Known Issues

This section identifies the known issues in this release.

Known Issues for 8.10

Issue number

Description

Workaround

HTTPS connection fails for CA-signed certificate with certificate inadequate type error on FF.

Ensure End-Entity, Intermediate CA and Root CA certificates are all SHA256 based and RSA2048 key signed, and Extended key usage field is set to TLS webserver Auth only for subject and root. For intermediate, it must be set with other required bits to avoid this issue. Add the root, intermediate CAs in the trust store of the browser for accessing the EDM with HTTPS.

VOSS-1265

On the port that is removed from a T-UNI LACP MLT, non T-UNI configuration is blocked as a result of T-UNI consistency checks.

When a port is removed from a T-UNI LACP MLT, the LACP key of the port must be set to default.

VOSS-1278

SLA Mon tests fail (between 2% and 8% failure) between devices when you have too many agents involved with scaled configurations.

This happens only in a scaled scenario with more than seven agents, otherwise the failure does not occur. The acceptable failure percentage is 5%, but you could see failures of up to 8%.

VOSS-1280

The following error message occurs when performing shutdown/no-shutdown commands continuously: IO1 [05/02/14 06:59:55.178:UTC] 0x0011c525 00000000 GlobalRouter COP-SW ERROR vsp4kTxEnable Error changing TX disable for SFP module: 24, code: -8

None. When this issue occurs, the port in question can go down, then performs a shutdown/no-shutdown of the port to bring it up and resumes operation.

VOSS-1285

CAKs are not cleared after setting the device to factory-default.

None. Currently this is the default behavior and does not affect functionality of the MACsec feature.

VOSS-1288

Shutting down the T1 link from one end of the link does not shut down the link at the remote end. You could experience traffic loss if the remote side of the link is not shut down.

This issue occurs only when a T1 SFP link from one end is shutdown. Enable a dynamic link layer protocol such as LACP or VLACP on both ends to shut the remote end down too. As an alternative, administratively disable both ends of the T1 SFP link to avoid the impact.

VOSS-1289

On a MACsec-enabled port, you can see delayed packets when the MACsec port is kept running for more than 12 hours. This delayed packet counter can also increment when there is complete reordering of packets so that the application might receive a slow response. But in this second case, it is a marginal increase in the packet count, which occurs due to PN mismatch sometimes only during Key expiry, and does not induce any latency.

None.

VOSS-1309

You cannot use EDM to issue ping or traceroute commands for IPv6 addresses.

Use CLI to initiate ping and traceroute commands.

VOSS-1310

You cannot use EDM to issue ping or traceroute commands for IPv4 addresses.

Use CLI to initiate ping and traceroute commands.

VOSS-1312

On the VSP 8400 Series 40-gigabit ports, the small metallic fingers that surround the ports are fragile and can bend out of shape during removal and insertion of the transceivers. When the fingers are bent, they prevent the insertion of the QSFP+ transceiver.

Insert the QSFP+ carefully. If the port becomes damaged, it needs to be repaired.

VOSS-1335

In an IGMP snoop environment, after dynamically downgrading the IGMP version to version 2 (v2), when you revert back to version 3 (v3), the following is observed:

  • The multicast traffic does not flow.

  • The sender entries are not learned on the local sender switch.

  • The Indiscard packet count is incremented on the show int gig error statistics command.

Use a v3 interface as querier in a LAN segment that has snoop-enabled v2 and v3 interfaces.

VOSS-1344

In EDM, you cannot select multiple 40 gigabit ports or a range of ports that includes 40 gigabit ports to graph or edit. You need to select them and edit them individually.

None.

VOSS-1349

On EDM, the port LED for channelized ports only shows the status of sub-port #1, but not the rest of the sub-ports. When you remove sub-port #1, and at least one other sub-port is active and online, the LED color changes to amber, when it should be green because at least one other sub-ports is active and online. The LED only shows the status of sub-port #1.

None.

VOSS-1354

An intermittent link-flap issue can occur in the following circumstance for the copper ports. If you use a crossover cable and disable auto-negotiation, the port operates at 100 Mbps. A link flap issue can occur intermittently and link flap detect will shut down the port.

Administratively shutdown, and then re-enable the port. Use auto-negotiation. Disabling auto-negotiation on these ports is not a recommended configuration.

VOSS-1358

Traffic is forwarded to IGMP v2 SSM group, even after you delete the IGMP SSM-map entry for the group.

If you perform the delete action first, you can recreate the SSM-map record, and then disable the SSM-map record. The disabled SSM-map record causes the receiver to timeout because any subsequent membership reports that arrive and match the disabled SSM-map record are dropped. You can delete the SSM-map record after the receivers time out.

VOSS-1359

The 4 byte AS confederation identifier and peers configuration are not retained across a reboot. This problem occurs when 4 Byte AS is enabled with confederation.

Reconfigure the 4 byte AS confederation identifier and peers on the device, and reboot.

VOSS-1360

After you enable enhanced secure mode, and log in for the first time, the system prompts you to enter a new password. If you do not meet the minimum password requirements, the system displays the following message: Password should contain a minimum of 2 upper and lowercase letters, 2 numbers and 2 special characters like !@#$%^*().  Password change aborted. Enter the New password:

The system output message does not display the actual minimum password requirements you need to meet, which are configured on your system. The output message is an example of what the requirements need to meet. The actual minimum password requirements you need to meet are configured on your system by the administrator.

None.

VOSS-1367

The configuration file always includes the router ospf entry regardless of whether OSPF is configured. This line does not perform any configuration and has no impact on the running software.

None.

VOSS-1368

When you use Telnet or SSH to connect to the switch, it can take up to 60 seconds for the log in prompt to appear. However, this situation is very unlikely to happen, and it does not appear in a standard normal operational network.

Do not provision DNS servers on a switch to avoid this issue altogether.

VOSS-1370

If you configure egress mirroring on NNI ports, you do not see the MAC-in-MAC header on captured packets. 

Use an Rx mirror on the other end of the link to see the packets. 

VOSS-1371

A large number of IPv6 VRRP VR instances on the same VLAN can cause high CPU utilization.

Do not create more than 10 IPv6 VRRP VRs on a single VLAN. 

VOSS-1389

If you disable IPv6 on one RSMLT peer, the switch can intermittently display COP-SW ERROR and RCIP6 ERROR error messages. This issue has no impact.

None.

VOSS-1390

If you delete the SPBM configuration and re-configure SPBM using the same nickname but a different IS-IS system ID without rebooting, the switch displays an error message.

Reboot the switch after you delete the SPBM configuration.

VOSS-1403

EDM displays the user name as Admin, even though you log in using a different user name.

None.

VOSS-1406

When you re-enable insecure protocols in the CLI SSH secure mode, the switch does not display a warning message.

None.

VOSS-1418

EDM displays the IGMP group entry that is learned on a vIST MLT port as TX-NNI.

Use CLI to view the IGMP group entry learned on a vIST MLT port.

VOSS-1428

When port-lock is enabled on the port and re-authentication on the EAP client fails, the port is removed from the RADIUS-assigned VLAN. This adds the port to the default VLAN and displays an error message. This issue has no impact.

The error message is incorrect and can be ignored.

VOSS-1433

When you manually enable or disable IS-IS on 40 Gbps ports with CR4 direct attach cables (DAC), the port bounces one time.

Configure IS-IS during the maintenance period. Bring the port down, configure the port and then bring the port up.

VOSS-1438

In a rare scenario in Simplified vIST configuration when vIST state is toggled immediately followed by vIST MLT ports are toggled, one of the MLT ports will go into blocking state resulting in failure to process data packets hashing to that link.

Before enabling vIST state ensure all vIST MLT ports are shut and re-enabled after vIST is enabled on the DUT.

VOSS-1440

VOSS-1441

When you configure a scaled Layer 3 VSN (24 Layer 3 VSN instances), route leaking from GRT to VRF on the local DUT does not happen. The switch displays an incorrect error message: Only 24 Layer 3 VSNs can be configured.

None.

VOSS-1463

VOSS-1471

When you use Fabric Extend over IP (FE-IP) and Fabric Extend over Layer 2 VLAN (FE-VID) solution, if you change the ingress and egress .1p map, packets cannot follow correct internal QoS queues for FE tunnel to FE tunnel, or FE tunnel to regular NNI traffic.

Do not change the default ingress and egress .1p maps when using Fabric Extend. With default ingress and egress .1p maps, packets follow the correct internal QoS when using the Fabric Extend feature.

VOSS-1473

If the I-SID associated with a Switched UNI or Fabric Attach port does not have a platform VLAN association and you disable Layer 2 Trusted, then the non IP traffic coming from that port does not take the port QoS and still uses the .1p priority in the packet.

None.

VOSS-1530

If you improperly close an SSH session, the session structure information does not clear and the client can stop functioning.

Disable and enable SSH.

VOSS-1584

The show debug-file all command is missing.

None.

VOSS-1585

The system does not generate a log message, either in the log file or on screen, when you run the flight-recorder command.

None.

VOSS-1608

If you use an ERS 4850 FA Proxy with a VOSS or Fabric Engine FA Server, a mismatch can exist in the show output for tagged management traffic. The ERS device always sends traffic as tagged. The VOSS or Fabric Engine FA Server can send both tagged and untagged. For untagged, the VOSS and Fabric Engine FA Servers send VLAN ID 4095 in the management VLAN field of the FA element TLV. The ERS device does not recognize this VLAN ID and so still reports the traffic as tagged.

There is no functional impact.

VOSS-1706

EAPOL: Untagged traffic is not honoring the port QOS for Layer 2 trusted/ Layer 3 untrusted.  This issue is only seen on EAPOL-enabled ports.

None.

VOSS-2014

IPv6 MLD Group is learned for Link-Local Scope Multicast Addresses. This displays additional entries in the Multicast routing tables.

None.

VOSS-2033

The following error messages appear when you use the shutdown and no shutdown commands on the MLT interface with ECMP and BGP+ enabled:

CP1 [01/23/16 11:10:16.474:UTC] 0x00108628 00000000 GlobalRouter RCIP6 ERROR rcIpReplaceRouteNotifyIpv6:FAIL ReplaceTunnelRec conn_id 2

CP1 [12/09/15 12:27:02.203:UTC] 0x00108649 00000000 GlobalRouter RCIP6 ERROR  ifyRpcOutDelFibEntry: del FIB of Ipv6Route failed with 0: ipv6addr: 201:6:604:0:0:0:0:0, mask: 96, nh: 0:0:0:0:0:0:0:0 cid 6657 owner BGP

CP1 [12/09/15 12:20:30.302:UTC] 0x00108649 00000000 GlobalRouter RCIP6 ERROR  ifyRpcOutDelFibEntry: del FIB of Ipv6Route failed with 0: ipv6addr: 210:6:782:0:0:0:0:0, mask: 96, nh: fe80:0:0:0:b2ad:aaff:fe55:5088 cid 2361 owner OSPF

Disable the alternate path.

VOSS-2036

IPsec statistics for the management interface do not increment for inESPFailures or InAHFailures.

None.

VOSS-2117

If you configure static IGMP receivers on an IGMPv3 interface and a dynamic join and leave are received on that device from the same destination VLAN or egress point, the device stops forwarding traffic to the static receiver group after the dynamic leave is processed on the device. The end result is that the IGMP static groups still exist on the device but traffic is not forwarded.

Disable and re-enable IGMP Snooping on the interface.

VOSS-2128

EAP Security and Authentication EDM tabs display additional information with internal values populated, which is not useful for the end user.

There is no functional impact. Ignore the additional information in EDM. Use the CLI command show eapol port interface to see port status.

VOSS-2207

You cannot configure an SMTP server hostname that begins with a digit. The system displays the following error: Error: Invalid IP Address or Hostname for SMTP server

None.

VOSS-2208

While performing CFM Layer 2 traceroute between two BEBs using a transit BCB, the transit BCB hop is not seen, if the transit BCB has ISIS adjacencies over FE l3core with both source BEB and destination BEB.

None.

VOSS-2253

Trace level command does not list module IDs when '?' is used.

To get the list of all module IDs, type trace level, and  then press Enter.

VOSS-2285

When on BEB, continuously pinging IPv6 neighbor address using CLI command ping -s, ping packets do not drop, but instead return no answer messages.

Restart the ping. Avoid intensive CPU processing.

VOSS-2333

Layer 2 ping to Virtual BMAC (VBMAC) fails, if the VBMAC is reachable using Layer 2 core.

None.

VOSS-2418

When you configure and enable the SLA Mon agent, the SLA Mon server is able to discover it but the agent registration on the switch does not occur.

None.

VOSS-2422

When a BGP Neighbor times out, the following error message occurs: CP1 [03/11/16 13:43:39.084:EST] 0x000b45f2 00000000 GlobalRouter SW ERROR ip_rtdeleteVrf: orec is NULL!

There is no functional impact. Ignore the error message.

VOSS-25476

DvR host entries are visible on DvR Controllers after you issue the clear dvr host-entries command or disable all DvR Controllers within the domain.

Choose one of the following workarounds:

  • Disable and reenable DvR.

  • Disable and reenable IS-IS.

  • Reenable DvR Controllers within the domain.

VOSS-2859

You cannot modify the port membership on a protocol-based VLAN using EDM, after it has been created.

Use CLI to provision the port membership on the protocol-based VLAN or delete the protocol-based VLAN, and then re-create it with the correct port member setting. 

VOSS-3393

When the SLA Mon agent IP is created on a CLIP interface, the switch provides the CLIP-id as the agent MAC.

There is no functional impact. Use different CLIP IDs to differentiate the SLA Mon agents from the SLA Mon server.

VOSS-4255

If you run IP traceroute from one end host to another end host with a DvR Leaf in between, an intermediate hop will appear as not responding because the Leaf does not have an IP interface to respond. The IP traceroute to the end host will still work.

None.

VOSS-4728

If you remove and recreate an IS-IS instance on an NNI port with auto-negotiation enabled in addition to vIST and R/SMLT enabled, it is possible that the NNI port will briefly become operationally down but does recover quickly. 

This operational change can lead to a brief traffic loss and possible reconvergence if non-ISIS protocols like OSPF or BGP are also on the NNI port.

If you need to remove and recreate an IS-IS instance on an auto-negotiation enabled NNI port that also has non-ISIS traffic, do so during a maintenance window to minimize possible impact to other non-ISIS traffic.

VOSS-4840

If you run the show fulltech command in an SSH session, do not disable SSH on the system. Doing so can block the SSH session.

None.

VOSS-4912

The VSP 4450 Series does not advertise an LLDP Management TLV.

None.

VOSS-5130

Disabling and immediately enabling IS-IS results in the following log message: PLSBFIB ERROR: /vob/cb/nd_protocols/plsb/lib/ plsbFib.cpp(line 1558) unregisterLocalInfo() local entry does not exist. key(0xfda010000fffa40)

There is no functional impact. Ignore the error message.

VOSS-5159 & VOSS-5160

If you use a CLIP address as the management IP address, the switch sends out 127.1.0.1 as the source IP address in both SMTP packets and TACACS+ packets.

None.

VOSS-5173

A device on a DvR VLAN cannot authenticate using RADIUS if the RADIUS server is on a DvR VLAN on a DvR Leaf using an in-band management IP address.  

Place the RADIUS server in a non-DvR VLAN off a DvR Leaf or DvR Controller.

VOSS-5331

When you enable FHS ND inspection on a VLAN, and an IPv6 interface exists on the same VLAN, the IPv6 host client does not receive a ping response from the VLAN.

None.

VOSS-5603

In a scaled DvR environment (scaled DvR VLANs), you could see a higher CPU utilization while deleting a DvR leaf node from the DvR domain (no dvr leaf). The CPU utilization stays higher for several minutes on that node only and then returns to normal after deleting all the internal VLANs on the leaf node. 

It is recommended to use a maintenance window when removing leaf(s) from a DvR domain.

VOSS-5627

The system does not currently restrict the number of VLANs on which you can simultaneously configure NLB and Directed Broadcast, resulting in resource hogging.

Ensure that you configure NLB and Directed Broadcast on not more than 100 VLANs simultaneously, assuming one NLB cluster for each VLAN. Also, ensure that you configure NLB on a VLAN first, and then Directed Broadcast, so as to not exhaust the NLB and Directed Broadcast shared resources. The shared resources are NLB interfaces and VLANs with Directed Broadcast enabled. The permissible limit for the shared resources is 200.

VOSS-6189

When you connect to EDM using HTTPS in Microsoft Edge or Mozilla Firefox, the configured values for the RADIUS KeepAliveTimer and CFM SBM MepId do not appear. 

Use Internet Explorer when using an HTTPS connection.

VOSS-6822

If the IPsec/IKE software used in the Radius server side is strongSwan, there is a compatibility issue between the network operating system (NOS) and strongSwan in terms of IPv6 Digicert (IKEv1/v2) authentication.

None.

VOSS-6928

On VSP 8000 Series platforms, IPv4 Filters with redirect next hop action do not forward when a default route is not present or a VLAN common to ingress VLAN of the filtered packet is not present.

Configure a default route if possible.

VOSS-7139

DHCPv6 Snooping is not working in an SPB network as the DHCPv6 Snooping entries are not being displayed.

Administrator should add manual entries.

VOSS-7457

The switch can experience an intermittent traffic loss after you disable a Fabric Extend tunnel. 

Bounce the tunnel between the devices.

VOSS-7472

EDM shows incorrect guidance for ACL TCP flag mask. EDM reports 0…63 as hexadecimal. CLI correctly shows <0-0x3F | 0-63> Mask value <Hex | Decimal>. This is a display issue only with no functional impact.

Use CLI to see the correct unit values.

VOSS-7495

The VSP 4450 Series CLI Help text shows an incorrect port for boot config flags linerate-directed-broadcast. The Help text shows 1/48. The correct port is 1/46.

None

VOSS-8424

A fragmented ping from an external device to a switch when the VLAN IP interface is tied to a non-default VRF fails.

None.

VOSS-8516

Secure Copy (SCP) cannot use 2048-bit public DSA keys from Windows.

Use 1024/2048-bit RSA keys or 1024-bit DSA keys.

VOSS-9516

When you connect to EDM using HTTPS, you can see multiple SSL negotiation with client successful messages during your EDM session. The system displays this message, each time a successful SSL_Handshake occurs between the web browser and the web server. The log file cannot show as many messages as the console and the timing between messages can be different because logging does not occur in real time.

None.

VOSS-9621

On these products, 1G Copper Pluggable auto-negotiation is always enabled after a reboot, despite configuration settings.

If you do not want to use auto-negotiation, disable it after the reboot.

VOSS-9921

Bootup redirection timeout is longer than the UNI port (SMLT) unlock timer. If both vIST nodes boot together in factory default configuration fabric mode or without a nickname, the vIST ports will not enable for up to 4 minutes. During the delay the nickname server is unreachable and vIST is not online.

None.

VOSS-10380

If you enable and configure IPv6 Source Guard and EAPoL on a port, and create and configure a Guest VLAN on the same port without DHCP Snooping and ND-inspection, no error is shown. The port is not added to the Guest VLAN.

Configure DHCP Snooping and ND-inspection are not configured on the Guest VLAN.

VOSS-10381

If you enable and configure IPv6 Source Guard and EAPoL MHSA on a port, and create and configure RAVs for Non-EAP clients on the same port without DHCP Snooping and ND-inspection, no error is shown. The client displays as authenticated into RAV, even when port is not a member of RAV.

None.

VOSS-10412

Removal of the QSFP+ to SFP+ adapter with a 10G pluggable is not detected on the VSP 8404 and VSP 8404C when in non channelized mode.

The QSFP+ to SFP+ adapter and detection works only on ports with channelization enabled.

VOSS-10574

IS-IS sys-name output is not truncated for show isis spbm nick-name or show ip route commands. If a long character sys-name is in use, the full sys-name display can cause misalignment of the output columns.

None.

VOSS-10815

DvR over SMLT: Traffic is lost at failover on SMLT towards ExtremeXOS or Switch Engine switches. DvR hosts are directly connected to the DvR controllers vIST pair on SMLT LAG and switched-UNIs are dynamically added using Fabric Attach. Only occurs when the access SMLT is LACP MLT and all the ports in the MLT are down.

When all ports in the MLT down and an ARP request is received over an NNI link, there is no physical port that can be associated with the ARP request. The ARP entry is learned against NNI link, and MAC syncs from vIST peer or from a non-vIST peer when bouncing vIST.

None.

VOSS-10891

DvR leaf vIST: Wrong rarSmltCheckSmltPeerMac MLT warning displays when the peer vIST MAC address is learned from local

None. rarSmltCheckSmltPeerMac MLT warning has no functional impact. You can ignore the error message.

VOSS-11895

In a vIST SMLT environment where streams are both local and remote, if source and receiver port links are removed and reinserted several times, eventually traffic will not be forwarded to local single-homed receivers on one peer if the traffic is ingressing from the vIST peer over the NNI link. If the stream ingresses locally, it is received by the local UNI receivers.

Disable and re-enable Fabric Multicast (spbm <1–100> multicast enable) on the source VLAN to be able to delete the streams and come back in properly.

VOSS-11943

This release does not support per-port configuration of Application Telemetry. Because the feature is enabled globally and VSP 7432CQ supports 32 100 Gbps ports, an undesirable condition could be encountered when an exceeded amount of Application Telemetry mirrored packets are sent to the collector.

None.

VOSS-12330

When accessing the on-switch RESTCONF API documentation in a web browser, the page does not render correctly.

Ensure you include the trailing slash (/) in the URL: http(s)://<ip-address>:8080/apps/restconfdoc/. For more information, see Fabric Engine User Guide.

VOSS-12405

To reach a VM, all front panel traffic must travel through an Insight port, which is a 10 Gbps port. If front panel port traffic is over 10 Gbps, this situation represents an over subscription on the Insight port and some of the packets will be dropped. As a result, ExtremeCloud IQ ‑ Site Engine can lose connectivity to the Analytics engine if Application Telemetry is enabled.

None.

VOSS-13159

The ixgbevf Ethernet device driver within the TPVM does not correctly handle the interface MTU setting. Specifically, if you configure the interface in SR-IOV mode, packets larger than the MTU size are allowed.

To avoid this problem, configure the desired MTU size on both the relevant front-panel port and Insight port from the NOS CLI.

VOSS-13463

Out port statistics for MLT port interfaces are not accurate.

Use the command show io nic-counters to display detailed port stats and error info on XA1400 Series.

VOSS-13667

An intermittent issue in SMLT environments, where ARPs or IPv6 neighbors are resolved with delay can cause a transient traffic loss for the affected IPv6 neighbors. The situation auto-corrects.

None.

VOSS-13680

Interface error statistics display is inaccurate in certain scenarios.

Use the command show io nic-counters to display detailed port stats and error info on XA1400 Series.

VOSS-13681

QoS: show qos cosq-stats cpu-port command output is not supported.

Use the command show io cpu-cosq-counters to display detailed cosq-stats on XA1400 Series.

VOSS-13693

QoS: Traffic can egress out of the queue at a different ratio than the default configuration. After the guaranteed traffic rate is served to all egress port queues, any excess bandwidth is shared equally to all queues instead of distributing on weight assigned to each queue.

None.

VOSS-13717

VOSS-14393

VOSS-14972

Link on remote side doesn‘t go down after admin shut on XA1400 while using 10G DAC or a 4x10 - 40 G breakout DAC. On the XA1400 side link goes down but Link LED shows as up. Both 10G and 4x10G DAC are not fully supported because of this issue

None for DAC and breakout cables. Because of this issue, the following optical transceivers are not supported:
  • AA1404036-E6

  • AA1404042-E6

  • C9799X4-5M

VOSS-13794

You cannot use SFTP to transfer files larger than 2 GB to the switch.

Use SCP.

VOSS-13904

VOSS-13932

VOSS-16503

VSP 4900 Series has 2 GB memory in a 64-bit system so the RESTCONF VLAN scaling number is smaller than on VSP 7400 Series, which has 16 GB physical memory. Using RESTCONF on VSP4900-48P or VSP4900-24S reduces the number of port-based VLANs on those platforms:

  • 2,000 for VSP4900-48P with RESTCONF

  • 1,000 for VSP4900-24S with RESTCONF

None.

VOSS-13947

After you enable MSTP-Fabric Connect Multi Homing (spbm 1 stp-multi-homing enable), you cannot view the configuration, role, or statistics for the STP virtual port.

None.

VOSS-13974

When an 8408QQ ESM has more than two channelized ports and is rebooted, the MKA MACsec sessions on the other cards in the same box could toggle. This issue is not seen if one or two ports are channelized on the same card.

None.

VOSS-14150

CLI remote console might stop wrapping text after some usage.

Reset the CLI window or open a new remote console window.

VOSS-14391

On an VSP 8404C switch using an 8424XT ESM, on a port with MACsec connectivity, if you set Auto-Negotiation advertisements to 1000-full, and then subsequently set the advertisement to 10000-full, the link will not come up.

To avoid this issue, set the Auto-Negotiation advertisements directly to 10000-full.

If you have experienced the issue, shut the port down and bring it back up.

VOSS-14494

Layer 2 VSN and Layer 3 VSN UNI to NNI traffic between two Backbone Edge Bridges does not hash to different ports of a MLT network-to-network interface. MLT hashing for XA1400 devices occurs after the mac-in-mac encapsulation is done. The hash keys used are the Backbone destination and Backbone source MAC addresses (BMAC DA and BMAC SA) in the Mac-in-Mac header.

Even for the Transit BCB case on XA 1400 devices for NNI to NNI traffic, the MLT hash keys used are the Backbone destination and Backbone source MAC addresses (BMAC DA and BMAC SA) in the Mac-in-Mac header.

None.

VOSS-14515

Console output errors and warnings are shown during an XA1400 Series reboot, such as:
  • error: no such device: ((hd0,gpt1)/EFI/BOOT)/EFI/BOOT/grub.cfg.

    error: file `/EFI/BOOT/grubenv' not found

  • error: no suitable video mode found.

  • [0.727012] ACPI: No IRQ available for PCI Interrupt Link [LNKS]. Try pci=noacpi or acpi=off

  • exportfs: can't open /etc/exports for reading

  • KCORE: WARNING can't find /boot/b/uImage-gemini.bin. No kexec kernel will be configured.

None. The errors or warnings are host OS or guest OS related with no functional impact and can be ignored.

VOSS-14597

Ping (originated from local CP) fails for jumbo frames on Layer 3 VSN interface.

None.

VOSS-14616

Seeing Queue buffer usage logs when changing the logical interface source IP with 64 tunnels.

When changing the source IP with 64 tunnels, seeing "GlobalRouter CPU INFO CPP: 60 percent of fbufs are in use: 0 in Tx queue,1843 in RxQueue0 0 in RxQueue1 0 in RxQueue2 0 in RxQueue3 0 in RxQueue4 0 in RxQueue5 0 in RxQueue6 0 in RxQueue7 ".

None.

VOSS-14805

VOSS-15305

The following transceivers are not supported on XA1400 Series switches:

  • 10 Gb Bidirectional 40 km SFP+ Module (10GB-BX40-D and 10GBBX40-U)

  • 1000BASE-BX10 Bidirectional 10 km DDI SFP Modules (AA1419069-E6 and AA1419070-E6)

Use only supported transceivers.

VOSS-15079

The Extreme Networks 10 meter SFP+ passive copper DAC (Model Number 10307) does not function on ports 2/3 and 2/4 of the VIM5-4X.

Use the Extreme Networks SFP+ active optical DAC (Model Number AA1403018-E6) with the VIM5-4X.

VOSS-15112

BFD sessions associated with static routes could flap one time before remaining up, when shutting down and bringing back up a BFD peer port.

None. Ignore the extra BFD session flap.

VOSS-15313

On a VSP 8404C switch using an 8424XT ESM, on a link with MACsec connectivity on both ends, and Auto-Negotiation advertisements set to 10000-full, the link will not come back up if the ESM is hot-swapped or the slot is reset.

To avoid this issue, disable MACsec prior to the hot swap or reset, and then re-enable.

If you have experienced the issue, shut either one of the link ports down and bring it back up.

VOSS-15391

An SNMP walk on the rcIgmpSnoopTraceTable table will fail with an OID not increasing error. CLI and EDM are unaffected by this issue.

None.

VOSS-15463

XA1440 and XA1480 switches can experience intermittent Link Up and Link Down transitions on the 10/100/1000BASE-T Ethernet ports upon booting.

No workaround, but there is no functional impact.

VOSS-15541

You can experience temporary traffic loss when shutting down an LACP SMLT port (and therefore causing the local SMLT to go down), in a network with scaled Multicast traffic over an SPB cloud, while the datapath processes all dpm letter messages during LCAP recovery. This slow LACP recovery situation is only seen with scaled Multicast traffic over an SPB cloud.

Use static MLTs.

VOSS-15812

Layer 3VSN IPv4 BGP (and static) routes having their next-hops resolved using IS-IS routes could result in traffic loss.

Choose the following workarounds, based on your deployment and needs:

  • Use static routes to reach the loopbacks used as BGP peers, (static routes having better preference than IS-IS); use static routes with next-hops reachable on the UNI side (L2VSN).

  • Use OSPF to reach the loopbacks used as BGP peers, but take care to ensure that the OSPF route towards the BGP peer is chosen as the “best route” (as IS-IS has a better preference than OSPF). There are several ways to accomplish this—either don‘t redistribute that route in IS-IS if it is not needed, or control the redistribution with a route-map, etc.

  • Have BGP peers reachable directly using a C-VLAN; do not use loopback interfaces as BGP peer addresses.

  • If none of the above workaround scenarios are suitable for your deployment, do not use internal Border Gateway Protocol (iBGP) peering.

VOSS-15878

VSP 4900 Series, VSP 7400 Series do not boot with just the serial console cable connected and no terminating device, for example, a terminal server, PC, or Mac.

Either attach terminal equipment or disconnect the console cable.

VOSS-16221

Layer 2 ping does not work for packets larger than 1300 on an XA1400 Series.

Use Layer 2 ping with packets smaller than 1300 bytes.

VOSS-16365

Running the command show pluggable-optical-module detail on an XA1400 Series device is highly CPU intensive to read and reply with the EEPROM details. Due to a delay in ethtool response, a watchdog miss event can occur and the event is recorded in the /intflash/wd_stats/1/wd_stats.ssio.1.log file. This scenario occurs more often if 10Gb SFP+ optics with DDM capability are installed.

None. The high CPU usage and response delay for this command is expected and cannot be resolved. No console log is generated. When the scenario occurs, the Watchdog outage is approximately 5 seconds.

VOSS-16436

Using the console connection on an XA1400 Series device while running a show command with large data output can result in drops of processing control packets.

Use Telnet or SSH connectivity instead of console connection.

VOSS-16951

On a VSP4900-48P, VSP4900-24S and VSP 7400 Series devices, if you run the show boot config sio CLI command before you have configured the baud rate, the output of the command is empty.

Configure the baud rate before you run the show boot config sio command. The only supported baud rate for these devices is 115200.

VOSS-16971

On VSP4900-24S, VSP4900-24XE, andVSP4900-12MXU-12XE devices, and on the VIM5-4XE, if a copper SFP is plugged in with the cable inserted and the remote end is also plugged in, the peer box could see a link flap and take 6-8 seconds to link up.

First, plug in the SFP, and then insert the cable. The link up then happens in 3-4 seconds.

VOSS-17002

For ingress packets that are larger than the system MTU size on XA1400 Series ports 1/1 through 1/4, error counters do not increment in the show interfaces gigabitethernet error CLI command.

Use the show io nic-counters CLI command to verify if the tx_error counters are getting incremented.

If they are getting incremented, the packets are getting dropped at egress. If they are not getting incremented, the packets are getting forwarded.

VOSS-17523

If an FE tunnel goes down between two connected XA1400 Series devices, an MTU Warning console message is logged if a ping request is issued while the tunnel is down.

You can safely ignore this warning message.
VOSS-17567

Do not use the inter-vrf /32 static routes defined with a next-hop IP address that resides in a different destination next-hop-vrf context.

None.

VOSS-18023

The management port on the 5520 switch does not support Auto-MDIX (the automatic detection of transmit and received twisted pairs).

As a best practice, enable the default auto-negotiation setting on the management port.

Because the management port does not support Auto-MDIX, when auto-negotiation is disabled, a crossover cable might be necessary to have the port link up and pass traffic.

Note: If the peer device supports Auto-MDIX, then either a straight through or crossover will work. The issue occurs only if both ends of the connection do not support Auto-MDIX.

None.

VOSS-18238

When a management VLAN with DHCP is used to reach a RADIUS server, and the RADIUS server cannot be reached, the system waits for 15 minutes before attempting to reach the RADIUS server again. This is true even if the RADIUS server becomes reachable before the 15 minutes have elapsed.

None.

VOSS-18278

On the 5520 switch, when you make any change relating to port speed, the port statistics are cleared. This is applies to all front panel fiber and copper ports as well as VIM ports.

The following are examples of changes relating to port speed:
  • Changing the auto-negotiation configuration settings on a copper port
  • Different negotiated speed on a copper port
  • Changing out an optical device for one having a different speed, for example changing from 1 Gb to 10 Gb

None.

VOSS-18360

This is an intermittent issue on the VSP 7400 Series with no impact to functionality, ISIS is disabled while the show fulltech command is running on a telnet session. Due to this the fulltech command will not find the expected I-SID value, as it is removed by the no isis command.

None.

VOSS-19212

After upgrading a VSP 7432CQ switch to VOSS 8.2.5 and rebooting, the presence of a faulty power supply unit will cause the system to terminate. A message in the debug log will report that the software could not read the contents of the power supply's EEPROM (carbonatelib_ps_read_eeprom operation).

Replace the power supply unit in the switch.

VOSS-19260

Port mirroring does not work on port 1/s1 of VSP 7400-48Y if the connection type is OVS/SR-IOV.

Use a connection type of VT-d for port 1/s1.

VOSS-19827

LLDP IPv6 neighbors do not display in EDM. LLDP IPv6 is only supported in CLI.

To display LLDP IPv6 neighbors, use the show lldp neighbor summary command.

VOSS-20115

You cannot change the management VLAN interface discovered on XA1400 Series in ExtremeCloud IQ ‑ Site Engine as part of Zero Touch Provisioning Plus (ZTP+). XA1400 Series does not support the OOB interface. You can only use the discovered interface and change other configuration values.

On XA1400 Series, use the discovered interface within ExtremeCloud IQ ‑ Site Engine for basic onboarding. Use either ExtremeCloud IQ ‑ Site Engine or CLI to complete the remaining configuration.

VOSS-20200

For VSP 8404C, if you remove and insert an Ethernet Switch Module (ESM), which has NNI ports that are members in an LACP-dynamic MLT, some ports are intermittently missing in the dynamic MLT after the ESM insertion. Traffic is affected for streams that need to exit the NNI links over the dynamic MLT for the missing ports. Rebooting the switch returns the ports to the dynamic MLT.

None.

VOSS-20227

On XA1400 Series, the VOSS OS time does not synchronize to the real time clock (RTC) after system reboot. After the switch completely boots, NTP synchronization occurs and the VOSS OS has the correct time. The OS time can be incorrect for up to two minutes after system reboot.

None.

VOSS-20455

As the switch starts, it can display the following log messages due to incomplete initialization of the management stack when trying to send the first RADIUS packet:

  • 1 2021-02-17T23:32:16.810+01:00 DIST-H9-E3.1-01 CP1 - 0x000a45ae - 00000000 GlobalRouter RADIUS ERROR rad_sendRequest: unable to send a UDP packet. error 51, S_errno_ENETUNREACH

  • 1 2021-02-17T23:32:16.811+01:00 DIST-H9-E3.1-01 CP1 - 0x000a45ac - 00000000 GlobalRouter RADIUS ERROR rad_processPendingRequest: unable to send request

None. This issue has no functional impact.

VOSS-20456

Although the Management Router is not supported in the NOS, you can add a static route for VRF 512 using EDM. The route does not become active even if the next-hop address is reachable from the OOB management interface.

None. This issue has no functional impact.

VOSS-21097

In Multi-Area where vIST peers are boundary nodes, vIST can briefly flap during connection formation when IS-IS is disabled and then reenabled on both vIST peers.

None.

VOSS-21123

Brouters on UNIs of VSP 7400 vIST peers cannot ping each other.

Add a static ARP for the Brouter of the VIST peer.

VOSS-21233

Clearing DvR host entries in a highly scaled Multi-Area DvR environment can trigger DBSYNC WARNING messages (0x00390606 - 00000000 GlobalRouter DBSYNC WARNING Message queue length from DB Sync to tMain reached warning threshold) but these can be expected in a scaled environment and are not a malfunction.

None.

VOSS-21964

When using Windows SCP application on a switch to transfer a file, an error message displays even if a file transfers successfully.

VOSS-22255

Ping, which originates from a local CP, fails for ICMP packets bigger than 1500 sent from Layer 3 VSN interface.

Initiate ping with packets size smaller than 1500.

VOSS-22522

RESTCONF is delayed in a scaled setup with 2,000 VLANs.

None.

VOSS-22858

LLDP neighbor should not be discovered with mismatch in MKA MACsec on 5520 Series ports.

Disable MKA on both sides or shut down the port on both sides.

VOSS-23146

Multi-area DvR/SPBM configuration: Timeout: No response message is returned during snmpwalk on one of the DvR controllers.

Run the snmpwalk command with an increased timeout. You can also run snmpwalk for a specific object.

VOSS-23181

When you enable the boot config flags macsec command, the indiscard counter increments on SPBM-enabled ports.

None. There is no functional impact.

VOSS-23216

If you do not enable the DvR interface when you configure a dvr-one-ip interface, the dvr-one-ip interface does not display when you issue the show dvr interfaces command.

Enable the DvR interface.

VOSS-23229

In an E-Tree scenario, IPv6 packets are forwarded between isolated ports on 5520 Series, 5420 Series, and VSP 7400 Series.

None.

VOSS-24777

In the following port configurations on 5520 Series, 5420 Series, VSP 4900 Series, VSP 7200 Series, VSP 7400 Series, VSP 8200 Series, and VSP 8400 Series inVSN ACL entries match ingressing packets that have the same VID as the VLAN associated with the ACL I-SID even if the ACL inVSN I-SID is different:

  • on an S-UNI port without a platform VLAN

  • on a T-UNI port VLAN

None.

VOSS-24872

If the collector reachability path changes for Application Telemetry, it is not reflected properly in CLI. Packets remain mirrored towards the correct path but CLI does not reflect the next hop.

None. There is no functional impact.

VOSS-25078

MAC addresses learned on a Switched UNI (S-UNI) port cannot be flushed.

None.

VOSS-25023

5520 Series, 5420 Series, and 5320 Series platforms can reach 100% CPU utilization during inband transfer (FTP, SFTP, and SCP).

None.

VOSS-25162

RESTCONF ARP and MAC data: on 5x20 switches with 5K ARP entries and 5K MAC entries, it takes approximately 1 minute to retrieve data. The time increases based on the number of entries.

The same occurs on VSP 7400 Series with over 15K entries.

None.

VOSS-25225

On 5320 Series, the four highest SFP+ ports are available at 10 Gbps with Trial Licenses. After license expiration, the port speeds drop to 1 Gbps.

Use the extend-time-period command prior to the expiration of the Trial License.

VOSS-25288

Secure boot information for 5720 Series does not display when you issue the show sys-info command.

None.

VOSS-25728

You cannot assign a second disk to the second virtual service on the following switches:

  • VSP 4900 Series

  • VSP 7400 Series

  • 5720 Series

None.

VOSS-25874 Intermittent issue seen on CFIT rack that causes inconsistency in show output. None.

VOSS-25959

On the VSP 4900 Series, VSP 7400 Series, and 5720 Series, the virtual service does not operate properly when you configure e1000 Network Interface Card (NIC) type for SR-IOV and VT-d connect types.

None.

VOSS-26028

On the VSP 4900 Series, VSP 7400 Series, and 5720 Series, the virtual service does not operate properly when you configure more than 16 virtual ports per Extreme Integrated Application Hosting port.

None.

VOSS-26032 NNI port remains in STP blocking state in a very specific scenario and configuration. Bounce the NNI port.

VOSS-26092

On the VSP 8400 Series, MKA does not operate after you issue the slot reset command.

As a workaround, issue the reset command to reset your switch.

VOSS-26099

MACsec Key Agreement (MKA) MACsec does not operate properly when you enable and disable MKA MACsec on the port 15-20 times.

None.

VOSS-26122

Intermittently, some CLI commands related to sFlow functionality do not display in the CLI log.

None.

VOSS-26134

On the VSP 7200 Series, ports link flap one time when the switch boots and after you issue the shutdown command.

None.

VOSS-26151

MACsec Key Agreement (MKA) does not operate between Fabric Engine 5520 Series and 5720 Series switches and ExtremeXOS 5520 Series and 5720 Series switches when you use GCM-AES-256 MACsec encryption cipher suite on copper ports.

As a workaround, use GCM-AES-128 MACsec encryption cipher suite to connect Fabric Engine 5520 Series and 5720 Series switches and Switch Engine 5520 Series and 5720 Series switches.

VOSS-26526

After you format a USB drive and issue the ls command, the current date and time does not display.

None.

VOSS-26527

Intermittently, the show sys-info command does not display the correct part number or serial number for the 2000 W AC PoE power supply (Model XN-ACPWR-2000W with front-to-back ventilation airflow).

None.

VOSS-26665

Password hash sha2 is present in show running-config and save config. This is the default value. None.

VOSS-26692

The entry for VLAN used to send/receive VXLAN packets to/from FIGW (for IPSec encapsulation) is missing from my_station_tcam table. In this case, traffic over the corresponding FE tunnel is lost. Shut/no shut of the used sideband port fixes the problem.

VOSS-26822

Configuration tab for Ports 53-54 (VSP 7400-48Y) cannot be accessed from the first attempt. Select menu options on your Mozilla Firefox browser. Alternatively, use another browser: Google Chrome, Safari, or Microsoft Edge.

VOSS-26831

Device not able to complete trap registration with ExtremeCloud IQ ‑ Site Engine when onboarding with ZTP+. Use the default Trap profile when using Trap registration with auto onboarding in ExtremeCloud IQ ‑ Site Engine.

VOSS-26884

AP is assigned to an Unregistered rule instead of Wifi Mgmt on a 22.9 version NAC.

None.

VOSS-27235

If you delete a VLAN IP interface, the switch does not delete the associated DvR gateway IP address.

Manually delete the DvR gateway IP address.

VOSS-27598

5720 Series does not forward multicast traffic during vIST peer reboot.

As a workaround, bounce any port in the specific VLAN.

VOSS-27643

On 5320 Series, packet port statistics do not increment for multicast traffic ingressing Layer 3 Fabric Extend NNI.

As a workaround, calculate the number of packets from the total number of bytes received.

VOSS-27702

When you configure the SSH server to use a dynamically configured port, the following log displays:

1 2022-12-14T11:49:52.210Z 7520-48XT-6C-FabricEngine CP1 - 0x000d863c - 00000000 GlobalRouter SSH ERROR Could not bind IPv4 socket for ssh, errno=48, S_errno_EADDRINUSE

As a workaround, reconfigure the SSH ports after the error is detected.

VOSS-27784

Layer 3 VSN traffic continues to flow after you delete IP addresses in dual stack scenarios.

None.

VOSS-27875

On 7520-48XT-6C copper ports(1/1-1/48) with SLPP enabled, the port LED state is off.

None.

VOSS-28101

The loss of IP BGP in-route-map and out-route-map from config when you upgrade to Release 8.5.x or later is due to the removal of the following legacy commands in Release 8.5.x that were not needed on newer platforms:
  • ip bgp out-route-map
  • ip bgp out-route-map

As a workaround, apply incoming and outgoing route-maps for BGB peers or peer groups.

VOSS-28437

Layer 3 routed traffic is discarded in a square topology with two pairs of vIST DVR controllers in different domains when traffic should reach the diagonal switch.

As a workaround, save the configuration file with the NNI-MSTP flag configured and reboot the system.

VOSS-28241

For a routed Gigabit Ethernet interface, traffic doubles on vIST peers if you issue the action flushALL command.

None.

VOSS-28288

When you connect two devices with the 10G SFP+ Copper Transceiver (PN:10338) at both ends, the link does not operate at 1G speed.

As a workaround, you can configure the port speed on the first device to 1G. If the port on the second device supports 10G, configure autonegotiation-advertisements to 1G.

VOSS-28466

Trap registration that follows the ZTP+ on-boarding process with ExtremeCloud IQ ‑ Site Engine cannot be completed on 7520 Series or 7720 Series.

Perform trap registration manually in ExtremeCloud IQ ‑ Site Engine using Configure Device > More Actions > Register Trap Receiver.

You can also use the on-switch CLI to configure trap notification.

VOSS-28525

DHCP clients fail to receive an IP address in scenarios with VRRP over SMLT when SMLT goes down and the DHCP interface is configured to broadcast.

As a workaround, disable broadcast on the DHCP relay.

VOSS-28625

Boundary Nodes return VRRP packets into the originating area and cause warning messages to display. The issue occurs if you create the following ACL rule on a Multi-area SPB Boundary Node:

filter acl 1 type inVsn matchType both
filter acl i-sid 1 12990020
filter acl ace 1 1
filter acl ace action 1 1 permit monitor-isid-offset 1
filter acl ace ethernet 1 1 ether-type eq ip
filter acl ace 1 1 enable

The issue is caused by the interoperability of this specific ACL configured to mirror the I-SID traffic, and the Multi-area filters.

Remove the ACL used to mirror I-SID traffic on the boundary node. Use Fabric RSPAN (Mirror to I-SID) to achieve similar functionality.

VOSS-28672

IPFIX does not learn MCoSPB NNI-UNI flows on 7520 Series, 7720 Series and VSP 7400 Series.

None.

VOSS-28684

For VSP 7400 Series, 7520 Series, 7720 Series, 5520 Series, and 5720 Series, on a Multi-area SPB Boundary Node, if you configure an accept policy to leak remote area routes from VRF to GRT, depending on timing following a switch reboot or IS-IS disable/enable, you may experience reachability issues to the remote area route.

As a workaround, after the Virtual Node is up and running on the Boundary node, disable and enable IP Shortcut Routing to force a reprogramming of the remote area node that reaches the destination host.