This section identifies the known issues in this release.
Issue number |
Description |
Workaround |
---|---|---|
HTTPS connection fails for CA-signed certificate with certificate inadequate type error on FF. |
Ensure End-Entity, Intermediate CA and Root CA certificates are all SHA256 based and RSA2048 key signed, and Extended key usage field is set to TLS webserver Auth only for subject and root. For intermediate, it must be set with other required bits to avoid this issue. Add the root, intermediate CAs in the trust store of the browser for accessing the EDM with HTTPS. |
|
VOSS-1265 |
On the port that is removed from a T-UNI LACP MLT, non T-UNI configuration is blocked as a result of T-UNI consistency checks. |
When a port is removed from a T-UNI LACP MLT, the LACP key of the port must be set to default. |
VOSS-1278 |
SLA Mon tests fail (between 2% and 8% failure) between devices when you have too many agents involved with scaled configurations. |
This happens only in a scaled scenario with more than seven agents, otherwise the failure does not occur. The acceptable failure percentage is 5%, but you could see failures of up to 8%. |
VOSS-1280 |
The following error message occurs when performing shutdown/no-shutdown commands continuously: IO1 [05/02/14 06:59:55.178:UTC] 0x0011c525 00000000 GlobalRouter COP-SW ERROR vsp4kTxEnable Error changing TX disable for SFP module: 24, code: -8 |
None. When this issue occurs, the port in question can go down, then performs a shutdown/no-shutdown of the port to bring it up and resumes operation. |
VOSS-1285 |
CAKs are not cleared after setting the device to factory-default. |
None. Currently this is the default behavior and does not affect functionality of the MACsec feature. |
VOSS-1288 |
Shutting down the T1 link from one end of the link does not shut down the link at the remote end. You could experience traffic loss if the remote side of the link is not shut down. |
This issue occurs only when a T1 SFP link from one end is shutdown. Enable a dynamic link layer protocol such as LACP or VLACP on both ends to shut the remote end down too. As an alternative, administratively disable both ends of the T1 SFP link to avoid the impact. |
VOSS-1289 |
On a MACsec-enabled port, you can see delayed packets when the MACsec port is kept running for more than 12 hours. This delayed packet counter can also increment when there is complete reordering of packets so that the application might receive a slow response. But in this second case, it is a marginal increase in the packet count, which occurs due to PN mismatch sometimes only during Key expiry, and does not induce any latency. |
None. |
VOSS-1309 |
You cannot use EDM to issue ping or traceroute commands for IPv6 addresses. |
Use CLI to initiate ping and traceroute commands. |
VOSS-1310 |
You cannot use EDM to issue ping or traceroute commands for IPv4 addresses. |
Use CLI to initiate ping and traceroute commands. |
VOSS-1312 |
On the VSP 8400 Series 40-gigabit ports, the small metallic fingers that surround the ports are fragile and can bend out of shape during removal and insertion of the transceivers. When the fingers are bent, they prevent the insertion of the QSFP+ transceiver. |
Insert the QSFP+ carefully. If the port becomes damaged, it needs to be repaired. |
VOSS-1335 |
In an IGMP snoop environment, after dynamically downgrading the IGMP version to version 2 (v2), when you revert back to version 3 (v3), the following is observed:
|
Use a v3 interface as querier in a LAN segment that has snoop-enabled v2 and v3 interfaces. |
VOSS-1344 |
In EDM, you cannot select multiple 40 gigabit ports or a range of ports that includes 40 gigabit ports to graph or edit. You need to select them and edit them individually. |
None. |
VOSS-1349 |
On EDM, the port LED for channelized ports only shows the status of sub-port #1, but not the rest of the sub-ports. When you remove sub-port #1, and at least one other sub-port is active and online, the LED color changes to amber, when it should be green because at least one other sub-ports is active and online. The LED only shows the status of sub-port #1. |
None. |
VOSS-1354 |
An intermittent link-flap issue can occur in the following circumstance for the copper ports. If you use a crossover cable and disable auto-negotiation, the port operates at 100 Mbps. A link flap issue can occur intermittently and link flap detect will shut down the port. |
Administratively shutdown, and then re-enable the port. Use auto-negotiation. Disabling auto-negotiation on these ports is not a recommended configuration. |
VOSS-1358 |
Traffic is forwarded to IGMP v2 SSM group, even after you delete the IGMP SSM-map entry for the group. |
If you perform the delete action first, you can recreate the SSM-map record, and then disable the SSM-map record. The disabled SSM-map record causes the receiver to timeout because any subsequent membership reports that arrive and match the disabled SSM-map record are dropped. You can delete the SSM-map record after the receivers time out. |
VOSS-1359 |
The 4 byte AS confederation identifier and peers configuration are not retained across a reboot. This problem occurs when 4 Byte AS is enabled with confederation. |
Reconfigure the 4 byte AS confederation identifier and peers on the device, and reboot. |
VOSS-1360 |
After you enable enhanced secure mode, and log in for the first time, the system prompts you to enter a new password. If you do not meet the minimum password requirements, the system displays the following message: Password should contain a minimum of 2 upper and lowercase letters, 2 numbers and 2 special characters like !@#$%^*(). Password change aborted. Enter the New password: The system output message does not display the actual minimum password requirements you need to meet, which are configured on your system. The output message is an example of what the requirements need to meet. The actual minimum password requirements you need to meet are configured on your system by the administrator. |
None. |
VOSS-1367 |
The configuration file always includes the router ospf entry regardless of whether OSPF is configured. This line does not perform any configuration and has no impact on the running software. |
None. |
VOSS-1368 |
When you use Telnet or SSH to connect to the switch, it can take up to 60 seconds for the log in prompt to appear. However, this situation is very unlikely to happen, and it does not appear in a standard normal operational network. |
Do not provision DNS servers on a switch to avoid this issue altogether. |
VOSS-1370 |
If you configure egress mirroring on NNI ports, you do not see the MAC-in-MAC header on captured packets. |
Use an Rx mirror on the other end of the link to see the packets. |
VOSS-1371 |
A large number of IPv6 VRRP VR instances on the same VLAN can cause high CPU utilization. |
Do not create more than 10 IPv6 VRRP VRs on a single VLAN. |
VOSS-1389 |
If you disable IPv6 on one RSMLT peer, the switch can intermittently display COP-SW ERROR and RCIP6 ERROR error messages. This issue has no impact. |
None. |
VOSS-1390 |
If you delete the SPBM configuration and re-configure SPBM using the same nickname but a different IS-IS system ID without rebooting, the switch displays an error message. |
Reboot the switch after you delete the SPBM configuration. |
VOSS-1403 |
EDM displays the user name as Admin, even though you log in using a different user name. |
None. |
VOSS-1406 |
When you re-enable insecure protocols in the CLI SSH secure mode, the switch does not display a warning message. |
None. |
VOSS-1418 |
EDM displays the IGMP group entry that is learned on a vIST MLT port as TX-NNI. |
Use CLI to view the IGMP group entry learned on a vIST MLT port. |
VOSS-1428 |
When port-lock is enabled on the port and re-authentication on the EAP client fails, the port is removed from the RADIUS-assigned VLAN. This adds the port to the default VLAN and displays an error message. This issue has no impact. |
The error message is incorrect and can be ignored. |
VOSS-1433 |
When you manually enable or disable IS-IS on 40 Gbps ports with CR4 direct attach cables (DAC), the port bounces one time. |
Configure IS-IS during the maintenance period. Bring the port down, configure the port and then bring the port up. |
VOSS-1438 |
In a rare scenario in Simplified vIST configuration when vIST state is toggled immediately followed by vIST MLT ports are toggled, one of the MLT ports will go into blocking state resulting in failure to process data packets hashing to that link. |
Before enabling vIST state ensure all vIST MLT ports are shut and re-enabled after vIST is enabled on the DUT. |
VOSS-1440 VOSS-1441 |
When you configure a scaled Layer 3 VSN (24 Layer 3 VSN instances), route leaking from GRT to VRF on the local DUT does not happen. The switch displays an incorrect error message: Only 24 Layer 3 VSNs can be configured. |
None. |
VOSS-1463 VOSS-1471 |
When you use Fabric Extend over IP (FE-IP) and Fabric Extend over Layer 2 VLAN (FE-VID) solution, if you change the ingress and egress .1p map, packets cannot follow correct internal QoS queues for FE tunnel to FE tunnel, or FE tunnel to regular NNI traffic. |
Do not change the default ingress and egress .1p maps when using Fabric Extend. With default ingress and egress .1p maps, packets follow the correct internal QoS when using the Fabric Extend feature. |
VOSS-1473 |
If the I-SID associated with a Switched UNI or Fabric Attach port does not have a platform VLAN association and you disable Layer 2 Trusted, then the non IP traffic coming from that port does not take the port QoS and still uses the .1p priority in the packet. |
None. |
VOSS-1530 |
If you improperly close an SSH session, the session structure information does not clear and the client can stop functioning. |
Disable and enable SSH. |
VOSS-1584 |
The show debug-file all command is missing. |
None. |
VOSS-1585 |
The system does not generate a log message, either in the log file or on screen, when you run the flight-recorder command. |
None. |
VOSS-1608 |
If you use an ERS 4850 FA Proxy with a VOSS or Fabric Engine FA Server, a mismatch can exist in the show output for tagged management traffic. The ERS device always sends traffic as tagged. The VOSS or Fabric Engine FA Server can send both tagged and untagged. For untagged, the VOSS and Fabric Engine FA Servers send VLAN ID 4095 in the management VLAN field of the FA element TLV. The ERS device does not recognize this VLAN ID and so still reports the traffic as tagged. |
There is no functional impact. |
VOSS-1706 |
EAPOL: Untagged traffic is not honoring the port QOS for Layer 2 trusted/ Layer 3 untrusted. This issue is only seen on EAPOL-enabled ports. |
None. |
VOSS-2014 |
IPv6 MLD Group is learned for Link-Local Scope Multicast Addresses. This displays additional entries in the Multicast routing tables. |
None. |
VOSS-2033 |
The following error messages appear when you use the shutdown and no shutdown commands on the MLT interface with ECMP and BGP+ enabled: CP1 [01/23/16 11:10:16.474:UTC] 0x00108628 00000000 GlobalRouter RCIP6 ERROR rcIpReplaceRouteNotifyIpv6:FAIL ReplaceTunnelRec conn_id 2 CP1 [12/09/15 12:27:02.203:UTC] 0x00108649 00000000 GlobalRouter RCIP6 ERROR ifyRpcOutDelFibEntry: del FIB of Ipv6Route failed with 0: ipv6addr: 201:6:604:0:0:0:0:0, mask: 96, nh: 0:0:0:0:0:0:0:0 cid 6657 owner BGP CP1 [12/09/15 12:20:30.302:UTC] 0x00108649 00000000 GlobalRouter RCIP6 ERROR ifyRpcOutDelFibEntry: del FIB of Ipv6Route failed with 0: ipv6addr: 210:6:782:0:0:0:0:0, mask: 96, nh: fe80:0:0:0:b2ad:aaff:fe55:5088 cid 2361 owner OSPF |
Disable the alternate path. |
VOSS-2036 |
IPsec statistics for the management interface do not increment for inESPFailures or InAHFailures. |
None. |
VOSS-2117 |
If you configure static IGMP receivers on an IGMPv3 interface and a dynamic join and leave are received on that device from the same destination VLAN or egress point, the device stops forwarding traffic to the static receiver group after the dynamic leave is processed on the device. The end result is that the IGMP static groups still exist on the device but traffic is not forwarded. |
Disable and re-enable IGMP Snooping on the interface. |
VOSS-2128 |
EAP Security and Authentication EDM tabs display additional information with internal values populated, which is not useful for the end user. |
There is no functional impact. Ignore the additional information in EDM. Use the CLI command show eapol port interface to see port status. |
VOSS-2207 |
You cannot configure an SMTP server hostname that begins with a digit. The system displays the following error: Error: Invalid IP Address or Hostname for SMTP server |
None. |
VOSS-2208 |
While performing CFM Layer 2 traceroute between two BEBs using a transit BCB, the transit BCB hop is not seen, if the transit BCB has ISIS adjacencies over FE l3core with both source BEB and destination BEB. |
None. |
VOSS-2253 |
Trace level command does not list module IDs when '?' is used. |
To get the list of all module IDs, type trace level, and then press Enter. |
VOSS-2285 |
When on BEB, continuously pinging IPv6 neighbor address using CLI command ping -s, ping packets do not drop, but instead return no answer messages. |
Restart the ping. Avoid intensive CPU processing. |
VOSS-2333 |
Layer 2 ping to Virtual BMAC (VBMAC) fails, if the VBMAC is reachable using Layer 2 core. |
None. |
VOSS-2418 |
When you configure and enable the SLA Mon agent, the SLA Mon server is able to discover it but the agent registration on the switch does not occur. |
None. |
VOSS-2422 |
When a BGP Neighbor times out, the following error message occurs: CP1 [03/11/16 13:43:39.084:EST] 0x000b45f2 00000000 GlobalRouter SW ERROR ip_rtdeleteVrf: orec is NULL! |
There is no functional impact. Ignore the error message. |
VOSS-25476 |
DvR host entries are visible on DvR Controllers after you issue the clear dvr host-entries command or disable all DvR Controllers within the domain. |
Choose one of the following workarounds:
|
VOSS-2859 |
You cannot modify the port membership on a protocol-based VLAN using EDM, after it has been created. |
Use CLI to provision the port membership on the protocol-based VLAN or delete the protocol-based VLAN, and then re-create it with the correct port member setting. |
VOSS-3393 |
When the SLA Mon agent IP is created on a CLIP interface, the switch provides the CLIP-id as the agent MAC. |
There is no functional impact. Use different CLIP IDs to differentiate the SLA Mon agents from the SLA Mon server. |
VOSS-4255 |
If you run IP traceroute from one end host to another end host with a DvR Leaf in between, an intermediate hop will appear as not responding because the Leaf does not have an IP interface to respond. The IP traceroute to the end host will still work. |
None. |
VOSS-4728 |
If you remove and recreate an IS-IS instance on an NNI port with auto-negotiation enabled in addition to vIST and R/SMLT enabled, it is possible that the NNI port will briefly become operationally down but does recover quickly. This operational change can lead to a brief traffic loss and possible reconvergence if non-ISIS protocols like OSPF or BGP are also on the NNI port. |
If you need to remove and recreate an IS-IS instance on an auto-negotiation enabled NNI port that also has non-ISIS traffic, do so during a maintenance window to minimize possible impact to other non-ISIS traffic. |
VOSS-4840 |
If you run the show fulltech command in an SSH session, do not disable SSH on the system. Doing so can block the SSH session. |
None. |
VOSS-4912 |
The VSP 4450 Series does not advertise an LLDP Management TLV. |
None. |
VOSS-5130 |
Disabling and immediately enabling IS-IS results in the following log message: PLSBFIB ERROR: /vob/cb/nd_protocols/plsb/lib/ plsbFib.cpp(line 1558) unregisterLocalInfo() local entry does not exist. key(0xfda010000fffa40) |
There is no functional impact. Ignore the error message. |
VOSS-5159 & VOSS-5160 |
If you use a CLIP address as the management IP address, the switch sends out 127.1.0.1 as the source IP address in both SMTP packets and TACACS+ packets. |
None. |
VOSS-5173 |
A device on a DvR VLAN cannot authenticate using RADIUS if the RADIUS server is on a DvR VLAN on a DvR Leaf using an in-band management IP address. |
Place the RADIUS server in a non-DvR VLAN off a DvR Leaf or DvR Controller. |
VOSS-5331 |
When you enable FHS ND inspection on a VLAN, and an IPv6 interface exists on the same VLAN, the IPv6 host client does not receive a ping response from the VLAN. |
None. |
VOSS-5603 |
In a scaled DvR environment (scaled DvR VLANs), you could see a higher CPU utilization while deleting a DvR leaf node from the DvR domain (no dvr leaf). The CPU utilization stays higher for several minutes on that node only and then returns to normal after deleting all the internal VLANs on the leaf node. |
It is recommended to use a maintenance window when removing leaf(s) from a DvR domain. |
VOSS-5627 |
The system does not currently restrict the number of VLANs on which you can simultaneously configure NLB and Directed Broadcast, resulting in resource hogging. |
Ensure that you configure NLB and Directed Broadcast on not more than 100 VLANs simultaneously, assuming one NLB cluster for each VLAN. Also, ensure that you configure NLB on a VLAN first, and then Directed Broadcast, so as to not exhaust the NLB and Directed Broadcast shared resources. The shared resources are NLB interfaces and VLANs with Directed Broadcast enabled. The permissible limit for the shared resources is 200. |
VOSS-6189 |
When you connect to EDM using HTTPS in Microsoft Edge or Mozilla Firefox, the configured values for the RADIUS KeepAliveTimer and CFM SBM MepId do not appear. |
Use Internet Explorer when using an HTTPS connection. |
VOSS-6822 |
If the IPsec/IKE software used in the Radius server side is strongSwan, there is a compatibility issue between the network operating system (NOS) and strongSwan in terms of IPv6 Digicert (IKEv1/v2) authentication. |
None. |
VOSS-6928 |
On VSP 8000 Series platforms, IPv4 Filters with redirect next hop action do not forward when a default route is not present or a VLAN common to ingress VLAN of the filtered packet is not present. |
Configure a default route if possible. |
VOSS-7139 |
DHCPv6 Snooping is not working in an SPB network as the DHCPv6 Snooping entries are not being displayed. |
Administrator should add manual entries. |
VOSS-7457 |
The switch can experience an intermittent traffic loss after you disable a Fabric Extend tunnel. |
Bounce the tunnel between the devices. |
VOSS-7472 |
EDM shows incorrect guidance for ACL TCP flag mask. EDM reports 0…63 as hexadecimal. CLI correctly shows <0-0x3F | 0-63> Mask value <Hex | Decimal>. This is a display issue only with no functional impact. |
Use CLI to see the correct unit values. |
VOSS-7495 |
The VSP 4450 Series CLI Help text shows an incorrect port for boot config flags linerate-directed-broadcast. The Help text shows 1/48. The correct port is 1/46. |
None |
VOSS-8424 |
A fragmented ping from an external device to a switch when the VLAN IP interface is tied to a non-default VRF fails. |
None. |
VOSS-8516 |
Secure Copy (SCP) cannot use 2048-bit public DSA keys from Windows. |
Use 1024/2048-bit RSA keys or 1024-bit DSA keys. |
VOSS-9516 |
When you connect to EDM using HTTPS, you can see multiple SSL negotiation with client successful messages during your EDM session. The system displays this message, each time a successful SSL_Handshake occurs between the web browser and the web server. The log file cannot show as many messages as the console and the timing between messages can be different because logging does not occur in real time. |
None. |
VOSS-9621 |
On these products, 1G Copper Pluggable auto-negotiation is always enabled after a reboot, despite configuration settings. |
If you do not want to use auto-negotiation, disable it after the reboot. |
VOSS-9921 |
Bootup redirection timeout is longer than the UNI port (SMLT) unlock timer. If both vIST nodes boot together in factory default configuration fabric mode or without a nickname, the vIST ports will not enable for up to 4 minutes. During the delay the nickname server is unreachable and vIST is not online. |
None. |
VOSS-10380 |
If you enable and configure IPv6 Source Guard and EAPoL on a port, and create and configure a Guest VLAN on the same port without DHCP Snooping and ND-inspection, no error is shown. The port is not added to the Guest VLAN. |
Configure DHCP Snooping and ND-inspection are not configured on the Guest VLAN. |
VOSS-10381 |
If you enable and configure IPv6 Source Guard and EAPoL MHSA on a port, and create and configure RAVs for Non-EAP clients on the same port without DHCP Snooping and ND-inspection, no error is shown. The client displays as authenticated into RAV, even when port is not a member of RAV. |
None. |
VOSS-10412 |
Removal of the QSFP+ to SFP+ adapter with a 10G pluggable is not detected on the VSP 8404 and VSP 8404C when in non channelized mode. |
The QSFP+ to SFP+ adapter and detection works only on ports with channelization enabled. |
VOSS-10574 |
IS-IS sys-name output is not truncated for show isis spbm nick-name or show ip route commands. If a long character sys-name is in use, the full sys-name display can cause misalignment of the output columns. |
None. |
VOSS-10815 |
DvR over SMLT: Traffic is lost at failover on SMLT towards ExtremeXOS or Switch Engine switches. DvR hosts are directly connected to the DvR controllers vIST pair on SMLT LAG and switched-UNIs are dynamically added using Fabric Attach. Only occurs when the access SMLT is LACP MLT and all the ports in the MLT are down. When all ports in the MLT down and an ARP request is received over an NNI link, there is no physical port that can be associated with the ARP request. The ARP entry is learned against NNI link, and MAC syncs from vIST peer or from a non-vIST peer when bouncing vIST. |
None. |
VOSS-10891 |
DvR leaf vIST: Wrong rarSmltCheckSmltPeerMac MLT warning displays when the peer vIST MAC address is learned from local |
None. rarSmltCheckSmltPeerMac MLT warning has no functional impact. You can ignore the error message. |
VOSS-11895 |
In a vIST SMLT environment where streams are both local and remote, if source and receiver port links are removed and reinserted several times, eventually traffic will not be forwarded to local single-homed receivers on one peer if the traffic is ingressing from the vIST peer over the NNI link. If the stream ingresses locally, it is received by the local UNI receivers. |
Disable and re-enable Fabric Multicast (spbm <1–100> multicast enable) on the source VLAN to be able to delete the streams and come back in properly. |
VOSS-11943 |
This release does not support per-port configuration of Application Telemetry. Because the feature is enabled globally and VSP 7432CQ supports 32 100 Gbps ports, an undesirable condition could be encountered when an exceeded amount of Application Telemetry mirrored packets are sent to the collector. |
None. |
VOSS-12330 |
When accessing the on-switch RESTCONF API documentation in a web browser, the page does not render correctly. |
Ensure you include the trailing slash (/) in the URL: http(s)://<ip-address>:8080/apps/restconfdoc/. For more information, see VOSS User Guide. |
VOSS-12405 |
To reach a VM, all front panel traffic must travel through an Insight port, which is a 10 Gbps port. If front panel port traffic is over 10 Gbps, this situation represents an over subscription on the Insight port and some of the packets will be dropped. As a result, ExtremeCloud IQ ‑ Site Engine can lose connectivity to the Analytics engine if Application Telemetry is enabled. |
None. |
VOSS-13159 |
The ixgbevf Ethernet device driver within the TPVM does not correctly handle the interface MTU setting. Specifically, if you configure the interface in SR-IOV mode, packets larger than the MTU size are allowed. |
To avoid this problem, configure the desired MTU size on both the relevant front-panel port and Insight port from the NOS CLI. |
VOSS-13463 |
Out port statistics for MLT port interfaces are not accurate. |
Use the command show io nic-counters to display detailed port stats and error info on XA1400 Series. |
VOSS-13667 |
An intermittent issue in SMLT environments, where ARPs or IPv6 neighbors are resolved with delay can cause a transient traffic loss for the affected IPv6 neighbors. The situation auto-corrects. |
None. |
VOSS-13680 |
Interface error statistics display is inaccurate in certain scenarios. |
Use the command show io nic-counters to display detailed port stats and error info on XA1400 Series. |
VOSS-13681 |
QoS: show qos cosq-stats cpu-port command output is not supported. |
Use the command show io cpu-cosq-counters to display detailed cosq-stats on XA1400 Series. |
VOSS-13693 |
QoS: Traffic can egress out of the queue at a different ratio than the default configuration. After the guaranteed traffic rate is served to all egress port queues, any excess bandwidth is shared equally to all queues instead of distributing on weight assigned to each queue. |
None. |
VOSS-13717 VOSS-14393 VOSS-14972 |
Link on remote side doesn‘t go down after admin shut on XA1400 while using 10G DAC or a 4x10 - 40 G breakout DAC. On the XA1400 side link goes down but Link LED shows as up. Both 10G and 4x10G DAC are not fully supported because of this issue |
None for DAC and breakout cables. Because of this issue, the following optical
transceivers are not supported:
|
VOSS-13794 |
You cannot use SFTP to transfer files larger than 2 GB to the switch. |
Use SCP. |
VOSS-13904 VOSS-13932 VOSS-16503 |
VSP 4900 Series has 2 GB memory in a 64-bit system so the RESTCONF VLAN scaling number is smaller than on VSP 7400 Series, which has 16 GB physical memory. Using RESTCONF on VSP4900-48P or VSP4900-24S reduces the number of port-based VLANs on those platforms:
|
None. |
VOSS-13947 |
After you enable MSTP-Fabric Connect Multi Homing (spbm 1 stp-multi-homing enable), you cannot view the configuration, role, or statistics for the STP virtual port. |
None. |
VOSS-13974 |
When an 8408QQ ESM has more than two channelized ports and is rebooted, the MKA MACsec sessions on the other cards in the same box could toggle. This issue is not seen if one or two ports are channelized on the same card. |
None. |
VOSS-14150 |
CLI remote console might stop wrapping text after some usage. |
Reset the CLI window or open a new remote console window. |
VOSS-14391 |
On an VSP 8404C switch using an 8424XT ESM, on a port with MACsec connectivity, if you set Auto-Negotiation advertisements to 1000-full, and then subsequently set the advertisement to 10000-full, the link will not come up. |
To avoid this issue, set the Auto-Negotiation advertisements directly to 10000-full. If you have experienced the issue, shut the port down and bring it back up. |
VOSS-14494 |
Layer 2 VSN and Layer 3 VSN UNI to NNI traffic between two Backbone Edge Bridges does not hash to different ports of a MLT network-to-network interface. MLT hashing for XA1400 devices occurs after the mac-in-mac encapsulation is done. The hash keys used are the Backbone destination and Backbone source MAC addresses (BMAC DA and BMAC SA) in the Mac-in-Mac header. Even for the Transit BCB case on XA 1400 devices for NNI to NNI traffic, the MLT hash keys used are the Backbone destination and Backbone source MAC addresses (BMAC DA and BMAC SA) in the Mac-in-Mac header. |
None. |
VOSS-14515 |
Console output errors and warnings are shown during an XA1400 Series reboot, such as:
|
None. The errors or warnings are host OS or guest OS related with no functional impact and can be ignored. |
VOSS-14597 |
Ping (originated from local CP) fails for jumbo frames on Layer 3 VSN interface. |
None. |
VOSS-14616 |
Seeing Queue buffer usage logs when changing the logical interface source IP with 64 tunnels. When changing the source IP with 64 tunnels, seeing "GlobalRouter CPU INFO CPP: 60 percent of fbufs are in use: 0 in Tx queue,1843 in RxQueue0 0 in RxQueue1 0 in RxQueue2 0 in RxQueue3 0 in RxQueue4 0 in RxQueue5 0 in RxQueue6 0 in RxQueue7 ". |
None. |
VOSS-14805 VOSS-15305 |
The following transceivers are not supported on XA1400 Series switches:
|
Use only supported transceivers. |
VOSS-15079 |
The Extreme Networks 10 meter SFP+ passive copper DAC (Model Number 10307) does not function on ports 2/3 and 2/4 of the VIM5-4X. |
Use the Extreme Networks SFP+ active optical DAC (Model Number AA1403018-E6) with the VIM5-4X. |
VOSS-15112 |
BFD sessions associated with static routes could flap one time before remaining up, when shutting down and bringing back up a BFD peer port. |
None. Ignore the extra BFD session flap. |
VOSS-15313 |
On a VSP 8404C switch using an 8424XT ESM, on a link with MACsec connectivity on both ends, and Auto-Negotiation advertisements set to 10000-full, the link will not come back up if the ESM is hot-swapped or the slot is reset. |
To avoid this issue, disable MACsec prior to the hot swap or reset, and then re-enable. If you have experienced the issue, shut either one of the link ports down and bring it back up. |
VOSS-15391 |
An SNMP walk on the rcIgmpSnoopTraceTable table will fail with an OID not increasing error. CLI and EDM are unaffected by this issue. |
None. |
VOSS-15463 |
XA1440 and XA1480 switches can experience intermittent Link Up and Link Down transitions on the 10/100/1000BASE-T Ethernet ports upon booting. |
No workaround, but there is no functional impact. |
VOSS-15541 |
You can experience temporary traffic loss when shutting down an LACP SMLT port (and therefore causing the local SMLT to go down), in a network with scaled Multicast traffic over an SPB cloud, while the datapath processes all dpm letter messages during LCAP recovery. This slow LACP recovery situation is only seen with scaled Multicast traffic over an SPB cloud. |
Use static MLTs. |
VOSS-15812 |
Layer 3VSN IPv4 BGP (and static) routes having their next-hops resolved using IS-IS routes could result in traffic loss. |
Choose the following workarounds, based on your deployment and needs:
|
VOSS-15878 |
VSP 4900 Series, VSP 7400 Series do not boot with just the serial console cable connected and no terminating device, for example, a terminal server, PC, or Mac. |
Either attach terminal equipment or disconnect the console cable. |
VOSS-16221 |
Layer 2 ping does not work for packets larger than 1300 on an XA1400 Series. |
Use Layer 2 ping with packets smaller than 1300 bytes. |
VOSS-16365 |
Running the command show pluggable-optical-module detail on an XA1400 Series device is highly CPU intensive to read and reply with the EEPROM details. Due to a delay in ethtool response, a watchdog miss event can occur and the event is recorded in the /intflash/wd_stats/1/wd_stats.ssio.1.log file. This scenario occurs more often if 10Gb SFP+ optics with DDM capability are installed. |
None. The high CPU usage and response delay for this command is expected and cannot be resolved. No console log is generated. When the scenario occurs, the Watchdog outage is approximately 5 seconds. |
VOSS-16436 |
Using the console connection on an XA1400 Series device while running a show command with large data output can result in drops of processing control packets. |
Use Telnet or SSH connectivity instead of console connection. |
VOSS-16951 |
On a VSP4900-48P, VSP4900-24S and VSP 7400 Series devices, if you run the show boot config sio CLI command before you have configured the baud rate, the output of the command is empty. |
Configure the baud rate before you run the show boot config sio command. The only supported baud rate for these devices is 115200. |
VOSS-16971 |
On VSP4900-24S, VSP4900-24XE, andVSP4900-12MXU-12XE devices, and on the VIM5-4XE, if a copper SFP is plugged in with the cable inserted and the remote end is also plugged in, the peer box could see a link flap and take 6-8 seconds to link up. |
First, plug in the SFP, and then insert the cable. The link up then happens in 3-4 seconds. |
VOSS-17002 |
For ingress packets that are larger than the system MTU size on XA1400 Series ports 1/1 through 1/4, error counters do not increment in the show interfaces gigabitethernet error CLI command. |
Use the show io nic-counters CLI command to verify if the tx_error counters are getting incremented. If they are getting incremented, the packets are getting dropped at egress. If they are not getting incremented, the packets are getting forwarded. |
VOSS-17523 |
If an FE tunnel goes down between two connected XA1400 Series devices, an MTU Warning console message is logged if a ping request is issued while the tunnel is down. |
You can safely ignore this warning message. |
VOSS-17567 |
Do not use the inter-vrf /32 static routes defined with a next-hop IP address that resides in a different destination next-hop-vrf context. |
None. |
VOSS-18023 |
The management port on the 5520 switch does not support Auto-MDIX (the automatic detection of transmit and received twisted pairs). As a best practice, enable the default auto-negotiation setting on the management port. Because the management port does not support Auto-MDIX, when auto-negotiation is disabled, a crossover cable might be necessary to have the port link up and pass traffic. Note: If the peer device supports Auto-MDIX,
then either a straight through or crossover will work. The issue occurs only if both ends
of the connection do not support Auto-MDIX.
|
None. |
VOSS-18238 |
When a management VLAN with DHCP is used to reach a RADIUS server, and the RADIUS server cannot be reached, the system waits for 15 minutes before attempting to reach the RADIUS server again. This is true even if the RADIUS server becomes reachable before the 15 minutes have elapsed. |
None. |
VOSS-18278 |
On the 5520 switch, when you make any change relating to port speed, the port statistics are cleared. This is applies to all front panel fiber and copper ports as well as VIM ports. The following are examples of changes relating to port speed:
|
None. |
VOSS-18360 |
This is an intermittent issue on the VSP 7400 Series with no impact to functionality, ISIS is disabled while the show fulltech command is running on a telnet session. Due to this the fulltech command will not find the expected I-SID value, as it is removed by the no isis command. |
None. |
VOSS-19212 |
After upgrading a VSP 7432CQ switch to VOSS 8.2.5 and rebooting, the presence of a faulty power supply unit will cause the system to terminate. A message in the debug log will report that the software could not read the contents of the power supply's EEPROM (carbonatelib_ps_read_eeprom operation). |
Replace the power supply unit in the switch. |
VOSS-19260 |
Port mirroring does not work on port 1/s1 of VSP 7400-48Y if the connection type is OVS/SR-IOV. |
Use a connection type of VT-d for port 1/s1. |
VOSS-19827 |
LLDP IPv6 neighbors do not display in EDM. LLDP IPv6 is only supported in CLI. |
To display LLDP IPv6 neighbors, use the show lldp neighbor summary command. |
VOSS-20115 |
You cannot change the management VLAN interface discovered on XA1400 Series in ExtremeCloud IQ ‑ Site Engine as part of Zero Touch Provisioning Plus (ZTP+). XA1400 Series does not support the OOB interface. You can only use the discovered interface and change other configuration values. |
On XA1400 Series, use the discovered interface within ExtremeCloud IQ ‑ Site Engine for basic onboarding. Use either ExtremeCloud IQ ‑ Site Engine or CLI to complete the remaining configuration. |
VOSS-20200 |
For VSP 8404C, if you remove and insert an Ethernet Switch Module (ESM), which has NNI ports that are members in an LACP-dynamic MLT, some ports are intermittently missing in the dynamic MLT after the ESM insertion. Traffic is affected for streams that need to exit the NNI links over the dynamic MLT for the missing ports. Rebooting the switch returns the ports to the dynamic MLT. |
None. |
VOSS-20227 |
On XA1400 Series, the VOSS OS time does not synchronize to the real time clock (RTC) after system reboot. After the switch completely boots, NTP synchronization occurs and the VOSS OS has the correct time. The OS time can be incorrect for up to two minutes after system reboot. |
None. |
VOSS-20455 |
As the switch starts, it can display the following log messages due to incomplete initialization of the management stack when trying to send the first RADIUS packet:
|
None. This issue has no functional impact. |
VOSS-20456 |
Although the Management Router is not supported in the NOS, you can add a static route for VRF 512 using EDM. The route does not become active even if the next-hop address is reachable from the OOB management interface. |
None. This issue has no functional impact. |
VOSS-21097 |
In Multi-Area where vIST peers are boundary nodes, vIST can briefly flap during connection formation when IS-IS is disabled and then reenabled on both vIST peers. |
None. |
VOSS-21123 |
Brouters on UNIs of VSP 7400 vIST peers cannot ping each other. |
Add a static ARP for the Brouter of the VIST peer. |
VOSS-21233 |
Clearing DvR host entries in a highly scaled Multi-Area DvR environment can trigger DBSYNC WARNING messages (0x00390606 - 00000000 GlobalRouter DBSYNC WARNING Message queue length from DB Sync to tMain reached warning threshold) but these can be expected in a scaled environment and are not a malfunction. |
None. |
VOSS-21964 |
When using Windows SCP application on a switch to transfer a file, an error message displays even if a file transfers successfully. | |
VOSS-22255 |
Ping, which originates from a local CP, fails for ICMP packets bigger than 1500 sent from Layer 3 VSN interface. |
Initiate ping with packets size smaller than 1500. |
VOSS-22522 |
RESTCONF is delayed in a scaled setup with 2,000 VLANs. |
None. |
VOSS-22858 |
LLDP neighbor should not be discovered with mismatch in MKA MACsec on 5520 Series ports. |
Disable MKA on both sides or shut down the port on both sides. |
VOSS-23146 |
Multi-area DvR/SPBM configuration: Timeout: No response message is returned during snmpwalk on one of the DvR controllers. |
Run the snmpwalk command with an increased timeout. You can also run snmpwalk for a specific object. |
VOSS-23181 |
When you enable the boot config flags macsec command, the indiscard counter increments on SPBM-enabled ports. |
None. There is no functional impact. |
VOSS-23216 |
If you do not enable the DvR interface when you configure a dvr-one-ip interface, the dvr-one-ip interface does not display when you issue the show dvr interfaces command. |
Enable the DvR interface. |
VOSS-23229 |
In an E-Tree scenario, IPv6 packets are forwarded between isolated ports on 5520 Series, 5420 Series, and VSP 7400 Series. |
None. |
VOSS-24777 |
In the following port configurations on 5520 Series, 5420 Series, VSP 4900 Series, VSP 7200 Series, VSP 7400 Series, VSP 8200 Series, and VSP 8400 Series inVSN ACL entries match ingressing packets that have the same VID as the VLAN associated with the ACL I-SID even if the ACL inVSN I-SID is different:
|
None. |
VOSS-24872 |
If the collector reachability path changes for Application Telemetry, it is not reflected properly in CLI. Packets remain mirrored towards the correct path but CLI does not reflect the next hop. |
None. There is no functional impact. |
VOSS-25078 |
MAC addresses learned on a Switched UNI (S-UNI) port cannot be flushed. |
None. |
VOSS-25023 |
5520 Series, 5420 Series, and 5320 Series platforms can reach 100% CPU utilization during inband transfer (FTP, SFTP, and SCP). |
None. |
VOSS-25162 |
RESTCONF ARP and MAC data: on 5x20 switches with 5K ARP entries and 5K MAC entries, it takes approximately 1 minute to retrieve data. The time increases based on the number of entries. The same occurs on VSP 7400 Series with over 15K entries. |
None. |
VOSS-25225 |
On 5320 Series, the four highest SFP+ ports are available at 10 Gbps with Trial Licenses. After license expiration, the port speeds drop to 1 Gbps. |
Use the extend-time-period command prior to the expiration of the Trial License. |
VOSS-25288 |
Secure boot information for 5720 Series does not display when you issue the show sys-info command. |
None. |
VOSS-25728 |
You cannot assign a second disk to the second virtual service on the following switches:
|
None. |
VOSS-25874 | Intermittent issue seen on CFIT rack that causes inconsistency in show output. | None. |
VOSS-25959 |
On the VSP 4900 Series, VSP 7400 Series, and 5720 Series, the virtual service does not operate properly when you configure e1000 Network Interface Card (NIC) type for SR-IOV and VT-d connect types. |
None. |
VOSS-26028 |
On the VSP 4900 Series, VSP 7400 Series, and 5720 Series, the virtual service does not operate properly when you configure more than 16 virtual ports per Extreme Integrated Application Hosting port. |
None. |
VOSS-26032 | NNI port remains in STP blocking state in a very specific scenario and configuration. | Bounce the NNI port. |
VOSS-26092 |
On the VSP 8400 Series, MKA does not operate after you issue the slot reset command. |
As a workaround, issue the reset command to reset your switch. |
VOSS-26099 |
MACsec Key Agreement (MKA) MACsec does not operate properly when you enable and disable MKA MACsec on the port 15-20 times. |
None. |
VOSS-26122 |
Intermittently, some CLI commands related to sFlow functionality do not display in the CLI log. |
None. |
VOSS-26134 |
On the VSP 7200 Series, ports link flap one time when the switch boots and after you issue the shutdown command. |
None. |
VOSS-26151 |
MACsec Key Agreement (MKA) does not operate between Fabric Engine 5520 Series and 5720 Series switches and ExtremeXOS 5520 Series and 5720 Series switches when you use GCM-AES-256 MACsec encryption cipher suite on copper ports. |
As a workaround, use GCM-AES-128 MACsec encryption cipher suite to connect Fabric Engine 5520 Series and 5720 Series switches and Switch Engine 5520 Series and 5720 Series switches. |
VOSS-26526 |
After you format a USB drive and issue the ls command, the current date and time does not display. |
None. |
VOSS-26527 |
Intermittently, the show sys-info command does not display the correct part number or serial number for the 2000 W AC PoE power supply (Model XN-ACPWR-2000W with front-to-back ventilation airflow). |
None. |
VOSS-26665 |
Password hash sha2 is present in show running-config and save config. This is the default value. | None. |
VOSS-26692 |
The entry for VLAN used to send/receive VXLAN packets to/from FIGW (for IPSec encapsulation) is missing from my_station_tcam table. In this case, traffic over the corresponding FE tunnel is lost. | Shut/no shut of the used sideband port fixes the problem. |
VOSS-26822 |
Configuration tab for Ports 53-54 (VSP 7400-48Y) cannot be accessed from the first attempt. | Select menu options on your Mozilla Firefox browser. Alternatively, use another browser: Google Chrome, Safari, or Microsoft Edge. |
VOSS-26831 |
Device not able to complete trap registration with ExtremeCloud IQ ‑ Site Engine when onboarding with ZTP+. | Use the default Trap profile when using Trap registration with auto onboarding in ExtremeCloud IQ ‑ Site Engine. |
VOSS-26884 |
AP is assigned to an Unregistered rule instead of Wifi Mgmt on a 22.9 version NAC. |
None. |
VOSS-27235 |
If you delete a VLAN IP interface, the switch does not delete the associated DvR gateway IP address. |
Manually delete the DvR gateway IP address. |