layer Discovery Protocol (LLDP) neighbor to be detected in the Auto-sense wait state before transitioning to the Auto-sense onboarding state.
For more information, see Auto-sense.
VOSS enhances Extreme Integrated Application Hosting with the ability to view the application name and version used by the virtual service, force overwriting a saved Fabric IPsec Gateway configuration without confirmation, and also with the ability to perform specific actions in a virtual machine (VM) from the VOSS CLI.
For more information, see Extreme Integrated Application Hosting.
A command is available to return the ExtremeCloud IQ Agent firmware version on the switch to the version bundled with the VOSS image currently installed on the switch, for example, if you downgrade the VOSS image version and do not reconnect to ExtremeCloud IQ automatically.
For more information, see Reinstall ExtremeCloud IQ Agent Firmware.
VSP 4900 Series and VSP 7400 Series switches support IPsec fragmentation before encryption of Fabric Extend tunnels using Fabric IPsec Gateway. EDM support for IPsec fragmentation before encryption is also added for XA1400 Series.
For more information, see IPsec Fragmentation Before Encryption.
To detect maximum transmission unit (MTU) mismatches, Intermediate System-to-Intermediate System (IS-IS) pads hello packets to the full interface MTU.
For more information, see IS-IS Hello Padding.
Link Debounce protects the upper layers from unnecessary state changes by delaying the change of a port link state when the following situations occur:
There are frequent flaps in a short interval at the physical layer in the case of Fiber WAN services.
There is a delay in switching from the working path to the protected path in the case of Carrier Wave WAN services.
For more information, see Link Debounce.
The following enhancements were made for the show i-sid mac-address-entry command:
The TYPE column in the command output shows NON-LOCAL instead of REMOTE for MAC addresses learned from other nodes.
The command output can be filtered to show only MAC addresses learned in either the home or remote area, or learned from other nodes.
For more information, see View C-MACs Learned on T-UNI Ports for an I-SID.
This release includes the following SSH enhancements:
A new method, diffie-hellman-group-exchange-sha256, is available for SSH Key exchange.
For more information, see Configure the Key-Exchange Method.
Added new command to reset SSH, which previously required two steps and it was not possible to enable SSH after the configuration access was disabled. The new ssh reset command terminates all SSH sessions and restarts SSH server.
For more information, see Resetting the SSH
The ability to adjust the TCP maximum segment size (MSS) is added for VSP 4900 Series and VSP 7400 Series. This functionality was previously supported only on XA1400 Series; configuration commands are modified from the original support.
Note
If you configured this feature on XA1400 Series prior to VOSS 8.3.1, after you upgrade to VOSS 8.4.2 and save the configuration, the configuration uses the new commands. If you enabled the feature using an auto-derived value, the value is updated to 200 less than the tunnel MTU.
For more information, see Adjusting the TCP Maximum Segment Size.
For XA1400 Series branch deployments, the VOSS routing IP stack requires the VLAN Management Instance to work in coexistence mode where both the management IP stack and the routing IP stack share the same IP address and default routes. This configuration is required if you need to use the management IP as IPsec source address. You can use the propagate-to-routing command to propagate the management VLAN IP and static routes from the management IP stack to the VOSS routing IP stack on the same VLAN ID.
For more information, see Configure Management VLAN and VOSS Routing VLAN Coexistence Through Propagation.
When you deploy the XA1400 Series in an environment where you need more than one provider connection with IPsec, you can configure a source IP address for each IPsec tunnel. You can configure a static source IP address or you can dynamically obtain the source IP address from DHCP.
For more information, see IPsec Source IP Address Per Tunnel Interface.