Fixes for YA/YB 16.11

Table 1: Fixed Issues
Version	Bug ID	Software	Description	Category
16.11.0024	257491	YA/YB	Symptom: Deleting any tagged port from a VLAN using WebUI removes the port from other VLANs. Scenario: This issue occurred when a port is configured as untagged in a VLAN and the tagged VLANs are modified from this port using WebUI. The port is then subsequently no longer in untagged VLAN, but is present in default VLAN. Workaround: Use CLI commands to update VLAN configurations.	WebUI
16.11.0024	257502	YA/YB	Symptom/Scenario: The switch reboots itself during a power outage. However, routing convergence issues with the RIP protocol may be observed after the reboot. Workaround: Use NTP/SNTP servers, instead of Activate, to establish time sync.	Central Integration
16.11.0024	257513	YA/YB	Symptom: The role under User Details in WebUI displays the incorrect role during the first login attempt. There was no impact on the functionality. Scenario: This issue occurred when the authorization attribute for a user was changed on the radius server. Workaround: Logout from the webUI and login again.	WebUI
16.11.0023	257379	YA/YB	Symptom: Some users experience unsuccessful file transfers. Scenario: This issue occurred when source interface was configured in Central. Workaround: Remove the `ip sourceinterface` configuration.	Central Integration
16.11.0023	257462	YA/YB	Symptom: Some switches that are managed by Central encounter stale backup configuration file named CentralBkupConfig which in turn may cause a rollback of configuration in the switch. Scenario: This issue occurred when the switch was managed by Central and a configuration push was triggered from Central while a parallel firmware image or configuration update was processed via TFTP. Workaround: Delete the stale backup file using CLI.	Configuration
16.11.0023	257482	YA/YB	Symptom: Some switches experience module crash when VXLAN is enabled. Scenario: This issue occurred when VXLAN was enabled in multiple VLANs in order to create VXLAN tunnels.	Core Dump
16.11.0023	257492	YA/YB	Symptom: Users encounter inconsistent wording of WebUI in the event logs for a web session. For example, instances of both WEB_UI and WEB-UI is available in the logs. Scenario: This issue occurred when users tried to log in and out using valid and invalid credentials.	WebUI
16.11.0022	-	YA/YB	Version 16.11.0022 is unavailable for download.	-
16.11.0021	257322	YA/YB	Symptom: Some switches are stuck in a high CPU utilization state due to eDhcpdProto task found in running state. Scenario: The issue occurred when the switch received a high amount of DHCP traffic. Workaround:Enabling and disabling DHCP will clear the CPU usage for the switch.	Chassis Manager
16.11.0021	257330	YA/YB	Symptom/Scenario: Clients are unable to on-board with specific downloadable user-roles (DUR). This issue was observed intermittently.	User Role
16.11.0021	257377	YA/YB	Symptom/Scenario: Some users are able to apply a ACL to a management VLAN when it is not allowed. Workaround: Remove the ACL configuration for the management VLAN using CLI.	Management VLAN
16.11.0021	257381	YA/YB	Symptom: Switch crashes and restarts when Qualys scans are initiated. Scenario:This issue occurred when the Qualys VMDR (Vulnerability Management, Detection and Response) scan was initiated.	Boot and Reload
16.11.0021	257385	YA/YB	Symptom: Some switches crash with the following message: out of memory. Scenario: This issue occurred due to slow memory leakage and exhaustion.	VSF
16.11.0021	257396	YA/YB	Symptom: Clients are unable to on-board and the following error message is logged when the user attempts to assign a downloadable user-roles (DUR) to a port: ACL error - unable to create ACL entry Scenario: This issue was observed when a client placed in critical role was moved to a regular role.	ACL
16.11.0021	257408	YA/YB	Symptom: Switch crashes with the following message: Software exception at wma_ctrl_sm.c:283 – in 'mWebAuth' Scenario: This issue occurred when user role, authentication order and server timeout was configured and the radius server was unreachable.	MAC Authentication
16.11.0021	257432	YA/YB	Symptom: Some users do not receive HTTP response from the switch. Scenario:This issue occurred when HTTP requests were sent using Ansible scripts and the Ansible client interface experienced connection failures. Workaround:Use Curl instead of Ansible to send HTTP requests.	HTTP Server
16.11.0020	257397	YA/YB	Symptom Users were unable to upgrade the switches from AOS-S 16.11.0018 to AOS-S 16.11.0019 version and an error message, Firmware image signature is not valid was displayed. Scenario: This issue occurred when users upgraded the switches using the WebUI.	WebUI
16.11.0020	257382	YA/YB	Symptom: Manual SSH failed when the switch was acting as a server and AirWave Zero Touch Provisioning (ZTP) workflow was also affected. Scenario: This issue occurred when an SSH client running OpenSSH 8.0P1 or later version was used to establish an SSH connection with a factory default AOS-S switch.	Zero Touch Provisioning
16.11.0019	-	YA/YB	No fixes in 16.11.0019.	-
16.11.0018	257222	YA/YB	Symptom: Switch fails to learn the MAC address of the firewall after the version upgrade. Scenario: This issue occurred in switches with QinQ enabled and service VLANs configured.	QinQ
16.11.0018	257275	YA/YB	Symptom: Users experience random connectivity issues and packet processing failure. ARP entries are not resolved in the switch. Scenario: This issue occurred when an ICMPv6 NS (Neighbor Solicitation) packet with 'Anycast' as the destination address was sent from an IPv6 node. Workaround: Disable IPv6.	ARP
16.11.0018	257282	YA/YB	Symptom/Scenario: Switch crashes when show commands are configured with a backslash "\".	CLI
16.11.0018	257262	YA/YB	Symptom: Switch crashes when Qualys scans are executed. Scenario:This issue occurred when the Qualys VMDR (Vulnerability Management, Detection and Response) scan was executed.	Boot and Reload
16.11.0018	257302	YA/YB	Symptom: Switch crashes with the following error message: Health Monitor: Read Error Restr Mem Access” for task “mIpAdMUpCt Scenario: This issue occurred when two stack switches were connected with OSPF point-to-point links and VXLAN was enabled.	VXLAN
16.11.0017	-	YA/YB	Version 16.11.0017 is unavailable for download.	-
16.11.0016	257226	YA/YB	Symptom: Switch crashes in SSH remote port forwarding scenarios. Scenario: This issue occurred when the switch was acting as an SSH server and the ssh -R 6000:127.0.0.1:6000 manager@10.0.0.1 command was configured from an SSH client.	SSH
16.11.0015	257221	YA/YB	Symptom: The switch fails to stay in sync with Central. Scenario: This issue occurred when ip igmp forward configuration pushed from Central did not get reflected in the switch.	Central Integration
16.11.0015	257229	YA/YB	Symptom/Scenario: The switch crashed immediately after configuring logging filter <> command options.	CLI
16.11.0014	257001	YA/YB	Symptom/Scenario: Cold/Warm start trap are not seen intermittently in the customer setup when the switch is cold/warm booted.	SNMPv3
16.11.0014	257114	YA/YB	Symptom: Switch crashes with the following message: Task='eDhcpv6Rly' Scenario: This issue occured when the dhcpv6 relay command was configured with corrupted number of sockets causing the crash. Workaround: Disable the dhcpv6 relay command.	DHCP
16.11.0014	257077	YA/YB	Symptom: DHCP clients did not receive their IP addresses. The DHCP lease time is decremented to zero and is still available in the binding table. Scenario: This issue occurred when multiple clients were connected to the server with a lease time of four minutes and the dhcp client command was configured.	DHCP Snooping
16.11.0013	257138	YA/YB	Symptom: A configuration template push from Aruba Central fails. Scenario: This issue occurred when multiple clients were connected to the server with a lease time of four minutes and ran the dhcp client command from the client device.	Central Integration
16.11.0013	257136	YA/YB	Symptom: The switch sends cold start trap instead of warm start trap after rebooting. Scenario: This issue occurred when the switch was rebooted with the boot system/reload/reboot command.	SNMPv3
16.11.0013	257133	YA/YB	Symptom: Switch crashes with the following error message: Software exception at vls_xmit.c:161 – in 'mBonjourCtrl' Scenario: This issue occurred when an MDNS profile was configured with a corrupted MDNS packet causing the crash.	Boot and Reload
16.11.0013	257073	YA/YB	Symptom: Some DHCP client's DHCP offers are dropped by DHCP snooping. Scenario: This issue occurred when the server pool is configured with different subnet masks wider than /24 and when the client requests an unicast DHCP offer packet. Workaround: Configure multiple ranges in the pool excluding the following IP addresses: x.x.x.255 x.x.x.0	DHCP Snooping
16.11.0013	257098	YA/YB	Symptom:The switch is unable to connect to Aruba Central. Scenario: This issue occurred when the proxy server was configured on the switch and the activate-provision-force command was initiated.	Central Integration
16.11.0013	257089	YA/YB	Symptom: Some switches are unable to connect to Aruba Central. The switch crashed with the following error message: Internal error : HTTP/1.1 protocol missing. Please contact Aruba support. Scenario: This crash occurred due to a rare timing issue. Workaournd: Disable and enable Aruba Central.	Central Integration
16.11.0013	257088	YA/YB	Symptom: A configuration template push of timesync with ntp from Aruba Central fails. Scenario: This issue occurred when timesync <> configuration was pushed from Aruba Central when NTP was enabled.	Central Integration
16.11.0013	257082	YA/YB	Symptom: NTP server authentication fails in Aruba Central. Scenario: This issue occurred when the NTP key was validated with encrypt-credential enabled in Aruba Central. Workaround: Reboot the switch after pushing the configurations.	NTP
16.11.0013	257070	YA/YB	Symptom: The switch crashed and reboots while accessing the WebUI. Scenario: This issue occurred when LLDP packets were sent with a system name TLV length of 255 by neighbour device. Workaround: Disable LLDP on the port which is connected to a device sending LLDP packets with the values mentioned above.	LLDP
16.11.0013	257063	YA/YB	Symptom: The output of the command show power-over-ethernet <port> displays PD Power Draw value in decimals while the corresponding REST API truncates it to a whole number. Scenario: This issue occurred when the REST API GET /ports/<port>/poe/stat command was configured.	REST API
16.11.0013	257049	YA/YB	Symptom: Manager or operator credentials are lost after rebooting the switch. Scenario: This issue occurred when the command include-credentials was enabled, and the switch was power cycled. Workaround: Save the switch configuration details after enabling include-credentials.	Credentials
16.11.0012	257023	YA/YB	Symptom: amp-server secret is not encrypted even after configuring encrypt-credentials. Scenario: This problem occurred when the amp-server secret was configured, followed by encrypt-credentials, but the amp-server secret was not encrypted and appeared as plain-text under show running-config.	Config
16.11.0012	257005	YA/YB	Symptom: SSH session from the switch to AP505 does not close sometimes when the exit command is executed. Scenario: This issue occurred when the SSH session is established from the switch to AP 505. execute the command exit. Workaround: Use the key sequence ~.	SSH
16.11.0011	256995	YA/YB	Symptom: Unable to get the LAG MIB information through SNMP in the operator mode. Scenario: This issue occurred when the LACP and SNMP server community was configured in the operator mode and SNMP Walk was performed.	SNMPv2
16.11.0011	256958	YA/YB	Symptom: The top interface metric is empty in the dashboard page of WebUI. Scenario: This issue occurred when the WebUI was accessed 18 times or more with the duration of each access lasting more than a minute. Workaround: Reboot the switch.	WebUI
16.11.0011	256987	YA/YB	Symptom: The switch crashes while connecting to Aruba Central. Scenario: This issue occurred when the switch running AOS-S16.07 or older version was upgraded to AOS-S 16.08 or a later version and attempted to connect to Aruba Central. This issue has a very low probability of occurrence. Workaround: Power cycle the switch one more time after the upgrade.	REST Infrastructure
16.11.0011	256927	YA/YB	Symptom: The devices that are not directly connected to the switch show up in the LLDP neighbour table. Scenario: This issue occurred when the device sent LLDPDUs with the STP multicast destination MAC address and STP was disabled in the switch. Workaround: Configure an ACL on the interface connected to the device to drop the packets with STP multicast destination MAC address.	LLDP
16.11.0011	256905	YA/YB	Symptom: The switch passwords are not erased after erase all command is executed. Scenario: This issue occurred when the passwords were configured on the switch and then the erase all command was executed. Workaround: Execute no password manager/no password operator commands prior to the erase all command.	Credentials
16.11.0010	256651	YA/YB	Symptom: System memory depletes and the switch reboots after a few months of runtime. Scenario: This issue occurred when the switch was connected to AirWave, and the AirWave was polling certain MIBs including ieee8021SpanningTreeDesignatedRoot and hpicfXpsSwitchModType.	Central Integration
16.11.0010	256898	YA/YB	Symptom: Authentication fails due to an insufficient ACL resources error. Scenario: This issue occurred when the client was authenticated using a user role with a classifier configuration having a VLAN which was not configured on the switch. Workaround: Make sure that the VLANs used in classifier configuration is present in the switch.	Access Control Lists (ACL)
16.11.0010	256872	YA/YB	Symptom: The switch crashes with the message similar to:NMI event SW:IP=0x0ea80030 MSR:0x02029200 LR:0x0ea800cccr: 0x42000400 sp:0x1f5d46e8 xer:0x00000000Task='mDsnoopCtrl' Task ID=0x1f5d13a8. Scenario: This issue can occur if the DHCP snooping is enabled and the switch is processing continuous DHCP packets. Workaround: Disable the DHCP snooping.	DHCP Snooping
16.11.0010	256935	YA/YB	Symptom: The switch crashed with a message similar to Software exception at wma_ctrl_sm.c:283 – in 'mWebAuth'. Scenario: This issue occurred when the User Role, Auth order, and Server timeout were configured on the switch, and RADIUS server was unreachable.	Mac Authentication
16.11.0010	256812	YA/YB	Symptom: The simultaneous execution of Show Tech from the switch CLI and from Aruba Central may cause the switch to crash. Scenario: This issue occurred when the user executed the Show Tech command in CLI and Aruba Central in parallel.	Boot and Reload
16.11.0009	-	YA/YB	Version 16.11.0009 is unavailable for download.	-
16.11.0008	256574	YA/YB	Symptom: The switch crashes if the ip tcp randomize-timestamp configuration is present on the switch. Scenario: This issue occurred when the switch had the ip tcp randomize-timestamp configuration and SSH/Telnet/Web UI was established on the switch. Workaround: Remove the ip tcp randomize-timestamp configuration.	Boot and Reload
16.11.0008	256762	YA/YB	Symptom: The switch configuration fails with an invalid oobm or 400 bad response error when the RADIUS server is updated with is_oobm or is_tls_oobm and the value is updated from False to False. Scenario: This issue occurred when the PUT request was sent to the RADIUS server with is_oobm or is_tls_oobm and the value was updated from False to False (no change).	REST APIs
16.11.0007	256672	YA/YB	Symptom/Scenario: The switch fails to connect to activate with an error activate: EST enrollment with server failed because of Unable to generate CSR.	Central Integration
16.11.0007	256575	YA/YB	Symptom: The switch will stop responding to valid SNMP packets. Scenario: This issue occurred when UDP packets were sent without any data. After 65 packets, the switch will stop responding to valid packets.	SNMPv3
16.11.0007	256613	YA/YB	Symptom/Scenario: Some IP addresses for save config and config change in the traps will not be displayed in AirWave.	AirWave
16.11.0007	256600	YA/YB	Symptom: Client will not be in authenticated state until cached-reauth period. Scenario: This issue occurred when the 802.1x authentication was configured with the cached-reauth. Workaround: First, enable the user-role authentication and then configure the critical user-role for the authentication port. Critical user-role should not have the reauth-period attribute and auth-order should be removed for the authentication port.	802.1x
16.11.0007	256732	YA/YB	Symptom: Local-user with group cannot be configured via SNMP. Scenario: This issue occurred when local-user with group using SNMP was configured. Workaround: User can configure local-user with group using CLI configuration.	SNMPv2
16.11.0006	256590	YA/YB	Symptom/Scenario: When a port is added to a VLAN from the Web UI, IPv6 will be enabled on the VLAN.	NextGen WebUI
16.11.0006	256561	YA/YB	Symptom: Network access is denied for a 802.1X authenticated client. Scenario: This issue occurred when the 802.1X client was authenticated with the auth-vid and unauth-vid configurations. Workaround: Configure a client limit for the authenticator-enabled port.	802.1X
16.11.0006	256485	YA/YB	Symptom: REST request over HTTPS fails as SSL connection is not established. Scenario: This issue occurred when a GET request with an empty JSON payload was sent. Workaround: Replace the empty JSON payload with None in the GET request.	REST APIs
16.11.0006	256358	YA/YB	Symptom: An invalid username or password grants the operator access to the switch's Web UI. Scenario: This issue occurred when a banner and a manager password were configured but not an operator password. Workaround: Remove the banner configuration.	WEB UI
16.11.0005	256406	YA/YB	Symptom: Traffic is sent directly to clients in VLANs that do not have an IP address configured instead of being sent to the gateway configured in the routing table. Scenario: This issue occurred when the switch had both Layer 2 and Layer 3 VLANs and IP client tracker was enabled. Workaround: Disable the IP client tracker. Note: The IP address of silent clients being tracked may not be learnt unless a port bounce is performed after a redundancy failover.	Static Routing
16.11.0005	256366	YA/YB	Symptom/Scenario: The switch crashes with a message similar to the following: Software exception at multMgmtUtil.c:259 – in 'mOobmCtrl' -> Internal error.	Coredump
16.11.0005	256122	YA/YB	Symptom: Tx drops are seen on the port after the trunk member is removed. Scenario: This issue occurred when the port was configured to be a member of the trunk and subsequently removed from the trunk when the port was down. The issue will be seen when a client is connected to the port. Workaround: Configure the trunk while the port is up.	LACP
16.11.0004	256234	YA/YB	Symptom: The show rmon statistics <port no> command returns the wrong counter values. Scenario: This issue occurred when the clear statistics global or clear statistics <port no> was executed first and then show rmon statistics <port no>.	CLI
16.11.0004	256257	YA/YB	Symptom/Scenario: Certain transceivers had link issues in unsupported transceiver mode.	Transceivers
16.11.0004	256233	YA/YB	Symptom: Client ports may encounter packet drops when multicast sources stream video over 500 Mbps. Scenario: This issue can occur when multiple clients from different ports subscribed to the same group, which streams using HD channels requiring high bandwidth. TX drops can occur when several clients change channels simultaneously. Workaround: Lower the bandwidth of the video streams to below 500 Mbps in order to avoid over-subscription of ports.	IGMP-NG
16.11.0004	256205	YA/YB	Symptom: A configuration template push from Aruba Central fails. Scenario: This issue occurred when the end devices are connected to ports that are configured with port-security learn-mode static.	Central Integration
16.11.0004	256202	YA/YB	Symptom: Unable to provision the switch from Aruba Activate and records an EST enrollment failure. Scenario: This issue occurred when the hostname for the EST enrollment server is not resolved during zero-touch provisioning (ZTP). Workaround: Ensure that the DHCP server provides a DNS server IP address.	CertManager
16.11.0004	256121	YA/YB	Symptom: Web authentication fails when the switch is managed by Aruba Central (aruba-central support-mode disable). Scenario: This issue occurred when the switch connects to Aruba Central and aruba-central support-mode is disabled. Workaround: Execute aruba-central support-mode enable command so the switch is no longer managed by Aruba Central.	Web Authentication
16.11.0003	255819	YA/YB	Symptom: A switch crashes with a message similar to the following: `SubSystem 100 went down:` `Health Monitor: Read Error Restr Mem Access` Scenario: This issue occurred because of the following actions: An AP was authenticated with 802.1X `port mode`. The AP was rebooted, and the 802.1X authentication configuration was removed from the port.	802.1X
16.11.0003	255940	YA/YB	Symptom: A switch crashes with a message similar to the following: `Software exception at svc_misc.c:1088 – in 'mDHCPClint'` `-> Failed to malloc 9202 bytes` Scenario: This issue occurred when the switch attempted to reconnect to Aruba Central.	Aruba Central
16.11.0003	255995	YA/YB	Symptom: A switch crashes when the `show port-access clients` command is issued or when an `SNMP GET` operation is performed to get the MIB object `hpicfUsrAuthMacAuthSessionStatsEntry`. Scenario: The switch crashed when a MAC-authenticated client had a username of more than 40 characters.	Authentication
16.11.0003	255120	YA/YB	Symptom/Scenario: The Key Expansion Module of a Cisco 8851 phone does not power up. Workaround: Configure `poe-allocate-by` command with `class` parameter on the ports, and reduce the number of powered devices connected to the switch.	PoE
16.11.0003	256034	YA/YB	Symptom: SNMP MIB files are not reachable, and the MIB file returns some errors. Scenario: This issue occurred when the customer used an SNMP monitoring tool to read or parse the MIB files.	SNMP
16.11.0003	256050	YA/YB	Symptom: A switch crashes when the WebUI Security > Clientspage is accessed. Scenario: The switch crashed when a MAC-authenticated client had a username of more than 40 characters.	Web UI
16.11.0002	255888	YA/YB	Symptom/Scenario: When a proxy server is configured on the switch, the switch does not onboard into Aruba Central or Activate.	Aruba Central
16.11.0002	255799	YA/YB	Symptom: The user is unable to copy a configuration file to the switch using Secure File Transfer Protocol (SFTP) and the following error message is displayed. Invalid input: grep usage error Scenario: This issue occurred when the pipe character ( \| ) was used as a part of the command input for some configuration commands, such as the `banner motd` and `snmpv3 user` commands. Workaround: Do not use the pipe character (\|) in the command input for the configuration commands.	Configuration
16.11.0002	255825	YA/YB	Symptom/Scenario: When a switch is rebooted through an SSH session, the `show boot-history`, `show logging`, and `boot` command outputs include the `Operator cold reboot from TELNET session` message instead of the `Operator cold reboot from SSH session` message.	SSH
16.11.0001	-	YA/YB	No fixes were included in version 16.11.0001.	-

16.11.0024

257491

YA/YB

Symptom: Deleting any tagged port from a VLAN using WebUI removes the port from other VLANs.

Scenario: This issue occurred when a port is configured as untagged in a VLAN and the tagged VLANs are modified from this port using WebUI. The port is then subsequently no longer in untagged VLAN, but is present in default VLAN.

Workaround: Use CLI commands to update VLAN configurations.

WebUI

16.11.0024

257502

YA/YB

Symptom/Scenario: The switch reboots itself during a power outage. However, routing convergence issues with the RIP protocol may be observed after the reboot.

Workaround: Use NTP/SNTP servers, instead of Activate, to establish time sync.

Central Integration

16.11.0024

257513

YA/YB

Symptom: The role under User Details in WebUI displays the incorrect role during the first login attempt. There was no impact on the functionality.

Scenario: This issue occurred when the authorization attribute for a user was changed on the radius server.

Workaround: Logout from the webUI and login again.

WebUI

16.11.0023

257379

YA/YB

Symptom: Some users experience unsuccessful file transfers.

Scenario: This issue occurred when source interface was configured in Central.

Workaround: Remove the ip sourceinterface configuration.

Central Integration

16.11.0023

257462

YA/YB

Symptom: Some switches that are managed by Central encounter stale backup configuration file named CentralBkupConfig which in turn may cause a rollback of configuration in the switch.

Scenario: This issue occurred when the switch was managed by Central and a configuration push was triggered from Central while a parallel firmware image or configuration update was processed via TFTP.

Workaround: Delete the stale backup file using CLI.

Configuration

16.11.0023

257482

YA/YB

Symptom: Some switches experience module crash when VXLAN is enabled.

Scenario: This issue occurred when VXLAN was enabled in multiple VLANs in order to create VXLAN tunnels.

Core Dump

16.11.0023

257492

YA/YB

Symptom: Users encounter inconsistent wording of WebUI in the event logs for a web session. For example, instances of both WEB_UI and WEB-UI is available in the logs.

Scenario: This issue occurred when users tried to log in and out using valid and invalid credentials.

WebUI

16.11.0022

-

YA/YB

Version 16.11.0022 is unavailable for download.

-

16.11.0021

257322

YA/YB

Symptom: Some switches are stuck in a high CPU utilization state due to eDhcpdProto task found in running state.

Scenario: The issue occurred when the switch received a high amount of DHCP traffic.

Workaround:Enabling and disabling DHCP will clear the CPU usage for the switch.

Chassis Manager

16.11.0021

257330

YA/YB

Symptom/Scenario: Clients are unable to on-board with specific downloadable user-roles (DUR). This issue was observed intermittently.

User Role

16.11.0021

257377

YA/YB

Symptom/Scenario: Some users are able to apply a ACL to a management VLAN when it is not allowed.

Workaround: Remove the ACL configuration for the management VLAN using CLI.

Management VLAN

16.11.0021

257381

YA/YB

Symptom: Switch crashes and restarts when Qualys scans are initiated.

Scenario:This issue occurred when the Qualys VMDR (Vulnerability Management, Detection and Response) scan was initiated.

Boot and Reload

16.11.0021

257385

YA/YB

Symptom: Some switches crash with the following message: out of memory.

Scenario: This issue occurred due to slow memory leakage and exhaustion.

VSF

16.11.0021

257396

YA/YB

Symptom: Clients are unable to on-board and the following error message is logged when the user attempts to assign a downloadable user-roles (DUR) to a port:

ACL error - unable to create ACL entry

Scenario: This issue was observed when a client placed in critical role was moved to a regular role.

ACL

16.11.0021

257408

YA/YB

Symptom: Switch crashes with the following message:

Software exception at wma_ctrl_sm.c:283 – in 'mWebAuth'

Scenario: This issue occurred when user role, authentication order and server timeout was configured and the radius server was unreachable.

MAC Authentication

16.11.0021

257432

YA/YB

Symptom: Some users do not receive HTTP response from the switch.

Scenario:This issue occurred when HTTP requests were sent using Ansible scripts and the Ansible client interface experienced connection failures.

Workaround:Use Curl instead of Ansible to send HTTP requests.

HTTP Server

16.11.0020

257397

YA/YB

Symptom Users were unable to upgrade the switches from AOS-S 16.11.0018 to AOS-S 16.11.0019 version and an error message, Firmware image signature is not valid was displayed.

Scenario: This issue occurred when users upgraded the switches using the WebUI.

WebUI

16.11.0020

257382

YA/YB

Symptom: Manual SSH failed when the switch was acting as a server and AirWave Zero Touch Provisioning (ZTP) workflow was also affected.

Scenario: This issue occurred when an SSH client running OpenSSH 8.0P1 or later version was used to establish an SSH connection with a factory default AOS-S switch.

Zero Touch Provisioning

16.11.0019

-

YA/YB

No fixes in 16.11.0019.

-

16.11.0018

257222

YA/YB

Symptom: Switch fails to learn the MAC address of the firewall after the version upgrade.

Scenario: This issue occurred in switches with QinQ enabled and service VLANs configured.

QinQ

16.11.0018

257275

YA/YB

Symptom: Users experience random connectivity issues and packet processing failure. ARP entries are not resolved in the switch.

Scenario: This issue occurred when an ICMPv6 NS (Neighbor Solicitation) packet with 'Anycast' as the destination address was sent from an IPv6 node.

Workaround: Disable IPv6.

ARP

16.11.0018

257282

YA/YB

Symptom/Scenario: Switch crashes when show commands are configured with a backslash "\".

CLI

16.11.0018

257262

YA/YB

Symptom: Switch crashes when Qualys scans are executed.

Scenario:This issue occurred when the Qualys VMDR (Vulnerability Management, Detection and Response) scan was executed.

Boot and Reload

16.11.0018

257302

YA/YB

Symptom: Switch crashes with the following error message: Health Monitor: Read Error Restr Mem Access” for task “mIpAdMUpCt

Scenario: This issue occurred when two stack switches were connected with OSPF point-to-point links and VXLAN was enabled.

VXLAN

16.11.0017

-

YA/YB

Version 16.11.0017 is unavailable for download.

-

16.11.0016

257226

YA/YB

Symptom: Switch crashes in SSH remote port forwarding scenarios.

Scenario: This issue occurred when the switch was acting as an SSH server and the ssh -R 6000:127.0.0.1:6000 manager@10.0.0.1 command was configured from an SSH client.

SSH

16.11.0015

257221

YA/YB

Symptom: The switch fails to stay in sync with Central.

Scenario: This issue occurred when ip igmp forward configuration pushed from Central did not get reflected in the switch.

Central Integration

16.11.0015

257229

YA/YB

Symptom/Scenario: The switch crashed immediately after configuring logging filter <> command options.

CLI

16.11.0014

257001

YA/YB

Symptom/Scenario: Cold/Warm start trap are not seen intermittently in the customer setup when the switch is cold/warm booted.

SNMPv3

16.11.0014

257114

YA/YB

Symptom: Switch crashes with the following message: Task='eDhcpv6Rly'

Scenario: This issue occured when the dhcpv6 relay command was configured with corrupted number of sockets causing the crash.

Workaround: Disable the dhcpv6 relay command.

DHCP

16.11.0014

257077

YA/YB

Symptom: DHCP clients did not receive their IP addresses. The DHCP lease time is decremented to zero and is still available in the binding table.

Scenario: This issue occurred when multiple clients were connected to the server with a lease time of four minutes and the dhcp client command was configured.

DHCP Snooping

16.11.0013

257138

YA/YB

Symptom: A configuration template push from Aruba Central fails.

Scenario: This issue occurred when multiple clients were connected to the server with a lease time of four minutes and ran the dhcp client command from the client device.

Central Integration

16.11.0013

257136

YA/YB

Symptom: The switch sends cold start trap instead of warm start trap after rebooting.

Scenario: This issue occurred when the switch was rebooted with the boot system/reload/reboot command.

SNMPv3

16.11.0013

257133

YA/YB

Symptom: Switch crashes with the following error message:

Software exception at vls_xmit.c:161 – in 'mBonjourCtrl'

Scenario: This issue occurred when an MDNS profile was configured with a corrupted MDNS packet causing the crash.

Boot and Reload

16.11.0013

257073

YA/YB

Symptom: Some DHCP client's DHCP offers are dropped by DHCP snooping.

Scenario: This issue occurred when the server pool is configured with different subnet masks wider than /24 and when the client requests an unicast DHCP offer packet.

Workaround: Configure multiple ranges in the pool excluding the following IP addresses:

x.x.x.255
x.x.x.0

DHCP Snooping

16.11.0013

257098

YA/YB

Symptom:The switch is unable to connect to Aruba Central.

Scenario: This issue occurred when the proxy server was configured on the switch and the activate-provision-force command was initiated.

Central Integration

16.11.0013

257089

YA/YB

Symptom: Some switches are unable to connect to Aruba Central. The switch crashed with the following error message:

Internal error : HTTP/1.1 protocol missing. Please contact Aruba support.

Scenario: This crash occurred due to a rare timing issue.

Workaournd: Disable and enable Aruba Central.

Central Integration

16.11.0013

257088

YA/YB

Symptom: A configuration template push of timesync with ntp from Aruba Central fails.

Scenario: This issue occurred when timesync <> configuration was pushed from Aruba Central when NTP was enabled.

Central Integration

16.11.0013

257082

YA/YB

Symptom: NTP server authentication fails in Aruba Central.

Scenario: This issue occurred when the NTP key was validated with encrypt-credential enabled in Aruba Central.

Workaround: Reboot the switch after pushing the configurations.

NTP

16.11.0013

257070

YA/YB

Symptom: The switch crashed and reboots while accessing the WebUI.

Scenario: This issue occurred when LLDP packets were sent with a system name TLV length of 255 by neighbour device.

Workaround: Disable LLDP on the port which is connected to a device sending LLDP packets with the values mentioned above.

LLDP

16.11.0013

257063

YA/YB

Symptom: The output of the command show power-over-ethernet <port> displays PD Power Draw value in decimals while the corresponding REST API truncates it to a whole number.

Scenario: This issue occurred when the REST API GET /ports/<port>/poe/stat command was configured.

REST API

16.11.0013

257049

YA/YB

Symptom: Manager or operator credentials are lost after rebooting the switch.

Scenario: This issue occurred when the command include-credentials was enabled, and the switch was power cycled.

Workaround: Save the switch configuration details after enabling include-credentials.

Credentials

16.11.0012

257023

YA/YB

Symptom: amp-server secret is not encrypted even after configuring encrypt-credentials.

Scenario: This problem occurred when the amp-server secret was configured, followed by encrypt-credentials, but the amp-server secret was not encrypted and appeared as plain-text under show running-config.

Config

16.11.0012

257005

YA/YB

Symptom: SSH session from the switch to AP505 does not close sometimes when the exit command is executed.

Scenario: This issue occurred when the SSH session is established from the switch to AP 505. execute the command exit.

Workaround: Use the key sequence ~.

SSH

16.11.0011

256995

YA/YB

Symptom: Unable to get the LAG MIB information through SNMP in the operator mode.

Scenario: This issue occurred when the LACP and SNMP server community was configured in the operator mode and SNMP Walk was performed.

SNMPv2

16.11.0011

256958

YA/YB

Symptom: The top interface metric is empty in the dashboard page of WebUI.

Scenario: This issue occurred when the WebUI was accessed 18 times or more with the duration of each access lasting more than a minute.

Workaround: Reboot the switch.

WebUI

16.11.0011

256987

YA/YB

Symptom: The switch crashes while connecting to Aruba Central.

Scenario: This issue occurred when the switch running AOS-S16.07 or older version was upgraded to AOS-S 16.08 or a later version and attempted to connect to Aruba Central. This issue has a very low probability of occurrence.

Workaround: Power cycle the switch one more time after the upgrade.

REST Infrastructure

16.11.0011

256927

YA/YB

Symptom: The devices that are not directly connected to the switch show up in the LLDP neighbour table.

Scenario: This issue occurred when the device sent LLDPDUs with the STP multicast destination MAC address and STP was disabled in the switch.

Workaround: Configure an ACL on the interface connected to the device to drop the packets with STP multicast destination MAC address.

LLDP

16.11.0011

256905

YA/YB

Symptom: The switch passwords are not erased after erase all command is executed.

Scenario: This issue occurred when the passwords were configured on the switch and then the erase all command was executed.

Workaround: Execute no password manager/no password operator commands prior to the erase all command.

Credentials

16.11.0010

256651

YA/YB

Symptom: System memory depletes and the switch reboots after a few months of runtime.

Scenario: This issue occurred when the switch was connected to AirWave, and the AirWave was polling certain MIBs including ieee8021SpanningTreeDesignatedRoot and hpicfXpsSwitchModType.

Central Integration

16.11.0010

256898

YA/YB

Symptom: Authentication fails due to an insufficient ACL resources error.

Scenario: This issue occurred when the client was authenticated using a user role with a classifier configuration having a VLAN which was not configured on the switch.

Workaround: Make sure that the VLANs used in classifier configuration is present in the switch.

Access Control Lists (ACL)

16.11.0010

256872

YA/YB

Symptom: The switch crashes with the message similar to:NMI event SW:IP=0x0ea80030 MSR:0x02029200 LR:0x0ea800cccr: 0x42000400 sp:0x1f5d46e8 xer:0x00000000Task='mDsnoopCtrl' Task ID=0x1f5d13a8.

Scenario: This issue can occur if the DHCP snooping is enabled and the switch is processing continuous DHCP packets.

Workaround: Disable the DHCP snooping.

DHCP Snooping

16.11.0010

256935

YA/YB

Symptom: The switch crashed with a message similar to Software exception at wma_ctrl_sm.c:283 – in 'mWebAuth'.

Scenario: This issue occurred when the User Role, Auth order, and Server timeout were configured on the switch, and RADIUS server was unreachable.

Mac Authentication

16.11.0010

256812

YA/YB

Symptom: The simultaneous execution of Show Tech from the switch CLI and from Aruba Central may cause the switch to crash.

Scenario: This issue occurred when the user executed the Show Tech command in CLI and Aruba Central in parallel.

Boot and Reload

16.11.0009

-

YA/YB

Version 16.11.0009 is unavailable for download.

-

16.11.0008

256574

YA/YB

Symptom: The switch crashes if the ip tcp randomize-timestamp configuration is present on the switch.

Scenario: This issue occurred when the switch had the ip tcp randomize-timestamp configuration and SSH/Telnet/Web UI was established on the switch.

Workaround: Remove the ip tcp randomize-timestamp configuration.

Boot and Reload

16.11.0008

256762

YA/YB

Symptom: The switch configuration fails with an invalid oobm or 400 bad response error when the RADIUS server is updated with is_oobm or is_tls_oobm and the value is updated from False to False.

Scenario: This issue occurred when the PUT request was sent to the RADIUS server with is_oobm or is_tls_oobm and the value was updated from False to False (no change).

REST APIs

16.11.0007

256672

YA/YB

Symptom/Scenario: The switch fails to connect to activate with an error activate: EST enrollment with server failed because of Unable to generate CSR.

Central Integration

16.11.0007

256575

YA/YB

Symptom: The switch will stop responding to valid SNMP packets.

Scenario: This issue occurred when UDP packets were sent without any data. After 65 packets, the switch will stop responding to valid packets.

SNMPv3

16.11.0007

256613

YA/YB

Symptom/Scenario: Some IP addresses for save config and config change in the traps will not be displayed in AirWave.

AirWave

16.11.0007

256600

YA/YB

Symptom: Client will not be in authenticated state until cached-reauth period.

Scenario: This issue occurred when the 802.1x authentication was configured with the cached-reauth.

Workaround:

First, enable the user-role authentication and then configure the critical user-role for the authentication port.

Critical user-role should not have the reauth-period attribute and auth-order should be removed for the authentication port.

802.1x

16.11.0007

256732

YA/YB

Symptom: Local-user with group cannot be configured via SNMP.

Scenario: This issue occurred when local-user with group using SNMP was configured.

Workaround: User can configure local-user with group using CLI configuration.

SNMPv2

16.11.0006

256590

YA/YB

Symptom/Scenario: When a port is added to a VLAN from the Web UI, IPv6 will be enabled on the VLAN.

NextGen WebUI

16.11.0006

256561

YA/YB

Symptom: Network access is denied for a 802.1X authenticated client.

Scenario: This issue occurred when the 802.1X client was authenticated with the auth-vid and unauth-vid configurations.

Workaround: Configure a client limit for the authenticator-enabled port.

802.1X

16.11.0006

256485

YA/YB

Symptom: REST request over HTTPS fails as SSL connection is not established.

Scenario: This issue occurred when a GET request with an empty JSON payload was sent.

Workaround: Replace the empty JSON payload with None in the GET request.

REST APIs

16.11.0006

256358

YA/YB

Symptom: An invalid username or password grants the operator access to the switch's Web UI.

Scenario: This issue occurred when a banner and a manager password were configured but not an operator password.

Workaround: Remove the banner configuration.

WEB UI

16.11.0005

256406

YA/YB

Symptom: Traffic is sent directly to clients in VLANs that do not have an IP address configured instead of being sent to the gateway configured in the routing table.

Scenario: This issue occurred when the switch had both Layer 2 and Layer 3 VLANs and IP client tracker was enabled.

Workaround: Disable the IP client tracker.

Note: The IP address of silent clients being tracked may not be learnt unless a port bounce is performed after a redundancy failover.

Static Routing

16.11.0005

256366

YA/YB

Symptom/Scenario: The switch crashes with a message similar to the following: Software exception at multMgmtUtil.c:259 – in 'mOobmCtrl' -> Internal error.

Coredump

16.11.0005

256122

YA/YB

Symptom: Tx drops are seen on the port after the trunk member is removed.

Scenario: This issue occurred when the port was configured to be a member of the trunk and subsequently removed from the trunk when the port was down. The issue will be seen when a client is connected to the port.

Workaround: Configure the trunk while the port is up.

LACP

16.11.0004

256234

YA/YB

Symptom: The show rmon statistics <port no> command returns the wrong counter values.

Scenario: This issue occurred when the clear statistics global or clear statistics <port no> was executed first and then show rmon statistics <port no>.

CLI

16.11.0004

256257

YA/YB

Symptom/Scenario: Certain transceivers had link issues in unsupported transceiver mode.

Transceivers

16.11.0004

256233

YA/YB

Symptom: Client ports may encounter packet drops when multicast sources stream video over 500 Mbps.

Scenario: This issue can occur when multiple clients from different ports subscribed to the same group, which streams using HD channels requiring high bandwidth. TX drops can occur when several clients change channels simultaneously.

Workaround: Lower the bandwidth of the video streams to below 500 Mbps in order to avoid over-subscription of ports.

IGMP-NG

16.11.0004

256205

YA/YB

Symptom: A configuration template push from Aruba Central fails.

Scenario: This issue occurred when the end devices are connected to ports that are configured with port-security learn-mode static.

Central Integration

16.11.0004

256202

YA/YB

Symptom: Unable to provision the switch from Aruba Activate and records an EST enrollment failure.

Scenario: This issue occurred when the hostname for the EST enrollment server is not resolved during zero-touch provisioning (ZTP).

Workaround: Ensure that the DHCP server provides a DNS server IP address.

CertManager

16.11.0004

256121

YA/YB

Symptom: Web authentication fails when the switch is managed by Aruba Central (aruba-central support-mode disable).

Scenario: This issue occurred when the switch connects to Aruba Central and aruba-central support-mode is disabled.

Workaround: Execute aruba-central support-mode enable command so the switch is no longer managed by Aruba Central.

Web Authentication

16.11.0003

255819

YA/YB

Symptom: A switch crashes with a message similar to the following:

SubSystem 100 went down:

Health Monitor: Read Error Restr Mem Access

Scenario: This issue occurred because of the following actions:

An AP was authenticated with 802.1X port mode.
The AP was rebooted, and the 802.1X authentication configuration was removed from the port.

802.1X

16.11.0003

255940

YA/YB

Symptom: A switch crashes with a message similar to the following:

Software exception at svc_misc.c:1088 – in 'mDHCPClint'

-> Failed to malloc 9202 bytes

Scenario: This issue occurred when the switch attempted to reconnect to Aruba Central.

Aruba Central

16.11.0003

255995

YA/YB

Symptom: A switch crashes when the show port-access clients command is issued or when an SNMP GET operation is performed to get the MIB object hpicfUsrAuthMacAuthSessionStatsEntry.

Scenario: The switch crashed when a MAC-authenticated client had a username of more than 40 characters.

Authentication

16.11.0003

255120

YA/YB

Symptom/Scenario: The Key Expansion Module of a Cisco 8851 phone does not power up.

Workaround: Configure poe-allocate-by command with class parameter on the ports, and reduce the number of powered devices connected to the switch.

PoE

16.11.0003

256034

YA/YB

Symptom: SNMP MIB files are not reachable, and the MIB file returns some errors.

Scenario: This issue occurred when the customer used an SNMP monitoring tool to read or parse the MIB files.

SNMP

16.11.0003

256050

YA/YB

Symptom: A switch crashes when the WebUI Security > Clientspage is accessed.

Scenario: The switch crashed when a MAC-authenticated client had a username of more than 40 characters.

Web UI

16.11.0002

255888

YA/YB

Symptom/Scenario: When a proxy server is configured on the switch, the switch does not onboard into Aruba Central or Activate.

Aruba Central

16.11.0002

255799

YA/YB

Symptom: The user is unable to copy a configuration file to the switch using Secure File Transfer Protocol (SFTP) and the following error message is displayed.

Invalid input: grep usage error

Scenario: This issue occurred when the pipe character ( | ) was used as a part of the command input for some configuration commands, such as the banner motd and snmpv3 user commands.

Workaround: Do not use the pipe character (|) in the command input for the configuration commands.

Configuration

16.11.0002

255825

YA/YB

Symptom/Scenario: When a switch is rebooted through an SSH session, the show boot-history, show logging, and boot command outputs include the Operator cold reboot from TELNET session message instead of the Operator cold reboot from SSH session message.

SSH

16.11.0001

-

YA/YB

No fixes were included in version 16.11.0001.

-