New Software Features or Enhancements

The following sections describe what is new in this release:

Default POE Settings Match the Capabilities of the Hardware

In earlier releases, 802.3at (including legacy) was the default Power over Ethernet (PoE) powered device (PD) detection type. This feature automatically configures the default settings for PoE detection type to 802.3at and Legacy to 802.3bt Type 3 or 802.3bt Type 4 depending on the capabilities of the device.

For more information, see Fabric Engine User Guide.

DvR Enhancements

This release includes the following Distributed Virtual Routing (DvR) enhancements:

Note

Note

SPB Boundary Nodes cannot be primary or secondary DvR VRRP Controllers.

For more information, see Fabric Engine User Guide.

Dynamic Settings of max-mac on Auto-Sense Ports

You can configure the maximum MAC, EAP, and NEAP clients supported on Auto-sense enabled ports without disabling Auto-sense. Earlier you could only do this by disabling the Auto-sense.

For more information, see Fabric Engine User Guide.

Fabric Attach LLDP Triggered Updates

Each port has an internal timer that handles LLDP and sends messages individually every 30s (default interval). With this release LLDP based updates trigger the port to send the LLDP message instantly when:
  • The port is operationally UP.
  • The FA binding status is modified (including rejection).
In previous releases, updates were sent when the LLDP timers expired.

One example of this improvement is that when updates are required quickly, Edge switches connected with vIST/SMLT dual homing and Fabric Attach can disregard the timer and forcefully send an updated packet. The timer is then reset.

IP Multicast config-lite for Fabric Connect

With the introduction of IP Multicast config-lite for Fabric Connect, you can now enable Layer 3 IP Multicast routing over Fabric Connect on a Layer 2 Edge node, without an associated IP address on the VLAN. ​

Note

Note

If you enable this functionality on a VLAN interface, you cannot manually configure a VRF or an IP address on that VLAN.

For more information, see Fabric Engine User Guide.

IP SPB Multicast Policy

For specific IP multicast group addresses, you can configure IP SPB Multicast Policy to permit only multicast senders, permit only multicast receivers, or deny both. Additionally, in this release, the static IP multicast forwarding functionality allows static MC scaling, by aggregating multiple IP multicast group addresses into a static data I-SID that you configure.

For more information, see Fabric Engine User Guide.

IPv4 ACL Enhancements for EDM

You can now view Primary Bank and Secondary Bank ACEs for specific ACL IDs using Enterprise Device Manager (EDM). In the previous release, you could view Primary Bank and Secondary Bank ACEs for specific ACL IDs using CLI only.

For more information, see Fabric Engine User Guide.

New RADIUS VLAN Create VSA

This release introduces the Extreme-Dynamic-Client-Assignments Vendor Specific Attribute (VSA), a new RADIUS VSA for dynamic Virtual Local Area Network (VLAN) and Private VLAN (PVLAN) creation.

You can also use the Extreme-Dynamic-Client-Assignments VSA to configure VLAN parameters, such as VLAN name, I-SID to VLAN association, and I-SID name. VLAN-based attributes automate switch configuration using values received from the RADIUS Server.

You must configure these features through the Extreme-Dynamic-Config RADIUS VSA before you can use the VSA Extreme-Dynamic-Client-Assignments:
  • IGMP Snooping
  • DHCP Snooping
  • Dynamic ARP Inspection (DAI)

For more information, see Fabric Engine User Guide.

NTP Authentication Key Obfuscation

In earlier releases, the secret key displayed in clear text on the console and in the configuration file when you assigned an authentication key to the server using the ntp server command.

In this release, the secret key is encrypted and is not visible on the console or in the configuration file. Asterisks now display as the secret key. The show ntp key CLI command output no longer displays the secret key field. The keysecret field in EDM is also removed.

For more information, see Fabric Engine User Guide.

SHA512 Password Hashing

SHA2 512-bit password hashing improves the software security of new devices and devices booted with factory default settings. It is available as a security enhancement beyond the previous default SHA1 160-bit password hashing method. The new CLI command password hash is introduced to change the password hash between SHA1 and SHA2. The new default is SHA2 for new switches running this release.

If you change the password hash level, the system deletes all custom users and old password files. After a password hash level change, on first login each default user must change their password. If hsecure mode is enabled, a user password history is saved. You can view the currently configured password hash level with the command show cli password or show running-config module cli.
Note

Note

When upgrading, SHA1 password hashes and custom users are retained, until a factory default reset or until the password hash level is changed. During a factory default reset, SHA2 512-bit becomes the default password hash, all custom users are deleted, and SHA1 passwords are removed.

In the case of a software downgrade, all SHA2 password hashes roll back to SHA1 hashes with default passwords.
Note

Note

If you are using password hash level SHA 512 (sha2) you must reconfigure all services that require secret key authentication prior to downgrading to an earlier release.

For more information, see Fabric Engine User Guide.

Unknown Unicast Bandwidth Limiting

This release expands rate-limiting for broadcast and multicast traffic to include unknown unicast traffic. The rate you configure applies to the combined broadcast and unknown unicast traffic. In previous releases, rate-limiting resulted in excessive flooding to all members in the VLAN/ISID. There is no change to CLI command syntax.

Unified Metrics and Events Reporting

The Unified Metrics and Events Reporting feature collects data from multiple standard input devices and streams it dynamically and directly to ExtremeCloud IQ, instead of using the MIBs and the SNMP traps through the ExtremeCloud IQ Agent.

For more information, see Fabric Engine User Guide.

Use Prompt as IS-IS Sysname if Not Configured

The system uses the global system prompt name as the Intermediate System-to-Intermediate System (IS-IS) system name, by default, until you manually configure it.

For more information, see Fabric Engine User Guide.

Segmented Management Instance as Source IP for IPFIX, sFlow and Application Telemetry

In this release, you can use a Segmented Management Instance as a source IP for sFlow, IPFIX, or Application Telemetry. Previously, VLAN could not be used as a source IP address. Support for management CLIP as a source IP for sFlow, and Application Telemetry continues from previous releases and support is added for IPFIX. You can now use a management CLIP tied to a user created VRF for sFlow, IPFIX, and Application Telemetry instead of being restricted to GRT. sFlow is the only application that can use management OOB.

For more information, see Fabric Engine User Guide.