The following sections describe what is new in VOSS 8.3.
This enhancement applies to XA1400 Series and Fabric IPsec Gateway.
This release adds support to configure the IPsec encryption key length as either 128 bit or 256 bit.
This enhancement was originally available as a demonstration feature in VOSS 8.2. This enhancement is generally available in VOSS Release 8.3.
For more information, see VOSS User Guide.
XA1400 Series, VSP 4900 Series, and VSP 7400 Series switches support IPsec authentication and encryption of Fabric Extend tunnels using pre-shared keys for authentication. This release introduces a more secure authentication method through digital certificate support for IPsec.
This release enhances digital certificate support on all switches. You can configure an encrypted SHA-256 fingerprint to validate the certificate authority (CA) certificate chain and to avoid manual transfer of the root certificate file.
For more information, see VOSS User Guide.
This enhancement was originally available as a demonstration feature in VOSS 8.2; this enhancement is now generally available and can be used in production environments. You can now use a single IP address in a subnet shared by all Controllers by configuring the DvR IP to be the same as the DvR gateway IP.
This feature does not apply to VSP 4450 Series or XA1400 Series.
For more information, see VOSS User Guide.
This release extends the Dynamic Nickname Assignment behavior, and provides the user with a prefix parameter to assign up to 256 groups with 4,096 nicknames each.
For more information, see VOSS User Guide.
Extreme Integrated Application Hosting (IAH) enhancements were originally available as a demonstration feature in VOSS 8.2; these enhancements are now generally available and can be used in production environments. The enhancements are provided on the following platforms:
VSP4900-24XE
VSP4900-12MXU-12XE
VSP 7432CQ
VSP 7400-48Y
You can configure the following enhancements:
IAH ports 1/s1 and 1/s2 to accommodate different connect types.
VT-d connect type on either 1/s1 or 1/s2 IAH ports.
Up to two VT-d connect types.
The Network Interface Card (NIC) type of the virtual port.
For more information, see VOSS User Guide.
For XA1400 Series, to improve throughput of an FE tunnel over a WAN circuit, VOSS added IPsec compression and the ability to adjust the TCP maximum segment size (MSS).
For more information, see VOSS User Guide.
The Fabric IPsec Gateway feature introduces a Virtual Machine that supports aggregation of Fabric Extend Tunnels with fragmentation, reassembly, and Internet Protocol Security (IPsec) encryption functions. Starting with VOSS 8.3, the Fabric IPsec Gateway feature is available for VSP 4900 Series switches. The same virtual machine continues to be available for VSP 7400 Series switches.
For more information, see VOSS User Guide.
This release adds FIPS 140-2 certified cryptographic module.
VSP 4900 Series and 5520 Series add support for MAC security limit-learning. Use this feature to limit the number of MAC addresses a port can learn.
For more information, see VOSS User Guide.
This release modifies the following commands, which previously displayed the password in clear text as part of the configuration method, to instead prompt for the password and hide the characters as you type them:
web-server password
snmp-server user
For more information, see VOSS User Guide.
VOSS Release 8.3 provides 60W PoE support for classes 5 and 6 on VSP 4900-12MXU-12XE.
For more information, see VOSS User Guide.
Fabric Extend (FE) enables the extension of Fabric Connect networking over Layer 2 or Layer 3 core IP networks. You can configure a VLAN IP interface as the FE tunnel source IP address on a device. You must configure the VLAN in the same VRF as the ISIS tunnel source IP address.
Note
This feature is generally available for the following products in VOSS Release 8.3:
5520 Series
VSP 4450 Series
VSP 4900 Series
VSP 7200 Series
VSP 7400 Series
VSP 8200 Series
VSP 8400 Series
This feature was previously generally available on XA1400 Series only.
For more information, see VOSS User Guide.
This release expands support for VOSS switches to the network edge and simplifies deployment and network operation processes. For information about feature support, see VOSS Feature Support Matrix and VOSS User Guide.
The system implements a port-based Auto-sense functionality to support zero touch capabilities when deploying a fabric-based network. Auto-sense introduces a port state machine that allows the port to change its state based on sensing what it is connected to. Port states can be IS-IS links, FA links, IP Phone links, and user links with or without network access control enabled. Additionally, Auto-sense establishes an automatic onboarding I-SID 15999999 on VLAN 4048 for automatic reachability of the network management segment.
Note
For bridged or routed reachability of the management servers (DHCP, RADIUS, Extreme Management Center, or ExtremeCloud IQ) the onboarding I-SID must be manually mapped to the management segment on at least one BEB in the network prior to zero touch deployments of new switches. Additionally, you must enable a Dynamic Nickname server on at least one node.
The following features and enhancements are introduced to support VOSS switches on the network edge and to support network automation:
IP Phone Support as part of Auto-sense
This feature focuses on automating IP Phone connectivity on the network to the VOSS switches.
For information about feature support, see VOSS Feature Support Matrix and VOSS User Guide.
RADIUS and EAP Enhancements
Enhancements to EAP and RADIUS-based authentication and attribute exchange automates the movement, addition, or changes of hosts at the VOSS network edge.
For information about feature support, see VOSS Feature Support Matrix and VOSS User Guide.
RADIUS Dynamic User-Based Policies
RADIUS Dynamic User-Based Policies are an addition to the Extensible Authentication Protocol (EAP) feature. RADIUS Dynamic User-Based Policies implement a dynamic method to apply filter ACL rules to EAP and NEAP authenticated user traffic.
For information about feature support, see VOSS Feature Support Matrix and VOSS User Guide.
UPnP Filtering
This feature provides an easy way to filter out Universal Plug-and-Play (uPnP) traffic without having to configure an ACL. uPnP Filtering drops all incoming multicast packets received by a switch on an IGMP-enabled interface if the multicast destination IP address is 239.255.255.250.
uPnP Filtering is disabled by default. When an IGMP interface is created, uPnP Filtering is enabled automatically on the interface for the destination multicast IP address range 239.255.255.250/32. You can use CLI or EDM to configure a different destination multicast IP address range.
For information about feature support, see VOSS Feature Support Matrix and VOSS User Guide.
Zero Touch Fabric Configuration Enhancements
Zero Touch Fabric Configuration enhancements remove support for the fabric parameter from the boot config flags factorydefaults command in this release. Now, when you boot a switch without an existing primary or secondary configuration file, the system initiates zero touch functionality, that triggers Zero Touch Fabric Configuration.
For information about feature support, see VOSS Feature Support Matrix and VOSS User Guide.
For important information about using Zero Touch Fabric Configuration after you upgrade to VOSS 8.3, see Post Upgrade Configuration for Zero Touch Fabric Configuration and Dynamic Nickname Assignment.
The following table summarizes minor changes to existing features.
|
Feature |
Change |
|---|---|
|
IPVPN |
The output of show ip ipvpn and show ipv6 ipvpn are changed to tabular format. |
|
OSPF |
Previously, OSPF area scaling limits applied to the configuration of OSPF areas, independent of whether the area contained enabled OSPF interfaces. Now, only the number of OSPF areas that contain enabled OSPF interfaces is compared against the OSPF area scaling limit. To view the number of OSPF areas with at least one enabled OSPF interface, use the show ip ospf stats command to view the value in the NumEnabledOspfAreas field. |
|
SSH |
Adds a clear ssh <0-7> command to clear SSH sessions on the switch. |
|
VRRP |
Adds a consistency check to prevent configuration of VRRP VRID 37 or 38 when DvR is enabled. |