AOS-244170

The AP could not enroll/re-enroll a certificate because the default CSR attributes was not updated by the EST server. This is because the EST server did not support the /csrattrs API.

The fix ensures that the default CSR can be used when the EST server is not able to respond to the /cstattrs API.

AOS-244500

The WAN policy interpreted the user role as netdestination if the user role name matched the netdestination name. This issue occurred because the WAN policy used netdestination instead of user-role in the match condition, which was different from the intended configuration. This issue was observed in gateways running AOS-10.3.1.1 or later versions.

The fix ensures that the WAN policy uses the correct assigned fields for alias and user role match conditions.

AOS-244800

AOS-244803

AOS-245378

Some gateways crashed unexpectedly with the reason as: Reboot Cause: Kernel Panic (Intent:cause:register12:86:b0:4). Disabling IPv6 when there are no more v6 addresses configured caused frequent link flaps, leading to the crash.

The fix prevents the disabling of IPv6 on that interface when there are no v6 addresses configured.

AOS-245102

Some clients were unable to connect to the 5 GHz radio on AP-515 access points. This issue occurred due to an error in the AP’s Broadcom wireless driver.

The fix includes an update to the APs’ Broadcom wireless driver that ensures that the APs work as expected.

AOS-245379

Some AP-635 access points running AOS-10.4.0.0 or later versions crashed and rebooted unexpectedly. The log files listed the reason for the event as Reboot caused by kernel panic: Take care of the TARGET ASSERT first.

The fix ensures that the APs do not crash.

AOS-245519

A few HPE Aruba Networking 9240 gateways running AOS-10.5.0.0 or later versions restarted automatically when the System Halt was initiated from the LCD menu, instead of powering off.

The fix ensures that System Halt works when called from the LCD menu.

AOS-245848

When the Uplink was configured as PPPOE, the DHCP service configuration-dns-server ap-assigned-dnsserver did not work after rebooting the AP. This issue occurred because the DNS server address provided from PPPOE was not yet available during AP boot up. This issue was observed in APs running AOS-10.4.0.0 or later versions.

The fix ensures that the DNS server address is correctly obtained from the PPPOE server.

AOS-246019

AOS-246045

In a few HPE Aruba Networking 9200 Series gateways running AOS-10.4.0.1 or later versions, the PIM HELLO messages were leaked out when periodic HELLO interval expired. As a result, these PIM HELLO messages appear as PIMv0 REGISTER STOP messages due to endianness. This issue occurred because of a code error in PIM-SM when PIM-DM was disabled.

The issue was resolved by correcting the code error.

AOS-246197

Some APs running AOS-10.5.0.0 crashed and rebooted unexpectedly. The log files listed the reason as Panic: Ktrace core monitor: cpu0 hung for 45 seconds, hung cpu count: 1 Warm-reset. When tunnel was down between the AP and HPE Aruba Networking Central, SPU printed multiple error logs as the packets in SPU have no encrypt key. Too many logs caused the CPU to hang.

The issue was resolved by reducing the SPU print.

AOS-246329

The stateful-dot1x process crashed unexpectedly for HPE Aruba Networking branch gateways running AOS-10.4.0.1 or later versions. This issue occurred because lists of Value Pairs were never freed for a stateful-dot1x process, which led to the Out of Memory (OOM) state in the regular dot1x processes.

The issue was resolved by freeing the Value Pairs for stateful users.

AOS-246381

A few users were unable to access the Overlay Captive Portal page when MAC authentication and encryption such as WPA2-PSK or WPA3-SAE were enabled. This issue occurred because the client was unable to pass traffic after a MAC authentication failure. This issue was observed in APs running AOS-10.4.0.0 or later versions.

The fix ensures that Overlay Captive Portal SSID works correctly when MAC authentication is enabled.

AOS-246395

HPE Aruba Networking 9240 gateways running AOS-10.4.0.1 or later versions failed to detect the SFP module after being upgraded. This was due to a software issue that caused the gateway to hang. Additionally, a hardware issue prevented the gateway from reading the SFP module after the gateway was restarted. The fix ensures that the gateway detects the SFP module after a power cycle.

AOS-246529

A few AP-515 access points running AOS-10.4.0.2or later versions dropped client traffic due to low memory. This issue occurred because the allocated buffer memory for the wired server leader request PAPI message was not freed when the PAPI message failed to send, which caused a memory leak.

The issue was resolved by adding a code to free the allocated buffer memory in case of a PAPI message send failure.

AOS-246625

When the client device was idle for more than 15 minutes, it got disconnected from the network and the user had to log in again. This issue was observed in SD-WAN topology with Branch Gateway and VPNC. The issue occurred because of a mismatch between the IPsec-map/route version with the version stored in the session entry.

The resolution handles the IPsec-map/route version mismatch correctly.

AOS-247346

Tunnel flap was observed between the gateway and AP after upgrading to AOS-10.4.0.2. When the tunnel in survived mode received the OTO config, the rapper side sent the rekey success event to the ATA. But the ATA did not apply the key from rapper side causing a heartbeat miss.

The fix ensures that the rapper key is applied to the key tunnel.

AOS-247389

Two APs generated the same identifier for their IoT radios. This could impact the functioning of applications like Meridian App, which relies on a unique IoT radio identifier. The fix ensures that the IoT radio identifier is unique for each AP.