The following sections describe what is new in VOSS 8.4.2:
This release includes new feature support introduced in VOSS 8.3.1. Documentation is updated to include the following support changes:
Extreme Integrated Application Hosting Enhancements
IPsec Fragmentation Before Encryption on VSP 4900 Series and VSP 7400 Series using Fabric IPsec Gateway
Important
As of VOSS 8.3.1, SSH is disabled by default for Fabric IPsec Gateway. You can enable SSH in the VM using the set global services sshd enable command.
IPsec Fragmentation Before Encryption support in EDM on XA1400 Series.
IS-IS Hello Padding
Ability to adjust the TCP Maximum Segment Size (MSS) on VSP 4900 Series and VSP 7400 Series
XA1400 Series IPsec-Related Enhancements
For more information, see VOSS User Guide and VOSS Command Line Interface Commands Reference, or view Release Notes for VOSS 8.3.1.
You can configure the area name for home and remote areas.
For more information, see VOSS User Guide.
In earlier releases, 5520 Series switches automatically reserved Universal Ethernet ports (24 ports: 1/25 and 1/26, 48 ports: 1/49 and 1/50) as loopback ports for advanced features. Now, if a VIM is not present, 5520 Series switches automatically reserve the VIM slot as loopback ports for advanced features. When used as regular ports, the Universal Ethernet port speed is 40 Gbps as a single channel port. Although the maximum supported single channel port speed is 40 Gbps, the ports can be channelized to operate as four 10 or 25 Gbps channels.
If a VIM is present, the Universal Ethernet ports are used for SPB internal loopback.
For more information, see VOSS User Guide.
This release includes the following Auto-sense enhancements:
In earlier releases, you could not enable Auto-sense on a port that included conflicting feature configuration. Now, if you enable Auto-sense on a port, the software automatically deletes the conflicting configuration from the port. Also, if you disable Auto-sense on a port, the software removes all Auto-sense state configuration and reverts the port to the default configuration.
Auto-sense supports a port-specific data I-SID to separate the data traffic of one device from another device. Previously, you could only configure a global data I-SID to apply to all Auto-sense enabled ports.
Auto-sense support for Fabric Attach (FA) is enhanced to match the abilities of Zero Touch Configuration. Depending on the device that the Auto-sense port detects (FA-capable access point, camera, open virtual switch, or FA proxy switch), the software can apply different FA-specific configurations that you define. The I-SID priority for untagged traffic on a port in the FA state is also modified.
With this release, an Auto-sense port in the UNI state now remains in PVLAN isolated mode when any additional untagged I-SID is applied to the port. Previously, the port changed automatically to PVLAN promiscuous mode. With this change, not only can you assign the onboarding I-SID to an Auto-sense port with PVLAN isolation functionality, but you can also assign other untagged PVLAN isolated pvlan/I-SIDs to an Auto-sense port.
You can configure the Auto-sense wait interval, which controls the time to wait for a Link Layer Discovery Protocol (LLDP) neighbor to be detected in the Auto-sense wait state before transitioning to the Auto-sense onboarding state.
For more information, see VOSS User Guide.
If you configure both hostname and domain-name, the self-signed certificate uses hostname.domain-name for both common name (CN) and SAN DNS.
If you configure domain-name but not hostname, the self-signed certificate uses *.domain-name for both CN and SAN DNS.
If you configure hostname but not domain-name, the self-signed certificate uses hostname.extremenetworks.com for both CN and SAN DNS.
If you do not configure either hostname or domain-name, the self-signed certificate uses *.extremenetworks.com for both CN and SAN DNS.
All management IP addresses are added as SAN IP entries.
Note
Existing TLS certificates are still used until you manually regenerate them. As a best practice, use custom Public Key Infrastructure (PKI) certificates rather than the default self-signed certificates.
VOSS adds the ability to force the switch to overwrite the Fabric IPsec Gateway configuration file without confirmation.
For more information, see VOSS User Guide.
A command is available to return the ExtremeCloud IQ Agent firmware version on the switch to the version bundled with the VOSS image currently installed on the switch, for example, if you downgrade the VOSS image version and do not reconnect to ExtremeCloud IQ automatically.
For more information, see VOSS User Guide.
Note
Feature support is specific to VSP 4450 Series, VSP 4900 Series, and VSP 7400 Series.
Link Debounce protects the upper layers from unnecessary state changes by delaying the change of a port link state when the following situations occur:
There are frequent flaps in a short interval at the physical layer in the case of Fiber WAN services.
There is a delay in switching from the working path to the protected path in the case of Carrier Wave WAN services.
For more information, see VOSS User Guide.
LLDP-MED can be configured on ports that have FA Server enabled. For more information, see VOSS-13938 in Resolved Issues in VOSS 8.4.2.
The following enhancements were made for the show i-sid mac-address-entry command:
The TYPE column in the command output shows NON-LOCAL instead of REMOTE for MAC addresses learned from other nodes.
The command output can be filtered to show only MAC addresses learned in either the home or remote area, or learned from other nodes.
For more information, see VOSS User Guide.
This release includes the following SSH enhancements:
A new method, diffie-hellman-group-exchange-sha256, is available for SSH Key exchange.
Added new command to reset SSH, which previously required two steps and it was not possible to enable SSH after the configuration access was disabled. The new ssh reset command terminates all SSH sessions and restarts SSH server.
For more information, see VOSS User Guide.
TCP MSS is now supported when an untagged Switched UNI does not have a platform VLAN attached.
For more information, see VOSS User Guide.
The Uboot image version for 5520 Series is upgraded to 2.2.1.6. This version adds a hang-protect check to the normal boot path, and to the boot path used by VOSS rescue and personality change. The check prevents hang conditions from locking the unit.