Known Issues

This section identifies the known issues in this release.

Known Issues for VOSS 8.3

Issue number

Description

Workaround

HTTPS connection fails for CA-signed certificate with certificate inadequate type error on FF.

Ensure End-Entity, Intermediate CA and Root CA certificates are all SHA256 based and RSA2048 key signed, and Extended key usage field is set to TLS webserver Auth only for subject and root. For intermediate, it must be set with other required bits to avoid this issue. Add the root, intermediate CAs in the trust store of the browser for accessing the EDM with HTTPS.

VRF provisioning is restricted to 127 VRFs on VSP 4450 Series.

None.

EAP LLDP authentication (RADIUS bypass) does not work with Cisco IP Phone 7821. With Auto-sense, the authentication of the phone seems to complete successfully and is reachable, but after a while when it is de-authenticated, the phone is also not reachable. This is because Cisco is not encoding its MAC in LLDP packets, but VOSS expects the MAC address in the LLDP packets.

None.

VOSS-1265

On the port that is removed from a T-UNI LACP MLT, non T-UNI configuration is blocked as a result of T-UNI consistency checks.

When a port is removed from a T-UNI LACP MLT, the LACP key of the port must be set to default.

VOSS-1278

SLA Mon tests fail (between 2% and 8% failure) between devices when you have too many agents involved with scaled configurations.

This happens only in a scaled scenario with more than seven agents, otherwise the failure does not occur. The acceptable failure percentage is 5%, but you could see failures of up to 8%.

VOSS-1280

The following error message occurs when performing shutdown/no-shutdown commands continuously: IO1 [05/02/14 06:59:55.178:UTC] 0x0011c525 00000000 GlobalRouter COP-SW ERROR vsp4kTxEnable Error changing TX disable for SFP module: 24, code: -8

None. When this issue occurs, the port in question can go down, then performs a shutdown/no-shutdown of the port to bring it up and resumes operation.

VOSS-1285

CAKs are not cleared after setting the device to factory-default.

None. Currently this is the default behavior and does not affect functionality of the MACsec feature.

VOSS-1288

Shutting down the T1 link from one end of the link does not shut down the link at the remote end. You could experience traffic loss if the remote side of the link is not shut down.

This issue occurs only when a T1 SFP link from one end is shutdown. Enable a dynamic link layer protocol such as LACP or VLACP on both ends to shut the remote end down too. As an alternative, administratively disable both ends of the T1 SFP link to avoid the impact.

VOSS-1289

On a MACsec-enabled port, you can see delayed packets when the MACsec port is kept running for more than 12 hours. This delayed packet counter can also increment when there is complete reordering of packets so that the application might receive a slow response. But in this second case, it is a marginal increase in the packet count, which occurs due to PN mismatch sometimes only during Key expiry, and does not induce any latency.

None.

VOSS-1309

You cannot use EDM to issue ping or traceroute commands for IPv6 addresses.

Use CLI to initiate ping and traceroute commands.

VOSS-1310

You cannot use EDM to issue ping or traceroute commands for IPv4 addresses.

Use CLI to initiate ping and traceroute commands.

VOSS-1312

On the 40-gigabit ports, the small metallic fingers that surround the ports are fragile and can bend out of shape during removal and insertion of the transceivers. When the fingers are bent, they prevent the insertion of the QSFP+ transceiver.

Insert the QSFP+ carefully. If the port gets damaged, it needs to be repaired.

VOSS-1335

In an IGMP snoop environment, after dynamically downgrading the IGMP version to version 2 (v2), when you revert back to version 3 (v3), the following is observed:

  • The multicast traffic does not flow.

  • The sender entries are not learned on the local sender switch.

  • The Indiscard packet count gets incremented on the show int gig error statistics command.

Use a v3 interface as querier in a LAN segment that has snoop-enabled v2 and v3 interfaces.

VOSS-1344

In EDM, you cannot select multiple 40 gigabit ports or a range of ports that includes 40 gigabit ports to graph or edit. You need to select them and edit them individually.

None.

VOSS-1349

On EDM, the port LED for channelized ports only shows the status of sub-port #1, but not the rest of the sub-ports. When you remove sub-port #1, and at least one other sub-port is active and online, the LED color changes to amber, when it should be green because at least one other sub-ports is active and online. The LED only shows the status of sub-port #1.

None.

VOSS-1354

An intermittent link-flap issue can occur in the following circumstance for the copper ports. If you use a crossover cable and disable auto-negotiation, the port operates at 100 Mbps. A link flap issue can occur intermittently and link flap detect will shutdown the port.

Administratively shutdown, and then re-enable the port. Use auto-negotiation. Disabling auto-negotiation on these ports is not a recommended configuration.

VOSS-1358

Traffic is forwarded to IGMP v2 SSM group, even after you delete the IGMP SSM-map entry for the group.

If you perform the delete action first, you can recreate the SSM-map record, and then disable the SSM-map record. The disabled SSM-map record causes the receiver to timeout because any subsequent membership reports that arrive and match the disabled SSM-map record are dropped. You can delete the SSM-map record after the receivers time out.

VOSS-1359

The 4 byte AS confederation identifier and peers configuration are not retained across a reboot. This problem occurs when 4 Byte AS is enabled with confederation.

Reconfigure the 4 byte AS confederation identifier and peers on the device, and reboot.

VOSS-1360

After you enable enhanced secure mode, and log in for the first time, the system prompts you to enter a new password. If you do not meet the minimum password requirements, the system displays the following message: Password should contain a minimum of 2 upper and lowercase letters, 2 numbers and 2 special characters like !@#$%^*().  Password change aborted. Enter the New password:

The system output message does not display the actual minimum password requirements you need to meet, which are configured on your system. The output message is an example of what the requirements need to meet. The actual minimum password requirements you need to meet are configured on your system by the administrator.

None.

VOSS-1367

The configuration file always includes the router ospf entry regardless of whether OSPF is configured. This line does not perform any configuration and has no impact on the running software.

None.

VOSS-1368

When you use Telnet or SSH to connect to the switch, it can take up to 60 seconds for the log in prompt to appear. However, this situation is very unlikely to happen, and it does not appear in a standard normal operational network.

Do not provision DNS servers on a switch to avoid this issue altogether.

VOSS-1370

If you configure egress mirroring on NNI ports, you do not see the MAC-in-MAC header on captured packets. 

Use an Rx mirror on the other end of the link to see the packets. 

VOSS-1371

A large number of IPv6 VRRP VR instances on the same VLAN can cause high CPU utilization.

Do not create more than 10 IPv6 VRRP VRs on a single VLAN. 

VOSS-1389

If you disable IPv6 on one RSMLT peer, the switch can intermittently display COP-SW ERROR and RCIP6 ERROR error messages. This issue has no impact.

None.

VOSS-1390

If you delete the SPBM configuration and re-configure SPBM using the same nickname but a different IS-IS system ID without rebooting, the switch displays an error message.

Reboot the switch after you delete the SPBM configuration.

VOSS-1403

EDM displays the user name as Admin, even though you log in using a different user name.

None.

VOSS-1406

When you re-enable insecure protocols in the CLI SSH secure mode, the switch does not display a warning message.

None.

VOSS-1418

EDM displays the IGMP group entry that is learned on a vIST MLT port as TX-NNI.

Use CLI to view the IGMP group entry learned on a vIST MLT port.

VOSS-1428

When port-lock is enabled on the port and re-authentication on the EAP client fails, the port is removed from the RADIUS-assigned VLAN. This adds the port to the default VLAN and displays an error message. This issue has no impact.

The error message is incorrect and can be ignored.

VOSS-1433

When you manually enable or disable IS-IS on 40 Gbps ports with CR4 direct attach cables (DAC), the port bounces one time.

Configure IS-IS during the maintenance period. Bring the port down, configure the port and then bring the port up.

VOSS-1438

In a rare scenario in Simplified vIST configuration when vIST state is toggled immediately followed by vIST MLT ports are toggled, one of the MLT ports will go into blocking state resulting in failure to process data packets hashing to that link.

Before enabling vIST state ensure all vIST MLT ports are shut and re-enabled after vIST is enabled on the DUT.

VOSS-1440

VOSS-1441

When you configure a scaled Layer 3 VSN (24 Layer 3 VSN instances), route leaking from GRT to VRF on the local DUT does not happen. The switch displays an incorrect error message: Only 24 Layer 3 VSNs can be configured.

None.

VOSS-1463

VOSS-1471

When you use Fabric Extend over IP (FE-IP) and Fabric Extend over Layer 2 VLAN (FE-VID) solution, if you change the ingress and egress .1p map, packets cannot follow correct internal QoS queues for FE tunnel to FE tunnel, or FE tunnel to regular NNI traffic.

Do not change the default ingress and egress .1p maps when using Fabric Extend. With default ingress and egress .1p maps, packets follow the correct internal QoS when using the Fabric Extend feature.

VOSS-1473

If the I-SID associated with a Switched UNI or Fabric Attach port does not have a platform VLAN association and you disable Layer 2 Trusted, then the non IP traffic coming from that port does not take the port QoS and still uses the .1p priority in the packet.

None.

VOSS-1530

If you improperly close an SSH session, the session structure information does not clear and the client can stop functioning.

Disable and enable SSH.

VOSS-1584

The show debug-file all command is missing.

None.

VOSS-1585

The system does not generate a log message, either in the log file or on screen, when you run the flight-recorder command.

None.

VOSS-1608

If you use an ERS 4850 FA Proxy with a VOSS FA Server, a mismatch can exist in the show output for tagged management traffic. The ERS device always sends traffic as tagged. The VOSS FA Server can send both tagged and untagged. For untagged, the VOSS FA Server sends VLAN ID 4095 in the management VLAN field of the FA element TLV. The ERS device does not recognize this VLAN ID and so still reports the traffic as tagged.

There is no functional impact.

VOSS-1706

EAPOL: Untagged traffic is not honoring the port QOS for Layer 2 trusted/ Layer 3 untrusted.  This issue is only seen on EAPOL-enabled ports.

None.

VOSS-2014

IPV6 MLD Group is learned for Link-Local Scope Multicast Addresses. This displays additional entries in the Multicast routing tables.

None.

VOSS-2033

The following error messages appear when you use the shutdown and no shutdown commands on the MLT interface with ECMP and BGP+ enabled:

CP1 [01/23/16 11:10:16.474:UTC] 0x00108628 00000000 GlobalRouter RCIP6 ERROR rcIpReplaceRouteNotifyIpv6:FAIL ReplaceTunnelRec conn_id 2

CP1 [12/09/15 12:27:02.203:UTC] 0x00108649 00000000 GlobalRouter RCIP6 ERROR  ifyRpcOutDelFibEntry: del FIB of Ipv6Route failed with 0: ipv6addr: 201:6:604:0:0:0:0:0, mask: 96, nh: 0:0:0:0:0:0:0:0 cid 6657 owner BGP

CP1 [12/09/15 12:20:30.302:UTC] 0x00108649 00000000 GlobalRouter RCIP6 ERROR  ifyRpcOutDelFibEntry: del FIB of Ipv6Route failed with 0: ipv6addr: 210:6:782:0:0:0:0:0, mask: 96, nh: fe80:0:0:0:b2ad:aaff:fe55:5088 cid 2361 owner OSPF

Disable the alternate path.

VOSS-2036

IPsec statistics for the management interface do not increment for inESPFailures or InAHFailures.

None.

VOSS-2117

If you configure static IGMP receivers on an IGMPv3 interface and a dynamic join and leave are received on that device from the same destination VLAN or egress point, the device stops forwarding traffic to the static receiver group after the dynamic leave is processed on the device. The end result is that the IGMP static groups still exist on the device but traffic is not forwarded.

Disable and re-enable IGMP Snooping on the interface.

VOSS-2128

EAP Security and Authentication EDM tabs display additional information with internal values populated, which is not useful for the end user.

There is no functional impact. Ignore the additional information in EDM. Use the CLI command show eapol port interface to see port status.

VOSS-2207

You cannot configure an SMTP server hostname that begins with a digit. The system displays the following error: Error: Invalid IP Address or Hostname for SMTP server

None.

VOSS-2208

While performing CFM Layer 2 traceroute between two BEBs via a transit BCB, the transit BCB hop is not seen, if the transit BCB has ISIS adjacencies over FE l3core with both source BEB and destination BEB.

None.

VOSS-2253

Trace level command does not list module IDs when '?' is used.

To get the list of all module IDs, type trace level, and  then press Enter.

VOSS-2285

When on BEB, continuously pinging IPv6 neighbor address using CLI command ping -s, ping packets do not drop, but instead return no answer messages.

Restart the ping. Avoid intensive CPU processing.

VOSS-2333

Layer 2 ping to Virtual BMAC (VBMAC) fails, if the VBMAC is reachable via Layer 2 core.

None.

VOSS-2418

When you configure and enable the SLA Mon agent, the SLA Mon server is able to discover it but the agent registration on the switch does not occur.

None.

VOSS-2422

When a BGP Neighbor times out, the following error message occurs: CP1 [03/11/16 13:43:39.084:EST] 0x000b45f2 00000000 GlobalRouter SW ERROR ip_rtdeleteVrf: orec is NULL!

There is no functional impact. Ignore the error message.

VOSS-2859

You cannot modify the port membership on a protocol-based VLAN using EDM, after it has been created.

Use CLI to provision the port membership on the protocol-based VLAN or delete the protocol-based VLAN, and then re-create it with the correct port member setting. 

VOSS-3393

When the SLA Mon agent IP is created on a CLIP interface, the switch provides the CLIP-id as the agent MAC.

There is no functional impact. Use different CLIP IDs to differentiate the SLA Mon agents from the SLA Mon server.

VOSS-4255

If you run IP traceroute from one end host to another end host with a DvR Leaf in between, an intermediate hop will appear as not responding because the Leaf does not have an IP interface to respond. The IP traceroute to the end host will still work.

None.

VOSS-4728

If you remove and recreate an IS-IS instance on an NNI port with auto-negotiation enabled in addition to vIST and R/SMLT enabled, it is possible that the NNI port will briefly become operationally down but does recover quickly. 

This operational change can lead to a brief traffic loss and possible reconvergence if non-ISIS protocols like OSPF or BGP are also on the NNI port.

If you need to remove and recreate an IS-IS instance on an auto-negotiation enabled NNI port that also has non-ISIS traffic, do so during a maintenance window to minimize possible impact to other non-ISIS traffic.

VOSS-4840

If you run the show fulltech command in an SSH session, do not disable SSH on the system. Doing so can block the SSH session.

None.

VOSS-4912

The VSP 4450 Series does not advertise an LLDP Management TLV.

None.

VOSS-5130

Disabling and immediately enabling IS-IS results in the following log message: PLSBFIB ERROR: /vob/cb/nd_protocols/plsb/lib/ plsbFib.cpp(line 1558) unregisterLocalInfo() local entry does not exist. key(0xfda010000fffa40)

There is no functional impact. Ignore the error message.

VOSS-5159 & VOSS-5160

If you use a CLIP address as the management IP address, the switch sends out 127.1.0.1 as the source IP address in both SMTP packets and TACACS+ packets.

None.

VOSS-5173

A device on a DvR VLAN cannot authenticate using RADIUS if the RADIUS server is on a DvR VLAN on a DvR Leaf using an in-band management IP address.  

Place the RADIUS server in a non-DvR VLAN off a DvR Leaf or DvR Controller.

VOSS-5331

When you enable FHS ND inspection on a VLAN, and an IPv6 interface exists on the same VLAN, the IPv6 host client does not receive a ping response from the VLAN.

None.

VOSS-5603

In a scaled DvR environment (scaled DvR VLANs), you could see a higher CPU utilization while deleting a DvR leaf node from the DvR domain (no dvr leaf). The CPU utilization stays higher for several minutes on that node only and then returns to normal after deleting all the internal VLANs on the leaf node. 

It is recommended to use a maintenance window when removing leaf(s) from a DvR domain.

VOSS-5627

The system does not currently restrict the number of VLANs on which you can simultaneously configure NLB and Directed Broadcast, resulting in resource hogging.

Ensure that you configure NLB and Directed Broadcast on not more that 100 VLANs simultaneously, assuming one NLB cluster for each VLAN. Also, ensure that you configure NLB on a VLAN first, and then Directed Broadcast, so as to not exhaust the NLB and Directed Broadcast shared resources. The shared resources are NLB interfaces and VLANs with Directed Broadcast enabled. The permissible limit for the shared resources is 200.

VOSS-6189

When you connect to EDM using HTTPS in Microsoft Edge or Mozilla FireFox, the configured values for the RADIUS KeepAliveTimer and CFM SBM MepId do not appear. 

Use Internet Explorer when using an HTTPS connection.

VOSS-6822

If the IPsec/IKE software used in the Radius server side is strongSwan, there is a compatibility issue between VOSS and strongSwan in terms of IPv6 Digicert (IKEv1/v2) authentication.

None.

VOSS-6928

On VSP 8000 Series platforms, IPv4 Filters with redirect next hop action do not forward when a default route is not present or a VLAN common to ingress VLAN of the filtered packet is not present.

Configure a default route if possible.

VOSS-7139

DHCPv6 Snooping is not working in an SPB network as the DHCPv6 Snooping entries are not being displayed.

Administrator should add manual entries.

VOSS-7457

The switch can experience an intermittent traffic loss after you disable a Fabric Extend tunnel. 

Bounce the tunnel between the devices.

VOSS-7472

EDM shows incorrect guidance for ACL TCP flag mask. EDM reports 0…63 as hexadecimal. CLI correctly shows <0-0x3F | 0-63> Mask value <Hex | Decimal>. This is a display issue only with no functional impact.

Use CLI to see the correct unit values.

VOSS-7495

The VSP 4450 Series CLI Help text shows an incorrect port for boot config flags linerate-directed-broadcast. The Help text shows 1/48. The correct port is 1/46.

None

VOSS-8424

A fragmented ping from an external device to a switch when the VLAN IP interface is tied to a non-default VRF fails.

None.

VOSS-8516

Secure Copy (SCP) cannot use 2048-bit public DSA keys from Windows.

Use 1024/2048-bit RSA keys or 1024-bit DSA keys.

VOSS-9206

Interface statistics InDiscard counter in show interfaces gigabitEthernet error output does not increment consistently when IPv6 packets are dropped when uRPF checks fail.

This issue applies only to VSP 4450 Series.

None.

VOSS-9516

When you connect to EDM using HTTPS, you can see multiple SSL negotiation with client successful messages during your EDM session. The system displays this message, each time a successful SSL_Handshake occurs between the web browser and the web server. The log file cannot show as many messages as the console and the timing between messages can be different because logging does not occur in real time.

None.

VOSS-9589

Dynamic Nickname Assignment is not supported over Fabric Extend tunnels.

None.

VOSS-9621

For VOSS products, 1G Copper Pluggable auto-negotiation is always enabled after a reboot, despite configuration settings.

If you do not want to use auto-negotation, disable it after the reboot.

VOSS-9917

The log message INFO Switch Externally Rebooted with CoreDump does not consistently appear on the console port before reboot when you select the softResetCoreDump option from EDM.

None.

VOSS-9921

Bootup redirection timeout is longer than the UNI port (SMLT) unlock timer. If both vIST nodes boot together in factory default configuration fabric mode or without a nickname, the vIST ports will not enable for up to 4 minutes. During the delay the nickname server is unreachable and vIST is not online.

None.

VOSS-10380

If you enable and configure IPv6 Source Guard and EAPoL on a port, and create and configure a Guest VLAN on the same port without DHCP Snooping and ND-inspection, no error is shown. The port is not added to the Guest VLAN.

None.

VOSS-10381

If you enable and configure IPv6 Source Guard and EAPoL MHSA on a port, and create and configure RAVs for Non-EAP clients on the same port without DHCP Snooping and ND-inspection, no error is shown. The client displays as authenticated into RAV, even when port is not a member of RAV.

None.

VOSS-10412

Removal of the QSFP+ to SFP+ adapter with a 10G pluggable is not detected on the VSP 8404 and VSP 8404C when in non channelized mode.

The QSFP+ to SFP+ adapter and detection works only on ports with channelization enabled.

VOSS-10574

IS-IS sys-name output is not truncated for show isis spbm nick-name or show ip route commands. If a long character sys-name is in use, the full sys-name display can cause misalignment of the output columns.

None.

VOSS-10815

DvR over SMLT: Traffic is lost at failover on SMLT towards EXOS switches. DvR hosts are directly connected to the DvR controllers vIST pair on SMLT LAG and switched-UNIs are dynamically added using Fabric Attach. Only occurs when the access SMLT is LACP MLT and all the ports in the MLT are down.

When all ports in the MLT down and an ARP request is received over an NNI link, there is no physical port that can be associated with the ARP request. The ARP entry is learned against NNI link, and MAC syncs from vIST peer or from a non-vIST peer when bouncing vIST.

None.

VOSS-10891

DvR leaf vIST: Wrong rarSmltCheckSmltPeerMac MLT warning displays when the peer vIST MAC address is learned from local

None. rarSmltCheckSmltPeerMac MLT warning has no functional impact. You can ignore the error message.

VOSS-11895

In a vIST SMLT environment where streams are both local and remote, if source and receiver port links are removed and reinserted several times, eventually traffic will not be forwarded to local single-homed receivers on one peer if the traffic is ingressing from the vIST peer over the NNI link. If the stream ingresses locally, it is received by the local UNI receivers.

Disable and re-enable Fabric Multicast (spbm <1–100> multicast enable) on the source VLAN to be able to delete the streams and come back in properly.

VOSS-11943

This release does not support per-port configuration of Application Telemetry. Because the feature is enabled globally and VSP 7432CQ supports 32 100 Gbps ports, an undesirable condition could be encountered when an exceeded amount of Application Telemetry mirrored packets are sent to the collector.

None.

VOSS-12330

When accessing the on-switch RESTCONF API documentation in a web browser, the page does not render correctly.

Ensure you include the trailing slash (/) in the URL: http(s)://<ip-address>:8080/apps/restconfdoc/. For more information, see VOSS User Guide.

VOSS-12405

To reach a VM, all front panel traffic must travel through an Insight port, which is a 10 Gbps port. If front panel port traffic is over 10 Gbps, this situation represents an over subscription on the Insight port and some of the packets will be dropped. As a result, Extreme Management Center can lose connectivity to the Analytics engine if Application Telemetry is enabled.

None.

VOSS-13159

The ixgbevf Ethernet device driver within the TPVM does not correctly handle the interface MTU setting. Specifically, if you configure the interface in SR-IOV mode, packets larger than the MTU size are allowed.

To avoid this problem, configure the desired MTU size on both the relevant front-panel port and Insight port from VOSS.

VOSS-13463

Out port statistics for MLT port interfaces are not accurate.

Use the command show io nic-counters to display detailed port stats and error info on XA1400 Series.

VOSS-13667

An intermittent issue in SMLT environments, where ARPs or IPv6 neighbors are resolved with delay can cause a transient traffic loss for the affected IPv6 neighbors. The situation auto-corrects.

None.

VOSS-13680

Interface error statistics display is inaccurate in certain scenarios.

Use the command show io nic-counters to display detailed port stats and error info on XA1400 Series.

VOSS-13681

QoS: show qos cosq-stats cpu-port command output is not supported.

Use the command show io cpu-cosq-counters to display detailed cosq-stats on XA1400 Series.

VOSS-13693

QoS: Traffic can egress out of the queue at a different ratio than the default configuration. After the guaranteed traffic rate is served to all egress port queues, any excess bandwidth is shared equally to all queues instead of distributing on weight assigned to each queue.

None.

VOSS-13702

Do not use the ACE actions of deny and mirror-to-isid together on VSP 7400 Series.

None.

VOSS-13717

VOSS-14393

VOSS-14972

Link on remote side doesn‘t go down after admin shut on XA1400 while using 10G DAC or a 4x10 - 40 G breakout DAC. On the XA1400 side link goes down but Link LED shows as up. Both 10G and 4x10G DAC are not fully supported because of this issue

None for DAC and breakout cables. Because of this issue, the following optical transceivers are not supported:
  • AA1404036-E6

  • AA1404042-E6

  • C9799X4-5M

VOSS-13794

You cannot use SFTP to transfer files larger than 2 GB to a VSP switch.

Use SCP.

VOSS-13904

VOSS-13932

VOSS-16503

VSP 4900 Series has 2 GB memory in a 64-bit system so the RESTCONF VLAN scaling number is smaller than on VSP 7400 Series, which has 16 GB physical memory. Using RESTCONF on VSP4900-48P or VSP4900-24S reduces the number of port-based VLANs on those platforms:

  • 2,000 for VSP4900-48P with RESTCONF

  • 1,000 for VSP4900-24S with RESTCONF

None.

VOSS-13938

You can configure LLDP-MED on an FA-enabled port, and show lldp commands show the configuration as applied but the information is not advertized and it does not appear in show running-config output nor in config.cfg if you save the configuration

None.

VOSS-13947

After you enable MSTP-Fabric Connect Multi Homing (spbm 1 stp-multi-homing enable), you cannot view the configuration, role, or statistics for the STP virtual port.

None.

VOSS-13948

After you enable MSTP-Fabric Connect Multi Homing (spbm 1 stp-multi-homing enable), MSTP resiliency times are 30 to 40 seconds because the internal SPB-STP port is not fast-aging remote CMAC entries after a topology change occurs.

None.

VOSS-13974

When an 8408QQ ESM has more than two channelized ports and is rebooted, the MKA MACsec sessions on the other cards in the same box could toggle. This issue is not seen if one or two ports are channelized on the same card.

None.

VOSS-14150

CLI remote console might stop wrapping text after some usage.

Reset the CLI window or open a new remote console window.

VOSS-14391

On an VSP 8404C switch using an 8424XT ESM, on a port with MACsec connectivity, if you set Auto-Negotiation advertisements to 1000-full, and then subsequently set the advertisement to 10000-full, the link will not come up.

To avoid this issue, set the Auto-Negotiation advertisements directly to 10000-full.

If you have experienced the issue, shut the port down and bring it back up.

VOSS-14494

Layer 2 VSN and Layer 3 VSN UNI to NNI traffic between two Backbone Edge Bridges does not hash to different ports of a MLT network-to-network interface. MLT hashing for XA1400 devices occurs after the mac-in-mac encapsulation is done. The hash keys used are the Backbone destination and Backbone source MAC addresses (BMAC DA and BMAC SA) in the Mac-in-Mac header.

Even for the Transit BCB case on XA 1400 devices for NNI to NNI traffic, the MLT hash keys used are the Backbone destination and Backbone source MAC addresses (BMAC DA and BMAC SA) in the Mac-in-Mac header.

None.

VOSS-14515

Console output errors and warnings are shown during an XA1400 Series reboot, such as:
  • error: no such device: ((hd0,gpt1)/EFI/BOOT)/EFI/BOOT/grub.cfg.

    error: file `/EFI/BOOT/grubenv' not found

  • error: no suitable video mode found.

  • [0.727012] ACPI: No IRQ available for PCI Interrupt Link [LNKS]. Try pci=noacpi or acpi=off

  • exportfs: can't open /etc/exports for reading

  • KCORE: WARNING can't find /boot/b/uImage-gemini.bin. No kexec kernel will be configured.

None. The errors or warnings are host OS or guest OS related with no functional impact and can be ignored.

VOSS-14597

Ping (originated from local CP) fails for jumbo frames on Layer 3 VSN interface.

None.

VOSS-14616

Seeing Queue buffer usage logs when changing the logical interface source IP with 64 tunnels.

When changing the source IP with 64 tunnels, seeing "GlobalRouter CPU INFO CPP: 60 percent of fbufs are in use: 0 in Tx queue,1843 in RxQueue0 0 in RxQueue1 0 in RxQueue2 0 in RxQueue3 0 in RxQueue4 0 in RxQueue5 0 in RxQueue6 0 in RxQueue7 ".

None.

VOSS-14805

VOSS-15305

The following transceivers are not supported on XA1400 Series switches:

  • 10 Gb Bidirectional 40 km SFP+ Module (10GB-BX40-D and 10GBBX40-U)

  • 1000BASE-BX10 Bidirectional 10 km DDI SFP Modules (AA1419069-E6 and AA1419070-E6)

Use only supported transceivers.

VOSS-15079

The Extreme Networks 10 meter SFP+ passive copper DAC (Model Number 10307) does not function on ports 2/3 and 2/4 of the VIM5-4X.

Use the Extreme Networks SFP+ active optical DAC (Model Number AA1403018-E6) with the VIM5-4X.

VOSS-15112

BFD sessions associated with static routes could flap one time before remaining up, when shutting down and bringing back up a BFD peer port.

None. Ignore the extra BFD session flap.

VOSS-15313

On an VSP 8404C switch using an 8424XT ESM, on a link with MACsec connectivity on both ends, and Auto-Negotiation advertisements set to 10000-full, the link will not come back up if the ESM is hot-swapped or the slot is reset.

To avoid this issue, disable MACsec prior to the hot swap or reset, and then re-enable.

If you have experienced the issue, shut either one of the link ports down and bring it back up.

VOSS-15391

An SNMP walk on the rcIgmpSnoopTraceTable table will fail with an OID not increasing error. CLI and EDM are unaffected by this issue.

None.

VOSS-15463

XA1440 and XA1480 switches could experience intermittent Link Up and Link Down transitions on the 10/100/1000BASE-T Ethernet ports upon booting.

No workaround, but there is no functional impact.

VOSS-15541

You could experience temporary traffic loss when shutting down an LACP SMLT port (and therefore causing the local SMLT to go down), in a network with scaled Multicast traffic over an SPB cloud, while the datapath processes all dpm letter messages during LCAP recovery. This slow LACP recovery situation is only seen with scaled Multicast traffic over an SPB cloud.

Use static MLTs.

VOSS-15605

When you delete the VLAN IDs from the assigned I-SID of two vIST peers, the second VLAN ID deletion triggers log report 0x0013851e from the first peer, indicating that a Layer 3 MAC address deletion has failed.

No workaround, but there is no functional impact—the MAC address was deleted when the VLAN:ISID association was deleted.

VOSS-15812

L3VSN IPv4 BGP (and static) routes having their next-hops resolved via IS-IS routes could result in traffic loss.

Choose the following workarounds, based on your deployment and needs:

  • Use static routes to reach the loopbacks used as BGP peers, (static routes having better preference than IS-IS); use static routes with next-hops reachable on the UNI side (L2VSN).

  • Use OSPF to reach the loopbacks used as BGP peers, but take care to ensure that the OSPF route towards the BGP peer is chosen as the “best route” (as IS-IS has a better preference than OSPF). There are several ways to accomplish this—either don‘t redistribute that route in IS-IS if it is not needed, or control the redistribution with a route-map, etc.

  • Have BGP peers reachable directly via a C-VLAN; do not use loopback interfaces as BGP peer addresses.

  • If none of the above workaround scenarios are suitable for your deployment, do not use internal Border Gateway Protocol (iBGP) peering.

VOSS-15878

VSP 4900 Series and VSP 7400 Series do not boot with just the serial console cable connected and no terminating device, for example, a terminal server, PC, or Mac.

Either attach terminal equipment or disconnect the console cable.

VOSS-16221

Layer 2 ping is not working for packets larger than 1300 on an XA1400 Series.

Use Layer 2 ping with packets smaller than 1300 bytes.

VOSS-16365

Running the command show pluggable-optical-module detail on an XA1400 Series device is highly CPU intensive to read and reply with the EEPROM details. Due to a delay in ethtool response, a watchdog miss event can occur and the event is recorded in the /intflash/wd_stats/1/wd_stats.ssio.1.log file. This scenario occurs more often if 10Gb SFP+ optics with DDM capability are installed.

None. The high CPU usage and response delay for this command is expected and cannot be resolved. No console log is generated. When the scenario occurs, the Watchdog outage is approximately 5 seconds.

VOSS-16436

Using the console connection on an XA1400 Series device while running a show command with large data output can result in drops of processing control packets.

Use Telnet or SSH connectivity instead of console connection.

VOSS-16951

On a VSP4900-48P, VSP4900-24S and VSP 7400 Series devices, if you run the show boot config sio CLI command before you have configured the baud rate, the output of the command is empty.

Configure the baud rate before you run the show boot config sio command. The only supported baud rate for the these devices is 115200.

VOSS-16971

On VSP4900-24S, VSP4900-24XE, andVSP4900-12MXU-12XE devices, and on the VIM5-4XE, if a copper SFP is plugged in with the cable inserted and the remote end is also plugged in, the peer box could see a link flap and take 6-8 seconds to link up.

First, plug in the SFP, and then insert the cable. The link up then happens in 3-4 seconds.

VOSS-17002

For ingress packets that are larger than the system MTU size on XA1400 Series ports 1/1 through 1/4, error counters do not increment in the show interfaces gigabitethernet error CLI command.

Use the show io nic-counters CLI command to verify if the tx_error counters are getting incremented.

If they are getting incremented, the packets are getting dropped at egress. If they are not getting incremented, the packets are getting forwarded.

VOSS-17429

For XA1400 Series devices connected to an FE tunnel over IPsec in a dual NAT scenario, if the IPsec responder is rebooted continuously multiple times, the tunnel cannot come back up.

Manually disable and then re-enable IPsec under the Initiator‘s ISIS logical interface.

VOSS-17478

On 1 G-capable VSP 4900 Series devices, the platform MACsec statistics cannot match the port Interface statistics after Key expiry.

No Workaround. This is a Statistics data issue where the expired SA Packets Counts are removed and not accounted. There is no packet loss, and no errors.

VOSS-17523

If an FE tunnel goes down between two connected XA1400 Series devices, an MTU Warning console message is logged if a ping request is issued while the tunnel is down.

You can safely ignore this warning message.
VOSS-17567

Do not use the inter-vrf /32 static routes defined with a next-hop IP address, that resides in a different destination next-hop-vrf context.

None.

VOSS-18023

The management port on the 5520 switch does not support Auto-MDIX (the automatic detection of transmit and received twisted pairs).

It is recommended that the default auto-negotiation setting on the management port remain enabled.

Because the management port does not support Auto-MDIX, when auto-negotiation is disabled, a crossover cable might be necessary in order to have the port link up and pass traffic.

Note: If the peer device supports Auto-MDIX, then either a straight through or crossover will work. The issue occurs only if both ends of the connection do not support Auto-MDIX.

None.

VOSS-18238

When a management VLAN with DHCP is used to reach a RADIUS server, and the RADIUS server cannot be reached, the system waits for 15 minutes before attempting to reach the RADIUS server again. This is true even if the RADIUS server becomes reachable before the 15 minutes have elapsed.

None.

VOSS-18278

On the 5520 switch, when you make any change relating to port speed, the port statistics are cleared. This is applies to all front panel fiber and copper ports as well as VIM ports.

The following are examples of changes relating to port speed:
  • Changing the auto-negotiation configuration settings on a copper port
  • Different negotiated speed on a copper port
  • Changing out an optical device for one having a different speed, for example changing from 1 Gb to 10 Gb

None.

VOSS-18360

This is an intermittent issue on the VSP 7400 Series with no impact to functionality, ISIS is disabled while the show fulltech command is running on a telnet session. Due to this the fulltech command will not find the expected I-SID value, as it is removed by the no isis command.

None.

VOSS-18477

On the VSP 4900 Series, an intermittent traffic loss over the FE tunnels, in SMLT contexts, occurs for a few seconds, when you read ports to the SMLT trunk.

None.

VOSS-18486

MACsec cannot be enabled on 100 Mb links of multirate ports on the 5520-12MW-36W switch. Customers who want to secure their 100 Mb links must use only ports 1/1 to 1/36. Ports 1/37 to 1/48 cannot be used for this purpose.

Use ports 1/1 to 1/36 on the 5520-12MW-36W chassis wherever 100 Mb ports need to be secured with MACsec. Alternatively, do not enable MACsec when the port speed is 100 Mb on multirate ports 1/37 to 1/48.

VOSS-19212

After upgrading a VSP 7432CQ switch to VOSS 8.2.5 and rebooting, the presence of a faulty power supply unit will cause the system to terminate. A message in the debug log will report that the software could not read the contents of the power supply's EEPROM (carbonatelib_ps_read_eeprom operation).

Replace the power supply unit in the switch.

VOSS-19253

On 5520 switches, authentication is not allowed for requesters that use the switch's MAC address as destination rather than using the 802.1x reserved MAC address.

None.

VOSS-19255

For 5520 switches, the output of the show software command displays an incorrect release name for VOSS 8.2.5.

To display the correct release name, use the show sys-info or show sys software command.

VOSS-19260

Port mirroring does not work on port 1/s1 of VSP 7400-48Y if the connection type is OVS/SR-IOV.

Use a connection type of VT-d for port 1/s1.

VOSS-19364

If you use a Windows client to create a direct SSH session with the Fabric IPsec Gateway virtual machine (VM) and make configuration changes, the VM does not display the running configuration after the SSH session drops. This issue does not affect existing configuration or traffic; only new configuration or show commands are affected.

Use the reboot command to reboot the VM. The VM loads the configuration as normal but services are temporarily impacted during the reboot.

VOSS-19827

LLDP IPv6 neighbors do not display in EDM. LLDP IPv6 is only supported in CLI. To display LLDP IPv6 neighbors, use the show lldp neighbor summary command.

VOSS-19867

If Zero Touch Provisioning Plus (ZTP+) begins before the switch has acquired an IP address, DNS, and domain name, it can time out before the onboarding process is complete. The onboarding process completes after the next switch reboot but you must remove the previous entry for the switch in the Extreme Management Center Discovered Devices tab.

None

VOSS-20100

On DvR Controllers, the output of the show dvr members command can display an incorrect SPB L1 cost. This issue has no impact because DvR does not use this value on DvR Controllers; DvR only uses this value on Leaf nodes.

Use the show isis spbm unicast-fib command to see the real cost.

VOSS-20115

You cannot change the management VLAN interface discovered on XA1400 Series in Extreme Management Center as part of Zero Touch Provisioning Plus (ZTP+). XA1400 Series does not support the OOB interface. You can only use the discovered interface and change other configuration values.

On XA1400 Series, use the discovered interface within Extreme Management Center for basic onboarding. Use either Extreme Management Center or CLI to complete the remaining configuration.

VOSS-20117

You cannot change the password of an existing user from Extreme Management Center during ZTP+ onboarding.

In Extreme Management Center, create profiles with new CLI users.

VOSS-20200

For VSP 8404C, if you remove and insert an Ethernet Switch Module (ESM), which has NNI ports that are members in an LACP-dynamic MLT, some ports are intermittently missing in the dynamic MLT after the ESM insertion. Traffic is affected for streams that need to exit the NNI links over the dynamic MLT for the missing ports. Rebooting the switch returns the ports to the dynamic MLT.

None.

VOSS-20213

In a Bidirectional Forwarding Detection (BFD) over Fabric Extend topology where Fabric Connect NNIs with a lower l1-metric configuration exist between the BEBs, BFD packets are dropped and take down the BFD session. In a typical deployment scenario for BFD over Fabric Extend, a single connection is assumed, with no redundancy.

None.

VOSS-20214

Mitel phones require the LLDP 802.3 MAC/PHY TLV together with LLDP-MED to function properly. VOSS does not currently support the 802.3 MAC/PHY TLV.

None.

VOSS-20227

On XA1400 Series, the VOSS OS time does not synchronize to the real time clock (RTC) after system reboot. After the switch completely boots, NTP synchronization occurs and the VOSS OS has the correct time. The OS time can be incorrect for up to two minutes after system reboot.

None.

VOSS-20309

Although you can configure Bidirectional Forwarding Detection (BFD) on Layer 2 core Fabric Extend logical-interfaces, BFD sessions cannot be established over Layer 2 core Fabric Extend interfaces.

Use a Layer 3 core-based Fabric Extend interface.

VOSS-20455

As the switch starts, it can display the following log messages due to incomplete initialization of the management stack when trying to send the first RADIUS packet:

  • 1 2021-02-17T23:32:16.810+01:00 DIST-H9-E3.1-01 CP1 - 0x000a45ae - 00000000 GlobalRouter RADIUS ERROR rad_sendRequest: unable to send a UDP packet. error 51, S_errno_ENETUNREACH

  • 1 2021-02-17T23:32:16.811+01:00 DIST-H9-E3.1-01 CP1 - 0x000a45ac - 00000000 GlobalRouter RADIUS ERROR rad_processPendingRequest: unable to send request

None. This issue has no functional impact.

VOSS-20456

Although the Management Router is not supported in VOSS, you can add a static route for VRF 512 using EDM. The route does not become active even if the next-hop address is reachable from the OOB management interface.

None. This issue has no functional impact.

VOSS-20610

After a personality change from EXOS to VOSS 8.3 on a factory-shipped 5520 Series switch, the save config command fails with the following message: CP-1: Directory Not Specified doesn't exist. Save config to file Not Specified is not possible..

Configure the primary boot configuration files to the default values using the following commands, and then reboot the switch:

  • default boot config choice primary config-file

  • default boot config choice primary backup-config-file