AOS-209903

AOS-241290

All Branch Gateways running AOS-8.7.0.0-2.3.0.0 rebooted due to Nanny Rebooted Machine – fpapps process died in different time intervals. This issue occurred due to a memory leak.

The resolution ensures that memory leak does not occur and the gateways work as expected.

AOS-215112

AOS-242116

The mini_http process automatically restarted on some AP-335 access points running AOS-10.3.1.1.

The fix ensures that the APs work as expected.

AOS-216942

AOS-231867

AOS-237693

AOS-239950

AOS-240711

AOS-240849

Some AP-535 access points running AOS-10.3.1.2 or previous versions crashed and rebooted unexpectedly. The log files listed the reason for the event as kernel panic: Fatal exception in interrupt.

The resolution ensures that the CPU cache entries are cleared so that the AP's do not crash.

AOS-218141

AOS-241553

Some AP-535 access points running AOS-10.3.1.0 or later versions crashed and rebooted unexpectedly. The log files listed the reason for the event as Reboot caused by kernel panic: Take care of the TARGET ASSERT at wal_soc_dev_hw.c:847 Assertion !(panic_mask & WHAL_UMCMN_WBM0_ASSERT_INT_MASK). This issue occurred when UL MU-MIMO was enabled.

This issue was resolved by adding a queue mechanism to process UL MU-MIMO packets on AP.

AOS-219927

AOS-230044

AOS-233870

AOS-233871

AOS-234556

AOS-238628

AOS-240273

A few Microbranch APs unexpectedly rebooted due to a reset. This issue occurred when the APs were trying to configure the DL3 SSID and connect it with Policy Based Routing (PBR). The addition and removal of the PBR did not affect the APs. This issue was observed in APs running AOS-10.3.1.0 or later versions.

This issue was resolved by adding a valid address check in the SPU driver.

AOS-220615

AOS-233431

Some APs displayed the client VLAN value as 0. Since VLAN with the value 0 is not configurable, this gave the impression that some ghost VLAN existed in the network.

The fix ensures that none of the APs display the client VLAN value as 0.

AOS-221085

AOS-242521

In some AP-505H access points running on AOS 10.3.1.3, one or more PSE ports (LAN ports) remained disabled, although it was enabled by the administrator. This occurred because the power management suspended the enablement of the PSE ports.

The fix ensures that when the power conditions are met and the PSE ports are enabled.

AOS-227263

The Manage > Overview > Summary page in the WebUI did not display any data under DNS Name Servers for APs running AOS-10.3.1.0 or later versions. This issue occurred because the register_local function was called before the /etc/resolve.conf file was written.

The fix ensures that the /etc/resolve.conf file can be read in heartbeat PAPI messages after the register_local function is called.

AOS-227306

AOS-240454

Some gateways replied to ARP requests on behalf of the clients that were not connected to those gateways. This caused bridge entries to point to the wrong interface for clients on upstream switches, resulting in connectivity issues. This issue occurred when the BCMC optimization was enabled on the gateways running AOS-10.3.1.2 or previous versions.

The fix ensures that the gateways work as expected with BCMC optimization.

AOS-229555

AOS-233053

AOS-240773

AOS-241678

A few APs running AOS-10.3.1.0 crashed and rebooted unexpectedly. The log files listed the reason for the event as kernel panic: Fatal exception in interrupt.

The fix adds sanity checks so that APs work as expected.

AOS-229691

AOS-237888

The fix ensures that the snmpEngineBoots and snmpEngineTime follows the RFC3414 standards.

AOS-230745

Probe configuration did not work on Prisma and Check Point CS nodes when the Uplink IP was used as a Source IP for HC or IP-SLA. This issue occurred as multiple Branch Gateways were using the same private address range for the Uplinks, due to which the return route could not be configured. This issue is resolved by using the gateway IP as the source IP in the probes.

The fix ensures successful configuration of HC or IP-SLA probe.

AOS-231214

AOS-240338

The amon_sender process crashed on HPE Aruba Networking 7210 gateway running AOS-10.3.1.0. The log files listed the reason for the event as Nanny rebooted machine - low on free memory (Intent:cause:register 34:86:50:2).

This issue was resolved by freeing the memory when the queue reaches capacity.

AOS-231636

AOS-239110

AOS-240791

The serpappstart process crashed repeatedly on HPE Aruba Networking 9240 gateway running AOS-10.3.1.1 or later versions. This issue occurred because the PYTHONPATH variable was not updated and the serpappstart process could not find the packages being referenced.

This issue was resolved by updating the PYTHONPATH variable so that the serpappstart process does not crash.

AOS-231917

AOS-243973

The SNMPBulkWalk data query failed on a few 9004-LTE gateways running AOS-10.3.1.0 or later versions. The log files listed the reason for the event as (genError) A general failure occurred. This issue occurred due to lack of support for Unified Communications Manager (UCM) and WLAN Management System (WMS) processes.

The fix ensures that the SNMP data queries are executed successfully.

AOS-235420

AOS-241481

The output of the show ap debug radio-stats command incorrectly displayed the same value for both Rx Frames Received and Rx Good Frames parameters. This issue was observed in APs running AOS-10.3.1.3 or later versions.

The fix ensures that the Rx Frames Received parameter value displayed is equal to the sum of the Rx Good Frames and Rx Bad Frames parameter values.

AOS-236225

AOS-240400

Some AP-635 access points running AOS-10.4.0.0 or later versions experienced high retry rates while connecting to Cisco phones, Draeger medical devices, or Ascom phones. This issue occurred when U-APSD was enabled.

The fix ensures that the APs work as expected with U-APSD.

AOS-236497

AOS-239827

AOS-241744

When migration from SP group to SD-Branch group was performed using MSP templates, the HPE Aruba Networking Branch Gateway remained at config rollback state. This issue occurred because the cfgm module rolls back the config ID to 0 without giving time for the web-socket to stabilize. After coming up with zero config ID, the gateway continued to remain in rollback state since the config ID did not change in HPE Aruba Networking Central.

The fix increases the rollback qualification window for full-sync qualification.

AOS-236723

AOS-242576

Some APs running AOS-10.3.1.0 or later versions did not broadcast an SSID, although it was enabled. This issue occurred when the APs lost connectivity to Aruba Central.

The fix ensures that the APs broadcast the SSIDs when the connection to Aruba Central is restored.

AOS-237784

AOS-244586

When an AP came up with survived mode, the AP and gateway used SHA1 encryption instead of SHA2 encryption for authentication, even though both endpoints supported SHA2. This issue was observed in APs running AOS 10.4.0.0.

The resolution adds SHA2 support for AP-Gateway survival tunnels, provided that both endpoints support SHA2 encryption.

AOS-237881

Some AP-535 access points did not receive the IP address from the native VLAN configured in the wired port profile but from VLAN-1.

The fix ensures that the APs get the IP address from the configured native VLAN.

AOS-238193

AOS-239948

7005 and 9004 gateways running 10.4.0.0 crashed upon configuring a new VLAN and DHCP scope. This issue occurred due to an incorrect firewall aggregate session count.

The fix ensures that the firewall aggregate session count is updated correctly.

AOS- 238398

AOS- 240850

The datapath process crashed due to a mismatch between ACE index of geolocation and authentication ACLs in the ACL table. This issue occurred when ACL entries were updated, and there was a misalignment between the initial indexing of ACL entries and their corresponding ACE indexes in the ACL table. This issue was observed in HPE Aruba Networking 9004 gateways running AOS-10.3.1.1 or later versions.

The fix ensures that the gateways work as expected.

AOS-238571

The Radproxy process crashed repeatedly when more than 12 VRRP IPs were configured. This issue occurred because amon_user_updates array was overwritten by vrrp_master_ip_pool. This issue was observed in gateways running AOS 10.3.1.1.

The fix prevents memory corruption to the next variable, that is, amon_user_updates. Additionally, debugs are added to capture logs when more than 12 entries are sent through the GSM channel.

AOS-238656

AOS-239832

AOS-240893

AOS-242252

AOS-243530

Some APs running AOS-10.3.1.0 or later versions crashed and rebooted unexpectedly. The log files listed the reason for the event as Kernel panic - not syncing: Take care of the TARGET ASSERT first.

The fix ensures that the APs work as expected.

AOS-238701

AOS-243798

The authmgr, syslogd, and Central agent processes remained in NOT_RESPONDING or INITIALIZING state for branch gateways in a cluster setup running AOS-10.4.0.1 or later versions.

The fix ensures that the branch gateways are stable and initialize as expected.

AOS-238713

AOS-242117

AOS-242536

AOS-242540

The mDNS process crashed on a few APs running AOS-10.3.1.1 or later versions. This issue occurred due to memory corruption on the APs.

The fix ensures that the mDNS process works as expected.

AOS-238869

AOS-244078

Clients connected to the HPE Aruba Networking Branch Gateways were unable to reach the internal server due to incorrect routing in the VPNC, which led to the clients taking a different route to reach the data centers. This issue occurred because the HPE Aruba Networking 9240 Gateway, running AOS-10.4.0.0 was using incorrect ACL entries.

This fix ensures that the client can access the internal server.

AOS-239121

When RA packets were sent by an AP uplink network in some VLANs, the RA packets flooded the VAP although the client was not connected to the VAP. This issue was observed in gateways running AOS-10.3.1.1 or later versions.

The fix ensures that RA packets are not sent by the APs native VLAN.

AOS-239191

The clients received the IP addresses from the management VLAN even when the static VLAN was configured. This issue was observed when the APs were migrated from AOS-8 to AOS-10.

The fix ensures that the clients received the IP addresses from the static VLAN.

AOS-239309

Client throughput did not exceed 200 Mbps for APs running AOS 10.3.1.2. This issue occurred with the following config combination: url-visibility is enabled but dpi is not enabled.

The fix ensures that the throughput for combinations of dpi and url-visibility is as expected.

AOS-239532

When a guest tunnel account was deleted, HPE Aruba Networking Central did not terminate the connection with the tunnel SSID. This issue was observed in gateways running AOS 10.3.1.1.

This fix ensures that the connection between the guest account and tunnel SSID terminates as expected.

AOS-239553

The Dot1x-proc process generated error messages. The Dot1x process periodically sends trace-buffers to authentication process, that is used in debug show commands. This exceeded an internal message buffer size resulting in repeated failures to send those messages.

The fix ensures the message size does not exceed the buffer size.

AOS-239581

AOS-244458

When a Captive Portal authenticated user disconnects from the network and re-connects on a different AP within the time period for which the authentication is still valid, an incorrect role is sometimes assigned to the user. This issue was observed in access points running AOS-10.3.1.0.

The fix ensures that the correct role is assigned to the user.

AOS-239645

AOS-241178

Clients were deauthenticated by some APs because the UAC was down. This issue was observed in HPE Aruba Networking AP-515 access points, running AOS-10.3.1.1 or later versions.

The fix ensures that the clients are not deauthenticated in the overlay or microbranch cl2 network, when it receives the same tunnel configuration, but with different UUID.

AOS-239664

Some APs running AOS-10.3.1.1 or later versions dropped ARP response from the default gateway when deny-intra-vlan-traffic was enabled.

The fix ensures that the APs work as expected.

AOS-239818

AOS-241226

When the AP to gateway IPSEC tunnels were established and the tunnel rekey occurred thousand times, the IPSEC tunnel rekey failed. This issue occurred due to the NSS flow table getting used up after multiple rekeys.

The fix ensures that the NSS flow table is handled correctly with IPSEC rekeys. This issue was observed in HPE Aruba NetworkingAP-534, AP-535, AP-555 access points, running AOS-10.3.1.3 or later versions. Additionally, the issue was also observed in HPE Aruba NetworkingAP-585, AP-635, AP-655 access points, running AOS-10.4.0.0 or later versions.

AOS-239918

A few Aruba 9004 gateways running AOS-10.3.1.0 or later versions rebooted unexpectedly. The log files listed the reason for the event as Reboot Cause: AC Power Cycle (Intent:cause: 86:50).

This issue occurred because Power Reboot Device (PRD) triggered the gateways to reboot due to a network outage.

The issue was resolved by removing all the PRD units from the sites and connecting the gateway directly to an AC power source.

AOS-239950

A few APs running AOS-10.3.1.0 crashed and rebooted unexpectedly. The log files listed the reason for the event as Reboot caused by kernel panic: Fatal exception in interrupt. This issue occurred due to memory corruption.

The fix ensures that the APs work as expected.

AOS-239969

A few APs running AOS-10.3.1.0 or later versions sent a large number of redundant syslog messages in the ERR (error) and WARN (warning) severity levels. This issue occurred because the WARN level was incorrectly used for some debug logs.

The fix ensures that redundant messages are not sent to the syslog servers.

AOS-240106

The HPE Aruba Networking USB LTE modem failed to connect to few APs even though Health Check Manager (HCM) was disabled. This issue was observed in AP-505H and AP-505 access points running AOS-10.4.0.0.

The fix ensures that the Aruba USB LTE modem is able to connect to the APs.

AOS-240112

AOS-241701

After upgrading to AOS-10.3.1.2, the authentication failed for some clients and displayed the PMKR1 the station is not present on the AP message.

This fix ensures that authentication works as expected.

AOS-240118

AOS-240930

AOS-243846

A few AP-535 access points running AOS-10.3.1.0 or later versions experienced tunnel connectivity issues with gateways. This issue occurred due to incorrect resource allocation for rekeying between APs and gateways.

The fix ensures that the APs are able to connect to gateways after implementing proper resource allocation for rekeying.

AOS-240203

When an AP came up with survived mode, the AP and gateway used SHA1 encryption instead of SHA2 encryption for authentication, even though both endpoints support SHA2. This issue was observed in APs running AOS 10.4.0.0.

The resolution adds SHA2 support for AP-gateway survival tunnels, provided that both endpoints support SHA2 encryption.

AOS-240348

Users connected to AP-535 access points running AOS-10.3.1.0 in the underlay network was getting randomly disconnected with the reason—Wlan driver excessive tx fail quick kickout (seq num 0).

The issue is resolved by upgrading to AOS-10.3.1.1.

AOS-240370

DNS resolution failed and the APs got disconnected from Aruba Central. This issue occurred because the routes were not added to the datapath for the access point as the tunnels between the APs and the gateways flapped multiple times. The issue was observed in AP-325 access points running AOS-10.3.1.1 or AOS-10.3.1.3 versions.

The fix ensures that the access points work as expected.

AOS-240445

AOS-241717

AOS-242136

A few clients were unable to connect to APs due to high memory utilization on the APs. This issue occurred because the APs received multicast IPv6 Router Advertisement (RA) packets and broadcasted them to all the SSIDs in the same VLAN when:

• IPv6 RA packet delivery was enabled in the first SSID and disabled in another SSID.

• The first SSID did not have any active clients, while another SSID had active clients.

This issue was observed in APs running AOS-10.4.0.0 or later versions.

The fix ensures that memory leak does not occur and APs work as expected.

AOS-240699

Some Branch Gateways running AOS-10.3.1.3 or later versions remained in the update-required state. This issue occurred due to an exception in the config sync workflow, which resulted in the device not receiving the complete configuration updates.

The fix ensures that the gateways receive the required configuration updates.

AOS-240780

AOS-242006

The PI flag of the route-cache entry was not cleared for the AP tunnel after IP compression was disabled in Central and the tunnels were brought down.

The fix ensures that the route-cache entries are updated when the tunnels are brought down. This issue was observed in APs running AOS-10.4.0.0.

AOS-240926

Some Microbranch APs crashed and rebooted unexpectedly. The log files listed the reason for the event as kernel panic: Fatal exception in interrupt (asap_mcast_mld_snoop+0x27c/0x3f8). This issue was observed in APs running AOS-10.3.1.0 or later versions. This fix ensures that the APs work as expected.

AOS-241021

The public IP address configured in VLAN 2 was not reachable when connected using an LTE uplink. This issue was observed in Aruba 9004-LTE gateways running AOS-10.4.0.1 or later versions. This issue occurred because all packets going out to LTE with a non-LTE interface source IP address were dropped.

The issue was resolved by verifying whether Network Address Translation (NAT) is enabled on the LTE interface before dropping these egress packets on the gateways.

AOS-241376

A few 9004 gateways in the high-availability group setup running AOS-10.3.1.3 or later versions observed a health check probe failure over the virtual link for the default gateway. This issue occurred because the Route-lookup was performed on the default gateway IP address instead of Route-cache lookup. As a result, the health check probe packet was incorrectly sent on the physical link.

The fix ensures that a correct info alert message displays in Management VLAN when the auto-site cluster is enabled.

AOS-241409

AOS-243172

HPE Aruba Networking AP-515 and AP-575 running AOS-10.3.1.1 crashed and rebooted with the error cannot stop dma, generating the log PC is at wlc_cur_phy+0x140.

The issue was resolved by upgrading to AOS-10.3.1.2 version.

AOS-241434

AOS-245193

The show running-config command could not be executed and displayed an error: DHCP Daemon is busy. Please try later. This issue occurred due to memory corruption caused in the routine. This issue was observed on gateways running AOS-10.4.0.0 or later versions.

The fix ensures that the show running-config command is executed without error.

AOS-241448

A 100% packet loss was observed for cloud-security probes on Branch Gateway. This issue occurred when DNS address of the new URI changed at a later time and the gateways did not re-resolve the URI to get the new IP address.

The fix ensures that the gateways now re-resolve the Probe URI periodically. This issue was observed on Branch Gateways running AOS-10-10.3.1.3 version

AOS-241642

The WAN > Tunnels page did not display the VPNC tunnel details in the Aruba Central UI. This issue occurred when the AMON sender process crashed due to excessive DHCP requests from clients. This issue was observed in Aruba gateways running AOS-10.3.0.0.

The fix ensures that the WAN > Tunnels page displays VPNC tunnel details in the Aruba Central UI correctly.

AOS-241757

The Discover packets sent from the client were not relayed to the DHCP server through the IPsec tunnel. This issue occurred because the destination ID was 0 and packets were not sent from datapath to control plane for that VLAN. This issue was observed on HPE Aruba Networking9004 Branch Gateways running AOS-8.7.0.0-2.3.0.8 version.

The fix ensures that the destination ID sent to the datapath is not 0.

AOS-241933

When AP1x was configured to perform EAP-TLS authentication (with TPM) in AP-514 and AP-635 access points, only AP-514 authenticated successfully.

This fix ensures that AP-635 also passes the authentication.

AOS-242006

When clear crypto ip sec sa CLI was executed, the AP tunnels failed to re-establish, but SD-WAN tunnels re-established after a few seconds. This issue occurred due to a corrupted entry in the datapath tunnel table.

The fix ensures AP tunnel is re-established successfully.

AOS-242012

The show wan ip-sla-stats command did not display all the applicable tunnels. This issue occurred because the VLAN ID was not updated correctly upon uplink update. This issue was observed in gateways running AOS 10.3.1.4.

The fix ensures that the correct VLAN ID is sent to the policymgr and HCM modules.

AOS-242017

The peer-ip "I" route was not updated when peer-ip was changed through an update from HPE Aruba Networking Central. This issue was observed in gateways running AOS 10.3.1.4.

The fix ensures that the "I" route updates as expected.

AOS-242091

The Policy Manager crashed on some Branch Gateways running on AOS-10.3.1.4. This was caused due to incorrect IP nexthop configuration.

The fix ensures that the Policy Manager works as expected.

AOS-242148

AOS-242541

The mDNS module crashed due to memory corruption on some APs running AOS-10.3.1.1.

The fix ensures that the mDNS module works as expected.

AOS-242385

AOS-243242

APs were going offline randomly when the APs formed a Per Port Tunnel Nodes (PPTNs) to the Branch Gateways. This issue was observed when the Branch Gateways were running AOS-10.3.1.1 and the APs were running AOS 8.7.1.6.

This issue is resolved by upgrading to AOS-10.4.0.2.

AOS-242397

Some APs redirected the client to a placeholder page configured in the external captive portal profile instead of the URL received through VSA. This issue occurred when the client roamed between multiple APs.

The fix ensures that the VSA value is sent to the new AP during roaming.

AOS-242414

AOS-244192

When packet capture was enabled on HPE Aruba Networking 9004 and 9004-LTE Gateways, packet drops were noticed for that client and eventually client traffic was getting stopped.

The fix ensures that the packet drops do not happen.

AOS-242813

A few AP-635 access points running AOS-10.4.0.0 failed to hide the SSID in the beacon frames sent on the 6 GHz radio. This issue occurred when the hide-ssid parameter was enabled and the SSID operational mode (opmode) was set to OWE.

The fix ensures that the SSID is hidden in the beacon frames with the specified configuration.

AOS-242953

Some gateways running AOS-10.3.1.2 or later versions logged the error message, FW Visibility [6590]: Sending message to central-Timer Expiry[14]. This issue occurred due to a logging level error.

This issue was resolved by changing the logging level to debug.

AOS-243032

A few AP-505 access points running AOS-10.3.1.4 or later versions detected the BSSID of the neighboring APs as an SSID violation, although the APs were within the same group. As a result, Aruba Central displayed the Valid SSID misuse alert for the BSSID of the neighboring APs. This issue occurred due to a timing discrepancy between the APs and HPE Aruba Networking Central.

The issue was resolved by introducing a delay for the valid SSID misuse detection.

AOS-243044

Cloud Guest stopped working for some clients after the gateway reloaded. This issue occurred because Radsec connections with cluster-vrrp IP were created without checking if COA server profile was present. This issue was observed in Branch Gateways running AOS-10.4.0.0.

The issue was resolved by adding a check for Cloud Auth before creating Radsec sockets with VRRP.

AOS-243107

Clients could not connect to the MAC+ enhanced-open SSID after the connection was switched from Dot1x/WPA3-SAE to MAC+enhanced-open SSID. This issue occurred because the 4-way handshake failed due to missing PMK cache entry.

The issue is resolved by retaining the PMK cache entry after switching the SSID in CLI.

AOS-243283

A few Aruba 9004 gateways running AOS-10.3.1.4 or later versions were unable to pass traffic through the IPsec tunnel to Zscaler. This issue occurred when IKE packets were visible in the gateway and ESP sessions were created.

The issue was resolved by introducing a knob to disable the ESP session creation.

AOS-243285

AOS-243286

The openconfig-telemetry data received from some AP-535 access points in the 5 GHz band displayed different values for channel utilisation and client count when compared to the data from Aruba Central.

The fix ensures that the openconfig-telemetry data matches the data from Aruba Central.

AOS-243403

AOS-243433

A few clients failed to connect to Branch Gateway on different VLANs in the network. This issue occurred because the clients were unable to obtain an IP address from the DHCP server. This issue was observed in Branch Gateways running AOS-10.3.1.3 or later versions.

The fix ensures that the clients are able to connect to the network by obtaining IP address from the DHCP server.

AOS-243441

The source and destination port numbers were incorrectly displayed for gateways running AOS-10.4.0.0 or later versions. This issue occurred because an incorrect byte order was used for source and destination ports when exporting the session table.

This issue was resolved by using the correct byte order for source and destination ports.

AOS-243445

A few clients were unable to connect to APs running AOS-10.3.1.3 or later versions in a mesh network. This issue occurred because the Eth0 network interface was configured as a downlink port in the APs.

The fix ensures that the clients are able to connect to the network.

AOS- 243452

A mismatch of source and destination port numbers was observed between the WebUI and CLI. However, the CLI displayed the correct source and destination port numbers. This issue was observed in APs running AOS-10.4.0.0 or later versions.

The fix ensures that both the WebUI and CLI displays the correct source and destination port numbers.

AOS-243619

WAN Scheduler configuration was not applied to WAN interfaces for 9004-LTE gateways running AOS-10.4.0.1 or later versions. This issue occurred because the wrong length was compared in cp-message length validation for the schedular profile.

The fix ensures that cp-message length validation for schedular profile is modified, and the WAN Scheduler configuration is successfully applied.

AOS-244000

A few clients were unable to connect to AP-535 access points running AOS-10.3.1.1 or later versions. The log files listed the reason for this event as No UAC in Bmap. This issue occurred because the cluster was incorrectly created based on the gateway label name instead of the site name.

The fix ensures that the cluster is created based on site name.

AOS-244875

The dot1x process crashed for 7210 Branch Gateway running AOS-10.4.0.1. This issue occurred because a macro in the do1tx process was not enclosed within braces. As a result, the macro was executed even though the condition was not met.

The fix ensures that the macro is formatted correctly and the dot1x process works as expected.