Fixes
This section lists released builds that include fixes found in this branch of the software. Software fixes are listed in reverse-chronological order, with the newest on the top of the list. Unless otherwise noted, each software version listed includes all fixes added in earlier versions.
The Symptom statement describes what a user might experience if this is seen on the network. The Scenario statement provides additional environment details and trigger summaries. When available, the Workaround statement provides a workaround to the issue for customers who decide not to update to this version of software.
The number that precedes the fix description is used for tracking purposes.
Version |
Bug ID |
Software |
Description |
Category |
---|---|---|---|---|
16.10.0025 |
- |
YC |
No fixes were included in version 16.10.0025. |
- |
16.10.0024 |
256574 |
YC |
Symptom: The switch crashes if the ip tcp randomize-timestamp configuration is present on the switch. Scenario: This issue occurred when the switch had the ip tcp randomize-timestamp configuration and SSH/Telnet/Web UI was established on the switch. Workaround: Remove the ip tcp randomize-timestamp configuration. |
Boot and Reload |
16.10.0024 |
256872 |
YC |
Symptom: The switch crashes with the message : NMI event SW:IP=0x0ea80030 MSR:0x02029200 LR:0x0ea800cccr: 0x42000400 sp:0x1f5d46e8 xer:0x00000000Task='mDsnoopCtrl' Task ID=0x1f5d13a8. Scenario: This issue occurred when the DHCP snooping was enabled and the switch was processing continuous DHCP packets. Workaround: Disable the DHCP snooping |
DHCP Snooping |
16.10.0024 |
256651 |
YC |
Symptom: System memory depletes and the switch reboots after a few months of run-time. Scenario: This issue occurred when the switch was connected to AirWave, and the AirWave was polling certain MIBs including ieee8021SpanningTreeDesignatedRoot and hpicfXpsSwitchModType. |
Central Integration |
16.10.0023 |
256543 |
YC |
Symptom: IPTV stream freezes on a periodic basis as the querier information is lost. Scenario: This issue occurred when the IGMPv3 query was sent with a QQIC value lower than the IGMPv2 configs. Workaround: Change the querier interval value configured for IGMPv2 to a value higher than 60 seconds (default IGMPv2 querier interval). |
IGMPv3 |
16.10.0023 |
256613 |
YC |
Symptom/Scenario: Some IP addresses for save config and config change in the traps will not be displayed in AirWave. |
AirWave |
16.10.0023 |
256575 |
YC |
Symptom: The switch will stop responding to valid SNMP packets. Scenario: This issue occurred when the UDP packets were sent without any data. After 65 packets, the switch will stop responding to valid packets. |
SNMPv3 |
16.10.0023 |
256600 |
YC |
Symptom: Client will not be in authenticated state until cached-reauth period. Scenario: This issue occurred when 802.1x authentication was configured with cached-reauth. Workaround:
|
802.1x |
16.10.0023 |
256732 |
YC |
Symptom: Local-user with group cannot be configured via SNMP. Scenario: This issue occurred when local-user with group using SNMP was configured. Workaround: User can configure local-user with group using CLI configuration. |
SNMPv2 |
16.10.0022 |
256590 |
YC |
Symptom/Scenario: When a port is added to a VLAN from the Web UI, IPv6 will be enabled on the VLAN. |
NextGen Web UI |
16.10.0022 |
256491 |
YC |
Symptom: Multicast traffic stops for several seconds, causing the video stream to freeze. Scenario: This issue occurred when multiple clients were connected to the same access switch (the access layer with AOS-S switches and distribution/core layer with CX switches) receiving the same multicast stream, and one of the clients sent an IGMP leave. This fix is only specific to IGMPv2. |
IGMP |
16.10.0022 |
256372 |
YC |
Symptom: Traffic from the secondary VLAN does not reach the primary VLAN. Scenario: This issue occurred when there was a tagged trunk port in the secondary VLAN and the switch was rebooted. Workaround: Remove the tagged trunk configuration from the secondary VLAN and re-add the tagged trunk configuration to the secondary VLAN. |
PVLAN |
16.10.0022 |
256485 |
YC |
Symptom: REST request over HTTPS fails as SSL connection is not established.
Scenario: This issue occurred when a GET request with an empty JSON payload was sent. Workaround: Replace the empty JSON payload with None in the GET request. |
REST APIs |
16.10.0022 |
256358 |
YC |
Symptom: An invalid username or password grants the operator access to the switch's Web UI. Scenario: This issue occurred when a banner and a manager password were configured but not an operator password. Workaround: Remove the banner configuration. |
WEB UI |
16.10.0021 |
256366 |
YC |
Symptom/Scenario: The switch crashes with a message similar to the following: Software exception at multMgmtUtil.c:259 – in 'mOobmCtrl' -> Internal error. |
Coredump |
16.10.0021 |
256420 |
YC |
Symptom/Scenario: Switch crashes after entering the ip-recv-mac-address command. Workaround: Use an interval value greater than 2 when configuring ip-recv-mac-address. |
Boot and Reload |
16.10.0021 |
256406 |
YC |
Symptom: Traffic is sent directly to the clients in VLANs that do not have an IP address configured instead of being sent to the gateway configured in the routing table. Scenario: This issue occurred when the switch had both Layer 2 and Layer 3 VLANs and IP client tracker was enabled. Workaround: Disable the IP client tracker. Note: The IP address of the silent clients being tracked may not be learnt unless a port bounce is performed after a redundancy failover. |
Static Routing |
16.10.0021 |
256122 |
YC |
Symptom: Tx drops are seen on the port after the trunk member is removed. Scenario: This issue occurred when the port was configured to be a member of the trunk and subsequently removed from the trunk when the port was down. The issue will be seen when a client is connected to the port. Workaround: Configure the trunk while the port is up. |
LACP |
16.10.0021 |
256069 |
YC |
Symptom: The switch reports a selftest failure on the transceiver ports with Rx timeout error. Scenario: This issue occurred when the 3810 stack rebooted with SFP+ flex modules and J8177D transceivers. |
Chassis Manager |
16.10.0020 |
256274 |
YC |
Symptom/Scenario: VSF Stack Member crashed with a message similar to the following: |
VSF |
16.10.0020 |
256257 |
YC |
Symptom/Scenario: Certain transceivers had link issues in unsupported transceiver mode. |
Transceivers |
16.10.0020 |
256234 |
YC |
Symptom: The show rmon statistics <port no> command returns the wrong counter values. Scenario:This issue occurred when the command clear statistics global or clear statistics <port no>was first executed and then show rmon statistics <port no>. |
CLI |
16.10.0020 |
256233 |
YC |
Symptom: Client ports may encounter packet drops when multicast sources stream video over 500 Mbps. Scenario: This issue can occur when multiple clients from different ports subscribed to the same group, which streams using HD channels requiring high bandwidth. TX drops can occur when several clients change channels simultaneously. Workaround: Lower the bandwidth of the video streams to below 500 Mbps in order to avoid over-subscription of ports. |
IGMP-NG |
16.10.0020 |
256205 |
YC |
Symptom: A configuration template push from Aruba Central fails. Scenario: This issue occurred when the end devices are connected to ports that are configured with port-security learn-mode static. |
Central Integration |
16.10.0019 |
256121 |
YC |
Symptom: Web authentication fails when the switch is managed by Aruba Central ( Scenario: This issue occurred when the switch was connected to Aruba Central and Workaround: Execute |
Web Authentication |
16.10.0018 |
256037 |
YC |
Symptom: Clients are not authenticated on a switch port. Scenario: This issue occurred when multiple clients were connected to a single port (for example, a Personal Computer (PC) was connected to a phone), both MAC authentication and 802.1X authentication methods were attempted at the same time on the PC, and both the authentication methods used the same user role attribute. Workaround: Configure the |
802.1X |
16.10.0018 |
255928 |
YC |
Symptom/Scenario: A switch is unable to connect to Aruba Central. |
Aruba Central |
16.10.0018 |
255940 |
YC |
Symptom: A switch crashes with a message similar to the following:
Scenario: This issue occurred when the switch attempted to reconnect to Aruba Central. |
Aruba Central |
16.10.0018 |
255995 |
YC |
Symptom: A switch crashes when the Scenario: The switch crashed when a MAC-authenticated client had a username of more than 40 characters. |
Authentication |
16.10.0018 |
256016 |
YC |
Symptom: When a private VLAN is configured on a switch, the traffic from the secondary VLAN does not reach the primary VLAN. Scenario: This issue occurred when the switch was rebooted, and the secondary VLAN contained a tagged trunk or Link Aggregation Control Protocol (LACP) port. Workaround: Remove and add the tagged trunk or LACP configuration to the secondary VLAN. |
Private VLAN |
16.10.0018 |
256034 |
YC |
Symptom: SNMP MIB files are not reachable, and the MIB file returns some errors. Scenario: This issue occurred when the customer used an SNMP monitoring tool to read or parse the MIB files. |
SNMP |
16.10.0018 |
256050 |
YC |
Symptom: A switch crashes when the WebUI Security > Clientspage is accessed. Scenario: The switch crashed when a MAC-authenticated client had a username of more than 40 characters. |
Web UI |
16.10.0017 |
255888 |
YC |
Symptom/Scenario: When a proxy server is configured on the switch, the switch does not onboard into Aruba Central or Activate. |
Aruba Central |
16.10.0017 |
255882 |
YC |
Symptom: When a switch fails to connect to Aruba Central, the switch configuration rolls back. Scenario: This issue occurred when the connection between the switch and Aruba Central was lost. |
Aruba Central |
16.10.0017 |
255799 |
YC |
Symptom: The user is unable to copy a configuration file to the switch using Secure File Transfer Protocol (SFTP) and the following error message is displayed. Invalid input: grep usage error Scenario: This issue occurred when the pipe character ( | ) was used as a part of the command input for some configuration commands, such as the Workaround: Do not use the pipe character (|) in the command input for the configuration commands. |
Configuration |
16.10.0017 |
255195 |
YC |
Symptom: The switch memory utilization spikes and might reach to 100%. Scenario: This issue occurred when many ports were monitored and mirrored to one port. Workaround: Disable mirroring on the ports. |
Mirroring |
16.10.0017 |
255825 |
YC |
Symptom/Scenario: When a switch is rebooted through an SSH session, the |
SSH |
16.10.0017 |
255760 |
YC |
Symptom/Scenario: A switch crashes with the following message: |
Tunneled Node |
16.10.0016 |
255682 |
YC |
Symptom: The RADIUS accounting packets sent from the switch to the RADIUS server do not contain the correct client IP address. Scenario: This issue occurred when both user authentication and MAC authentication were configured. |
802.1X |
16.10.0016 |
255400 |
YC |
Symptom: The switch is unable to connect to Activate or Aruba Central. Scenario: This issue occurred when the
|
Activate |
16.10.0016 |
255653 |
YC |
Symptom: The switch crashes with a Non-Maskable Interrupt (NMI) event. Scenario: The switch crashed because of the following reasons:
|
Activate |
16.10.0016 |
255719 |
YC |
Symptom: The IP address of the next server is not present in the DHCP response packet. Scenario: This issue occurred when the DHCP server with option 66 and option 150 was configured in the server pool. |
DHCP Server |
16.10.0016 |
255417 |
YC |
Symptom: The switch crashes with an NMI event. Scenario: This issue occurred when the DHCP snooping traffic was sent continuously to the switch with DHCP option 82, and the DHCP clients rebooted frequently. |
DHCP Snooping |
16.10.0016 |
255586 |
YC |
Symptom: Running configuration does not display the local user roles. Scenario: The issue occurred when the switch was configured to use both downloadable and local user roles. Workaround: Reboot the switch. |
User Roles |
16.10.0016 |
255619 |
YC |
Symptom: The Ports table on the Web UI does not display all the interfaces of the switch. Scenario: This issue occurred when the Name and Id sent through LLDP contained a trailing backslash (\), and the same was configured on the port. Workaround: Disable LLDP on the switch using the |
Web UI |
16.10.0015 |
255124 |
YC |
Symptom: Captive portal redirection does not work. Scenario: This issue occurred when the Workaround: Remove |
Captive Portal |
16.10.0015 |
255259 |
YC |
Symptom/Scenario: Executing the |
CLI |
16.10.0015 |
255134 |
YC |
Symptom: Switch crashes regularly with the following message:
The event log indicates continuous removal and application of the device-profile. Scenario: This issue occurred with a device profile for an AP enabled, with both interfaces of the AP connected to the switch through a trunk, and when the switch was rebooted. Workaround: Disable and enable the device profile. |
Device Profile |
16.10.0015 |
255158 |
YC |
Symptom: Multicast traffic with the source IP address 0.0.0.0 floods to all ports, even with IGMP snooping enabled. Scenario: This issue occurred when the multicast traffic was sent with a NULL IP source from a device connected to a non-querier device. |
IGMP |
16.10.0015 |
255408 |
YC |
Symptom: Unauthorized clients can connect and access the switch using the loopback address. Scenario: This issue occurred when the |
IP Authorized Managers |
16.10.0015 |
255342 |
YC |
Symptom: When an initial role is applied, clients do not attempt to reauthenticate. Scenario: This issue occurred when the server-timeout value was less than the RADIUS request timeout. Workaround: Configure a greater server-timeout value than the RADIUS request timeout. |
RADIUS |
16.10.0015 |
255171 |
YC |
Symptom: The switch CPU spikes and the ClearPass RADIUS server shuts down. Scenario: This issue occurred when MAC authentication used the peap-mschapv2 authentication method. As a result, Access-Request and Access-challenge messages were exchanged in a loop. |
RADIUS |
16.10.0015 |
255067 |
YC |
Symptom: Switch does not respond to Simple Network Management Protocol version 3 (SNMPv3) queries. Scenario: This issue occurred when there was a wrong value in the boot counter. |
SNMPv3 |
16.10.0014 |
- |
YC |
No fixes were included in version 16.10.0014. |
NA |
16.10.0013 |
255031 |
YC |
Symptom: Switch loses connectivity to Aruba Central after a template is pushed. Scenario: This issue occurred when a template with netdestination commands were pushed to the switch. Workaround: Add |
Central |
16.10.0013 |
255125 |
YC |
Symptom: Clients authenticated by Aruba Central are not placed in the proper VLAN. Scenario: This issue occurred because of the following reasons:
|
Central |
16.10.0013 |
255123 |
YC |
Symptom: The following event did not identify the affected module correctly: Scenario: The following event was recorded in the event log when there was a hardware issue: |
RMON Logging |
16.10.0013 |
255058 |
YC |
Symptom: After a new template is applied to the switch, the switch is unable to connect to Aruba Central. Scenario: This issue occurred because the primary VLAN on the switch was changed when the new template was applied. |
Central |
16.10.0013 |
254976 |
YC |
Symptom/Scenario: The SSH, telnet, and console connections cannot be established with the switch, and the following event is recorded in the event log: |
Switch Access |
16.10.0013 |
254966 |
YC |
Symptom: Applying a template from Aruba Central to a switch fails with the following reasons:
Scenario: This issue occurred when the template contained changes to the host configurations of the netdestination entries, which are used in an ACL. |
Central |
16.10.0013 |
254893 |
YC |
Symptom/Scenario: The switch crashes due to an MSTP NMI event. |
Spanning Tree |
16.10.0013 |
254797 |
YC |
Symptom: The following event is recorded in the event file: Scenario: This issue occurred when DHCP snooping was configured. |
DHCP Snooping |
16.10.0013 |
254786 |
YC |
Symptom: SSH fails to connect to the switch. Scenario: This issue occurred because of the following reasons:
|
AAA Authentication |
16.10.0013 |
254780 |
YC |
Symptom: When more number of MAC authentication clients (auth method: peap-mschapv2) get authenticated or reauthenticated, the following event is recorded multiple times in the event log: Scenario: This issue occurred when more than 20 clients were authenticated or reauthenticated at the same time. Workaround: Authenticate or reauthenticate less than 20 clients at the same time. |
MAC Authentication |
16.10.0013 |
254481 |
YC |
Symptom: The switch CPU utilization increases to 80% or more, and CDP packet looping is observed across VLANs. Scenario: This issue occurred when CDP pass-through was configured on two switches, which had more than one connection between them. Workaround: Use |
CDP |
16.10.0012 |
254360 |
YC |
Symptom: A configuration push using the Scenario: This issue occurred when a switch configuration, containing Workaround: Use the |
Central |
16.10.0012 |
254198 |
YC |
Symptom: A switch or management module crashes with the following message: Scenario: This issue occurred when the Workaround: Do not execute the |
Chassis |
16.10.0012 |
254096 |
YC |
Symptom: The Scenario: This issue occurred when the |
CLI |
16.10.0012 |
254278 |
YC |
Symptom: The switch crashes when the Scenario:This issue was observed when the Workaround: Remove |
Crypto |
16.10.0012 |
254760 |
YC |
Symptom: Removal of OSPF routes from the link-state database is delayed. Scenario: This issue occurred when the switch received a Link-State Advertisement (LSA) that advertised routes with max age configured to remove the routes from the database. |
OSPFv2 |
16.10.0012 |
254395 |
YC |
Symptom: The switch does not send the configured NAS-ID while sending a request to the RADIUS server. Scenario: This issue occurred for both login and enable when the switch was configured with a non-default |
Radius |
16.10.0012 |
254665 |
YC |
Symptom: REST connection fails when a Windows client makes an HTTP request. Scenario: This issue occurred when a Windows client sent a REST HTTP request using PowerShell. |
REST |
16.10.0012 |
254525 |
YC |
Symptom: The smartlink port stops forwarding VLAN traffic. Scenario: This issue occurred when the:
Workaround: Disable/enable the port. |
Smartlinks |
16.10.0012 |
254722 |
YC |
Symptom/Scenario: When a user fails to login to the switch using SSH, no SNMP trap is sent. |
SNMPv2 |
16.10.0012 |
254580 |
YC |
Symptom: A switch no longer accepts SSH connections. Scenario: A switch no longer accepts SSH connections. Workaround: Reboot the switch. |
SSH |
16.10.0012 |
254393 |
YC |
Symptom: Event messages are not printed on the Syslog server. Scenario: This issue occurred when a syslog server was configured with the TCP option, Workaround: Remove |
Syslog |
16.10.0012 |
254311 |
YC |
Symptom: Gradual memory depletion on a switch is observed. Scenario: This issue occurred when the telnet sessions were closed abruptly. Workaround: Disable the telnet server on the switch. |
Telnet |
16.10.0011 |
253563 |
YC |
Symptom: The switch crashes with the following message: Scenario: This issue occurred when any of the 802.1X clients' MAC address had a NULL value due to corruption when authenticator configuration on a switch port was disabled. |
802.1X |
16.10.0011 |
254333, 254339 |
YC |
Symptom: Switch crashes with a message similar to the following: Scenario: This issue occurred when the Workaround: Execute the |
Central |
16.10.0011 |
254255 |
YC |
Symptom: Switch crashes with a message similar to the following: Scenario: This issue occurred when continuous or frequent Workaround: Do not access the switch using local-authentication when |
Chassis |
16.10.0011 |
253472 |
YC |
Symptom/Scenario: The following event is recorded in the event log multiple times where Workaround: Reboot the switch. |
Chassis |
16.10.0011 |
253803 |
YC |
Symptom: SSH connection (Remote Console) cannot be established from Aruba Central to the switch. Scenario: This issue occurred when Workaround: Add the following configuration to the switch:
|
Console |
16.10.0011 |
254196 |
YC |
Symptom: Multicast traffic stops after a redundancy switchover. Scenario: This issue occurred when the IGMP Workaround: Remove IGMP from the VLAN and reconfigure the |
IGMP |
16.10.0011 |
253853 |
YC |
Symptom: Continuous RADIUS access request packets are sent from the switch to the RADIUS server. Scenario: This issue occurred when a MAC address limit was configured and a device was attempted to be authenticated beyond the configured limit. |
MAC Authentication |
16.10.0011 |
253965 |
YC |
Symptom: The switch closes the REST connection when the request is made from a Windows client. Scenario: This issue occurred when a REST request was sent from PowerShell on a Windows client. |
REST |
16.10.0011 |
252721 |
YC |
Symptom: Attempts to SSH or telnet to the switch fail and the following message is displayed: Scenario: This issue occurred when a vulnerability scan was run against the switch multiple times. Workaround: Disable Telnet server. |
Switch Access |
16.10.0011 |
253970 |
YC |
Symptom: Ports can be added to a trunk using the web interface even if those ports are configured with IGMP fastlearn. Scenario: This issue occurred when IGMP fastlearn was configured on a few ports of the switch, and the switch was accessed through the web interface to add the IGMP fastlearn enabled ports to the trunk. Workaround: Use the CLI to add ports to a trunk. |
Web Interface |
16.10.0010 |
253807 |
YC |
Symptom: Unsupported values are accepted as ACL numbers for both standard and extended ACLs when configuring ACLs from the REST interface (for example, Aruba Central). Once configured, these ACLs cannot be deleted using REST or the CLI. Scenario: This issue occurred when the REST interface was used to configure an ACL with an unsupported value. |
ACLs |
16.10.0010 |
253425 |
YC |
Symptom: The username sent for a successful MAC-authenticated client is the MAC address, rather than the username. Scenario: This issue occurred when a client was authenticated using MAC authentication. |
Authentication |
16.10.0010 |
253422 |
YC |
Symptom: When a Scenario: This issue occurred when a Workaround: Execute the |
CLI |
16.10.0010 |
253303 |
YC |
Symptom: Peer device does not get an IP address when the port it is connected to is configured using a device-profile. Scenario: This issue occurred when a port is configured using device profile and a peer device is connected to it. Workaround:Disable device-profile and manually configure the port. |
Device Profile |
16.10.0010 |
253507 |
YC |
Symptom: Devices connected to the switch are unable to send or receive packets. Scenario: This issue occurred when a multicast listener query was received with an unspecified source IP address. Workaround: Stop sending malformed multicast listener query packets to the switch. |
Multicast |
16.10.0010 |
253557 |
YC |
Symptom: Using REST to retrieve the resource identifier Scenario: This issue occurred when the REST resource operation GET was used to retrieve the data associated with |
REST |
16.10.0010 |
252993 |
YC |
Symptom: Some RADIUS accounting packets sent to the RADIUS server have a very large size. Scenario: This issue occurred when a downloadable user role was configured with a user policy, network accounting was enabled, and a client was authenticated. |
RADIUS |
16.10.0010 |
253736 |
YC |
Symptom: Disconnect Change of Authorization (CoA) request is not honored. Scenario: This issue occurred when the radius-server group was configured, a client was authenticated, and a disconnect CoA request with the default nas-id was sent. Workaround: Configure |
RADIUS |
16.10.0010 |
253789 |
YC |
Symptom: Switch serial number contains an extra space at the end when it is read using SNMP. Scenario: This issue occurred when the switch serial number was read using SNMP. Example: MIB OID: 1.3.6.1.2.1.47.1.1.1.1.11.1 MIB File: ENTITY-MIB |
SNMP |
16.10.0010 |
253342 |
YC |
Symptom: SSH/Telnet/Console connections to the switch fail with an error message: Scenario: This issue occurred when multiple users logged in and out and RADIUS was configured as the primary authentication method. Workaround: Reboot the switch. |
Switch Access |
16.10.0010 |
253407 |
YC |
Symptom: Unable to log in to the switch using TACACS credentials. Scenario: This issue occurred when a source interface for TACACS was configured using the |
TACACS |
16.10.0010 |
253001 |
YC |
Symptom: When there are continuous link flaps on the link-to-monitor ports within a fraction of a second, some link-to-disable ports may not come up once the link-to-monitor port stabilizes. Scenario: This issue occurred when the link-to-monitor port used a transceiver connected by fibre and flapped continuously at a high rate. Workaround: Use Fault-Finder to disable the link-to-monitor if it is flapping too often. The link-to-disable port can be disabled and re-enabled to bring it back up. |
UFD |
16.10.0010 |
253290 |
YC |
Symptom: Switch crashes when it is accessed through the web interface. Scenario: This issue occurred when the switch was accessed using the web interface and RADIUS authentication was configured for web access. Workaround: Disable RADIUS authentication for web access. |
Web UI |
16.10.0010 |
253877 |
YC |
Symptom: The WebUI Security > Clients page displays incorrect MAC addresses, which results in the user role, IP address, and status columns to be empty. Scenario: This issue occurred when a few workstations with higher value MAC addresses (for example, 9c:dc:71:fb:77:fe) are connected to the last ports of a 2930 stack or the last module of a 5400R. |
Web UI |
16.10.0009 |
252885 |
YC |
Symptom: Switch appears down in Aruba Central. Scenario: This issue occurred because the system time was set to the year 2036, though NTP sync was successful, and the switch was connected to Aruba Central. Workaround: Configure an NTP server in the switch. |
Activate |
16.10.0009 |
252226 |
YC |
Symptom: Switch does not respond during the ZTP process. Scenario: This issue occurred when connecting to the switch using SSH, while Airwave was transferring the configuration to the switch. |
AirWave |
16.10.0009 |
251418 |
YC |
Symptom: Pushing a switch configuration template from Aruba Central fails and a 500 error code is returned. Scenario: This issue occurred when a configuration template that had no untagged ports in VLAN 1 was pushed from Aruba Central. Workaround: In the configuration template, add at least one untagged port in VLAN 1. |
Central |
16.10.0009 |
253174 |
YC |
Symptom/Scenario: The switch experienced an NMI crash with the following message: |
Central |
16.10.0009 |
253276 |
YC |
Symptom: Unable to copy crash-files, core-dump, and the Scenario: This issue occurred when executing the Workaround:
|
CLI |
16.10.0009 |
252265 |
YC |
Symptom: The switch does not forward DHCP packets. Scenario: This issue occurred when both DHCP snooping and IP client tracker trusted were configured, and the client was authenticated. |
IP Client Tracker |
16.10.0009 |
252833 |
YC |
Symptom: MSTP does not work as expected and does not block ports when it should. Scenario: This issue occurred when two ports in a loop were in a forwarding state with MSTP and port- security non-default learn mode enabled. Workaround: Disable port-security. |
Spanning Tree |
16.10.0009 |
252613 |
YC |
Symptom: Unable to connect to the switch using SSH. Scenario: This issue occurred when the switch is configured to use TACACS and a malformed TACACS packet is received by the switch. Workaround: Reboot the switch. |
SSH |
16.10.0009 |
251966 |
YC |
Symptom: The switch sends logging events with a "Z" at the end of the timestamp when the it is not configured to use UTC. Scenario: This issue occurred when the switch sent syslog messages over TLS. |
Syslog |
16.10.0009 |
252410 |
YC |
Symptom: The switch either reboots or fails over from the active to standby management module and records a Watchdog Reset entry in the event log. Scenario: This issue occurred when IP directed-broadcast was configured in the switch and Wake On LAN traffic was sent to a directly connected subnet. Workaround: Disable IP directed-broadcast. |
VSF |
16.10.0009 |
252443 |
YC |
Symptom/Scenario: The Reboot button is displayed for a few seconds in the Web UI. Clicking it allowed an operator to reboot the switch. |
Web UI |
16.10.0008 |
- |
YC |
Version 16.10.0008 was never released. |
- |
16.10.0007 |
252007 |
YC |
Symptom: The switch sends an incorrect CLASS attribute value in the RADIUS accounting packet. Scenario: When the CLASS attribute is updated during re-authentication of a MAC-authenticated client session, the switch fails to send the new CLASS attribute value in the RADIUS accounting packet. Workaround: Force a new client authentication session by disabling/enabling the port after the CLASS attribute value changes. |
Accounting |
16.10.0007 |
251765 |
YC |
Symptom: The show runnig-config output does not display some access list entries (ACEs). Scenario: When the switch is configured with extended ACLs and connect-rate-filter, some ACEs are not displayed in the output of the Workaround: Use the |
ACLs |
16.10.0007 |
251273 |
YC |
Symptom: The switch incorrectly places clients in the configured authorized VLAN (auth-vid). Scenario: When using Workaround: Reauthenticate the affected clients. |
Authentication |
16.10.0007 |
251927 |
YC |
Symptom: The switch fails to remove CDP configuration for a port. Scenario: When a port is added to a trunk interface, the switch fails to remove the previous non-default CDP configuration for that port (example: no cdp enable <PORT-NUM>). Workaround: Remove the non-default CDP configuration from the individual port before adding it to trunk interface. |
CDP |
16.10.0007 |
252053 |
YC |
Symptom/Scenario: The switch crashes with an error message similar to:
|
Central |
16.10.0007 |
252267 |
YC |
Symptom: The switch experiences high CPU utilization. Scenario: In conditions of low network bandwidth or network congestion that cause frequent disconnections from the Aruba Central Portal, the switch experiences high CPU utilization while attempting to reconnect to Aruba Central and while being managed by other NMS applications such as Solarwinds at the same time. Workaround: Use only one NMS application to manage the switch if network bandwidth capacity or congestion cannot be improved. |
Central |
16.10.0007 |
251876 |
YC |
Symptom: The switch may fail to apply the correct VLAN to dynamic trunks. Scenario: After a reboot of a switch configured for dynamic trunks with device profile enabled on ports, the switch may fail to apply the correct VLAN configured in the device-profile, after the port is joined to the dynamic trunk. Workaround: Disable and enable device-profile. |
Dynamic Trunks |
16.10.0007 |
251972 |
YC |
Symptom: Some clients using the PEAP authentication mechanism are not successfully authenticated. Scenario: When concurrent authentication requests are sent to the switch using peap-mschapv2, some clients may not be successfully authenticated, even though ACCESS ACCEPT is sent from the RADIUS server. |
MAC Authentication |
16.10.0007 |
252131 |
YC |
Symptom: REST API calls may experience some slight delay in execution response. Scenario: When multiple REST API commands are executed over the same HTTPS session, they may experience a slight delay in execution response. Workaround: Use a new HTTPS session for each REST API call. |
REST |
16.10.0007 |
250797 |
YC |
Symptom: The switch sends an incorrect checksum when forwarding certain UDP frames. Scenario: If a received UDP frame has no checksum or the checksum value of zero (0), the switch incorrectly calculates the checksum when forwarding it. |
UDP |
16.10.0007 |
251475 |
YC |
Symptom: The switch experiences high CPU utilization and possible console connectivity issues. Scenario: When configuring or modifying aggregated interfaces (trunks) with more than 3 member ports on a switch where there is a very high number of configured VLANs, the switch experiences high CPU utilization and possible console connectivity issues while applying the configuration. |
VLAN |
16.10.0007 |
251505 |
YC |
Symptom: The WebUI contains an XSS vulnerability. Scenario: Configure the editable parameters in the WebUI with values that can cause an XSS attack. |
Web UI |
16.10.0007 |
251524 |
YC |
Symptom: The switch fails to display some ports on the Ports page of the WebUI. Scenario: When aSysName with trailing zeroes is received in the LLDP packet from a neighboring device, the switch fails to list some ports in the Ports page when using the WebUI. Workaround: To get the information for all ports use one of the following options:
|
Web UI |
16.10.0006 |
- |
YC |
Version 16.10.0006 was never released. |
- |
16.10.0005 |
- |
YC |
Version 16.10.0005 was never released. |
- |
16.10.0004 |
- |
YC |
Version 16.10.0004 was never released. |
- |
16.10.0003 |
251317 |
YC |
Symptom: A Windows client that joins a domain other than the one defined in Cisco ISE fails to authenticate. The client will also wait more than 5 minutes before attempting MAC address authentication. Scenario: This issue is observed when MAC and 802.1X authentication are enabled on the port and the configured auth-order is 802.1X-MAC and an initial role. |
802.1X |
16.10.0003 |
251464 |
YC |
Symptom: VSF stack members crash intermittently during 802.1X client reauthentication and the following message is displayed: Scenario: This issue is observed when ports with LLDP traffic are configured with 802.1X and MAC authentication, and the RADIUS VSA |
802.1X |
16.10.0003 |
251498 |
YC |
Symptom: A client is unable to pass traffic. Scenario: This issue is observed when the clear |
Basic Layer 2 |
16.10.0003 |
251280 |
YC |
Symptom: Deploying a switch template through Airwave/Aruba Central fails. Scenario: This issue is observed when the IP address from VLAN1 is removed from a new configuration template and is pushed to the switch with the "ntpserver-name <server name>". Workaround: Do not remove the IP address from VLAN 1 in the new template. |
Central |
16.10.0003 |
251393 |
YC |
Symptom: A switch crashes with the following message Scenario: This issue is observed when a switch is configured with an initial role with a captive-portal-profile and a client is placed in this initial role because the RADIUS server is unreachable. |
Classifier |
16.10.0003 |
250816 |
YC |
Symptom: Authenticated users are disconnected from the switch. Scenario: This issue is observed when users disable and enable the interface which connects to the dhcp- relay switch, after configuring the DHCP server, DHCP relay, and DHCP snooping with ip-source lockdown. Workaround: Disable ip-source lockdown. |
DIPLD |
16.10.0003 |
249465 |
YC |
Symptom: A switch crashes and displays the following message: Scenario: This issue is observed when a switch is configured with OSPF and one of the OSPF neighbors is disconnected. |
OSPF |
16.10.0003 |
251615 |
YC |
Symptom: An attacker is able to obtain sensitive data without providing valid login credentials after a successful REST query. Scenario: This issue is observed when web management is enabled on the switch. |
REST |
16.10.0003 |
251340 |
YC |
Symptom: Tunneled clients lose network connectivity. Scenario: This issue is observed when user tunnels are configured in addition to ip client-tracker trusted and ip client-tracker probe-delay. Workaround:
|
Tunneled Node |
16.10.0003 |
251325 |
YC |
Symptom: Users are unable to modify the vlan-id-tagged list of a user role. Scenario: This issue is observed when the user applies a template that adds VLANs to the vlan-id-tagged list of a user role. Workaround: Use a template that does not extend the list of VLANs in vlan-id-tagged. |
User Roles |
16.10.0003 |
251506 |
YC |
Symptom: The switch manager password is altered to an attack-controlled value. Scenario: This issue is observed when the user clicks a malicious hyperlink. |
Web UI |
16.10.0003 |
251314 |
YC |
Symptom: Switches appear offline in Aruba Central. Scenario: This issue is observed after the switch software is upgraded from 16.04 to 16.08. Workaround: Reboot the switch. |
ZTP |
16.10.0002 |
250681 |
YC |
Symptom/Scenario: The Topology section of Airwave shows spanning tree details for a switch that does not have spanning tree enabled. |
AirWave |
16.10.0002 |
251313 |
YC |
Symptom: The switch experiences a high CPU utilization and loses connection with Central. Scenario: When the switch is upgraded to 16.08.0001 and a template with Workaround: Remove |
Central |
16.10.0002 |
250251 |
YC |
Symptom/Scenario: The switch crashes with a message similar to:
|
Chassis |
16.10.0002 |
250600 |
YC |
Symptom/Scenario: The help text for the |
Device finger printing |
16.10.0002 |
250957 |
YC |
Symptom: Host packets are denied with a message similar to Scenario: When the switch has been configured using the Workaround: Disable Dynamic IP Lockdown on the switch using the |
DIPLD |
16.10.0002 |
250550 |
YC |
Symptom: Primary and secondary VLANs do not have MAC address entries. Scenario: When a port has been configured with PVLAN and port security and the port is subsequently disabled and re-enabled, MAC address entries are not present in the primary and secondary VLANs. Workaround: Reconfigure the port security configuration of the port. |
MAC address |
16.10.0002 |
250392 |
YC |
Symptom: The switch crashes with a message similar to Scenario: After an IP address has been reassigned from one VLAN to another VLAN using the menu interface, the switch may crash with a message similar to Workaround: Disable the first VLAN and save the configuration from the menu interface. Then, configure the deleted IP address on the second VLAN. |
Menu |
16.10.0002 |
245830 |
YC |
Symptom: The switch fails to list the switch ports in the Ports web management page. Scenario: When a peer device that advertises information in LLDP has a sysName string with special characters, the switch fails to display the port list table on the Ports web management page. Workaround: Remove the special characters from the peer device sysName or use CLI commands to get specific port information. |
Next Gen GUI |
16.10.0002 |
250896 |
YC |
Symptom: Switch ports are not listed in the web interface. Scenario: If a peer device advertises an LLDP port ID containing special characters, switch ports are not listed in the web interface. |
Web UI |
16.10.0001 |
250366 |
YC |
Symptom: An Apple MacOS device (desktop or laptop) is unable to maintain authentication with APs. Scenario: When an AP is connected to a switch port that has been configured with device-identity bypass, an Apple MacOS device (desktop or laptop) receives EAP request ID packets after 802.1X authentication and is unable to maintain authentication with the AP. Workaround: Configure a MAC-based ACL to block the EAP request identity to multicast MAC address. |
802.1X |
16.10.0001 |
250681 |
YC |
Symptom/Scenario: The Topology section of Airwave shows spanning tree details for a switch that does not have spanning tree enabled. |
AirWave |
16.10.0001 |
250251 |
YC |
Symptom/Scenario: The switch crashes with a message similar to:
|
Chassis |
16.10.0001 |
250600 |
YC |
Symptom/Scenario: The help text for the |
Device identity |
16.10.0001 |
250957 |
YC |
Symptom: Host packets are denied with a message similar to Scenario: When the switch has been configured using the Workaround: Disable Dynamic IP Lockdown on the switch using the |
DIPLD |
16.10.0001 |
250550 |
YC |
Symptom: Primary and secondary VLANs do not have MAC address entries. Scenario: When a port has been configured with PVLAN and port security and the port is subsequently disabled and re-enabled, MAC address entries are not present in the primary and secondary VLANs. Workaround: Reconfigure the port security configuration of the port. |
MAC address |
16.10.0001 |
250392 |
YC |
Symptom: The switch crashes with a message similar to Scenario: After an IP address has been reassigned from one VLAN to another VLAN using the menu interface, the switch may crash with a message similar to Workaround: Disable the first VLAN and save the configuration from the menu interface. Then, configure the deleted IP address on the second VLAN. |
Menu |
16.10.0001 |
245830 |
YC |
Symptom: The switch fails to list the switch ports in the Ports web management page. Scenario: When a peer device that advertises information in LLDP has a sysName string with special characters, the switch fails to display the port list table on the Ports web management page. Workaround: Remove the special characters from the peer device sysName or use CLI commands to get specific port information. |
Web UI |
16.10.0001 |
250896 |
YC |
Symptom: Switch ports are not listed in the web interface. Scenario: If a peer device advertises an LLDP port ID containing special characters, switch ports are not listed in the web interface. |
Web UI |