manualshive.com logo in svg

Enterasys SecureStack C2 C2K122-24, Release Note

Share
Download
Enterasys SecureStack C2 C2K122-24 Release Note Download Page 29

 

 

 

CUSTOMER RELEASE NOTES

 

 

08/13/2008   P/N: 9038155-52 

Subject to Change Without Notice 

Page: 29

 

of 41 

 
F0615-O

                             

Known Issues in Previous Releases 

In certain specific Policy configurations, if a user is authenticated and assigned a VLAN via Policy and then 
moves to another port, the 

user will be able to reauthenticate but won‘t receive a VLAN assignment via Policy. 

When SNTP is enabled on a B3 that is routing but does not have a switch IP address configured, the 
SecureStack will fail to synchronize its local time with the SNTP server. 
An rmon alarm will not be triggered for a rising threshold when the startup parameter is configured for ―either‖.  
When the rmon alarm value has incremented higher than the Rising Threshold, the rmon event for a rising 
threshold will not be triggered. When the rmon alarm value drops below the Falling Threshold, the rmon event for 
a falling threshold will be triggered. 
When the SecureStack is configured as a DHCP server, it does not respond to DHCP Discover packets sent by 
Avaya IP Phones (model 96xx) if option 242 is configured. The DHCP server will respond correctly if option 176 is 
set instead.   
The SecureStack will sometimes give erroneous error messages when setting RADIUS Accounting retries or 
timeouts, though the commands will correctly be applied to the device configuration. 
The command ―clear nodealias config <port>‖ will not clear non-default maxentries values.  The nodealias 
maxentries value can be set back to its default of 32 by executing the command ―set nodealias maxentries 32 
<port>‖. 
By default, dot1x on the stacks has maximum requests set to 2, but after only one failed login request the stacks 
go to a quiet period. 
When a port mirror is created the mirror destination port is removed from vlan 1 egress list after a reboot. 
If an admin user has been locked out of the device CLI, pressing the password reset button will remove the 
password configuration, but it does not re-enable the admin super-user account. 
The ―show spantree ports active‖ command may erroneously display some ports as active.  If a port was once 
active and later goes down, the system will still show the port on the ―active‖ list. 
The RMON Falling Alarm event will trigger at each interval, even if traffic rates do not exceed the threshold.  
Additionally the RMON Alarm appears to be using the Falling Threshold as the interval instead of using the actual 
interval of 15 seconds. 
The MIB dot1dTpFdbTable does not return any values. 
If a  policy rule is created for ipsource/ipdest socket with 48 bit mask, and socket is 0 (x.x.x.x:0), the rule will 
instead act on all traffic matching the 32 bit mask IP address regardless of socket value. 
When policy is applied to a port, admin rules are created for the port. If a policy is removed from a port (clear 
policy port / clear policy all-rules) or if user became unauthenticated removing policy from the port, the admin rule 
for the port remains. 
Tagged network traffic which is sent through a port mirror exits the destination port of the port mirror displaying 
the packet‘s 802.1Q tag. 
The order of configuration of masked rules causes different forwarding behavior

—even though the end 

configuration is the same. 
If the dot1dStpPortDesignatedRoot MIB is queried, the designated bridge will be returned and not the root bridge. 
If a cos s

ettings‘ ToS value is configured to use the last two bits of the ToS field, these two bits will not get 

marked. For example ToS value 3, will result to 0x00. TOS value 255 will result to 0xFC. 
When configuring routing on a mixed stack of C2 and C3 units, OSPF is only supported on the C3 units. OSPF 
adjacencies will not form on C2 slave units. OSPF adjacencies will correctly form on pure C2 stacks. 
If the user sets the CLI length value to a value other than zero and enters the command ―show mac port‖ the 
device will fail to display the MAC address information associated with the port specified and instead will display a 
message stating ―there is no MAC addresses matching your criteria.‖ 
The SecureStack will remove all dynamic MAC addresses learned on a LAG port from the forwarding database 
when only an individual port on the LAG bounces. These MAC addresses will then need to be relearned by the 
device. 
If you have a LAG between a SecureStack device and an Enterasys DFE device on which you disable lacp (set 
port lacp port) on LAG member ports on the DFE and then re-enable them, the LAG will not properly reform on 
the SecureStack. 
The C2/C3 mixed stack does not support L2 rules, however they show as an option, this option should not be 
used as it is not supported. 

Summary of Contents for SecureStack C2 C2K122-24

Page 1: ...7 Maintenance Release August 2008 Previous Version 5 01 06 0006 Maintenance Release August 2008 Previous Version 5 01 05 0004 Maintenance Release July 2008 Previous Version 5 01 04 0001 Maintenance Re...

Page 2: ...evious Version 2 01 37 Customer Release April 2005 Previous Version 2 01 26 Customer Release March 2005 Previous Version 2 01 24 Customer Release March 2005 Previous Version 2 01 22 Customer Release M...

Page 3: ...entication CoS Inbound Rate Limiting in mixed C2 C3 stacks LLDP L2 Policy rules in mixed C2 C3 stacks Link Flap Detection 802 1X IP Phone Authentication Per Port Broadcast Suppression Non Strict 802 1...

Page 4: ...uide contact your Enterasys representative Please refer to http www enterasys com download download cgi lib c2 and choose the archive link to view information on changes previous to the release inform...

Page 5: ...ed before issuing a reset units not updated will need to be removed from the stack and upgraded individually To upgrade to Release 3 it is highly recommended that you first upgrade to the latest Relea...

Page 6: ...anges and Enhancements in 5 01 06 0006 10690 Corrected an issue where the flowcontrol pause packets were transmitted too early leading to packet loss 10704 Corrected an issue whereby running macauth a...

Page 7: ...mplementation that could result in the loss of SNMP management or high CPU utilization 10396 Corrected an issue whereby after an initial invalid RADIUS request fails subsequent valid requests were rej...

Page 8: ...capability on combo ports Corrected an issue where high rates of multicast traffic caused pause frames to be generated on the upper ports 25 48 of 48 port devices Corrected an issue with the RADIUS re...

Page 9: ...ast traffic See Appendix A of the Release Notes for configuration information Added SMON MIB support for management of Port Mirroring See Appendix A of the Release Notes for configuration information...

Page 10: ...r VLAN egress configuration Resolved an issue with policy where in certain configurations port policy assignments weren t being removed properly Fix an issue with policy based inbound rate limiting wh...

Page 11: ...sending SNTP requests to SNTP servers which have been removed from the device configuration User configured forbidden egress settings will remain persistent in the device configuration and take prece...

Page 12: ...n processing an invalid policy role received from RADIUS The switch now applies the default port role where previously the existing port role was unchanged Corrected a display issue where the operatio...

Page 13: ...ssue that prevented SSH logout when the logout timer expired Corrected a display issue in CLI help for set ssh and set switch commands Corrected a firmware upgrade issue on Fast Ethernet boards that c...

Page 14: ...an SNMP V3 group name created with 2 words encased in quotes would not have the quotes saved in the show config outfile Corrected issue first introduced in release 5 00 69 that could prevent communic...

Page 15: ...tries in the forwarding database as well as disable the physical Ethernet link The set switch description command used to rename member units in the stack is now supported When upgrading the SecureSta...

Page 16: ...role limitation of 100 rules and 10 masks 2 A system limitation of 768 unique rules 3 No DA SA or Ethertype rules 4 Maximum of 15 roles 5 No metering The C3 product should be the master when mixing wi...

Page 17: ...panel ports degrading the rate at which traffic could traverse the CPU When executing a set show or clear VLAN command on a list of VLANs the VLANs can be listed in either ascending or descending orde...

Page 18: ...oup leaves the group its entry will now be correctly aged out of the multicast forwarding database Flow Control Pause packets are now managed appropriately by the SecureStack C2 switch When executing...

Page 19: ...ers now have the ability to remove a specific sid from an MSTI via the CLI An 802 1X authentication PEAP username will allow a maximum of 63 characters If a local routed VLAN interface is configured a...

Page 20: ...suffers from a power system failure the system will now send trap from the etsysPsePowerNotification MIB which can be correctly decoded by NetSight Console Changes and Enhancements in 3 02 32 When a...

Page 21: ...so when the device is upgraded or has a saved configuration loaded onto it the default logging facility will be correctly programmed A problem has been addressed where use of the Automated Security Ma...

Page 22: ...ver If the authentication attempt fails the port will wait until quiet period expires and then remove the MAC address from FDB The device will then take the next MAC address received on the port and r...

Page 23: ...a regular RIP update when redistribution of static routes is enabled Policy profiles configured for VLANs 1 4093 are now supported If one of these profiles is matched the traffic will be marked appro...

Page 24: ...is release so only packets matching the specific criteria specified will be affected by the rule If a user creates a port mirror and then deletes the port mirror this will no longer cause the device t...

Page 25: ...addresses to scroll across the screen The set policy rule 1 port command is not supported and has been removed in this release An issue has been resolved in this release where when executing the comm...

Page 26: ...solved A problem where the Spanning Tree LAG adminpathcost to be ignored after reset has been resolved A problem where the ARP cache would not update when a new ISL port becomes active has been resolv...

Page 27: ...ally but disabled on all ports by default It is recommended that users enable GVRP on inter switch links ISLs and leave it disabled on all other edge ports within the stack Large numbers of ports with...

Page 28: ...f port advertised capability on Combo ports is not persistent When a VLAN tunnel is applied traffic is egressed untagged as expected Show vlanauthorization will display the correct VLAN and MAC addres...

Page 29: ...trigger at each interval even if traffic rates do not exceed the threshold Additionally the RMON Alarm appears to be using the Falling Threshold as the interval instead of using the actual interval o...

Page 30: ...ded when GVRP disabled Packets less than 64 bytes or greater than 1518 will not be counted by IfInErrors MIB When a user has multiauth configured and two authenticated users on a port the etsysMultiAu...

Page 31: ...a time o There are only three Filter Entries available and a user can associate all three Filter Entries with the Channel Entry Configured channel filter and buffer information will be saved across r...

Page 32: ...s Setting an extensive number of policy rules via the CLI can cause momentary loss of CLI and SNMP management The Policy functionality can only assign ports to VLANs which have been statically created...

Page 33: ...t code and then reload the saved configuration onto the device Note that you will not be able to do this remotely unless you have remote console support If a user telnets to another device from the C2...

Page 34: ...m image the device will not prompt the user to save changes or warn the user that changes will be lost Before executing the set switch movemanagment command the user should execute the save config fil...

Page 35: ...age onto all units whose image does not match the manager The stack must then be reset once this command has finished executing for the command to take effect If there is an image mismatch or configur...

Page 36: ...on information for all units in the stack Some units may be omitted from the displayed results For the most up to date information concerning known issues go to the Global Knowledgebase section at htt...

Page 37: ...gementMIB etsysMACLockingMIB etsysSnmpPersistenceMIB etsysMstpMIB etsysMACAuthenticationMIB etsysletfBridgeMibExtMIB etsysMultiAuthMIB etsysSntpClientMIB etsysIeee8023LagMibExtMIB etsysVlanAuthorizati...

Page 38: ...Termination Action RFC 2865 RFC 3580 Tunnel Attributes RFC 2867 RFC 2868 RFC 3580 User Name RFC 2865 RFC 3580 RADIUS Accounting Attributes Attribute RFC Source Acct Session Id RFC 2866 Acct Terminate...

Page 39: ...values for group can range from 0 to 7 Valid values for port type can range from 0 to 1 although only port type 0 is currently supported For example port group 1 would be specified as 1 0 rate Specifi...

Page 40: ...d enable a port mirroring instance 1 Open a MIB browser such as Netsight MIB Tools 2 In the MIB directory tree navigate to the portCopyEntry folder and expand it 3 Select the portCopyStatus MIB 4 Ente...

Page 41: ...ance enter MIB option 1 active and perform an SNMP Set operation 5 Optional Use the CLI to verify the port mirroring instance has been enabled To delete a port mirroring instance 1 Select a previously...

Reviews:

No comments

Brands by name

Popular brands

Load more brands