Fixes for WC 16.11

Table 1: Fixed Issues
Version	Bug ID	Software	Description	Category
16.11.0024	257491	WC	Symptom: Deleting any tagged port from a VLAN using WebUI removes the port from other VLANs. Scenario: This issue occurred when a port is configured as untagged in a VLAN and the tagged VLANs are modified from this port using WebUI. The port is then subsequently no longer in untagged VLAN, but is present in default VLAN. Workaround: Use CLI commands to update VLAN configurations.	WebUI
16.11.0024	257502	WC	Symptom/Scenario: The switch reboots itself during a power outage. However, routing convergence issues with the RIP protocol may be observed after the reboot. Workaround: Use NTP/SNTP servers, instead of Activate, to establish time sync.	Central Integration
16.11.0024	257513	WC	Symptom: The role under User Details in WebUI displays the incorrect role during the first login attempt. There was no impact on the functionality. Scenario: This issue occurred when the authorization attribute for a user was changed on the radius server. Workaround: Logout from the webUI and login again.	WebUI
16.11.0024	257527	WC	Symptom: No alerts/events are generated when a non-conductor switch in the switch stack fails. Scenario: This issue occurred when a multi-member VSF stack in 2930F/5400R switch was onboarded to Central. During this process, it was observed that no events/alerts were generated when the non-conductor switch was disconnected.	Central Integration
16.11.0023	257379	WC	Symptom: Some users experience unsuccessful file transfers. Scenario: This issue occurred when source interface was configured in Central. Workaround: Remove the `ip sourceinterface` configuration.	Central Integration
16.11.0023	257462	WC	Symptom: Some switches that are managed by Central encounter stale backup configuration file named CentralBkupConfig which in turn may cause a rollback of configuration in the switch. Scenario: This issue occurred when the switch was managed by Central and a configuration push was triggered from Central while a parallel firmware image or configuration update was processed via TFTP. Workaround: Delete the stale backup file using CLI.	Configuration
16.11.0023	257482	WC	Symptom: Some switches experience module crash when VXLAN is enabled. Scenario: This issue occurred when VXLAN was enabled in multiple VLANs in order to create VXLAN tunnels.	Core Dump
16.11.0023	257492	WC	Symptom: Users encounter inconsistent wording of WebUI in the event logs for a web session. For example, instances of both WEB_UI and WEB-UI is available in the logs. Scenario: This issue occurred when users tried to log in and out using valid and invalid credentials.	WebUI
16.11.0022	-	WC	Version 16.11.0022 is unavailable for download.	-
16.11.0021	257271	WC	Symptom/Scenario: Switch intermittently fails to forward packets from clients even when the clients are successfully on-boarded and authenticated. Workaround:Flap the switch port to fix the issue.	802.1X
16.11.0021	257322	WC	Symptom: Some switches are stuck in a high CPU utilization state due to eDhcpdProto task found in running state. Scenario: The issue occurred when the switch received a high amount of DHCP traffic. Workaround:Enabling and disabling DHCP will clear the CPU usage for the switch.	Chassis Manager
16.11.0021	257330	WC	Symptom/Scenario: Clients are unable to on-board with specific downloadable user-roles (DUR). This issue was observed intermittently.	User Role
16.11.0021	257377	WC	Symptom/Scenario: Some users are able to apply a ACL to a management VLAN when it is not allowed. Workaround: Remove the ACL configuration for the management VLAN using CLI.	Management VLAN
16.11.0021	257381	WC	Symptom: Switch crashes and restarts when Qualys scans are initiated. Scenario:This issue occurred when the Qualys VMDR (Vulnerability Management, Detection and Response) scan was initiated.	Boot and Reload
16.11.0021	257385	WC	Symptom: Some switches crash with the following message: out of memory. Scenario: This issue occurred due to slow memory leakage and exhaustion.	VSF
16.11.0021	257396	WC	Symptom: Clients are unable to on-board and the following error message is logged when the user attempts to assign a downloadable user-roles (DUR) to a port: ACL error - unable to create ACL entry Scenario: This issue was observed when a client placed in critical role was moved to a regular role.	ACL
16.11.0021	257432	WC	Symptom: Some users do not receive HTTP response from the switch. Scenario:This issue occurred when HTTP requests were sent using Ansible scripts and the Ansible client interface experienced connection failures. Workaround:Use Curl instead of Ansible to send HTTP requests.	HTTP Server
16.11.0020	257397	WC	Symptom Users were unable to upgrade the switches from AOS-S 16.11.0018 to AOS-S 16.11.0019 version and an error message, Firmware image signature is not valid was displayed. Scenario: This issue occurred when users upgraded the switches using the WebUI.	WebUI
16.11.0020	257382	WC	Symptom: Manual SSH failed when the switch was acting as a server and AirWave Zero Touch Provisioning (ZTP) workflow was also affected. Scenario: This issue occurred when an SSH client running OpenSSH 8.0P1 or later version was used to establish an SSH connection with a factory default AOS-S switch.	Zero Touch Provisioning
16.11.0019	CNX-66302	WC	Symptom/Scenario: After a firmware upgrade to version 16.11.0018, switches on-boarded in Central did not send periodic device information statistics.	Central Integration
16.11.0018	257222	WC	Symptom: Switch fails to learn the MAC address of the firewall after the version upgrade. Scenario: This issue occurred in switches with QinQ enabled and service VLANs configured.	QinQ
16.11.0018	257275	WC	Symptom: Users experience random connectivity issues and packet processing failure. ARP entries are not resolved in the switch. Scenario: This issue occurred when an ICMPv6 NS (Neighbor Solicitation) packet with 'Anycast' as the destination address was sent from an IPv6 node. Workaround: Disable IPv6.	ARP
16.11.0018	257282	WC	Symptom/Scenario: Switch crashes when show commands are configured with a backslash "\".	CLI
16.11.0018	257262	WC	Symptom: Switch crashes when Qualys scans are executed. Scenario:This issue occurred when the Qualys VMDR (Vulnerability Management, Detection and Response) scan was executed.	Boot and Reload
16.11.0018	257270	WC	Symptom/Scenario: Downloaded user roles for the switch are not working. Tunnel creation fails and clients are not on-boarded. Workaround: Move the client from one port to another.	ClearPass Policy Manager
16.11.0018	257302	WC	Symptom: Switch crashes with the following error message: Health Monitor: Read Error Restr Mem Access” for task “mIpAdMUpCt Scenario: This issue occurred when two stack switches were connected with OSPF point-to-point links and VXLAN was enabled.	VXLAN
16.11.0017	-	WC	Version 16.11.0017 is unavailable for download.	-
16.11.0016	257226	WC	Symptom: Switch crashes in SSH remote port forwarding scenarios. Scenario: This issue occurred when the switch was acting as an SSH server and the ssh -R 6000:127.0.0.1:6000 manager@10.0.0.1 command was configured from an SSH client.	SSH
16.11.0015	257224 NOTE: Auto fixed by 257201.	WC	Symptom: Customers reported SSH vulnerability alerts on the switch even after disabling CBC ciphers. The vulnerability scan reports the following: The target is using deprecated SHA-1 cryptographic settings to communicate. Scenario: This issue occurred while running the vulnerability scanner which listed the weak host key algorithms supported in the switch.	SSH
16.11.0015	257206	WC	Symptom/Scenario: The switch interface went into an error state immediately after the upgrade. CRC error was noticed on the DAC VSF link after the upgrade.	VSF
16.11.0015	257221	WC	Symptom: The switch fails to stay in sync with Central. Scenario: This issue occurred when ip igmp forward configuration pushed from Central did not get reflected in the switch.	Central Integration
16.11.0015	257229	WC	Symptom/Scenario: The switch crashed immediately after configuring logging filter <> command options.	CLI
16.11.0015	257233	WC	Symptom/Scenario: The message Authentication is not triggered appears both as debug log and throttled RMON log.	802.1X
16.11.0014	257001	WC	Symptom/Scenario: Cold/Warm start trap are not seen intermittently in the customer setup when the switch is cold/warm booted.	SNMPv3
16.11.0014	257076	WC	Symptom: Affected ports do not come with the LED blinking amber. Self test failure will be reported for the ports in the event log. Scenario: This issue occurred when the switch or the line card was rebooted with some SPF+ ports having 1G transceivers. Workaround: Reboot the switch or the reload the module.	Chassis Manager
16.11.0014	257114	WC	Symptom: Switch crashes with the following message: Task='eDhcpv6Rly' Scenario: This issue occured when the dhcpv6 relay command was configured with corrupted number of sockets causing the crash. Workaround: Disable the dhcpv6 relay command.	DHCP
16.11.0014	257077	WC	Symptom: DHCP clients did not receive their IP addresses. The DHCP lease time is decremented to zero and is still available in the binding table. Scenario: This issue occurred when multiple clients were connected to the server with a lease time of four minutes and ran the dhcp client command from the client device.	DHCP Snooping
16.11.0013	257138	WC	Symptom: A configuration template push from Aruba Central fails. Scenario: This issue occurred when the configuration template is updated to dhcp-snooping vlan <vlanid rnage> from dhcp-snooping vlan <vlan>.	Central Integration
16.11.0013	257136	WC	Symptom: The switch sends cold start trap instead of warm start trap after rebooting. Scenario: This issue occurred when the switch was rebooted with the boot system/reload/reboot command.	SNMPv3
16.11.0013	257133	WC	Symptom: Switch crashes with the following error message: Software exception at vls_xmit.c:161 – in 'mBonjourCtrl' Scenario: This issue occurred when an MDNS profile was configured with a corrupted MDNS packet causing the crash.	Boot and Reload
16.11.0013	257122	WC	Symptom: The client MAC address remains in the Port Access MAC-Based Client Session Table even when the client moves to a different switch. This leads to reaching the maximum limit of 256 authentications and prevents further MAC authentications. Scenario: This issue occurred when MAC authentication was configured on the switch and the PVLAN isolated client was moved from one switch to another switch.	MAC Authentication
16.11.0013	257104	WC	Symptom: OSPFv3 is not acknowledging specific LSU updates. Scenario: This issue occurred when two switches were connected with OSPFv3 enabled and one switch acted as an ABR sending LSU Type 4 containing router LSA with a non-zero LS ID.	OSPFv3
16.11.0013	257105	WC	Symptom: Switch fails to move to initial role when connectivity to the RADIUS server is lost. Scenario: This issue occurred when the clients were authenticated with user roles attributed with port-mode and when the RADIUS server connectivity became unreachable. Workaround: Toggle the port.	User Role
16.11.0013	257091	WC	Symptom: UBT user traffic will not get tunneled. Scenario: This issue occurred when a MAC move of UBT users from one port to another was initiated. Workaround: Disable and enable the feature using no tunneled-node-server enable and tunneled-node-server enable commands.	Tunneled Node
16.11.0013	257073	WC	Symptom: Some DHCP client's DHCP offers are dropped by DHCP snooping. Scenario: This issue occurred when the server pool is configured with different subnet masks wider than /24 and when the client requests an unicast DHCP offer packet. Workaround: Configure multiple ranges in the pool excluding the following IP addresses: x.x.x.255 x.x.x.0	DHCP Snooping
16.11.0013	257089	WC	Symptom: Some switches are unable to connect to Aruba Central. The switch crashed with the following error message: Internal error : HTTP/1.1 protocol missing. Please contact Aruba support. Scenario: This crash occurred due to a rare timing issue. Workaournd: Disable and enable Aruba Central.	Central Integration
16.11.0013	257088	WC	Symptom: A configuration template push of timesync with ntp from Aruba Central fails. Scenario: This issue occurred when timesync <> configuration was pushed from Aruba Central when NTP was enabled.	Central Integration
16.11.0013	257082	WC	Symptom: NTP server authentication fails in Aruba Central. Scenario: This issue occurred when the NTP key was validated with encrypt-credential enabled in Aruba Central. Workaround: Reboot the switch after pushing the configurations.	NTP
16.11.0013	257070	WC	Symptom: The switch crashed and reboots while accessing the WebUI. Scenario: This issue occurred when LLDP packets were sent with a system name TLV length of 255 by neighbour device. Workaround: Disable LLDP on the port which is connected to a device sending LLDP packets with the values mentioned above.	LLDP
16.11.0013	257063	WC	Symptom: The output of the command show power-over-ethernet <port> displays PD Power Draw value in decimals while the corresponding REST API truncates it to a whole number. Scenario: This issue occurred when the REST API GET /ports/<port>/poe/stat command was configured.	REST API
16.11.0013	257049	WC	Symptom: Manager or operator credentials are lost after rebooting the switch. Scenario: This issue occurred when the command include-credentials was enabled and the switch was power cycled. Workaround: Save the switch configuration details after enabling include-credentials.	Credentials
16.11.0012	256928	WC	Symptom: The interface module of the switch crashes with either of the following signatures. Ports 1-24,A subsystem went down: 12/15/22 08:31:08 KB.16.10.0020 646Software exception in kernel context at ghsException.c:1539-> Internal system error at 0x869e034 Ports 1-24,A subsystem went down: 12/11/22 02:42:10 KB.16.10.0020 646Health Monitor: Write Error Restr Mem AccessHW Addr=0xc04e1c18 IP=0x882bfbc Task='mPmSlvCtrl' Task ID=0x6bce41c0Bus Err Data=0x00000000 Bus Err Status=0x100008d1 Status=0xb0000001 Bus Err Addr=0xec020f4 Ports 9-16 subsystem went down: 12/08/22 01:09:01 KB.16.10.0020 646Health Monitor: Read Error Restr Mem AccessHW Addr=0xe0200410 IP=0x8800c74 Task='mIpAdMUpCt' Task ID=0x6bccc140Bus Err Data=0x00000000 Bus Err Status=0x100008d1 Status=0xb0000001 Bus Err Addr=0xec02f540	Flex Port
16.11.0012	257080	WC	Symptom: VSF Switch stack connected to Aruba Central crashes. Scenario: This crash is a rare scenario when one of the switch members was not able to collect the temperate data.	Central Integration
16.11.0012	257020	WC	Symptom: REST GET request for poe/stats fails with a message : Invalid PoE power class returned from SNMP. Scenario: This issue occurred when an REST GET request for poe/stats was issued for a port connected to a class 6 poe device.	REST API
16.11.0012	257033	WC	Symptom: The switch logs the event : Unsolicited Echo Reply from <ip address>. Scenario: This issue occurred when the DHCP server was enabled on the switch and the DHCP client connected to the switch for the first time.	DHCP
16.11.0012	257023	WC	Symptom: amp-server secret is not encrypted even after configuring encrypt-credentials. Scenario: This problem occurred when the amp-server secret was configured, followed by encrypt-credentials, but the amp-server secret was not encrypted and appeared as plain-text under show running-config.	Config
16.11.0012	257031	WC	Symptom: Switch crashes due to invalid memory access. Scenario: This issue occurred when the switch sent DFP data to Cisco ISE. Workaround: Configure the valid clear pass IP address and credentials in the switch.	Device Finger Printing
16.11.0012	257025	WC	Symptom: User role download from ClearPass fails. Scenario: This issue occurred when the RADIUS server was reachable via OOBM interface and the Downloadable User Role feature was enabled. Workaround: RADIUS server must be reachable via a non OOBM interface.	CPPM
16.11.0012	257005	WC	Symptom: SSH session from the switch to AP505 does not close sometimes when the exit command is executed. Scenario: This issue occurred when the SSH session is established from the switch to AP 505. execute the command exit. Workaround: Use the key sequence ~.	SSH
16.11.0011	256995	WC	Symptom: Unable to get the LAG MIB information through SNMP in the operator mode. Scenario: This issue occurred when the LACP and SNMP server community was configured in the operator mode and SNMP Walk was performed.	SNMPv2
16.11.0011	256991	WC	Symptom: The switch fails to come online. Scenario: This issue occurred when the netservice and netdestination was configured with ip access-list on the switch. Workaround: Remove the netservice configuration.	Management Stacking
16.11.0011	256958	WC	Symptom: The top interface metric is empty in the dashboard page of WebUI. Scenario: This issue occurred when the WebUI was accessed 18 times or more with the duration of each access lasting more than a minute. Workaround: Reboot the switch.	WebUI
16.11.0011	256987	WC	Symptom: The switch crashes while connecting to Aruba Central. Scenario: This issue occurred when the switch running AOS-S16.07 or older version was upgraded to AOS-S 16.08 or a later version and attempted to connect to Aruba Central. This issue has a very low probability of occurrence. Workaround: Power cycle the switch one more time after the upgrade.	REST Infrastructure
16.11.0011	256927	WC	Symptom: The devices that are not directly connected to the switch show up in the LLDP neighbour table. Scenario: This issue occurred when the device sent LLDPDUs with the STP multicast destination MAC address and STP was disabled in the switch. Workaround: Configure an ACL on the interface connected to the device to drop the packets with STP multicast destination MAC address.	LLDP
16.11.0011	256905	WC	Symptom: The switch passwords are not erased after erase all command is executed. Scenario: This issue occurred when the passwords were configured on the switch and then the erase all command was executed. Workaround: Execute no password manager/no password operator commands prior to the erase all command.	Credentials
16.11.0011	256897	WC	Symptom: The switch crashes with the message similar to Software exception in ISR at Interrupts_fd.c:1145 -> Excessive FD 0 interupts. Scenario: This issue occurred when the IPSEC traffic was tunneled via UBT.	Tunneled Node
16.11.0010	256816	WC	Symptom: Some of the data displayed in the show system power-supply detail command output, such as AC MAIN Voltage and Power Supplied may be incorrect for some JL087A model PSUs. Scenario: This issue occurred when some of the JL087A model PSUs were powered on and the show-system power-supply command was executed and the output parameters like Voltage and Power were out of range. Note: This is an issue with the command output only and doesn’t impact the PSU functionality.	Chassis Manager
16.11.0010	256676	WC	Symptom: The PSU is operational and delivering power, even though the status is displayed as Faulted in some PSU/PoE related show commands. Scenario: This issue occurred when the PSU fan had a failure and the PSU/PoE related show commands were executed. Note: PSU may be operational in this scenario although the related show commands indicate a fault. If the operating temperature is no longer ambient for PSU, it will shut down and the PSU operational state will match the output of the show command.	Chassis Manager
16.11.0010	256679	WC	Symptom: Switch event logs will not be generated even if PSU encounters multiple problems like over temperature, over current, fan fault, and so on. Scenario: This issue occurred when there was a recurring set of one or more PSU events, such as overcurrent, overheating, and so on. However, such events are not anticipated in most of the deployments.	Chassis Manager
16.11.0010	256651	WC	Symptom: System memory depletes and the switch reboots after a few months of runtime. Scenario: This issue occurred when the switch was connected to AirWave, and the AirWave was polling certain MIBs including ieee8021SpanningTreeDesignatedRoot and hpicfXpsSwitchModType.	Central Integration
16.11.0010	256860	WC	Symptom: The switch will run out of ternary content addressable memory (TCAM) meter resources and the client authentication using user roles fails. Scenario: This issue occurred when the last port with DFP config was toggled for several times.	Device Finger Printing
16.11.0010	256898	WC	Symptom: Authentication fails due to an insufficient ACL resources error. Scenario: This issue occurred when the client was authenticated using a user role with a classifier configuration having a VLAN which was not configured on the switch. Workaround: Make sure that the VLANs used in classifier configuration is present in the switch.	Access Control Lists (ACL)
16.11.0010	256887	WC	Symptom: The switch management module crashes. Scenario: This issue occurred when the switch was configured with an initial role containing a reauth-period. The mac-auth clients were placed in the initial role as the controller was not reachable. Later, the controller connectivity was regained within the time window of the mac-auth client re-authentication.	Coredump
16.11.0010	256872	WC	Symptom: The switch crashes with the message similar to:NMI event SW:IP=0x0ea80030 MSR:0x02029200 LR:0x0ea800cccr: 0x42000400 sp:0x1f5d46e8 xer:0x00000000Task='mDsnoopCtrl' Task ID=0x1f5d13a8. Scenario: This issue can occur if the DHCP snooping is enabled and the switch is processing continuous DHCP packets. Workaround: Disable the DHCP snooping.	DHCP Snooping
16.11.0010	256812	WC	Symptom: The simultaneous execution of Show Tech from the switch CLI and from Aruba Central may cause the switch to crash. Scenario: This issue occurred when the user executed the Show Tech command in CLI and Aruba Central in parallel.	Boot and Reload
16.11.0009	-	WC	Version 16.11.0009 is unavailable for download.	-
16.11.0008	256574	WC	Symptom: The switch crashes if the ip tcp randomize-timestamp configuration is present on the switch. Scenario: This issue occurred when the switch had the ip tcp randomize-timestamp configuration and SSH/Telnet/Web UI was established on the switch. Workaround: Remove the ip tcp randomize-timestamp configuration.	Boot and Reload
16.11.0008	256762	WC	Symptom: The switch configuration fails with an invalid oobm or 400 bad response error when the RADIUS server is updated with is_oobm or is_tls_oobm and the value is updated from False to False. Scenario: This issue occurred when the PUT request was sent to RADIUS server with is_oobm or is_tls_oobm and the value was updated from False to False (no change).	REST APIs
16.11.0008	256727	WC	Symptom/Scenario: The switch crashes when the OSPF neighbor sends exactly 256 OSPF routes. Workaround: Configure the OSPF protocol with more or less than 256 OSPF routes.	OSPF
16.11.0007	256543	WC	Symptom: IPTV stream freezes on a periodic basis as the querier information is lost. Scenario: This issue occurred when IGMPv3 query was sent with a QQIC value lower than IGMPv2 configs. Workaround: Change the querier interval value configured for IGMPv2 to value higher than 60 seconds (default IGMPv2 querier interval).	IGMPv3
16.11.0007	256613	WC	Symptom/Scenario: Some IP addresses for save config and config change in the traps will not be displayed in the AirWave.	AirWave
16.11.0007	256631	WC	Symptom/Scenario: UBT Client on one port will authenticate and a tunnel is established, but no traffic passes and the counter "packets to non existent tunnel" will increase. Other ports might function normally. Workaround: Disable or Enable either the tunneled-node-profile or the UBT user port.	Tunneled Node
16.11.0007	256695	WC	Symptom: Dynamically learned routes will lose the nexthop and traffic will not be forwarded. Scenario: This issue occurred when VRRP was configured in owner mode along with routing protocols. Workaround: Configure VRRP in backup mode when using the routing protocols.	OSPFv2
16.11.0007	256733	WC	Symptom: IP SLA for reachability failed status shows garbage RTT value when polling using SNMP i.e. hpicfIpSlaHistSummRTT returns non zero values even for unreachable history records. Scenario: This issue occurred when the IP SLA target was reachable for 25 intervals and then became unreachable.	IPSLA
16.11.0007	256575	WC	Symptom: The switch will stop responding to valid SNMP packets. Scenario: This issue occurred when the UDP packets were sent without any data. After 65 packets, the switch will stop responding to valid packets.	SNMPv3
16.11.0007	256600	WC	Symptom: Client will not be in authenticated state until cached-reauth period. Scenario: This issue occurred when 802.1x authentication was configured with cached-reauth. Workaround: First, enable the user-role authentication and then configure the critical user-role for the authentication port. Critical user-role should not have the reauth-period attribute and auth-order should be removed for the authentication port.	802.1x
16.11.0007	256732	WC	Symptom: Local-user with group cannot be configured via SNMP. Scenario: This issue occurred when local-user with group using SNMP was configured. Workaround: User can configure local-user with group using CLI configuration.	SNMPv2
16.11.0006	256590	WC	Symptom/Scenario: When a port is added to a VLAN from the Web UI, IPv6 will be enabled on the VLAN.	NextGen WebUI
16.11.0006	256491	WC	Symptom: Multicast traffic stops for several seconds, causing the video stream to freeze. Scenario: This issue occurred when multiple clients were connected to the same access switch (the access layer had AOS-S switches and distribution/core had CX switches) receiving the same multicast stream, and one of the clients sent an IGMP leave. NOTE: This fix is specific to IGMPv2 only.	IGMP
16.11.0006	256372	WC	Symptom: Traffic from the secondary VLAN does not reach the primary VLAN. Scenario: This issue occurred when there was a tagged trunk port in the secondary VLAN and the switch was rebooted. Workaround: Remove the tagged trunk configuration from the secondary VLAN and re-add the tagged trunk configuration to the secondary VLAN.	PVLAN
16.11.0006	256541	WC	Symptom: Authentication or Accounting using RadSec server is delayed. Scenario: This issue occurred when there was only one RadSec server configured and the TLS connection to that server was terminated.	Radius
16.11.0006	256509	WC	Symptom: The BSR and RP candidate cannot be configured with a VLAN ID greater than 999. Scenario: This issue occurred when a VLAN ID greater than 999 was configured with ip pim-sparse enabled and bsr-candidate/rp-candidate was configured in router pim/pim6 with the respective VLAN ID.	PIM Sparse Mode
16.11.0006	256485	WC	Symptom: REST request over HTTPS fails as SSL connection is not established. Scenario: This issue occurred when a GET request with an empty JSON payload was sent. Workaround: Replace the empty JSON payload with None in the GET request.	REST APIs
16.11.0006	256358	WC	Symptom: An invalid username or password grants the operator access to the switch's Web UI. Scenario: This issue occurred when a banner and a manager password were configured but not an operator password. Workaround: Remove the banner configuration.	WEB UI
16.11.0005	256433	WC	Symptom: When an end client is moved between two different switches, authentication does not occur on the second switch. Scenario: This issue occurred when the MAC address of the end client was learned on the uplink port first (where authentication was not enabled) and later learned on an access port (where authentication was enabled).	Mac Authentication
16.11.0005	256424	WC	Symptom: Device fingerprinting fails when the first RADIUS server in the list is unreachable. Scenario: This issue occurred when there were more than one RADIUS server configured and the first server in the list was not reachable. Workaround: Keep the unreachable RADIUS server as the last entry in the list.	Device Finger Printing
16.11.0005	256420	WC	Symptom/Scenario: The switch crashes after entering the ip-recv-mac-address command. Workaround: Use an interval value greater than 2 when configuring ip-recv-mac-address.	Boot and Reload
16.11.0005	256406	WC	Symptom: Traffic is sent directly to the clients in VLANs that do not have an IP address configured instead of being sent to the gateway configured in the routing table. Scenario: This issue occurred when the switch had both Layer 2 and Layer 3 VLANs and IP client tracker was enabled. Workaround: Disable the IP client tracker. Note: The IP address of silent clients being tracked may not be learnt unless a port bounce is performed after a redundancy failover.	Static Routing
16.11.0005	256366	WC	Symptom/Scenario: The switch crashes with a message similar to the following: Software exception at multMgmtUtil.c:259 – in 'mOobmCtrl' -> Internal error.	Coredump
16.11.0005	256349	WC	Symptom: The memory of the switch is slowly consumed until executing any CLI command results in an Out of memory message. Scenario: This issue occurred when the switch had aaa configured, was connected to Aruba Central, and had neighbours that shared LLDP information.	VSF
16.11.0005	256301	WC	Symptom: The port is mistakenly blocked by MACsec. Scenario: This issue occurred when MACSec was configured and the switch was up for approximately 100 days.	Mac_Sec
16.11.0005	256262	WC	Symptom: Delay in captive portal redirection. Scenario: This issue occurred when multiple clients were connected and when there were several TLS sessions from each client.	Captive Portal
16.11.0005	256247	WC	Symptom/Scenario: The stack topology shown in the show stacking output is Chain even though the actual topology is a Ring.	Back Plane Stacking
16.11.0005	256122	WC	Symptom: Tx drops are seen on the port after the trunk member is removed. Scenario: This issue occurred when the port was configured to be a member of the trunk and subsequently removed from the trunk when the port was down. The issue will be seen when a client is connected to the port. Workaround: Configure the trunk while the port is up.	LACP
16.11.0005	256069	WC	Symptom: The switch reports a selftest failure on transceiver ports with Rx timeout error. Scenario: This issue occurred when the 3810 stack rebooted with SFP+ flex modules and J8177D transceivers.	Chassis Manager
16.11.0004	256274	WC	Symptom/Scenario: VSF Stack Member crashed with a message similar to the following: `Software exception at lava_chassis_slot_sm.c:3626 – in 'eChassMgr', task ID = 0x37b07bc0`.	VSF
16.11.0004	256257	WC	Symptom/Scenario: Certain transceivers had link issues in unsupported transceiver mode.	Transceivers
16.11.0004	256234	WC	Symptom: The show rmon statistics <port no> command returns the wrong counter values. Scenario: This issue occurred when the clear statistics global or clear statistics <port no> was executed first and then show rmon statistics <port no>.	CLI
16.11.0004	256233	WC	Symptom: Client ports may encounter packet drops when multicast sources stream video over 500 Mbps. Scenario: This issue can occur when multiple clients from different ports subscribed to the same group, which streams using HD channels requiring high bandwidth. TX drops can occur when several clients change channels simultaneously. Workaround: Lower the bandwidth of the video streams to below 500 Mbps in order to avoid over-subscription of ports.	IGMP-NG
16.11.0004	256220	WC	Symptom: Missing OSPF routes. Scenario: This issue occurred when both userbased tunneling and OSPF are configured and either of the uplinks to the controller is down. NOTE: `source-interface` to be configured for tunneled node when the switch has more than one vlan to the reach the controller.	OSPFv2
16.11.0004	256205	WC	Symptom: A configuration template push from Aruba Central fails. Scenario: This issue occurred when the end devices are connected to ports that are configured with port-security learn-mode static.	Central Integration
16.11.0004	256121	WC	Symptom: Web authentication fails when the switch is managed by Aruba Central (aruba-central support-mode disable). Scenario: This issue occurred when the switch connects to Aruba Central and aruba-central support-mode is disabled. Workaround: Execute aruba-central support-mode enable command so the switch is no longer managed by Aruba Central.	Web Authentication
16.11.0004	256167	WC	Symptom: Ports with per-port tunneled node (PPTN) configured may be disabled after a switch reboot. Scenario: This issue occurred when a device profile was configured with tunneled-node. Workaround: Disable and enable the problematic PPTN enabled port manually.	Tunneled Node
16.11.0004	256115	WC	Symptom: Although the switch does not react to pings or SSH commands, it continues to transit traffic. The event log contains a crash message. Scenario: This issue occurred when device fingerprinting was configured with DHCP protocol.	CPPM
16.11.0003	256037	WC	Symptom: Clients are not authenticated on a switch port. Scenario: This issue occurred when multiple clients were connected to a single port (for example, a Personal Computer (PC) was connected to a phone), both MAC authentication and 802.1X authentication methods were attempted at the same time on the PC, and both the authentication methods used the same user role attribute. Workaround: Configure the `auth-order` parameter first with `authenticator`, and then with `mac-based`.	802.1X
16.11.0003	255940	WC	Symptom: A switch crashes with a message similar to the following: `Software exception at svc_misc.c:1088 – in 'mDHCPClint'` `-> Failed to malloc 9202 bytes` Scenario: This issue occurred when the switch attempted to reconnect to Aruba Central.	Aruba Central
16.11.0003	255928	WC	Symptom/Scenario: A switch is unable to connect to Aruba Central.	Aruba Central
16.11.0003	255978	WC	Symptom: A switch crashes with a message similar to the following: `Software exception in ISR at pvDmaV1Rx.c` `-> ASSERT: No resources available!` Scenario: This issue occurred when 802.1X and MAC authentication were enabled on the same port with auth-order, and the client was initially authenticated through MAC authentication with a user role having the `port mode` attribute.	Authentication
16.11.0003	255995	WC	Symptom: A switch crashes when the `show port-access clients` command is issued or when an `SNMP GET` operation is performed to get the MIB object `hpicfUsrAuthMacAuthSessionStatsEntry`. Scenario: The switch crashed when a MAC-authenticated client had a username of more than 40 characters.	Authentication
16.11.0003	254566	WC	Symptom: Traffic fails to pass through an IEEE 802.1ad tunnel. Scenario: This issue occurred because of the following reasons: A Small Form-factor Pluggable+ (SFP+) port was configured as an uplink. IEEE 802.1ad was configured on the same port. The switch was rebooted without a transceiver in the slot. A 1G SFP transceiver was inserted during the runtime. Workaround: Insert the 1G SFP transceiver, and then reboot the switch.	IEEE 802.1ad
16.11.0003	256016	WC	Symptom: When a private VLAN is configured on a switch, the traffic from the secondary VLAN does not reach the primary VLAN. Scenario: This issue occurred when the switch was rebooted, and the secondary VLAN contained a tagged trunk or Link Aggregation Control Protocol (LACP) port. Workaround: Remove and add the tagged trunk or LACP configuration to the secondary VLAN.	Private VLAN
16.11.0003	256034	WC	Symptom: SNMP MIB files are not reachable, and the MIB file returns some errors. Scenario: This issue occurred when the customer used an SNMP monitoring tool to read or parse the MIB files.	SNMP
16.11.0003	256050	WC	Symptom: A switch crashes when the WebUI Security > Clientspage is accessed. Scenario: The switch crashed when a MAC-authenticated client had a username of more than 40 characters.	Web UI
16.11.0002	255888	WC	Symptom/Scenario: When a proxy server is configured on the switch, the switch does not onboard into Aruba Central or Activate.	Aruba Central
16.11.0002	255799	WC	Symptom: The user is unable to copy a configuration file to the switch using Secure File Transfer Protocol (SFTP) and the following error message is displayed. Invalid input: grep usage error Scenario: This issue occurred when the pipe character ( \| ) was used as a part of the command input for some configuration commands, such as the `banner motd` and `snmpv3 user` commands. Workaround: Do not use the pipe character (\|) in the command input for the configuration commands.	Configuration
16.11.0002	255825	WC	Symptom/Scenario: When a switch is rebooted through an SSH session, the `show boot-history`, `show logging`, and `boot` command outputs include the `Operator cold reboot from TELNET session` message instead of the `Operator cold reboot from SSH session` message.	SSH
16.11.0001	-	WC	No fixes were included in version 16.11.0001.	-

16.11.0024

257491

WC

Symptom: Deleting any tagged port from a VLAN using WebUI removes the port from other VLANs.

Scenario: This issue occurred when a port is configured as untagged in a VLAN and the tagged VLANs are modified from this port using WebUI. The port is then subsequently no longer in untagged VLAN, but is present in default VLAN.

Workaround: Use CLI commands to update VLAN configurations.

WebUI

16.11.0024

257502

WC

Symptom/Scenario: The switch reboots itself during a power outage. However, routing convergence issues with the RIP protocol may be observed after the reboot.

Workaround: Use NTP/SNTP servers, instead of Activate, to establish time sync.

Central Integration

16.11.0024

257513

WC

Symptom: The role under User Details in WebUI displays the incorrect role during the first login attempt. There was no impact on the functionality.

Scenario: This issue occurred when the authorization attribute for a user was changed on the radius server.

Workaround: Logout from the webUI and login again.

WebUI

16.11.0024

257527

WC

Symptom: No alerts/events are generated when a non-conductor switch in the switch stack fails.

Scenario: This issue occurred when a multi-member VSF stack in 2930F/5400R switch was onboarded to Central. During this process, it was observed that no events/alerts were generated when the non-conductor switch was disconnected.

Central Integration

16.11.0023

257379

WC

Symptom: Some users experience unsuccessful file transfers.

Scenario: This issue occurred when source interface was configured in Central.

Workaround: Remove the ip sourceinterface configuration.

Central Integration

16.11.0023

257462

WC

Symptom: Some switches that are managed by Central encounter stale backup configuration file named CentralBkupConfig which in turn may cause a rollback of configuration in the switch.

Scenario: This issue occurred when the switch was managed by Central and a configuration push was triggered from Central while a parallel firmware image or configuration update was processed via TFTP.

Workaround: Delete the stale backup file using CLI.

Configuration

16.11.0023

257482

WC

Symptom: Some switches experience module crash when VXLAN is enabled.

Scenario: This issue occurred when VXLAN was enabled in multiple VLANs in order to create VXLAN tunnels.

Core Dump

16.11.0023

257492

WC

Symptom: Users encounter inconsistent wording of WebUI in the event logs for a web session. For example, instances of both WEB_UI and WEB-UI is available in the logs.

Scenario: This issue occurred when users tried to log in and out using valid and invalid credentials.

WebUI

16.11.0022

-

WC

Version 16.11.0022 is unavailable for download.

-

16.11.0021

257271

WC

Symptom/Scenario: Switch intermittently fails to forward packets from clients even when the clients are successfully on-boarded and authenticated.

Workaround:Flap the switch port to fix the issue.

802.1X

16.11.0021

257322

WC

Symptom: Some switches are stuck in a high CPU utilization state due to eDhcpdProto task found in running state.

Scenario: The issue occurred when the switch received a high amount of DHCP traffic.

Workaround:Enabling and disabling DHCP will clear the CPU usage for the switch.

Chassis Manager

16.11.0021

257330

WC

Symptom/Scenario: Clients are unable to on-board with specific downloadable user-roles (DUR). This issue was observed intermittently.

User Role

16.11.0021

257377

WC

Symptom/Scenario: Some users are able to apply a ACL to a management VLAN when it is not allowed.

Workaround: Remove the ACL configuration for the management VLAN using CLI.

Management VLAN

16.11.0021

257381

WC

Symptom: Switch crashes and restarts when Qualys scans are initiated.

Scenario:This issue occurred when the Qualys VMDR (Vulnerability Management, Detection and Response) scan was initiated.

Boot and Reload

16.11.0021

257385

WC

Symptom: Some switches crash with the following message: out of memory.

Scenario: This issue occurred due to slow memory leakage and exhaustion.

VSF

16.11.0021

257396

WC

Symptom: Clients are unable to on-board and the following error message is logged when the user attempts to assign a downloadable user-roles (DUR) to a port:

ACL error - unable to create ACL entry

Scenario: This issue was observed when a client placed in critical role was moved to a regular role.

ACL

16.11.0021

257432

WC

Symptom: Some users do not receive HTTP response from the switch.

Scenario:This issue occurred when HTTP requests were sent using Ansible scripts and the Ansible client interface experienced connection failures.

Workaround:Use Curl instead of Ansible to send HTTP requests.

HTTP Server

16.11.0020

257397

WC

Symptom Users were unable to upgrade the switches from AOS-S 16.11.0018 to AOS-S 16.11.0019 version and an error message, Firmware image signature is not valid was displayed.

Scenario: This issue occurred when users upgraded the switches using the WebUI.

WebUI

16.11.0020

257382

WC

Symptom: Manual SSH failed when the switch was acting as a server and AirWave Zero Touch Provisioning (ZTP) workflow was also affected.

Scenario: This issue occurred when an SSH client running OpenSSH 8.0P1 or later version was used to establish an SSH connection with a factory default AOS-S switch.

Zero Touch Provisioning

16.11.0019

CNX-66302

WC

Symptom/Scenario: After a firmware upgrade to version 16.11.0018, switches on-boarded in Central did not send periodic device information statistics.

Central Integration

16.11.0018

257222

WC

Symptom: Switch fails to learn the MAC address of the firewall after the version upgrade.

Scenario: This issue occurred in switches with QinQ enabled and service VLANs configured.

QinQ

16.11.0018

257275

WC

Symptom: Users experience random connectivity issues and packet processing failure. ARP entries are not resolved in the switch.

Scenario: This issue occurred when an ICMPv6 NS (Neighbor Solicitation) packet with 'Anycast' as the destination address was sent from an IPv6 node.

Workaround: Disable IPv6.

ARP

16.11.0018

257282

WC

Symptom/Scenario: Switch crashes when show commands are configured with a backslash "\".

CLI

16.11.0018

257262

WC

Symptom: Switch crashes when Qualys scans are executed.

Scenario:This issue occurred when the Qualys VMDR (Vulnerability Management, Detection and Response) scan was executed.

Boot and Reload

16.11.0018

257270

WC

Symptom/Scenario: Downloaded user roles for the switch are not working. Tunnel creation fails and clients are not on-boarded.

Workaround: Move the client from one port to another.

ClearPass Policy Manager

16.11.0018

257302

WC

Symptom: Switch crashes with the following error message: Health Monitor: Read Error Restr Mem Access” for task “mIpAdMUpCt

Scenario: This issue occurred when two stack switches were connected with OSPF point-to-point links and VXLAN was enabled.

VXLAN

16.11.0017

-

WC

Version 16.11.0017 is unavailable for download.

-

16.11.0016

257226

WC

Symptom: Switch crashes in SSH remote port forwarding scenarios.

Scenario: This issue occurred when the switch was acting as an SSH server and the ssh -R 6000:127.0.0.1:6000 manager@10.0.0.1 command was configured from an SSH client.

SSH

16.11.0015

257224

NOTE: Auto fixed by 257201.

WC

Symptom: Customers reported SSH vulnerability alerts on the switch even after disabling CBC ciphers. The vulnerability scan reports the following:

The target is using deprecated SHA-1 cryptographic settings to communicate.

Scenario: This issue occurred while running the vulnerability scanner which listed the weak host key algorithms supported in the switch.

SSH

16.11.0015

257206

WC

Symptom/Scenario: The switch interface went into an error state immediately after the upgrade. CRC error was noticed on the DAC VSF link after the upgrade.

VSF

16.11.0015

257221

WC

Symptom: The switch fails to stay in sync with Central.

Scenario: This issue occurred when ip igmp forward configuration pushed from Central did not get reflected in the switch.

Central Integration

16.11.0015

257229

WC

Symptom/Scenario: The switch crashed immediately after configuring logging filter <> command options.

CLI

16.11.0015

257233

WC

Symptom/Scenario: The message Authentication is not triggered appears both as debug log and throttled RMON log.

802.1X

16.11.0014

257001

WC

Symptom/Scenario: Cold/Warm start trap are not seen intermittently in the customer setup when the switch is cold/warm booted.

SNMPv3

16.11.0014

257076

WC

Symptom: Affected ports do not come with the LED blinking amber. Self test failure will be reported for the ports in the event log.

Scenario: This issue occurred when the switch or the line card was rebooted with some SPF+ ports having 1G transceivers.

Workaround: Reboot the switch or the reload the module.

Chassis Manager

16.11.0014

257114

WC

Symptom: Switch crashes with the following message: Task='eDhcpv6Rly'

Scenario: This issue occured when the dhcpv6 relay command was configured with corrupted number of sockets causing the crash.

Workaround: Disable the dhcpv6 relay command.

DHCP

16.11.0014

257077

WC

Symptom: DHCP clients did not receive their IP addresses. The DHCP lease time is decremented to zero and is still available in the binding table.

Scenario: This issue occurred when multiple clients were connected to the server with a lease time of four minutes and ran the dhcp client command from the client device.

DHCP Snooping

16.11.0013

257138

WC

Symptom: A configuration template push from Aruba Central fails.

Scenario: This issue occurred when the configuration template is updated to dhcp-snooping vlan <vlanid rnage> from dhcp-snooping vlan <vlan>.

Central Integration

16.11.0013

257136

WC

Symptom: The switch sends cold start trap instead of warm start trap after rebooting.

Scenario: This issue occurred when the switch was rebooted with the boot system/reload/reboot command.

SNMPv3

16.11.0013

257133

WC

Symptom: Switch crashes with the following error message:

Software exception at vls_xmit.c:161 – in 'mBonjourCtrl'

Scenario: This issue occurred when an MDNS profile was configured with a corrupted MDNS packet causing the crash.

Boot and Reload

16.11.0013

257122

WC

Symptom: The client MAC address remains in the Port Access MAC-Based Client Session Table even when the client moves to a different switch. This leads to reaching the maximum limit of 256

authentications and prevents further MAC authentications.

Scenario: This issue occurred when MAC authentication was configured on the switch and the PVLAN isolated client was moved from one switch to another switch.

MAC Authentication

16.11.0013

257104

WC

Symptom: OSPFv3 is not acknowledging specific LSU updates.

Scenario: This issue occurred when two switches were connected with OSPFv3 enabled and one switch acted as an ABR sending LSU Type 4 containing router LSA with a non-zero LS ID.

OSPFv3

16.11.0013

257105

WC

Symptom: Switch fails to move to initial role when connectivity to the RADIUS server is lost.

Scenario: This issue occurred when the clients were authenticated with user roles attributed with port-mode and when the RADIUS server connectivity became unreachable.

Workaround: Toggle the port.

User Role

16.11.0013

257091

WC

Symptom: UBT user traffic will not get tunneled.

Scenario: This issue occurred when a MAC move of UBT users from one port to another was initiated.

Workaround: Disable and enable the feature using no tunneled-node-server enable and tunneled-node-server enable commands.

Tunneled Node

16.11.0013

257073

WC

Symptom: Some DHCP client's DHCP offers are dropped by DHCP snooping.

Scenario: This issue occurred when the server pool is configured with different subnet masks wider than /24 and when the client requests an unicast DHCP offer packet.

Workaround: Configure multiple ranges in the pool excluding the following IP addresses:

x.x.x.255
x.x.x.0

DHCP Snooping

16.11.0013

257089

WC

Symptom: Some switches are unable to connect to Aruba Central. The switch crashed with the following error message:

Internal error : HTTP/1.1 protocol missing. Please contact Aruba support.

Scenario: This crash occurred due to a rare timing issue.

Workaournd: Disable and enable Aruba Central.

Central Integration

16.11.0013

257088

WC

Symptom: A configuration template push of timesync with ntp from Aruba Central fails.

Scenario: This issue occurred when timesync <> configuration was pushed from Aruba Central when NTP was enabled.

Central Integration

16.11.0013

257082

WC

Symptom: NTP server authentication fails in Aruba Central.

Scenario: This issue occurred when the NTP key was validated with encrypt-credential enabled in Aruba Central.

Workaround: Reboot the switch after pushing the configurations.

NTP

16.11.0013

257070

WC

Symptom: The switch crashed and reboots while accessing the WebUI.

Scenario: This issue occurred when LLDP packets were sent with a system name TLV length of 255 by neighbour device.

Workaround: Disable LLDP on the port which is connected to a device sending LLDP packets with the values mentioned above.

LLDP

16.11.0013

257063

WC

Symptom: The output of the command show power-over-ethernet <port> displays PD Power Draw value in decimals while the corresponding REST API truncates it to a whole number.

Scenario: This issue occurred when the REST API GET /ports/<port>/poe/stat command was configured.

REST API

16.11.0013

257049

WC

Symptom: Manager or operator credentials are lost after rebooting the switch.

Scenario: This issue occurred when the command include-credentials was enabled and the switch was power cycled.

Workaround: Save the switch configuration details after enabling include-credentials.

Credentials

16.11.0012

256928

WC

Symptom: The interface module of the switch crashes with either of the following signatures.

Ports 1-24,A subsystem went down: 12/15/22 08:31:08 KB.16.10.0020 646Software exception in kernel context at ghsException.c:1539-> Internal system error at 0x869e034

Ports 1-24,A subsystem went down: 12/11/22 02:42:10 KB.16.10.0020 646Health Monitor: Write Error Restr Mem AccessHW Addr=0xc04e1c18 IP=0x882bfbc Task='mPmSlvCtrl' Task ID=0x6bce41c0Bus Err Data=0x00000000 Bus Err Status=0x100008d1 Status=0xb0000001 Bus Err Addr=0xec020f4

Ports 9-16 subsystem went down: 12/08/22 01:09:01 KB.16.10.0020 646Health Monitor: Read Error Restr Mem AccessHW Addr=0xe0200410 IP=0x8800c74 Task='mIpAdMUpCt' Task ID=0x6bccc140Bus Err Data=0x00000000 Bus Err Status=0x100008d1 Status=0xb0000001 Bus Err Addr=0xec02f540

Flex Port

16.11.0012

257080

WC

Symptom: VSF Switch stack connected to Aruba Central crashes.

Scenario: This crash is a rare scenario when one of the switch members was not able to collect the temperate data.

Central Integration

16.11.0012

257020

WC

Symptom: REST GET request for poe/stats fails with a message : Invalid PoE power class returned from SNMP.

Scenario: This issue occurred when an REST GET request for poe/stats was issued for a port connected to a class 6 poe device.

REST API

16.11.0012

257033

WC

Symptom: The switch logs the event

: Unsolicited Echo Reply from <ip address>.

Scenario: This issue occurred when the DHCP server was enabled on the switch and the DHCP client connected to the switch for the first time.

DHCP

16.11.0012

257023

WC

Symptom: amp-server secret is not encrypted even after configuring encrypt-credentials.

Scenario: This problem occurred when the amp-server secret was configured, followed by encrypt-credentials, but the amp-server secret was not encrypted and appeared as plain-text under show running-config.

Config

16.11.0012

257031

WC

Symptom: Switch crashes due to invalid memory access.

Scenario: This issue occurred when the switch sent DFP data to Cisco ISE.

Workaround: Configure the valid clear pass IP address and credentials in the switch.

Device Finger Printing

16.11.0012

257025

WC

Symptom: User role download from ClearPass fails.

Scenario: This issue occurred when the RADIUS server was reachable via OOBM interface and the Downloadable User Role feature was enabled.

Workaround: RADIUS server must be reachable via a non OOBM interface.

CPPM

16.11.0012

257005

WC

Symptom: SSH session from the switch to AP505 does not close sometimes when the exit command is executed.

Scenario: This issue occurred when the SSH session is established from the switch to AP 505. execute the command exit.

Workaround: Use the key sequence ~.

SSH

16.11.0011

256995

WC

Symptom: Unable to get the LAG MIB information through SNMP in the operator mode.

Scenario: This issue occurred when the LACP and SNMP server community was configured in the operator mode and SNMP Walk was performed.

SNMPv2

16.11.0011

256991

WC

Symptom: The switch fails to come online.

Scenario: This issue occurred when the netservice and netdestination was configured with ip access-list on the switch.

Workaround: Remove the netservice configuration.

Management Stacking

16.11.0011

256958

WC

Symptom: The top interface metric is empty in the dashboard page of WebUI.

Scenario: This issue occurred when the WebUI was accessed 18 times or more with the duration of each access lasting more than a minute.

Workaround: Reboot the switch.

WebUI

16.11.0011

256987

WC

Symptom: The switch crashes while connecting to Aruba Central.

Scenario: This issue occurred when the switch running AOS-S16.07 or older version was upgraded to AOS-S 16.08 or a later version and attempted to connect to Aruba Central. This issue has a very low probability of occurrence.

Workaround: Power cycle the switch one more time after the upgrade.

REST Infrastructure

16.11.0011

256927

WC

Symptom: The devices that are not directly connected to the switch show up in the LLDP neighbour table.

Scenario: This issue occurred when the device sent LLDPDUs with the STP multicast destination MAC address and STP was disabled in the switch.

Workaround: Configure an ACL on the interface connected to the device to drop the packets with STP multicast destination MAC address.

LLDP

16.11.0011

256905

WC

Symptom: The switch passwords are not erased after erase all command is executed.

Scenario: This issue occurred when the passwords were configured on the switch and then the erase all command was executed.

Workaround: Execute no password manager/no password operator commands prior to the erase all command.

Credentials

16.11.0011

256897

WC

Symptom: The switch crashes with the message similar to Software exception in ISR at Interrupts_fd.c:1145 -> Excessive FD 0 interupts.

Scenario: This issue occurred when the IPSEC traffic was tunneled via UBT.

Tunneled Node

16.11.0010

256816

WC

Symptom: Some of the data displayed in the show system power-supply detail command output, such as AC MAIN Voltage and Power Supplied may be incorrect for some JL087A model PSUs.

Scenario: This issue occurred when some of the JL087A model PSUs were powered on and the show-system power-supply command was executed and the output parameters like Voltage and Power were out of range.

Note: This is an issue with the command output only and doesn’t impact the PSU functionality.

Chassis Manager

16.11.0010

256676

WC

Symptom: The PSU is operational and delivering power, even though the status is displayed as Faulted in some PSU/PoE related show commands.

Scenario: This issue occurred when the PSU fan had a failure and the PSU/PoE related show commands were executed.

Note: PSU may be operational in this scenario although the related show commands indicate a fault. If the operating temperature is no longer ambient for PSU, it will shut down and the PSU operational state will match the output of the show command.

Chassis Manager

16.11.0010

256679

WC

Symptom: Switch event logs will not be generated even if PSU encounters multiple problems like over temperature, over current, fan fault, and so on.

Scenario: This issue occurred when there was a recurring set of one or more PSU events, such as overcurrent, overheating, and so on. However, such events are not anticipated in most of the deployments.

Chassis Manager

16.11.0010

256651

WC

Symptom: System memory depletes and the switch reboots after a few months of runtime.

Scenario: This issue occurred when the switch was connected to AirWave, and the AirWave was polling certain MIBs including ieee8021SpanningTreeDesignatedRoot and hpicfXpsSwitchModType.

Central Integration

16.11.0010

256860

WC

Symptom: The switch will run out of ternary content addressable memory (TCAM) meter resources and the client authentication using user roles fails.

Scenario: This issue occurred when the last port with DFP config was toggled for several times.

Device Finger

Printing

16.11.0010

256898

WC

Symptom: Authentication fails due to an insufficient ACL resources error.

Scenario: This issue occurred when the client was authenticated using a user role with a classifier configuration having a VLAN which was not configured on the switch.

Workaround: Make sure that the VLANs used in classifier configuration is present in the switch.

Access Control Lists (ACL)

16.11.0010

256887

WC

Symptom: The switch management module crashes.

Scenario: This issue occurred when the switch was configured with an initial role containing a reauth-period. The mac-auth clients were placed in the initial role as the controller was not reachable. Later, the controller connectivity was regained within the time window of the mac-auth client re-authentication.

Coredump

16.11.0010

256872

WC

Symptom: The switch crashes with the message similar to:NMI event SW:IP=0x0ea80030 MSR:0x02029200 LR:0x0ea800cccr: 0x42000400 sp:0x1f5d46e8 xer:0x00000000Task='mDsnoopCtrl' Task ID=0x1f5d13a8.

Scenario: This issue can occur if the DHCP snooping is enabled and the switch is processing continuous DHCP packets.

Workaround: Disable the DHCP snooping.

DHCP Snooping

16.11.0010

256812

WC

Symptom: The simultaneous execution of Show Tech from the switch CLI and from Aruba Central may cause the switch to crash.

Scenario: This issue occurred when the user executed the Show Tech command in CLI and Aruba Central in parallel.

Boot and Reload

16.11.0009

-

WC

Version 16.11.0009 is unavailable for download.

-

16.11.0008

256574

WC

Symptom: The switch crashes if the ip tcp randomize-timestamp configuration is present on the switch.

Scenario: This issue occurred when the switch had the ip tcp randomize-timestamp configuration and SSH/Telnet/Web UI was established on the switch.

Workaround: Remove the ip tcp randomize-timestamp configuration.

Boot and Reload

16.11.0008

256762

WC

Symptom: The switch configuration fails with an invalid oobm or 400 bad response error when the RADIUS server is updated with is_oobm or is_tls_oobm and the value is updated from False to False.

Scenario: This issue occurred when the PUT request was sent to RADIUS server with is_oobm or is_tls_oobm and the value was updated from False to False (no change).

REST APIs

16.11.0008

256727

WC

Symptom/Scenario: The switch crashes when the OSPF neighbor sends exactly 256 OSPF routes.

Workaround: Configure the OSPF protocol with more or less than 256 OSPF routes.

OSPF

16.11.0007

256543

WC

Symptom: IPTV stream freezes on a periodic basis as the querier information is lost.

Scenario: This issue occurred when IGMPv3 query was sent with a QQIC value lower than IGMPv2 configs.

Workaround: Change the querier interval value configured for IGMPv2 to value higher than 60 seconds (default IGMPv2 querier interval).

IGMPv3

16.11.0007

256613

WC

Symptom/Scenario: Some IP addresses for save config and config change in the traps will not be displayed in the AirWave.

AirWave

16.11.0007

256631

WC

Symptom/Scenario: UBT Client on one port will authenticate and a tunnel is established, but no traffic passes and the counter "packets to non existent tunnel" will increase. Other ports might function normally.

Workaround: Disable or Enable either the tunneled-node-profile or the UBT user port.

Tunneled Node

16.11.0007

256695

WC

Symptom: Dynamically learned routes will lose the nexthop and traffic will not be forwarded.

Scenario: This issue occurred when VRRP was configured in owner mode along with routing protocols.

Workaround: Configure VRRP in backup mode when using the routing protocols.

OSPFv2

16.11.0007

256733

WC

Symptom: IP SLA for reachability failed status shows garbage RTT value when polling using SNMP i.e. hpicfIpSlaHistSummRTT returns non zero values even for unreachable history records.

Scenario: This issue occurred when the IP SLA target was reachable for 25 intervals and then became unreachable.

IPSLA

16.11.0007

256575

WC

Symptom: The switch will stop responding to valid SNMP packets.

Scenario: This issue occurred when the UDP packets were sent without any data. After 65 packets, the switch will stop responding to valid packets.

SNMPv3

16.11.0007

256600

WC

Symptom: Client will not be in authenticated state until cached-reauth period.

Scenario: This issue occurred when 802.1x authentication was configured with cached-reauth.

Workaround:

First, enable the user-role authentication and then configure the critical user-role for the authentication port.

Critical user-role should not have the reauth-period attribute and auth-order should be removed for the authentication port.

802.1x

16.11.0007

256732

WC

Symptom: Local-user with group cannot be configured via SNMP.

Scenario: This issue occurred when local-user with group using SNMP was configured.

Workaround: User can configure local-user with group using CLI configuration.

SNMPv2

16.11.0006

256590

WC

Symptom/Scenario: When a port is added to a VLAN from the Web UI, IPv6 will be enabled on the VLAN.

NextGen WebUI

16.11.0006

256491

WC

Symptom: Multicast traffic stops for several seconds, causing the video stream to freeze.

Scenario: This issue occurred when multiple clients were connected to the same access switch (the access layer had AOS-S switches and distribution/core had CX switches) receiving the same multicast stream, and one of the clients sent an IGMP leave.

NOTE: This fix is specific to IGMPv2 only.

IGMP

16.11.0006

256372

WC

Symptom: Traffic from the secondary VLAN does not reach the primary VLAN.

Scenario: This issue occurred when there was a tagged trunk port in the secondary VLAN and the switch was rebooted.

Workaround: Remove the tagged trunk configuration from the secondary VLAN and re-add the tagged trunk configuration to the secondary VLAN.

PVLAN

16.11.0006

256541

WC

Symptom: Authentication or Accounting using RadSec server is delayed.

Scenario: This issue occurred when there was only one RadSec server configured and the TLS connection to that server was terminated.

Radius

16.11.0006

256509

WC

Symptom: The BSR and RP candidate cannot be configured with a VLAN ID greater than 999.

Scenario: This issue occurred when a VLAN ID greater than 999 was configured with ip pim-sparse enabled and bsr-candidate/rp-candidate was configured in router pim/pim6 with the respective VLAN ID.

PIM Sparse Mode

16.11.0006

256485

WC

Symptom: REST request over HTTPS fails as SSL connection is not established.

Scenario: This issue occurred when a GET request with an empty JSON payload was sent.

Workaround: Replace the empty JSON payload with None in the GET request.

REST APIs

16.11.0006

256358

WC

Symptom: An invalid username or password grants the operator access to the switch's Web UI.

Scenario: This issue occurred when a banner and a manager password were configured but not an operator password.

Workaround: Remove the banner configuration.

WEB UI

16.11.0005

256433

WC

Symptom: When an end client is moved between two different switches, authentication does not occur on the second switch.

Scenario: This issue occurred when the MAC address of the end client was learned on the uplink port first (where authentication was not enabled) and later learned on an access port (where authentication was enabled).

Mac Authentication

16.11.0005

256424

WC

Symptom: Device fingerprinting fails when the first RADIUS server in the list is unreachable.

Scenario: This issue occurred when there were more than one RADIUS server configured and the first server in the list was not reachable.

Workaround: Keep the unreachable RADIUS server as the last entry in the list.

Device Finger Printing

16.11.0005

256420

WC

Symptom/Scenario: The switch crashes after entering the ip-recv-mac-address command.

Workaround: Use an interval value greater than 2 when configuring ip-recv-mac-address.

Boot and Reload

16.11.0005

256406

WC

Symptom: Traffic is sent directly to the clients in VLANs that do not have an IP address configured instead of being sent to the gateway configured in the routing table.

Scenario: This issue occurred when the switch had both Layer 2 and Layer 3 VLANs and IP client tracker was enabled.

Workaround: Disable the IP client tracker.

Note: The IP address of silent clients being tracked may not be learnt unless a port bounce is performed after a redundancy failover.

Static Routing

16.11.0005

256366

WC

Symptom/Scenario: The switch crashes with a message similar to the following: Software exception at multMgmtUtil.c:259 – in 'mOobmCtrl' -> Internal error.

Coredump

16.11.0005

256349

WC

Symptom: The memory of the switch is slowly consumed until executing any CLI command results in an Out of memory message.

Scenario: This issue occurred when the switch had aaa configured, was connected to Aruba Central, and had neighbours that shared LLDP information.

VSF

16.11.0005

256301

WC

Symptom: The port is mistakenly blocked by MACsec.

Scenario: This issue occurred when MACSec was configured and the switch was up for approximately 100 days.

Mac_Sec

16.11.0005

256262

WC

Symptom: Delay in captive portal redirection.

Scenario: This issue occurred when multiple clients were connected and when there were several TLS sessions from each client.

Captive Portal

16.11.0005

256247

WC

Symptom/Scenario: The stack topology shown in the show stacking output is Chain even though the actual topology is a Ring.

Back Plane Stacking

16.11.0005

256122

WC

Symptom: Tx drops are seen on the port after the trunk member is removed.

Scenario: This issue occurred when the port was configured to be a member of the trunk and subsequently removed from the trunk when the port was down. The issue will be seen when a client is connected to the port.

Workaround: Configure the trunk while the port is up.

LACP

16.11.0005

256069

WC

Symptom: The switch reports a selftest failure on transceiver ports with Rx timeout error.

Scenario: This issue occurred when the 3810 stack rebooted with SFP+ flex modules and J8177D transceivers.

Chassis Manager

16.11.0004

256274

WC

Symptom/Scenario: VSF Stack Member crashed with a message similar to the following:

Software exception at lava_chassis_slot_sm.c:3626 – in 'eChassMgr', task ID = 0x37b07bc0.

VSF

16.11.0004

256257

WC

Symptom/Scenario: Certain transceivers had link issues in unsupported transceiver mode.

Transceivers

16.11.0004

256234

WC

Symptom: The show rmon statistics <port no> command returns the wrong counter values.

Scenario: This issue occurred when the clear statistics global or clear statistics <port no> was executed first and then show rmon statistics <port no>.

CLI

16.11.0004

256233

WC

Symptom: Client ports may encounter packet drops when multicast sources stream video over 500 Mbps.

Scenario: This issue can occur when multiple clients from different ports subscribed to the same group, which streams using HD channels requiring high bandwidth. TX drops can occur when several clients change channels simultaneously.

Workaround: Lower the bandwidth of the video streams to below 500 Mbps in order to avoid over-subscription of ports.

IGMP-NG

16.11.0004

256220

WC

Symptom: Missing OSPF routes.

Scenario: This issue occurred when both userbased tunneling and OSPF are configured and either of the uplinks to the controller is down.

NOTE: source-interface to be configured for tunneled node when the switch has more than one vlan to the reach the controller.

OSPFv2

16.11.0004

256205

WC

Symptom: A configuration template push from Aruba Central fails.

Scenario: This issue occurred when the end devices are connected to ports that are configured with port-security learn-mode static.

Central Integration

16.11.0004

256121

WC

Symptom: Web authentication fails when the switch is managed by Aruba Central (aruba-central support-mode disable).

Scenario: This issue occurred when the switch connects to Aruba Central and aruba-central support-mode is disabled.

Workaround: Execute aruba-central support-mode enable command so the switch is no longer managed by Aruba Central.

Web Authentication

16.11.0004

256167

WC

Symptom: Ports with per-port tunneled node (PPTN) configured may be disabled after a switch reboot.

Scenario: This issue occurred when a device profile was configured with tunneled-node.

Workaround: Disable and enable the problematic PPTN enabled port manually.

Tunneled Node

16.11.0004

256115

WC

Symptom: Although the switch does not react to pings or SSH commands, it continues to transit traffic. The event log contains a crash message.

Scenario: This issue occurred when device fingerprinting was configured with DHCP protocol.

CPPM

16.11.0003

256037

WC

Symptom: Clients are not authenticated on a switch port.

Scenario: This issue occurred when multiple clients were connected to a single port (for example, a Personal Computer (PC) was connected to a phone), both MAC authentication and 802.1X authentication methods were attempted at the same time on the PC, and both the authentication methods used the same user role attribute.

Workaround: Configure the auth-order parameter first with authenticator, and then with mac-based.

802.1X

16.11.0003

255940

WC

Symptom: A switch crashes with a message similar to the following:

Software exception at svc_misc.c:1088 – in 'mDHCPClint'

-> Failed to malloc 9202 bytes

Scenario: This issue occurred when the switch attempted to reconnect to Aruba Central.

Aruba Central

16.11.0003

255928

WC

Symptom/Scenario: A switch is unable to connect to Aruba Central.

Aruba Central

16.11.0003

255978

WC

Symptom: A switch crashes with a message similar to the following:

Software exception in ISR at pvDmaV1Rx.c

-> ASSERT: No resources available!

Scenario: This issue occurred when 802.1X and MAC authentication were enabled on the same port with auth-order, and the client was initially authenticated through MAC authentication with a user role having the port mode attribute.

Authentication

16.11.0003

255995

WC

Symptom: A switch crashes when the show port-access clients command is issued or when an SNMP GET operation is performed to get the MIB object hpicfUsrAuthMacAuthSessionStatsEntry.

Scenario: The switch crashed when a MAC-authenticated client had a username of more than 40 characters.

Authentication

16.11.0003

254566

WC

Symptom: Traffic fails to pass through an IEEE 802.1ad tunnel.

Scenario: This issue occurred because of the following reasons:

A Small Form-factor Pluggable+ (SFP+) port was configured as an uplink.
IEEE 802.1ad was configured on the same port.
The switch was rebooted without a transceiver in the slot.
A 1G SFP transceiver was inserted during the runtime.

Workaround: Insert the 1G SFP transceiver, and then reboot the switch.

IEEE 802.1ad

16.11.0003

256016

WC

Symptom: When a private VLAN is configured on a switch, the traffic from the secondary VLAN does not reach the primary VLAN.

Scenario: This issue occurred when the switch was rebooted, and the secondary VLAN contained a tagged trunk or Link Aggregation Control Protocol (LACP) port.

Workaround: Remove and add the tagged trunk or LACP configuration to the secondary VLAN.

Private VLAN

16.11.0003

256034

WC

Symptom: SNMP MIB files are not reachable, and the MIB file returns some errors.

Scenario: This issue occurred when the customer used an SNMP monitoring tool to read or parse the MIB files.

SNMP

16.11.0003

256050

WC

Symptom: A switch crashes when the WebUI Security > Clientspage is accessed.

Scenario: The switch crashed when a MAC-authenticated client had a username of more than 40 characters.

Web UI

16.11.0002

255888

WC

Symptom/Scenario: When a proxy server is configured on the switch, the switch does not onboard into Aruba Central or Activate.

Aruba Central

16.11.0002

255799

WC

Symptom: The user is unable to copy a configuration file to the switch using Secure File Transfer Protocol (SFTP) and the following error message is displayed.

Invalid input: grep usage error

Scenario: This issue occurred when the pipe character ( | ) was used as a part of the command input for some configuration commands, such as the banner motd and snmpv3 user commands.

Workaround: Do not use the pipe character (|) in the command input for the configuration commands.

Configuration

16.11.0002

255825

WC

Symptom/Scenario: When a switch is rebooted through an SSH session, the show boot-history, show logging, and boot command outputs include the Operator cold reboot from TELNET session message instead of the Operator cold reboot from SSH session message.

SSH

16.11.0001

-

WC

No fixes were included in version 16.11.0001.

-