The following sections detail what is new in this document.
In earlier releases, 802.3at (including legacy) was the default Power over Ethernet (PoE) powered device (PD) detection type. This feature automatically configures the default settings for PoE detection type to 802.3at and Legacy to 802.3bt Type 3 or 802.3bt Type 4 depending on the capabilities of the device.
This release includes the following Distributed Virtual Routing (DvR) enhancements:
DvR Isolated Domains
You can create an isolated DvR domain with an isolated DvR Controller that does not connect to the DvR backbone and does not exchange routes with other domains. Previously, multiple DvR domains were required in large network Fabric Edge deployments. The total amount of non-isolated domains able to join a DvR backbone is 16 domains per fabric area. With the DvR Isolated Domains feature there is no longer a restriction on how many DvR domains can be deployed in an IS-IS area.
DvR-VRRP Coexistence (DvR-leaf – regular BEB interop)
By using VRRP advertisements on the DvR VLAN and I-SID, DvR Controllers can now route traffic that enters on the network-to-network interface (NNI) if a Layer 2 Virtual Service Network (VSN) spans outside of the DvR domain.
Important
To implement this enhancement, you must upgrade the software on all DvR BEBs, including Leaf nodes.
For more information, see DvR Isolated Domains and DvR-VRRP Coexistence.
You can configure the maximum MAC, EAP, and NEAP clients supported on Auto-sense enabled ports without disabling Auto-sense. Earlier you could only do this by disabling the Auto-sense.
For more information, see: Auto-sense Configuration using CLI and Auto-sense Global Configuration using EDM.
One example of this improvement is that when updates are required quickly, Edge switches connected with vIST/SMLT dual homing and Fabric Attach can disregard the timer and forcefully send an updated packet. The timer is then reset.
Note
Note
This functionality is not available on XA1400 Series.With the introduction of IP Multicast config-lite for Fabric Connect, you can now enable Layer 3 IP Multicast routing over Fabric Connect on a Layer 2 Edge node, without an associated IP address on the VLAN.
Note
If you enable this functionality on a VLAN interface, you cannot manually configure a VRF or an IP address on that VLAN.Note
This feature does not apply to XA1400 Series and VSP 8600 Series.
For specific IP multicast group addresses, you can configure IP SPB Multicast Policy to permit only multicast senders, permit only multicast receivers, or deny both. Additionally, in this release, the static IP multicast forwarding functionality allows static MC scaling, by aggregating multiple IP multicast group addresses into a static data I-SID that you configure.
For more information, see the following sections:
You can now view Primary Bank and Secondary Bank ACEs for specific ACL IDs using Enterprise Device Manager (EDM). In the previous release, you could view Primary Bank and Secondary Bank ACEs for specific ACL IDs using CLI only.
For more information, see Viewing ACL Statistics.
This release introduces the Extreme-Dynamic-Client-Assignments Vendor Specific Attribute (VSA), a new RADIUS VSA for dynamic Virtual Local Area Network (VLAN) and Private VLAN (PVLAN) creation.
You can also use the Extreme-Dynamic-Client-Assignments VSA to configure VLAN parameters, such as VLAN name, I-SID to VLAN association, and I-SID name. VLAN-based attributes automate switch configuration using values received from the RADIUS Server.
In earlier releases, the secret key displayed in clear text on the console and in the configuration file when you assigned an authentication key to the server using the ntp server command.
In this release, the secret key is encrypted and is not visible on the console or in the configuration file. Asterisks now display as the secret key. The show ntp key CLI command output no longer displays the secret key field. The keysecret field in EDM is also removed.
Note
This enhancement only applies to VSP 4900 Series and VSP 7400 Series.
You can create parallel Fabric Extend IP tunnels between two nodes for redundancy.
For more information, see Parallel Tunnel Support for Fabric Extend.
This release expands rate-limiting for broadcast and multicast traffic to include unknown unicast traffic. The rate you configure applies to the combined broadcast and unknown unicast traffic. In previous releases, rate-limiting resulted in excessive flooding to all members in the VLAN/ISID. There is no change to CLI command syntax.
For more information, see the following sections:
SHA2 512-bit password hashing improves the software security of new devices and devices booted with factory default settings. It is available as a security enhancement beyond the previous default SHA1 160-bit password hashing method. The new CLI command password hash is introduced to change the password hash between SHA1 and SHA2. The new default is SHA2 for new switches running this release.
Note
When upgrading, SHA1 password hashes and custom users are retained, until a factory default reset or until the password hash level is changed. During a factory default reset, SHA2 512-bit becomes the default password hash, all custom users are deleted, and SHA1 passwords are removed.
The system uses the global system prompt name as the Intermediate System-to-Intermediate System (IS-IS) system name, by default, until you manually configure it.
For more information, see Configuring optional IS-IS global parameters and Configure IS-IS Global Parameters.
In this release, you can use a Segmented Management Instance as a source IP for sFlow, IPFIX, or Application Telemetry. Previously, VLAN could not be used as a source IP address. Support for management CLIP as a source IP for sFlow, and Application Telemetry continues from previous releases and support is added for IPFIX. You can now use a management CLIP tied to a user created VRF for sFlow, IPFIX, and Application Telemetry instead of being restricted to GRT. sFlow is the only application that can use management OOB.
For more information, see the following sections: