HPE FlexNetwork 10500-CMW710-R7577P06-US Release Notes · live network, back up the configuration...

HPE FlexNetwork 10500-CMW710-R7577P06-US Release Notes Software version: 10500-CMW710-R7577P06 Document version: 6W100-20190227 The information in this document is subject to change without notice. © Copyright 2019 Hewlett Packard Enterprise Development LP

i

Contents Version information ··········································································· 1

Version number ························································································································ 1 Version history ·························································································································· 1 Hardware and software compatibility matrix····················································································· 4 ISSU version compatibility matrix ·································································································· 7 Upgrading restrictions and guidelines ···························································································· 7

Hardware feature updates ·································································· 9 10500-CMW710-R7577P06-US···································································································· 9 10500-CMW710-R7576 ·············································································································· 9 10500-CMW710-R7568 ·············································································································· 9 10500-CMW710-R7557P03 ········································································································· 9 10500-CMW710-R7557P01 ········································································································· 9 10500-CMW710-R7536P05 ········································································································· 9 10500-CMW710-R7536P01 ········································································································· 9 10500-CMW710-R7524P02 ········································································································· 9 10500-CMW710-R7524 ·············································································································· 9 10500-CMW710-R7523P03 ········································································································· 9 10500-CMW710-R7523P01 ······································································································· 10 10500-CMW710-R7183 ············································································································ 10

Software feature and command updates ·············································· 10 10500-CMW710-R7577P06-US·································································································· 10 10500-CMW710-R7576 ············································································································ 10 10500-CMW710-R7568 ············································································································ 10 10500-CMW710-R7557P03 ······································································································· 10 10500-CMW710-R7557P01 ······································································································· 10 10500-CMW710-R7536P05 ······································································································· 11 10500-CMW710-R7536P01 ······································································································· 11 10500-CMW710-R7524P02 ······································································································· 11 10500-CMW710-R7524 ············································································································ 11 10500-CMW710-R7523P03 ······································································································· 11 10500-CMW710-R7523P01 ······································································································· 11 10500-CMW710-R7183 ············································································································ 11

MIB updates ··················································································· 11 Operation changes ·········································································· 12

Operation changes in 10500-CMW710-R7577P06-US ···································································· 12 Operation changes in 10500-CMW710-R7576 ··············································································· 13 Operation changes in 10500-CMW710-R7568 ··············································································· 13 Operation changes in 10500-CMW710-R7557P03 ·········································································· 13 Operation changes in 10500-CMW710-R7557P01 ·········································································· 13 Operation changes in 10500-CMW710-R7536P05 ·········································································· 13 Operation changes in 10500-CMW710-R7536P01 ·········································································· 13 Operation changes in 10500-CMW710-R7524P02 ·········································································· 14 Operation changes in 10500-CMW710-R7524 ··············································································· 14 Operation changes in 10500-CMW710-R7523P03 ·········································································· 14 Operation changes in 10500-CMW710-R7523P01 ·········································································· 14 Operation changes in 10500-CMW710-R7183 ··············································································· 14

Restrictions and cautions ·································································· 14 Open problems and workarounds ······················································· 17 List of resolved problems ·································································· 18

Resolved problems in R7577P06-US ··························································································· 18

ii

Resolved problems in R7576 ····································································································· 22 Resolved problems in R7568 ····································································································· 24 Resolved problems in R7557P03 ································································································ 25 Resolved problems in R7557P01 ································································································ 26 Resolved problems in R7536P05 ································································································ 30 Resolved problems in R7536P01 ································································································ 30 Resolved problems in R7524P02 ································································································ 31 Resolved problems in R7524 ····································································································· 32 Resolved problems in R7523P03 ································································································ 33 Resolved problems in R7523P01 ································································································ 34 Resolved problems in R7183 ····································································································· 36

Support and other resources ······························································ 38 Accessing Hewlett Packard Enterprise Support ·············································································· 38 Documents ···························································································································· 39

Related documents ··········································································································· 39 Documentation feedback ···································································································· 39

Appendix A Feature list ····································································· 40 Hardware features ··················································································································· 40 Software features ···················································································································· 43

Appendix B Upgrading software ························································· 47 Software types ························································································································ 47 Software file naming conventions ································································································ 47 Upgrade methods ···················································································································· 48 Preparing for the upgrade ········································································································· 48 Upgrading from the CLI ············································································································ 48

Using TFTP to upgrade software ·························································································· 48 Using FTP to upgrade software ···························································································· 52

Upgrading from the BootWare menu ···························································································· 55 Accessing the BootWare menu ···························································································· 56 Using TFTP/FTP to upgrade software through a management Ethernet port ·································· 57 Using XMODEM to upgrade software through the console port ··················································· 61

Managing files from the BootWare menu ······················································································ 67 Displaying all files ············································································································· 68 Changing the type of a system software image ········································································ 68 Deleting files ···················································································································· 69

Handling software upgrade failures ····························································································· 70 Appendix C Using BootWare menus ··················································· 70

Accessing the BootWare menu··································································································· 70 Using the BASIC-BOOTWARE menu ·························································································· 72 Accessing the BASIC ASSISTANT menu ····················································································· 74 Using the EXTEND-BOOTWARE menu ······················································································· 75

Disabling password recovery capability ·················································································· 77 Running the Comware software ··························································································· 77 Upgrading Comware software through the console port ····························································· 78 Upgrading Comware software through an Ethernet port ···························································· 80 Managing files ·················································································································· 82 Restoring the factory-default configuration ·············································································· 83 Starting up without loading the configuration file ······································································ 83 Managing the BootWare image ···························································································· 84 Skipping console login authentication ···················································································· 85 Managing storage media ···································································································· 85 Using the EXTEND-ASSISTANT menu ·················································································· 85 Formatting the file system ··································································································· 86

Handling upgrade failures ········································································································· 86

iii

List of Tables Table 1 Version history ...................................................................................................................... 1

Table 2 Hardware and software compatibility matrix ............................................................................ 4

Table 3 ISSU compatibility matrix ....................................................................................................... 7

Table 4 MIB updates ........................................................................................................................ 11

Table 5 10500/11900 series hardware features................................................................................. 40

Table 6 Software features of the 10500 series ................................................................................... 43

Table 11 File Control submenu options .............................................................................................. 68

Table 12 BootWare menus ............................................................................................................... 71

Table 13 BootWare shortcut keys ...................................................................................................... 71

Table 15 BASIC ASSISTANT menu .................................................................................................... 75

Table 20 FILE CONTROL submenu options ........................................................................................ 83

Table 21 BootWare Operation menu options ..................................................................................... 84

Table 22 DEVICE CONTROL menu options ....................................................................................... 85

1

This document describes the features, restrictions and guidelines, open problems, and workarounds for version 10500-CMW710-R7577P06-US. In the interest of brevity, any reference to R7577P06 is also applicable to R7577P06-US for the remainder of this document. Before you use this version in a live network, back up the configuration and test the version to avoid software upgrade affecting your live network.

Use this document in conjunction with HPE FlexNetwork 10500-CMW710-R7577P06 Release Notes (Software Feature Changes) and the documents listed in "Support and other resources."

Version information Version number

HPE Comware Software, Version 7.1.070, Release 7577P06-US

Note: You can see the version number with the display version command in any view. Please see Note①.

Version history Table 1 Version history

Version number Last version

Release date

Release type Remarks

10500-CMW710-R7577P06-US

10500-CMW710-R7576-US Mar 25 2019 Release

This version fixed bugs and introduced feature changes. New features include: • MKA life time configuration Modified features include: • Configuring a QoS policy • Configuring a match criterion

for a QoS traffic class • Removing a TCP or UDP

listening service on the NQA server

10500-CMW710-R7576

10500-CMW710-R7568 July 15 2018 Release

This version fixed bugs and introduced feature changes. New features include: • DRNI • ND attack detection in VXLANs • DHCPv6 flood attack protection

in VXLANs • Local-first equal-cost route load

sharing in IRF mode • EVPN-DCI dual-homing • Support of VLAN interfaces for

IP subnet broadcast • Configuring the maximum

number of ECMP routes for load balancing

• DHCPv6 relay agent support for Option 79 (RFC6939)

• 802.1X offline detection

2


Release date


• Support of ARP for recording user IP address conflicts

10500-CMW710-R7568

10500-CMW710- R7557P03 Feb 11 2018 Release

This version fixed bugs and introduced feature changes. New features include: • Resource monitoring. • SmartMC. • VXLAN support for IPoE

forwarding-control separation. • VXLAN ND flood suppression. • VXLAN support for basic

DHCPv6 snooping features. • Port shutdown mode for an

interface where DLDP detects a unidirectional link.

• Maximum number of unknown multicast IPv4 or IPv6 packets that can be cached.

• Source interface configuration by using the nas-ip command.

• Source interface configuration for outgoing SCP packets.

10500-CMW710-R7557P03

10500-CMW710-R7557P01 Nov 21 2017 Release

This version fixed bugs and introduced feature changes. New features include: • Creating a BFD session for

detecting the local interface state.

• BFD for link aggregation.

10500-CMW710-R7557P01

10500-CMW710-R7536P05 Aug 1 2017 Release

This version fixed bugs and introduced feature changes. New features include: • Specifying the Telnet service

port number • Configuring the IRF mode • VLAN-based MAC learning limit

and unknown frame forwarding rule after the MAC learning limit is reached

Removed features include: • Specifying a traffic processing

slot for a VLAN interface or tunnel interface

• 802.1X SmartOn There are also modified features: • Using an ACL to control access

to the FTP server • Setting the speed for an

Ethernet interface • Displaying the running

configuration

10500-CMW710- 10500-CMW710- May 05 2017 Release This version fixed bugs and

3


Release date


R7536P05 R7536P01 introduced feature changes. New features include: • Enabling logging for denied

FTP login attempts • Enabling logging for denied

Telnet login attempts • Port speed as the prioritized

criterion for reference port selection

Removed features include: • Blacklist feature on an interface There are also modified features: • Creating an ACL • Setting the rule numbering step • Configuring a traffic redirection

action in a traffic behavior

10500-CMW710-R7536P01

10500-CMW710-R7524P02 Mar 20 2017 Release

• Fixes bugs • New feature: Dynamic VXLAN

ACs • New feature: VXLAN traffic

statistics collection • New feature: CWMP • New feature: Deleting server

public keys saved in the public key file on an SSH client

• New feature: Configuring DHCP snooping for VLANs

• New feature: HTTP redirection • New feature: Associating Track

with LLDP • New feature: BGP ORF • Modified feature: Setting the

aging time for secure MAC address entries in seconds

10500-CMW710-R7524P02

10500-CMW710-R7524 Feb 07 2017 Release • Fixes bugs

10500-CMW710-R7524

10500-CMW710-R7523P03 Nov 9 2016 Release

• Fixes bugs • New feature: LPM Proxy • New feature: Collecting traffic

statistics for a VLAN • New feature: SSH port change

10500-CMW710-R7523P03

10500-CMW710-R7523P01 Sept 7 2016 Release

• Fixes bugs • New feature: Data forwarding

path failure detection • New feature: Hardware failure

protection

10500-CMW710-R7523P01

10500-CMW710-R7183 July 22 2016 Release

• New feature: ERPS , • New feature: BPDU Tunnel • New feature: VXLAN IP

gateways • New Hardware feature:

JH433A,JH434A,JH432A,JL25

4


Release date


0A, JL306A,JL287A,JL288A, JL289A, JD100A,JD101A

10500-CMW710-R7183

10500-CMW710-R7180 Jun 23 2016 Release

• Fixes bugs • Modified feature: Displaying

operating information for diagnostics

Hardware and software compatibility matrix CAUTION:

To avoid an upgrade failure, use Table 2 to verify the hardware and software compatibility before performing an upgrade.

Table 2 Hardware and software compatibility matrix

Item Specifications Product family 10500/11900 series

Hardware platform 10504/10508/10508-V/10512/11908-V

Memory

MPU: 8 GB LPU: 4 GB JH194A/JH202A (LSUM1TGS24EC0), JH195A/JH203A (LSUM1QGS6EC0), and JH197A/JH205A (LSUM1TGS48SG0) LPU: 2 GB JH433A (LSUM2TGS48SG0), JH434A (LSUM2QGS12SG0), JH432A (LSUM2TGS32QSSG0) 1 GB (all other LPUs) Switching fabric module: 1 GB

Flash 512 MB

USB flash drive

Kingston: 2 GB/4 GB/8 GB/32 GB (3.0) Sandisk: 16 GB (3.0)/8 GB/32 GB/128 GB/64 GB (3.0) HP: 4G/16 GB/32 GB (3.0) PNY: 8 GB pq1: 1 GB STEC: 1 GB TOSHIBA 32 GB (3.0) Transhow 32 GB SONY 32 GB EAGET 32 GB (3.0)/256 GB (3.0)

BootWare version Shipped with the switch. (Use the display version command in any view to view the BootWare version. See Note②)

System software image & SHA256 Checksum

10500: • 10500-CMW710-R7577P06-US.ipe

3eb7c1ad8e6d1283ccfe1cbf6b7649a7884b3920ff5daaa399ff03758e2b69b0 • 10500-CMW710-BOOT-R7577P06-US.bin

dd5c7a059bd430dba687c2aa21b59ed02646ca9ea3abf26f5c207dec57784933

5

Item Specifications • 10500-CMW710-SYSTEM-R7577P06-US.bin and

04212005f1d9ac9401c65eb9f9a1d556363a4cce07523abcc652a013dfc3e6aa • 10500-CMW710-PACKET-CAPTURE-R7577P06-US.bin

0ae5c1ec7491d4caa762203c1bfcaa7b492585b1f7f6d49d3f7e110c73ee092b • 10500-CMW710-FREERADIUS-R7577P06-US.bin

5e462c7803271b84b7409b61e54f18903bfea4ac837bab2648b1371730338a3f NOTE: The software images for a 10500 switch are large in size. Make sure the switch has sufficient space for the upgrade images.

IMC version

iMC BIMS 7.3 (E0501) iMC EAD 7.3 (E0502) iMC TAM 7.3 (E0503) iMC UAM 7.3 (E0503) iMC MVM 7.3 (E0501) iMC NTA 7.3 (E0502) iMC PLAT 7.3 (E0605) iMC QoSM 7.3 (E0502) iMC RAM 7.3 (E0501) iMC SHM 7.3 (E0502P04) iMC UBA 7.3 (E0502) iMC VCM 7.3 (E0501) iMC VFM 7.3 (E0502)

iNode version iNode PC 7.3 (E0504)

JG639A WX6103-CMW520-R2308P29 and later

JG372A SECBLADEIII-CMW520-R3819P05 and later

# Display the system software and BootWare version information: display version

HPE Comware Software, Version 7.1.070, Release 7577P06 ------Note①

Copyright (c) 2010-2019 Hewlett Packard Enterprise Development LP.

HP 10508-V uptime is 0 weeks, 0 days, 1 hour, 58 minutes

LPU 0:

Uptime is 0 weeks,0 days,1 hour,56 minutes

BOARD TYPE: LSUM1CGC2EC0

DRAM: 1024M bytes

FLASH: 0M bytes

NVRAM: 0K bytes

PCB 1 Version: VER.A

Bootrom Version: 511 ------Note②

CPLD 1 Version: 001

CPLD 2 Version: 015

Release Version: HP 10508-V-7577P06

Patch Version : None

MPU(M) 5:


6

BOARD TYPE: LSU1SUPB0

DRAM: 8192M bytes

FLASH: 500M bytes

NVRAM: 512K bytes

PCB 1 Version: VER.A


CPLD 1 Version: 000

CPLD 2 Version: 000

CPLD 3 Version: 000



NPU 10:


BOARD TYPE: LSU1FAB08D0

DRAM: 1024M bytes

FLASH: 0M bytes

NVRAM: 0K bytes

PCB 1 Version: VER.B


CPLD 1 Version: 004



7

ISSU version compatibility matrix ISSU provides two upgrade types: compatible upgrade and incompatible upgrade. Table 3 provides the approved ISSU upgrade types only between the current version and the history versions within the past 18 months. This matrix does not include history versions that are 18 months earlier than the current version, for which, no ISSU upgrade verification is performed.

For more information about ISSU, see the fundamental configuration guide for the device.

IMPORTANT: 10500 switches only support IRF-based ISSU. In addition, compatibility with older software version varies and can lack support.

Table 3 ISSU compatibility matrix

Current version History version ISSU compatibility

10500-CMW710-R7577P06-US

10500-CMW710-R7576 Compatible

10500-CMW710-R7568 Compatible

10500-CMW710-R7557P03 Compatible




10500-CMW710-R7524P02 Not support

10500-CMW710-R7524 Not support



10500-CMW710-R7184 Incompatible

10500-CMW710-R7183 Not support


Upgrading restrictions and guidelines When the switch runs a specific version, follow these restrictions and guidelines: • In R21XX, only the last two ports (ports 3 and 4) on the JG639A (LSU3WCMD0) card can be

used as internal ports. After the software is upgrade to version R71XX or R75XX, only the first two ports (ports 1 and 2) on the JG639A (LSU3WCMD0) card can be used as internal ports, and you must move the port configurations from the last two ports to the first two ports.

• In Release 7523P01 and later versions, a four-chassis IRF fabric supports only two MDCs (the default MDC Admin and a user-defined MDC).

• In Release 7536P01 and later versions, the rewrite inbound tag and rewrite outbound tag commands are not supported on an Ethernet service instance configured with the encapsulation default command.

When you upgrade the software version of the switch, follow these restrictions and guidelines: • If the Type D Main Processing Unit (JH198A/JH206A) is used, you cannot perform an ISSU to

upgrade the software from a version earlier than R7183 to R7184 or later. • You cannot perform an ISSU to upgrade the software from R752X to R753X or later.

8

When you downgrade the software version of the switch, follow these restrictions and guidelines: • You cannot perform an ISSU to downgrade the software from R753X or later to R752X. • If the switch is applied with a PBR policy in which a node contains a service chain match

criterion, you cannot perform an ISSU to downgrade the software from R755X or later to R753X or earlier.

The following restrictions apply to hierarchical CAR: • Only the CIR takes effect. • For the PIR and the EBS, you can configure them in R752X or an earlier version but they do not

take effect. You cannot configure them in R753X or a later version. • Hierarchical CAR configuration gets lost if the switch upgrades the software from R752X or

earlier to R753X or later. You need to reconfigure hierarchical CAR by using the qos car car-name hierarchy cir committed-information-rate command.

In R7568 and later, the syntax of the multicast-domain command was changed to multicast-vpn. The function of the command does not change. When the software is downgraded from R7568 or later to a version earlier than R7568, the multicast-vpn setting will be lost if a .cfg configuration file is used to restore the configuration. You must reconfigure this setting after the downgrade.

When the software is downgraded from R7568 or later to a version earlier than R7568, the following settings will be lost in user line view or user line class view: • authentication-mode • auto-execute command • command accounting • command authorization • escape-key • history-command max-size • idle-timeout • lock-key • screen-length • user-role You must reconfigure these settings after the downgrade.

The following upgrade restrictions apply to Release 757X: • The .ipe file for Release 757X contains the FreeRADIUS feature image. If the switch has been

installed with the FreeRADIUS feature image, you cannot directly perform an ISSU to degrade the software version to R756X or earlier. To degrade the software version to R756X or earlier, use one of the following methods: Uninstall the FreeRADIUS feature image, use the .ipe file for the target software version to

perform the ISSU, and then install the FreeRADIUS feature image as needed. Unzip the .ipe file for the target software version and use the .bin file to perform the ISSU.

• In Release R757X, the maximum number of ECMP routes that the system supports was changed from 32 to 128. If the maximum number of ECMP routes on the switch is set to a value greater than 32, you cannot directly perform an ISSU to degrade the software version to R756X or earlier. Before you perform the ISSU, you must change the maximum number of ECMP routes to 32 and reboot the switch.

• In Release 756X and later versions, the IPv4 address object group function and BGP BMP feature are supported. A version configured with a new function cannot be downgraded to a version that does not support this new function by using ISSU. To do this, you must first cancel this new function and then use ISSU to downgrade the software.

9

Hardware feature updates 10500-CMW710-R7577P06-US

None.

10500-CMW710-R7576 None.

10500-CMW710-R7568 None.

10500-CMW710-R7557P03 None.

10500-CMW710-R7557P01 None.

10500-CMW710-R7536P05 None.

10500-CMW710-R7536P01 None.

10500-CMW710-R7524P02 None.

10500-CMW710-R7524 None.

10500-CMW710-R7523P03 None.

10

10500-CMW710-R7523P01 R7523P01 supports the following new hardware: • JH433A HPE FlexNetwork 10500 48-port 10GbE SFP/SFP+ with MACsec M2SG Module • JH434A HPE FlexNetwork 10500 12-port 40GbE QSFP28 M2SG Module • JH432A HPE FlexNetwork 10500 32-port 10GbE SFP/SFP+/4-port 40GbE QSFP+ M2SG

Module • JL250A HPE X130 10G SFP+ LC LH80 tunable XCVR • JL306A HPE X140 40G QSFP+ LC ER4 40km SM Transceiver • JL287A HPE X2A0 40G QSFP+ to QSFP+ 7m Active Optical Cable • JL288A HPE X2A0 40G QSFP+ to QSFP+ 10m Active Optical Cable • JL289A HPE X2A0 40G QSFP+ to QSFP+ 20m Active Optical Cable • JD100A HP X115 100M SFP LC BX 10-U Transceiver • JD101A HP X115 100M SFP LC BX 10-D Transceiver

10500-CMW710-R7183 None.

Software feature and command updates 10500-CMW710-R7577P06-US

See HPE FlexNetwork 10500-CMW710-R7577P06 Release Notes (Software Feature Changes).

10500-CMW710-R7576 See HPE FlexNetwork 10500-CMW710-R7576 Release Notes (Software Feature Changes).


10500-CMW710-R7557P03 None.

10500-CMW710-R7557P01 See HPE FlexNetwork 10500-CMW710-R7557P01 Release Notes (Software Feature Changes).

11



10500-CMW710-R7524P02 None.





MIB updates Table 4 MIB updates

Item MIB file Module Description 10500-CMW710-R7577P06-US

New None None None

Modified None None None

10500-CMW710-R7576

New None None None


10500-CMW710-R7568

New None None None


10500-CMW710-R7557P03

12

Item MIB file Module Description New None None None


10500-CMW710-R7557P01

New None None None


10500-CMW710-R7536P05

New None None None


10500-CMW710-R7536P01

New None None None


10500-CMW710-R7524P02

New New New New

Modified Modified Modified Modified

10500-CMW710-R7524

New New New New


10500-CMW710-R7523P03

New New New New


10500-CMW710-R7523P01

New New New New

Modified hh3c-entity-vendortype-oid.mib hh3c-lsw-dev-adm.mib

None New Hardware Feature

10500-CMW710-R7183

New New New New


Operation changes Operation changes in 10500-CMW710-R7577P06-US

None.

13

Operation changes in 10500-CMW710-R7576 Packaging of the FreeRADIUS feature image

The FreeRADIUS feature image is packaged in the .ipe file. If you upload the .ipe file, the FreeRADIUS feature image will be unzipped and be installed into the switch.

To perform a successful ISSU to degrade the software version to R756X or earlier, make sure the FreeRADIUS feature image after the ISSU is compatible with the target software version. As a best practice, uninstall the FreeRADIUS feature image before you perform the ISSU.

Maximum number of supported ECMP routes The maximum number of ECMP routes that the system supports was changed from 32 to 128.

Maximum RSA key length The maximum RSA key length was changed from 2048 to 4096.

MTU of a Layer 3 Ethernet interface/subinterface The default MTU was changed to 1500 and the maximum MTU was changed to 9198.

Operation changes in 10500-CMW710-R7568 None.

Operation changes in 10500-CMW710-R7557P03

None.


None.


None.


BFD MAD has the following operation changes: • BFD MAD will not shut down MAD dedicated ports. • For BFD MAD to take effect after you restore the normal MAD state of the IRF fabric in

Recovery state, you must manually terminate BFD MAD sessions.

14


None.

Operation changes in 10500-CMW710-R7524 For the JH198A/JH206A (LSUM1SUPD0) LPU, the keyword for specifying a console port was changed from aux to console. When you perform a software upgrade, determine whether the configuration file contains the console port configuration. If yes, you must reconfigure the console port after the upgrade or change the console port configuration in the configuration file before the upgrade.


None.


The factory default configuration for STP was changed from disabled to enabled.

Operation changes in 10500-CMW710-R7183 None.

Restrictions and cautions Restriction 1

The following LPUs are incompatible with the MDC feature. The MDC feature cannot work correctly when any of the following LPUs are installed. • JC763A/JG347A (LSU1GP24TSE0). • JC621A/JG380A (LSU1GP24TXEA0). • JC626A/JG337A (LSU1GP24TXEB0). • JC617A/JG376A (LSU1GP24TXSE0). • JG381A/JC622A (LSU1GP48EA0). • JG384A/JC625A (LSU1GP48EB0). • JG378A/JC619A (LSU1GP48SE0). • JC623A/JG382A (LSU1GT48EA0). • JC618A/JG377A (LSU1GT48SE0). • JG383A/JC624A (LSU1TGX4EA0). • JC627A/JG386A (LSU1TGX4EB0).

15

• JC620A/JG379A (LSU1TGX4SE0). • JC628A (LSU1TGS16SC0).

Restriction 2 In an IRF fabric with plenty of configurations, the system might take more than half an hour to collect the diagnosis information.

Restriction 3 On SF/EC LPUs, each four continuous interfaces (for examples, interfaces 1 through 4, and interfaces 5 through 8) are organized into a group. When one interface in a group is configured as an IRF physical interface, the other interfaces used as non-IRF physical interfaces in the group will go down.

Restriction 4 On JH193A/JH201A (LSUM2TGS16SF0) LPUs, among interfaces 3 through 14, each three continuous interfaces (for example, interfaces 3 through 5, and interfaces 6 through 8) are organized into a group. Interfaces 1, 2, 15, and 16 are organized into a group. When one interface in a group is used as an IRF physical interface, the other interfaces in the group cannot be used as non-IRF physical interfaces.

Restriction 5 When you apply a queue scheduling profile to an interface on an SF LPU, the unknown unicast packets are scheduled inaccurately.

Restriction 6 After you set the switch-mode for an LPU, you must manually reboot the LPU. If you install a new LPU that does not operate in the default switch-mode, you must manually reboot the LPU.

Restriction 7 NTP in multicast mode supports only the multicast addresses in the network segment 224.0.1.0/24.

Restriction 8 JC628A (LSU1TGS16SC0) LPUs do not support MPLS.

Restriction 9 Switching fabric modules JC615A (LSU1FAB04A0) and JC616A (LSU1FAB08A0) are not compatible with the following LPUs: • JH196A/JH204A (LSUM1CGC2EC0). • JH195A/JH203A (LSUM1QGS6EC0). • JH194A/JH202A (LSUM1TGS24EC0). • JH197A/JH205A (LSUM1TGS48SG0). • JH191A/JH199A (LSUM2GP44TSSE0). • JH192A/JH200A (LSUM2GT48SE0). • JH193A/JH201A (LSUM2TGS16SF0). • JH433A (LSUM2TGS48SG0) • JH434A (LSUM2QGS12SG0) • JH432A (LSUM2TGS32QSSG0)

Restriction 10 For an LPU installed on an 10504, 10508, 10508-V, or 10512 switch to operate correctly, make sure the first two switching fabric module slots of the switch have switching fabric modules installed.

16

Restriction 11 An LPU that uses BootWare 2.02 or an earlier version cannot be started if it is installed in slot 13 of a 10512 switch.

Restriction 12 In a four-chassis IRF fabric, if the four chassis are started asynchronously, the IRF fabric might split. Make sure these chassis have similar card configurations, so that they can back up each other. Also, make sure the four chassis are powered on at the same time. If the four-chassis IRF fabric splits, reboot the IRF fabric with fewer devices, and assign these member devices to the other IRF fabric to form a new four-chassis IRF fabric.

Restriction 13 This version does not support the HIG monitoring feature of GOLD.

Restriction 14 The following message is displayed for cards that do not support data center features: Some cards do not support the data center features. See the release notes for more information.

The following describe which cards support which data center features: • The following cards support TRILL, FCoE, and EVB:

JH197A/JH205A (LSUM1TGS48SG0). JC755A (LSUM1TGS32SF0). JC756A (LSUM1TGS48SF0). JC757A (LSUM1QGS4SF0). JG392A (LSUM1QGS8SF0). JG394A (LSUM1TGT24SF0). JG396A (LSUM1CGS4SF0). JG916A (LSUM1CGC2SE0). JH191A/JH199A (LSUM2GP44TSSE0). JH192A/JH200A (LSUM2GT48SE0). JH193A (LSUM2TGS16SF0). JH194A (LSUM1TGS24EC0). JH195A (LSUM1QGS6EC0). JH196A (LSUM1CGC2EC0). JG611A (LSUM1TGS32SF0) JG612A (LSUM1TGS48SF0) JG613A (LSUM1QGS4SF0) JG614A (LSUM1QGS8SF0) JG615A (LSUM1TGT24SF0) JG918A (LSUM1CGC2SE0) JH433A (LSUM2TGS48SG0) JH434A (LSUM2QGS12SG0) JH432A (LSUM2TGS32QSSG0)

• The following cards support VXLAN: JH197A/JH205A (LSUM1TGS48SG0) JH433A (LSUM2TGS48SG0) JH434A (LSUM2QGS12SG0)

17

JH432A (LSUM2TGS32QSSG0) • The following cards support EVI:

JG916A (LSUM1CGC2SE0). JH191A (LSUM2GP44TSSE0). JH192A (LSUM2GT48SE0). JH194A (LSUM1TGS24EC0). JH195A (LSUM1QGS6EC0). JH196A (LSUM1CGC2EC0). JH197A (LSUM1TGS48SG0) JG918A (LSUM1CGC2SE0)

Restriction 15 In a two-chassis IRF fabric, an IRF port supports a maximum of 16 IRF physical interfaces. In a three-chassis or four-chassis IRF fabric, an IRF port supports a maximum of 8 IRF physical interfaces.

Restriction 16 The VXLAN feature cannot be used together with the super VLAN or private VLAN feature.

Restriction 17 An IRF physical interface cannot be configured as a reflector port for mirroring.

Restriction 18 You can configure VXLAN, VPLS, or both in an MDC. Do not configure VXLAN and VPLS in two different MDCs. For example, you cannot configure VXLAN in MDC 1 but VPLS in MDC 2.

Restriction 19 Proxy ARP or ND still takes effect if the proxy mode for an LPU is configured by using the switch-mode route-proxy-high or switch-mode route-proxy-low command.

Restriction 20 In a VXLAN IP network, the VLAN access mode of a VSI does not support double VLAN tags.

Restriction 21 An LPU in route proxy mode does not support many-to-one VLAN mapping.

Restriction 22 If an sFlow collector interface is a management interface, sampling is unavailable during ISSU for upgrading the software from R7536P01 or an earlier version to R7536P01 or a later version.

Restriction 23 Traffic cannot be forwarded at Layer 3 between VXLAN-DCI tunnels.

Restriction 24 SmartMC cannot be used to deploy configurations to aggregate interfaces.

Open problems and workarounds 201606130337

• Symptom: VXLAN packets cannot be correctly forwarded through a VXLAN tunnel. • Condition: This symptom occurs if the following conditions exist:

18

The gateway performs Layer 3 forwarding on untagged VXLAN packets received on a VLAN interface.

The peer VTEP is not a 10500 or 7500 switch. • Workaround:

If Layer 3 proxy is used, make sure external network traffic is VLAN-tagged if the packets are received on Layer 2 interfaces.

If Layer 3 proxy is not used, make sure external network traffic is VLAN-tagged, regardless of whether the packets are received on Layer 2 or Layer 3 interfaces.

201501040490 • Symptom: When you specify an .ipe package as the startup software image in the BootWare

menu, the system prompts that the flash space is insufficient. • Condition: This symptom occurs when the switch uses LSU1SUPB0 (JG496A) MPUs. • Workaround:

Upload a .bin package, and specify the .bin package as the startup software image. Use boot-loader command to extract .bin package from .ipe file. For operation details of

boot-loader command, refer to "Upgrading from the CLI" section in Appendix B.

201807050456 • Symptom: If an IPv6 ACL rule contains a destination IPv6 address with the mask as 64, the rule

does not take effect. • Condition: This symptom occurs if the applications (such as QoS policies, PBR polices, and

packet filters) use IPv6 ACLs containing rules that have source or destination IPv6 addresses with the mask no longer than 64 and the mask longer than 64. In this case, more rule field positions are occupied in the hardware, and therefore the rule mentioned above fails to take effect.

• Workaround: In all IPv6 ACLs, if the mask length of the source or destination IPv6 address in one rule is longer than 64, configure masks longer than 64 for IPv6 addresses in all the other rules with source or destination IPv6 addresses.

List of resolved problems Resolved problems in R7577P06-US 201903070041

• Symptom: ACL rules on a card do not take effect, and the card reboots unexpectedly. • Condition: This symptom might occur if you delete or add ACL rules after you configure ACL

rules with different priorities.

201810260098 • Symptom: BFD MAD does not take effect in an IRF fabric because the STP port state is

abnormal. • Condition: This symptom might occur if the following conditions exist:

STP is disabled on the interface used for BFD MAD. The member device where the interface used for BFD MAD resides is rebooted.

201812100051 • Symptom: Some ACL rules in QoS policies or packet filters do not take effect. • Condition: This symptom might occur if the following operations are performed:

javascript:openTab('../DefectDetail/Default/46e97bb2-cc7e-40ec-8724-16e3ec41c6d6',%20'%E9%97%AE%E9%A2%98%E5%8D%95:201807050456');

19

a. Configure ACL rules with higher priorities, and then delete some of them. b. Configure ACL rules with lower priorities.

201812240822 • Symptom: After a topology change or manual MAC address deletion, unicast packets are sent

out of the interface that receives them. This situation continues for 10 to 30 seconds. • Condition: This symptom occurs if the following conditions exist:

The OpenFlow instance is activated and then deactivated. The interface is an aggregation member port on an SG card.

201901170220 • Symptom: A subinterface receives multicast packets in its VLAN and broadcasts the packets. • Condition: This symptom occurs if you enable the sending of ICMP destination unreachable

messages.

201902120192 • Symptom: VPLS traffic cannot be forwarded on a newly created Ethernet service instance after

the original Ethernet service instance is deleted. • Condition: This symptom occurs if the original Ethernet service instance uses the default packet

match rules.

201811280332 • Symptom: The STP process on a card unexpectedly exits. • Condition: This symptom might occur if the switch is enabled with STP or PVST.

201901220406 • Symptom: Routing entries cannot be added, deleted, or modified on an FC or FD card. • Condition: This symptom might occur if the following conditions exist:

Route flaps exist on the switch. The operating mode of the card is the balanced mode or extended routing mode. The card has threads locking each other. uRPF is enabled on the switch.

201901220225 • Symptom: ACL rules are processed slowly. • Condition: This symptom might occur if the following conditions exist:

The ACL has a large number of ACL rules and is used in PBR or packet filtering. ACL rules are added or deleted in the ACL.

201901180616 • Symptom: In an ADCampus network, the leaf device cannot display the authentication page for

clients during portal authentication. The clients can access server resources without authentication.

• Condition: This symptom occurs if you have modified the BYOD address pool from the iMC server or have deleted or created downlink ports on the leaf device.

201901020157 • Symptom: Layer 3 traffic cannot be forwarded among cards. • Condition: This symptom might occur if multiple cards reboot at the same time.

20

201812190135 • Symptom: The MPU might reboot unexpectedly if it has been processing protocol packets for a

long period of time and route flapping occurs constantly. • Condition: This symptom might occur if the MPU has been processing protocol packets for a

long period of time and route flapping occurs constantly.

201811280332 • Symptom: The STP process on a module might exit unexpectedly. • Condition: This symptom might occur if STP or PVST is enabled.

201711290831 • Symptom: The memory usage of the MPU keeps increasing. Eventually, the MPU reboots after

the memory is exhausted. • Condition: This symptom might occur if the inter-card communication fails. As a result, the

inter-card communication continuously fails to send packets.

201811060500 • Symptom: Repeated SSH logins might cause the switch to generate logs for the sshd call stack. • Condition: This symptom might occur if an SSH user logs in repeatedly.

201811270685 • Symptom: QoS policies are required to provide traffic statistics in bps. • Condition: None.

201809200551 • Symptom: The standby MPU has memory leaks when the switch receives messages that carry

Option 82 (v4) or Option 18 (v6) from a portal client that attempts to come online. • Condition: This symptom might occur if two MPUs are installed on the switch.

201809200523 • Symptom: Users cannot come online if the server issues authorization VLAN names that begin

with the string \000. • Condition: This symptom might occur if the server issues authorization VLAN names that begin

with the string \000.

201809270320 • Symptom: The switch might reboot unexpectedly when a certain operation is performed on an

interface that is receiving traffic. • Condition: This symptom might occur if one of the following operations is performed on an

interface that is receiving traffic: Change the VPN instance associated with the interface. Modify the IP address of the interface. Shut down the interface, or bring up the interface if it goes down.

201809060185 • Symptom: Services are interrupted after a software upgrade. • Condition: This symptom might occur if the following conditions exist:

The software is upgraded to R7576. The ip unreachables enable command is executed. VXLAN is configured, and VLAN interfaces are created for the SVLANs that match Ethernet

service instances.

21

The interfaces configured with Ethernet service instances are on the following modules which support only Layer 2 VXLAN forwarding: − SE interface module JH192A/JH200A (LSUM2GT48SE0). − EC interface modules JH195A/JH203A (LSUM1QGS6EC0) and JH194A/JH202A

(LSUM1TGS24EC0).

201808290417 • Symptom: Interface flapping might occur after a software upgrade. • Condition: This symptom might occur if the following conditions exist:

The software is upgraded to R7576. One of the following interface modules is installed on the switch:

− SF or EC modules. − SC, SA, or SE modules that have two or four 10-GE fiber ports except JC617A/JG376A

(LSU1GP24TXSE0) and JC620A/JG379A (LSU1TGX4SE0).

201808290122 • Symptom: The CPU usage increases significantly when the switch receives a large number of

ARP packets. • Condition: This symptom might occur if the ARP packets are received from a VPLS PW that is

configured on one of the following interface modules: SF interface modules. EB interface modules. EA interface modules:

− JC621A/JG380A (LSU1GP24TXEA0). − JG381A/JC622A (LSU1GP48EA0). − JC623A/JG382A (LSU1GT48EA0). − JG383A/JC624A (LSU1TGX4EA0).

SC interface module JC628A (LSU1TGS16SC0). SE interface modules:

− JC763A/JG347A (LSU1GP24TSE0). − JC617A/JG376A (LSU1GP24TXSE0). − JC618A/JG377A (LSU1GT48SE0). − JG378A/JC619A (LSU1GP48SE0). − JC620A/JG379A (LSU1TGX4SE0).

201808070007 • Symptom: The switch learns the ARP entry for a user who has failed MAC authentication. • Condition: This symptom might occur if MAC authentication is enabled on an interface.

201808070004 • Symptom: The voice-vlan mac-address command no longer takes effect after a module

reboots. • Condition: This symptom might occur if a module reboots.

201807190189 • Symptom: PVST is enabled on a mirroring source port. After the switch reboots, incoming

packets on the port cannot be mirrored. • Condition: This symptom might occur if PVST is enabled on a mirroring source port.

22

Resolved problems in R7576 201804180342

• Symptom: The switch receives duplicated ICMP echo replies when pinging another device. • Condition: This symptom might occur if the following conditions exist:

The outgoing port of ICMP echo request and the incoming port of ICMP echo replies are Layer 3 Ethernet interfaces or Layer 3 aggregate interfaces.

The switch is enabled to send ICMP redirect messages.

201806210624 • Symptom: The software image signature in the display install package command output is

incorrect, which should be modified to HPE. • Condition: This symptom occurs if the display install package command is executed to

display the software image file information in the flash.

201807050163 • Symptom: When the super administrator logs in to the device for the first time after modifying

the password, the device prompts that the password must be modified again. • Condition: This symptom occurs if password control is configured on the device and the super

administrator logs in to the device and modifies the account password.

201806260752 • Symptom: SNMP fails to read the device information. • Condition: This symptom occurs if the NMS server uses SNMP to read the device information

frequently.

201806220683 • Symptom: An LSU1TGS8EB card reboots unexpectedly.

Condition: This symptom occurs if NetStream sampling is configured on an JH196A/JH204A (LSUM1CGC2EC0), JH195A/JH203A (LSUM1QGS6EC0), JH194A/JH202A (LSUM1TGS24EC0), JC629A/JG387A (LSU1TGS8EB0), JC631A/JG387A (LSU1TGS8SE0), JC630A/JG389A (LSU1TGS8EA0) card.

201806210639 • Symptom: The device prints a log showing that "PSE 19, has sampled consumption 902W".

However, the PoE module actually supports a maximum power of 480W. • Condition: None.

201805280709 • Symptom: The device does not learn ARP entries at a low probability. • Condition: This symptom occurs if the whole IRF fabric in a VXLAN network is rebooted.

201806050529 • Symptom: The memory usage of a card keeps increasing, and is rebooted after the memory is

exhausted. • Condition: This symptom occurs if NetStream is configured and the specific packets are

received.

201806050259 • Symptom: Failed to configure a PBR policy on a VLAN interface. • Condition: This symptom occurs if the PBR policy is configured with the default PBR policy.

javascript:openTab('../DefectDetail/Default/d4e1b16c-b5ec-49f7-8d40-f82678b85aef',%20'%E9%97%AE%E9%A2%98%E5%8D%95:201806260752');

23

201805310180 • Symptom: The memory usage of a card keeps increasing at a low probability. • Condition: This symptom occurs if HTTPS redirect packets continuously exist on the card.

201805280318 • Symptom: The BGP commands configured cannot be issued at a low probability. • Condition: This symptom occurs if multiple active/standby switchovers are performed on the

device.

201805210700 • Symptom: A device configured with DHCP or VRRP cannot properly transparently transmit the

corresponding protocol packets. • Condition: This symptom occurs if the device is configured with DHCP or VRRP.

201805160485 • Symptom: Unicast traffic cannot be forward between IRF2.0 member devices. • Condition: This symptom might occur if multiple cards are installed in a certain sequence.

201805280234 • Symptom: CVE-2016-9586 • Condition: Attackers can exploit this issue to execute arbitrary code in the context of the

affected application. Failed exploit attempts will result in denial-of-service conditions.

201804160114 • Symptom: The memory usage of the device is high. • Condition: This symptom occurs if the SNMP alarm log process obtains the information about

the SYSLOG-MSG-MIB node.

201803280551 • Symptom: Routes are imported exceptionally in a VPN. • Condition: This symptom occurs if the Export Target and Import Target of the VPN instance are

different.

201803190256 • Symptom: A user cannot receive data from the multicast source. • Condition: This symptom occurs if IGMP is enabled on an interface with Portal enabled.

201801290683 • Symptom: An IPv6 packet filter fails to be issued in the outbound direction. • Condition: This symptom occurs if a large number of IPv4 packet filters and QoS policies have

been configured in the outbound direction and an IPv6 packet filter using an ACL with a lot of match fields is configured in the outbound direction.

201802060281 • Symptom: CVE-2017-15896 • Condition: An attacker can exploit this issue to bypass TLS validate and encrypt, send

application data to Node.js. • Symptom: CVE-2017-3737 • Condition: Successfully exploiting this issue will allow attackers to bypass security restrictions

and perform unauthorized actions; this may aid in launching further attacks. • Symptom: CVE-2017-3738

javascript:openTab('../DefectDetail/Default/de4d6708-da45-4ec0-aae6-429287fa97f4',%20'%E9%97%AE%E9%A2%98%E5%8D%95:201801290683');

24

• Condition: An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.

Resolved problems in R7568 201708030435

• Symptom: The iNode client fails to come online, prompting that the username doesn't exist. • Condition: This symptom occurs if the switch works with the iNode client to perform portal

authentication on users.

201903050016 • Symptom: The switch reboots unexpectedly. • Condition: This symptom occurs if the following conditions exist:

ARP entries move between interfaces repeatedly and rapidly. ARP entries are obtained repeatedly after SNMP is enabled.

201710190310 • Symptom: In an ADCampus network, a MAC authentication user uses the MAC address of a

VSI interface. As a result, ARP and ND learning cannot be performed correctly on the VSI interface, and the VSI interface cannot forward IP traffic.

• Condition: This symptom might occur if a MAC authentication user uses the MAC address of a VSI interface in an ADCampus network.

201801020473 • Symptom: When the PoE chip of a PoE-capable card is disturbed, the "Power supply

recovered." message is generated for a power interface, and the switch stops supplying power to the interface.

• Condition: This symptom might occur if the PoE chip of a PoE-capable card is disturbed.

201801100746 • Symptom: The switch displays the "Deadloop once occurred on slot 0 cpu 0." message when a

large number of interrupts are reported. • Condition: This symptom might occur if a large number of interrupts are reported.

201712200885 • Symptom: The Web interface does not support VLAN interface creation. • Condition: This symptom might occur if configuration of the switch is modified on the Web

interface.

201711060304 • Symptom: CVE-2017-1000253 • Condition: Local attackers may exploit this issue to gain root privileges.

201709260172 • Symptom: CVE-2017-3735 • Condition: Successfully exploiting this issue will allow attackers to bypass security restrictions

and perform unauthorized actions; this may aid in launching further attacks.

201712200904 • Symptom: CVE-2017-12190

http://idms.h3c.com/Login?tabUrl=DefectDetail/Default/4ce1fc72-5b81-41bb-a3da-86ce8c135eef$tabTitle=201710190310

25

• Condition: Local attacker can exploit these issues to obtain sensitive information that may lead to further attacks.

• Symptom: CVE-2017-12192 • Condition: Attackers can exploit this issue to cause denial-of-service conditions. Due to the

nature of this issue, arbitrary code execution may be possible but this has not been confirmed. • Symptom: CVE-2017-15274 • Condition: An attacker can exploit this issue to cause a local denial-of-service condition. • Symptom: CVE-2017-15299 • Condition: An attacker can exploit this issue to trigger a kernel panic, denying service to

legitimate users.

Resolved problems in R7557P03 201709290246

• Symptom: Layer 3 multicast forwarding entries might not be created and the multicast service is unavailable.

• Condition: This symptom might occur if the switch acts as an RP, multicast sources have registered with the RP, and dropping unknown multicast data is enabled for VLANs.

201709030007 • Symptom: The syslogd process cannot start up after the switch reboots. • Condition: This symptom might occur if log files are damaged when the switch is powered

down.

201709050808 • Symptom: The switch might fails to create OSPF routes based on LSAs when a large number of

routes flap. • Condition: This symptom rarely occurs if a large number of routes flap.

201710110727 • Symptom: Users fail to log in to the switch when the switch is under a large number of Telnet

and SSH attacks. • Condition: This symptom occurs if the switch is under a large number of Telnet and SSH

attacks.

201707140703 • Symptom: The number of MAC address moving records is displayed as a negative number. • Condition: This symptom might occur if the following conditions exist:

The switch operates for a long time and the configuration on the switch does not change. A MAC address keeps moving. Less than 200 MAC address move records exist on the switch.

201707210160 • Symptom: The SNMP notification target host configuration cannot be restored when the switch

restores the configuration in an .mdb configuration file during startup. • Condition: This symptom might occur if the authentication parameter or the VPN instance string

in the SNMP notification target host configuration contains a dot (.).

26

201707270174 • Symptom: The IPv4 and IPv6 NetStream data export configuration gets lost after the switch

restores the configuration in a .cfg configuration file during startup. • Condition: This symptom might occur if the .mdb configuration file is deleted and the switch

restores the configuration in a .cfg configuration file during startup.

201707270911 • Symptom: It takes the switch a long time to issue rules in the ACL used for PBR or packet

filtering. • Condition: This symptom might occur if a large number of rules are configured in the ACL and

rules in the ACL are added or deleted.

201707220131 • Symptom: MAC address entries for free VLANs cannot be obtained by reading MIB node

dot1qTpFdbPort. • Condition: This symptom might occur if MAC authentication and free VLANs are configured and

MIB node dot1qTpFdbPort is read to obtain MAC address entries for the free VLANs.

201708080521 • Symptom: Rules cannot be added to an ACL used for packet filtering even though the

resources are sufficient. • Condition: This symptom might occur if the ACL rules are issued to a multi-chip card and the

total number of rules on all chips is greater than the maximum number of rules allowed on each chip.

201708160310 • Symptom: Some protocols (such as DHCP) might not operate correctly after they are enabled. • Condition: This symptom might occur if a large number of ACL rules are issued to the outbound

direction of cards, which causes insufficient resources.


• Symptom: The switch cannot learn MAC address entries for a VLAN because of insufficient resources.

• Condition: This symptom might occur if the ACL resources are low and you keep setting the MAC learning limits for VLANs till an insufficient resources error appears for a VLAN.

201612050298 • Symptom: CVE-2016-7431 • Condition: Zero Origin timestamp problems were fixed by Bug 2945 in ntp-4.2.8p6. However,

subsequent timestamp validation checks introduced a regression in the handling of some Zero origin timestamp checks.

• Symptom: CVE-2016-7428 • Condition: An attacker with access to the NTP broadcast domain can send specially crafted

broadcast mode NTP packets to the broadcast domain which, while being logged by ntpd, will cause ntpd to reject broadcast mode packets from legitimate NTP broadcast servers.

• Symptom: CVE-2016-7427 • Condition: An attacker with access to the NTP broadcast domain can periodically inject

specially crafted broadcast mode NTP packets into the broadcast domain which, while being

27

logged by ntpd, can cause ntpd to reject broadcast mode packets from legitimate NTP broadcast servers.

201702230116 • Symptom: CVE-2017-3731 • Condition: OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this

issue to crash the application, resulting in denial-of-service condition. • Symptom: CVE-2017-3732 • Condition: OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit

this issue to gain access to sensitive information that may aid in further attacks.

201706210159 • Symptom: CVE-2014-9297 • Condition: An attacker can exploit this issue. When an NTP client decrypted a secret received

from an NTP server. • Symptom: CVE-2015-9298 • Condition: An attacker could bypass source IP restrictions and send malicious control and

configuration packets.

201706210155 • Symptom: CVE-2016-9042 • Condition: NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to

cause a denial-of-service condition, denying service to legitimate users. • Symptom: CVE-2017-6458 • Condition: NTP are prone to a buffer-overflow vulnerability because it fails to properly

bounds-check user-supplied data before copying it into an insufficiently sized buffer.

201705100516 • Symptom: Interfaces on some cards cannot come up when connecting to devices from other

vendors. • Condition: This symptom might occur if the interfaces reside on the following cards:

JC617A/JG376A (LSU1GP24TXSE0). JG378A/JC619A (LSU1GP48SE0). JC621A/JG380A (LSU1GP24TXEA0). JG381A/JC622A (LSU1GP48EA0). JG384A/JC625A (LSU1GP48EB0). JC626A/JG337A (LSU1GP24TXEB0). JC763A/JG347A (LSU1GP24TSE0).

201705090043 • Symptom: The speed 100 configuration gets lost after a card reboots and error message

"Operation failed" appears when the speed 100 command is executed. • Condition: This symptom might occur if the following operations are performed:

Set the speed of a port to 100 Mbps when no transceiver module is inserted into the port. Insert a transceiver module into the port and then reboot the card where the port resides.

201706210218 • Symptom: The undo snmp-agent trap enable ospfv3 configuration gets lost after a certain

operation is performed. • Condition: This symptom might occur if one of the following operations is performed:

28

Initiate two active/standby MPU switchovers. Reboot a standby MPU and then initiate an active/standby MPU switchover. The standby

MPU becomes the active MPU. Perform a compatible ISSU to upgrade the software.

201705080559 • Symptom: On an EVPN network, VXLAN packets cannot be forwarded through an IRF fabric. • Condition: This symptom might occur if the outgoing VXLAN tunnel interface is a cross-device

aggregate interface and a subordinate member device reboots repeatedly.

201706210368 • Symptom: On a VXLAN network, the output interfaces in ARP entries are incorrect if MAC move

events exist. • Condition: This symptom might occur if MAC move events exist on the VXLAN network.

201705120464 • Symptom: The values of the RX power fields are incorrect in the digital diagnosis parameters

displayed by using the display transceiver diagnosis command for an SFP or SFP+ transceiver module.

• Condition: This symptom might occur if the SFP or SFP+ transceiver module is externally calibrated.

201705030012 • Symptom: The static routing-Track-NQA collaboration does not take effect so NQA fails to

detect the reachability of static routes and Track fails to change the track entries corresponding to the static routes.

• Condition: This symptom might occur if static routes are configured and the static routing-Track-NQA collaboration is configured.

201705180631 • Symptom: The switch generates redundant link-down notifications for ports on switching fabric

modules. • Condition: None.

201704180637 • Symptom: Part of the DHCPv4 configuration and the DHCPv6 configuration gets lost when a

compatible ISSU is performed to upgrade the software from R752X to R753X or a later version. • Condition: This symptom might occur if a compatible ISSU is performed to upgrade the

software from R752X to R753X or a later version.

201705150140 • Symptom: The electronic label of a transceiver module might be modified if the transceiver

module is powered off. • Condition: This symptom might occur if the transceiver module is powered off when the port into

which the transceiver module is installed connects to a port and comes up.

201705160517 • Symptom: Layer 3 traffic cannot be forwarded. • Condition: This symptom might occur if strict IPv6 or IPv4 uRPF check is enabled on the switch

and equal cost routes to a destination exist.

201707240060 • Symptom: Type-5 LSAs that the switch learns are incorrect.

29

• Condition: This symptom might occur if OSPF advertises and withdraw Type-5 SAs that have the same prefix but different subnet masks, costs, and tags.

201703130310 • Symptom: On an IRF fabric configured with MDCs, broadcast storms occur in a non-default

MDC. • Condition: This symptom might occur if the following conditions exist:

BFD MAD is enabled on the IRF fabric. IRF links exist in the non-default MDC. IRF links in the default MDC are shut down.

201706210328 • Symptom: The switch fails to perform command authorization based on an HWTACACS

scheme. • Condition: This symptom might occur if the switch is configured to perform command

authorization based on an HWTACACS scheme.

201704110645 • Symptom: Traffic cannot be forwarded on the switch because the switch fails to learn ARP

entries for VLANs. • Condition: This symptom might occur if a large number of MAC address entries are configured

or learned on the switch and the switch is configured with a large number of VLAN interfaces.

201707040179 • Symptom: On a VPLS network, member ports in a dynamic aggregation group on a CE cannot

become selected after the outgoing public network tunnel changes. Additionally, after the outgoing public network tunnel changes back, traffic cannot be forwarded through the tunnel.

• Condition: This symptom might occur if VPLS is configured, the control word feature is enabled, and the outgoing public network tunnel changes.

201707240597 • Symptom: The system mistakenly reports a QSFP transceiver module as a non-H3C

transceiver module when the QSFP transceiver module is installed on the switch or on the other devices.

• Condition: This symptom might occur if the following conditions exist: The JH434A (LSUM2QGS12SG0) card of which the PCB version is VER.A is installed into

the switch. A QSFP transceiver module with an electronic label is inserted into a port on the card and

then the card starts up or the QSFP transceiver module is removed and inserted.

201707110061 • Symptom: The FreeRADIUS feature on the switch does not take effect if the switch acts as a

RADIUS server. • Condition: This symptom might occur if the switch acts as a RADIUS server.

201707170645 • Symptom: Service interruption occurs because the status of member ports in an aggregation

group is incorrect after the switch reboots. • Condition: This symptom might occur if the following operations are performed:

A 10-GE port inserted with a GE module is assigned to the aggregation group. An active/standby MPU switchover takes place when the cards on the switch report the port

speed change after startup.

30

201707200213 • Symptom: Multiple ports on the PoE card are powered off simultaneously. • Condition: This symptom might occur if multiple PDs are connected to the PoE card and input

signals on the PDs are severely disturbed.


• Symptom: BFD flaps or features(such as BGP and OSPF) which work with BFD flap. • Condition: This symptom might occur with a low probability when BFD is enabled on the switch.

201704190686 • Symptom: The packet capture feature is not available for cards when the switch runs

R7536P01. • Condition: This symptom might occur if the switch runs R7536P01.

201703200463 • Symptom: A card reboots unexpectedly if the switch runs for a long time and the next hops of

PBR policies repeatedly flap. • Condition: This symptom might occur if the switch runs for a long time and the next hop of PBR

policies repeatedly flap.

201704130583 • Symptom: Traffic statistics for an aggregate interface cannot be accurately collected if a

selected member port of the aggregate interface resides on slot 0. • Condition: This symptom might occur if the switch is in standalone mode and a selected

member port of the aggregate interface resides on slot 0.

201703180243 • Symptom: A card reboots unexpectedly in a certain condition. • Condition: This symptom occurs with a low probability if the following conditions exist:

A host migrates to a new port on the switch and still remains in the same VLAN or VSI. A new ARP or ND entry needs to be learned on the port but the maximum number of ARP or

ND entries on the port is already reached.


• Symptom: When you specify an .ipe package as the startup software image in the BootWare menu, the system prompts that the flash space is insufficient.

• Condition: This symptom occurs when the switch uses JG496A (LSU1SUPB0) MPUs.

201607270494 • Symptom: The spanning tree root port role frequently moves between ports, and continual

network flapping occurs. • Condition: This symptom might occur if an Ethernet port is changed from the bridge mode

(Layer 2) to the route mode (Layer 3), and then is changed back to the bridge mode.

31

201608020001 • Symptom: In an IRF2.0 system, a card cannot be properly started, the interfaces on the card

are invisible, and the service configuration does not take effect. • Condition: This symptom occurs if all interfaces on the card are configured as IRF physical

interfaces.

201608180009 • Symptom: Traffic cannot be forwarded between chassis of an IRF 2 fabric system. • Condition: This symptom occurs if the following conditions exist:

Enable LLDP in the IRF 2 fabric system that uses the daisy-chain topology. Configure a new IRF port (without activating the IRF port) to change the topology of the IRF

2 fabric system to the ring topology.

201612220525 • Symptom: Users fails local portal authentication on an interface. • Condition: This symptom occurs if portal authentication is not enabled on the VLAN interface of

the PVID to which the interface belongs when local portal authentication is deployed.

201610250305 • Symptom: IPv6 services are unavailable because the MAC address of a VSI interface conflicts

with the source MAC address of packets. • Condition: This symptom occurs if a port receives a packet whose MAC address is the same as

the MAC address of the VSI interface.

201703100176 • Symptom: The sFlow agent cannot assign values to both the Input interface value and Output

interface value fields in sFlow packets sent to the sFlow collector. • Condition: None.

201608020519 • Symptom: When you view IPv4SG bindings, the deleted bindings are still displayed. • Condition: This symptom occurs if the DHCP snooping entries are cleared or all global static

IPv4SG bindings are cleared.


• Symptom: Multiport unicast MAC entry configuration does not take effect. • Condition: This symptom might occur if multiport unicast MAC entries are configured.

201612300131 • Symptom: When 41 or more VLANs are configured on the switch, the display vlan brief

command cannot display information about some VLANs. • Condition: This symptom might occur if 41 or more VLANs are configured on the switch.

201611170483 • Symptom: On an LPU that supports VXLAN Layer 3 forwarding, QoS policy configuration does

not take effect on Layer 3 interfaces when VSI interfaces exist. • Condition: This symptom might occur if VSI interfaces exist on an LPU that supports VXLAN

Layer 3 forwarding.

http://idms.h3c.com/Login?tabUrl=DefectDetail/Default/f5c2df9e-511d-4976-aea4-17d2d0b8ebf9$tabTitle=201703100176

32

201611080350 • Symptom: CVE-2016-5195. • Condition: An unprivileged local user could use this flaw to gain write access to otherwise

read-only memory mappings and thus increase their privileges on the system.

201611070395 • Symptom: CVE-2016-8858. • Condition: A remote user can send specially crafted data during the key exchange process to

trigger a flaw in kex_input_kexinit() and consume excessive memory on the target system. This can be exploited to consume up to 384 MB per connection.

201610210557 • Symptom: CVE-2016-2177. • Condition: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic, which might allow

remote attackers to cause a denial of service. • Symptom: CVE-2016-7052. • Condition: OpenSSL 1.0.2i allows remote attackers to cause a denial of service by triggering a

CRL operation. • Symptom: CVE-2016-6304. • Condition: OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this

issue to cause a denial-of-service condition. • Symptom: CVE-2016-6306. • Condition: OpenSSL is prone to a local denial-of-service vulnerability. A local attacke

HPE FlexNetwork 10500-CMW710-R7577P06-US Release Notes · live network, back up the configuration...

Documents

Transcript of HPE FlexNetwork 10500-CMW710-R7577P06-US Release Notes · live network, back up the configuration...