New in this Document

The following sections detail what is new in this document.

Automatic QoS Priority for MACsec Packets on Intermediate Switches

In certain situations where MACsec encrypted packets traverse intermediate non-MACsec switches, QoS visibility is lost.

This feature uses confidentiality-offset to specify that the first 30 or 50 bytes within the MACsec frame transmit without encryption, thus leaving the 802.1Q VLAN tag p-bits in the clear so that the intermediate switch can differentiate between encrypted traffic. With the 802.1Q p-bits in the clear, internal QoS priority for MACsec packets on intermediate switches can be automatically assigned.

For more information, see Automatic QoS Priority for MACsec Packets on Intermediate Switches.

Dynamic Nickname Assignment Debugging

Example scenarios are added to help debug possible failure cases in single and multi-area configurations. For more information, see Dynamic Nickname Assignment.

EDM Support for mvpn-isid mac-offset Parameter

This release includes the ability to configure the mac-offset parameter for mvpn-isid from EDM. In previous releases, this functionality was available through CLI only. For more information, see Configure IP Multicast config-lite for Fabric Connect.

Enhanced EDM Help

Enterprise Device Manager (EDM) has been improved with an online Help feature that supplements the existing Help. A Book icon (Help Setup Guide) in the Navigation pane now provides links to the following items:
  • Software Release Notes

  • Documentation collections

  • Hardware and Software Compatibility Matrices

  • Documentation for Extreme optics

  • RESTCONF Reference Documentation

  • The support portal for Software, MIB, Vulnerability/CVE and Field Notices

  • GitHub information for GNS3 images

If you have installed an Extreme-branded transceiver in a port, then you can view information about the transceiver by selecting the Vendor Part Number on the DDI/SFP tab of the Port pane.

For more information, see View DDI Information.

Extreme Integrated Application Hosting

Beginning with this release, you can use the following existing CLI commands in Global Configuration mode:

Procedures are updated to reflect two mode support. Upgrade procedures use Global Configuration mode only to reduce mode changes.

For more information, see Virtual Services Configuration using CLI and Upgrade a Fabric IPsec Gateway VM.

ExtremeCloud IQ Agent Enhancement

The output for the show application iqagent status CLI command is updated to provide additional information if IQ Agent is enabled but disconnected. The same information is also available in EDM. This change requires ExtremeCloud IQ Agent 0.5.55 or later.

For more information, see ExtremeCloud IQ Support.

Extreme-Dynamic-ACL Scaling Improvements

The Extreme-Dynamic-ACL RADIUS attribute now supports a list parameter. Use the list parameter to contain ports or masks and group similar ACE commands to avoid the packet limitation. Only one list parameter can exist in one Extreme-Dynamic-ACL. The length of an individual ACE command from an Extreme-Dynamic-ACL VSA message is increased from 128 to 255 characters.

For more information, see Extreme-Dynamic-ACL.

Factory Default Flag More Granular Options

The following list identifies more granular options that enhance the factory default flag behaviors:

For more information, see Boot Flag Configuration using CLI and Configure Boot Flags.

Field-Programmable Gate Array (FPGA) Upgrade for VSP 4900 Series

This release adds FPGA CPLD version 1.2.42. You must manually upgrade the version using the cpld-install fgpa command. For more information, see Update the Complex Programmable Logic Device (CPLD) Image.

Forced Password Change

In this release, the system prompts you to change the admin and read-only user default passwords when you use the web-server enable command to enable the web management interface.

For more information, see Enable the Web Management Interface.

Layer 2 Ping and Layer 2 Traceroute Support for Virtual Node on Multi-area SPB Boundary Node

Multi-area SPB supports Connectivity Fault Management (CFM) on virtual nodes in both home and remote area. For remote area, the boundary nodes respond to Layer 2 ping and Layer 2 traceroute messages that contain the remote area system ID. You must enable CFM on the boundary nodes for the functionality to work.

For more information, see Layer 2 Ping and Layer 2 Traceroute Support in Area Virtual Node.

Plug and Play Enhancements

This release introduces the following improvements:
  • Automatically adjust IS-IS link metrics based on port / LAG speed, which automatically recalculates the Level 1 metric based on the detected link speed.
  • Auto-set vim-speed on 25G VIMs based on inserted transceiver type.

    The switch now automatically configures the Versatile Interface Module (VIM) speed based on the detected optics, which makes it easier to deploy and to maintain the module.

    Auto-set vim-speed is enabled by default.

    Note

    Note

    This feature only applies to VSP 4900 Series.

  • Auto-channelize QSFP+ and QSFP28 ports when QSA adapter or breakout cable is detected and the port operates in Auto-sense mode.

    Channelization of these ports occurs automatically when you insert one of the following:
    • Quad Small Form-factor Pluggable (QSFP) Plus adapter to Small Form-factor Pluggable (SFP) Plus adapter

    • QSFP28 to SFP28 adapter
    • QSFP28 to 4xSFP28 passive or active breakout cable
    • QSFP+ to 2xSFP+ passive or active breakout cable

    This enhancement means that you no longer have to configure channelization on supported ports.

Together these enhancements make it even easier to deploy and use your switch.

Security Enhancements

This release makes the following security-related enhancements:

For more information, see the following sections: