AOS-227942

AOS-245105

Users were unable to ping terminal servers in data centers due to a conflicting subnet within their netdestination configuration. As a result, the ping packets were routed incorrectly. This issue was observed in Branch Gateways running AOS-10.3.1.4 or later versions.

This issue was resolved by removing the conflicting route entry and ensuring proper routing.

AOS-238024

AOS-243896

AOS-247955

APs running AOS-10.3.1.0 or later versions incorrectly forwarded underlay guest user traffic to the management VLAN. This issue occurred when the client roamed to another AP, after which the client’s metadata was cleared from the old AP. However, as per the default route, the inflight packets sent from the old AP to the client used the AP's management VLAN.

The fix ensures that the inflight packets destined for the client are routed accurately using the correct client VLAN when the client roams.

AOS-238251

A few clients that were connected to the APs using Distributed L3 mode, failed to update group policy in gateways running AOS-10.5.1.0. This issue occurred because of reassembly failure.

The fix ensures that group policy is updated successfully.

AOS-241150

Branch Gateways running AOS-10.3.1.3 or later versions, failed to send accounting information during TACACS authentication of management users. This issue occurred because the ctrlmgt process came up after the TACACS accounting packets were sent from the auth process.

The fix resolves the timing issue between the ctrlmgt and auth processes on gateway reload.

AOS-241220

AOS-250287

Users were unable to map IPsec tunnels with cloud security providers when local FQDN contained @ character. This issue is observed in Branch Gateways running AOS-10.4.0.3 or later versions.

The fix ensures that IPSEC_ID_USER_FQDN is sent as a part of IKE ID payload, when local FQDN contains @ character.

AOS-241517

Some gateways added NAT flags to the network traffic between the managed device and gateway, instead of sending that traffic over the IPsec tunnel to the VPNC. This caused IPsec connection failure between the managed devices and gateways because the NAT flags were not cleared when the IPsec sessions were detected.

This issue was resolved by deleting the current session and dropping the packet if the session is IPSec and NAT is enabled.

AOS-242047

AOS-245896

AOS-246137

AOS-247516

A few bytes of TXT record length were truncated in the response sent by the APs running AOS-10.4.0.1 or later versions. This issue occurred because the incoming TXT record length was greater than the supported TXT record limit. As a result, when the message was decoded, the HPE Aruba Networking Central cache message record was dropped. This led to an incorrect TXT record count in the HPE Aruba Networking Central cache table.

This issue was resolved by correcting the TXT record length in the code.

AOS-242342

Users experienced delays when connecting to an external captive portal in APs running AOS-10.4.0.0 or later versions. This issue occurred because the redirect from the portal took a fixed 1 second refresh timer, which prevented the users from accessing the intended website immediately.

The issue is resolved by adjusting the redirect mechanism to eliminate or significantly reduce the delay.

AOS-242470

The pings generated from the data center failed to reach the branch gateway through the site-to-site tunnel, and the Y flags were missing on the branch gateway running AOS-10.3.1.3 or later versions. This issue occurred because the returning packets matching the redirect rule in reverse Policy Based Routing (PBR) were not stored in the session. As a result, the packets were dropped.

The fix ensures that the branch gateway sets the necessary redirect flag (REDIR) and redirect destination (IPsec map) for the return traffic.

AOS-243092

Tagged BPDU packets from a VLAN that was not allowed in the trunk, pass from one port channel to another. This issue was observed on HPE Aruba Networking gateways in a cluster network running AOS-10.4.0.0.

This fix ensures that packets from VLANs not allowed in port, or port-channel are dropped.

AOS-243260

A few devices were unable to connect to the DNS through the HPE Aruba Networking 9004 branch gateways running AOS-10.4.0.0 or later versions. This issue occurred because of a case mismatch between the configured user roles and the ones displayed in the WAN policy table.

This issue was resolved by eliminating the mismatch.

AOS-243307

A few APs running AOS-10.4.0.2 or later versions rebooted unexpectedly. The log files listed the reason for this event as Reboot caused by kernel panic: softlockup: hung tasks.

This fix ensures that the APs work as expected.

Duplicates: AOS-243958, AOS-247404, AOS-247917, AOS-248394, AOS-249306, AOS-249307.

AOS-243333

The NTP module did not receive the ntp standalone vlan-range configuration for HPE Aruba Networking7005 gateways running AOS-10.3.1.1 or later versions. This issue occurred because the configuration was pushed to the NTP module before the underlying VLANs were created by FPAPPS.

This issue was resolved by introducing a delay in the configuration sync until FPAPPS is completely up.

AOS-243369

HPE Aruba Networking 9004 branch gateway, running AOS-10.3.1.4 or later versions, sent a DNS lookup to an unresolvable FQDN for the VPNC. This issue occurred because the DNS lookup was always performed, regardless of whether the FQDN probe endpoint was used in the WAN policy.

The fix ensures that DNS lookup for the VPNC probe is disabled unless it is explicitly used in the WAN policy.

AOS-243386

When the L3 user role changed, the AP did not clear the datapath session resulting in traffic leak from a client assigned with the denyall role. This issue was observed on APs running AOS-10.3.1.3.

To resolve this, when L3 user role changes the existing session is set to stale and aged out in a timer.

AOS-243900

The IDPS engine crashed unexpectedly during shutdown of a HPE Aruba Networking 9012 gateway running AOS-10.4.0.1 or later versions. This issue occurred because a docker container failed to shut down during the gateway reboot process.

The fix ensures proper docker container shutdown during gateway reboot, preventing the IDPS engine crash.

AOS-244008

AOS-246553

AOS-248769

The OpenFlow agent (OFA) process did not connect to HPE Aruba Networking Central and crashed for a few gateways running AOS-10.3.1.4 or later versions. The log files listed the reason for this event as Invalid controller address. This was due to segmentation violation.

The fix ensures that the OFA process connects to HPE Aruba Networking Central as expected.

AOS-244227

Branch Gateway gets disconnected from HPE Aruba Networking Central due to missing PPPoE default-route. This issue was observed in 9004 gateways running AOS-10.4.0.3 or later versions.

The issue was resolved by a code fix that was added to handle the default-route installation failure better and re-install on failure.

AOS-244324

A few APs running AOS-10.3.1.2 or later versions were unable to connect to HPE Aruba Networking Central. The log files listed the reason for the event as Failed to create signature TPM. This issue occurred due to a bootup error in the Redis server associated with HPE Aruba Networking Central.

The fix ensures that the Redis server works as expected and the APs are able to connect to HPE Aruba Networking Central.

AOS-244334

AOS-247602

AOS-247934

Some AP-635 access points running AOS-10.4.0.2 rebooted randomly. Even though the APs were connected to a POE switch via the Eth0 port, the system displayed the power source as a DC supply.

The fix ensures the access point does not undergo a random warm reset, and the system displays the correct information about the connected power source.

AOS-244500

The WAN policy interpreted the user role as netdestination if the user role name matched the netdestination name. This issue occurred because the WAN policy used netdestination instead of user-role in the match condition, which was different from the intended configuration. This issue was observed in gateways running AOS 10.3.1.1 or later versions.

The fix ensures that the WAN policy uses the correct assigned fields for alias and user role match conditions.

AOS-244506

In a Branch-HA topology with at least one static uplink VLAN on one of the Branch Gateway peers, the gateway crashed with the FPAPPS process. This issue occurred when the following changes were made under Manage > Devices > Gateways > Interface > Ports page in the WebUI:

The uplink port was changed from WAN to LAN in the Type parameter.

The Admin state parameter was disabled.

This issue was observed in Branch Gateways running AOS 10.4.0.0 or later versions.

The fix ensures that the uplink port can be changed from WAN to LAN without the gateway crashing.

AOS-244522

After upgrading the VPNC to AOS 10.4.0.0, the VIA-VPN users route was not seen for VIA users. As a result, intranet services could not be used to route the traffic.

The issue was resolved by enabling route installation in the AUTH process of the gateway.

AOS-244772

For some HPE Aruba Networking 9004 gateways running AOS-10.3.1.4, the show datapath user standby command failed to display some standby user entries. This issue occurred due to data format incompatibility.

The fix ensures that the show datapath user standby command displays the correct entries.

AOS-245014

HPE Aruba Networking 7240 gateway running AOS-10.4.0.0 crashed and rebooted twice. The log file listed the following reasons for this event:

• Reboot Cause: Datapath timeout (Heartbeat Initiated) (Intent:cause:register 53:86:50:2)

• Reboot Cause: Datapath timeout (SOS Assert) (Intent:cause:register 54:86:50:2)

The fix ensures that the gateways do not crash.

AOS-245135

AOS-244999

AOS-245407

AOS-245446

Some APs running AOS-10.4.0.1 or later versions crashed unexpectedly. The log files listed the reason as: Reboot caused by kernel panic: Fatal exception in interrupt. This issue occurred because of memory corruption during roaming.

The resolution ensures that there is no memory corruption while roaming.

AOS-245226

The radius accounting packets for an HPE Aruba Networking AP did not contain the Event-timestamp attribute. This issue was observed in an Air Pass deployment running AOS-10.4.0.1. This issue occurred as the AP did not support the Event-timestamp attribute.

The fix ensures that the AP supports the Event-timestamp attribute.

AOS-245327

AOS-247166

Radproxy initialization and binding errors were recorded in the error log at an interval of every 5 seconds. This issue was seen in a few Virtual gateways configured as VPNCs running AOS-10.5.0.0.

The fix ensures that the HPE Aruba Networking-unmanaged VPNCs work as expected.

AOS-245472

A few AP-635 access points running AOS 10.4.0.1 or later versions incorrectly transmitted on the 2.4 GHz radio. This issue occurred because of an error in the input parameter validation logic.

This issue was resolved by correcting the input parameter validation.

AOS-245562

The VRRP interface tracking configuration disappeared after rebooting the gateway. This issue was observed in HPE Aruba Networking 9240 gateways running AOS-10.4.0.0. This issue occurred because the GSM data for the interface was not available, which prevented the VRRP module from adding the configuration.

The fix delays the VRRP bootup configuration until the GSM port level configuration is available.

AOS-245621

HPE Aruba Networking AP-635 access points running AOS-10.4.0.1 did not change the channel or self-heal when configured in tunnel mode with Aruba 7205 gateway. This was seen in the presence of a high and sustained noise floor that resulted in roaming performance issues and network drops. This issue occurred because the AP could detect noise only on the main channel.

The fix ensures that the AP self-heals if it detects noise on any active channel.

AOS-245756

The any any appcategory instant-messaging permit application category ACLs allowed the guest users to access the gateway’s WebUI. This issue was observed in HPE Aruba Networking 7008 gateways running AOS-10.3.1.4 or later versions. The traffic did not hit the deny rule because the packet terminated at the gateway and the traffic was not fully classified.

The fix ensures that traffic to access the gateway’s WebUI does not match any DPI rules.

AOS-245848

When the uplink was configured as PPPOE, the DHCP service configuration-dns-server ap-assigned-dnsserver did not work after rebooting the AP. This issue occurred because the DNS server address provided from PPPOE was not yet available during AP boot up. This issue was observed in APs running AOS-10.4.0.0 or later versions.

The fix ensures that the DNS server address is correctly obtained from the PPPOE server.

AOS-245907

An error message, read from TPM failed: error -1(6)' and 'Failed to send message of size 38 to TPM, error -1(6) was displayed for online APs in HPE Aruba Networking Central. This issue was observed in APs running AOS-10.3.1.3 or later versions.

The fix ensures that error messages are not displayed for online APs in HPE Aruba Networking Central.

AOS-246019

AOS-246045

In a few HPE Aruba Networking 9200 Series gateways running AOS-10.4.0.1 or later versions, the PIM HELLO messages were leaked out when periodic HELLO interval expired. As a result, these PIM HELLO messages appear as PIMv0 REGISTER STOP messages due to endianness.

The fix ensures that the PIM HELLO messages are displayed correctly.

AOS-246074

Clients were not able to connect to HPE Aruba Networking APs running AOS-10.4.0.1 or later versions. This issue occurred because the APs were sending GRE traffic through IPsec tunnels even when the Tunnel type was set to GRE. The issue was resolved by updating the Tunnel type in Update Spec or Create Spec.

The fix ensures that the APs send the correct GRE traffic and the clients can connect to the SSIDs.

AOS-246076

AOS-247634

Due to GRE tunnel MTU flapping, MTU update failed which caused crash in the tunnelmgr process. This issue was observed on gateway running AOS 10.4.0.0.

The fix ensures that MTU update is done successfully.

AOS-246107

Few clients were unable to reach specific destinations. This issue occurred when clients were connected to random APs. This issue was observed in APs running AOS-10.4.0.0 or later versions.

The fix ensures that the clients are able to connect to random APs.

AOS-246129

A few clients connected to AP-535 access points running AOS-10.4.0.0 were unable to connect to the network due to deauthentication. The log files listed the reason for the event as UAC down. This issue occurred because the IPsec tunnel between the AP and UAC was deleted and recreated by OTO, while the cluster was intact. This caused an incorrect node status to be updated from Soft AP Daemon (SAPD) to Station Management (STM).

The fix ensures that the correct status is updated from SAPD to STM during the IPsec tunnel deletion and recreation.

AOS-246197

Some APs running AOS 10.5.0.0 crashed and rebooted unexpectedly. The log files listed the reason as Panic: Ktrace core monitor: cpu0 hung for 45 seconds, hung cpu count: 1 Warm-reset. When tunnel was down between the AP and HPE Aruba Networking Central, SPU printed multiple error logs as the packets in SPU have no encrypt key. Too many logs caused the CPU to hang.

The fix ensures that the SPU error logs do not flood the AP.

AOS-246229

Some AP-303H access points running AOS 10.4.0.2 were unable to form a stable IPsec tunnel with the primary VPN server. This issue occurred because the static route update was published to L3d for all tunnels including IAP-VPN tunnels.

The fix ensures that static routes are not updated for IAP-VPN maps when L3d request replay all.

AOS-246232

Customers were unable to upgrade gateways from HPE Aruba Networking Central. The Audit Trail displayed two error messages:

Upgrade: failed File copied successfully and Saving files to Flash

Error upgrading the image: Basic image verification

This issue was observed on HPE Aruba Networking 7008 gateways running AOS-10.4.0.2.

The fix ensures that the gateways are updated from HPE Aruba Networking Central.

AOS-246329

The stateful-dot1x process crashed on some gateways running AOS 10.4.0.1 due to loss of memory.

The fix ensures that the stateful-dot1x process does not run out of memory.

AOS-246362

Clients were unable to get an IP address from the DHCP server. The issue occurred because the DHCP server on the gateway was not leasing out IP addresses.

The fix ensures that the clients can successfully get an IP address from the DHCP server.

AOS-246381

A few users, connected to APs running AOS-10.4.0.0, were unable to access the Overlay Captive Portal page. This issue occurred when MAC authentication and encryption, such as WPA2-PSK or WPA3-SAE, were enabled. When the server sent mac-authentication-failure, it was not handled correctly.

The fix ensures that MAC authentication failure is handled correctly.

AOS-246395

HPE Aruba Networking 9240 gateways running AOS-10.4.0.1 or later versions failed to detect the SFP module after being upgraded. This issue occurred because the gateway was unable to read the SFP module after restarting.

The fix ensures that the gateway detects the SFP module after a power cycle.

AOS-246457

AOS-248909

AOS-249980

A few clients failed to connect to Branch Gateways running AOS-10.4.0.1 or later versions. This issue occurred because:

An increased number of denied DHCP requests (UDP port 68) prevented clients from obtaining IP addresses.

The user-based ACLs incorrectly blocked the gateway's DHCP requests.

The issue was resolved by prioritizing the DHCP allow all rule and excluding the gateway's IP address from user-based ACLs.

AOS-246529

A few AP-515 access points running AOS 10.4.0.2 or later versions dropped client traffic due to low memory. This issue occurred because the allocated buffer memory for the wired server leader request PAPI message was not freed when the PAPI message failed to send, which caused a memory leak.

The issue was resolved by adding a code to free the allocated buffer memory in case of a PAPI message send failure.

AOS-246552

Gateways running AOS-10.4.0.0 or later versions displayed the error message, Radproxy context not PRESENT for response from server with key: key=, returning from rp_recv_server_response. This issue was observed when there was a delay in radius response from the server and when response waas received after timeout.

The fix ensures that the RADPROXY log entries are displayed when user debug logs are enabled and moved from error to debug log.

AOS-246560

A few HPE Aruba Networking 7010 gateways running AOS-10.4.0.0 or later versions were unable to establish branch mesh tunnels. This issue occurred because the private IP address was incorrectly set to the destination public IP address in the tunnel information. This led to an HTTP Content Management (HCM) failure.

The fix ensures that the gateways are able to establish branch mesh tunnels.

AOS-246625

When the client device was idle for more than 15 minutes, it got disconnected from the network and the user had to log in again. This issue was observed in SD-WAN topology with Branch Gateway and VPNC. The issue occurred because of a mismatch between the IPsec-map/route version with the version stored in the session entry.

The resolution handles the IPsec-map/route version mismatch correctly.

AOS-246643

Clients were unable to reach gateways running AOS-10.4.0.2 or later versions. This issue occurred because the underlay users were not allowed over the port channel.

The fix ensures that the clients can successfully reach the gateway.

AOS-246735

Some APs crashed and rebooted while upgrading to AOS-10.4.0.2. The log listed the reason for the event as BadAddr:ffffffc133b1e424 PC:memcmp+0xd0/0x1c0 Warm-reset.

The fix ensures that the APs do not reboot unexpectedly.

AOS-246747

When the deny-intra-vlan-traffic configuration was enabled, traffic did not route from the client to its default gateway. This issue was seen in VRRP as the gateway MAC was not in the datapath bridge table.

The fix ensures that the traffic routes from the client to its default gateway.

AOS-246804

AOS-251673

HPE Aruba Networking gateways with Cloud Connect Zscaler tunnels did not export the Tx/Rx bytes correctly. This issue occurred because the Cloud Connect Zscaler tunnel maps were not obtained correctly. This issue was observed on Aruba gateways running AOS-10.4.0.2.

The fix ensures that the Tx/Rx bytes are displayed correctly.

AOS-246891

AOS-247564

The AAA profile NOT found for network profile WirelessGuest_#1692621711321_2995#_ error message was displayed when connecting to the guest SSID. This issue occurred because the radius proxy did not receive the configuration updates.

The fix ensures that the AAA profile is fetched correctly so that users can successfully connect to the guest SSID when radproxy is stuck in reconnecting state.

AOS-246845

AOS-250051

A gateway received some netdestination configuration after the auth process had already booted. The new configuration caused queue overflow and put the auth process into an indefinite loop.

The fix ensures that the netdestination configurations are sent correctly.

AOS-247076

The HPE Aruba Networking 303 Series, AP-615, AP-515, and 303H Series access points detected a BSSID and SSID that violated a valid SSID configuration using a protected SSID. This issue occurred when the APs were deployed as Mesh and the SSIDs as overlay.

The fix ensures that valid SSID configuration is not violated.

AOS-247154

AOS-249946

Some AP-515 access points running AOS-10.4.0.2 or later versions experienced UCM segmentation failure.

The issue was resolved by adding a check in the UCM timer code to determine whether or not to evaluate apps in clients.

AOS-247224

When Windows 11 clients were connected to the BPDU guard enabled HPE Aruba Networking gateway ports, the status of the ports changed from enabled to disabled automatically. By default, the windows workstations had LLDP enabled.

With LLDP enabled (BPDU guard enabled on gateway port where laptop was connecting), there was no BPDU seen on the port. However, the gateway misclassified the LLDP packets as BPDU's and changed the state to Error Disabled state.

The fix ensures that the gateway port works as expected.

AOS-247276

The Manage > WAN > Tunnels page in HPE Aruba Networking Central did not display any information about usage, throughput, latency, and loss for a tunnel formed using cloud security. This issue was observed in HPE Aruba Networking 9240 gateways running AOS-10.5.0.0 or later versions.

The fix ensures that HPE Aruba Networking Central displays the information related to tunnels formed using cloud security.

AOS-247307

AOS-251985

Some AP-635 access points running AOS-10.4.1.0 or later versions crashed unexpectedly. The log files listed the reason for the event as Reboot caused by kernel panic: Take care of the TARGET ASSERT.

The fix ensures that the APs work as expected.

AOS-247319

Datapath sessions displayed different flags for WLAN and wired users. This issue was observed in gateways running AOS 10.4.0.2 or later versions.

The fix ensures that the datapath sessions display correct and consistent flags for both WLAN and wired users.

AOS-247346

Tunnel flap was observed between the gateway and AP after upgrading to AOS 10.4.0.2. When the tunnel in survived mode received the OTO config, the rapper side sent the rekey success event to the ATA. But the ATA did not apply the key from rapper side causing a heartbeat miss.

The fix ensures that the rapper key is applied to the key tunnel.

AOS-247565

When an AP-535 access point was connected to the camera, the user was unable to access the management page of the IP camera.

The fix ensures that when the user connects the camera and gets an IP on the camera, they can access the management page.

AOS-247598

Some 9004-LTE gateways running AOS-10.5.0.0 version incorrectly sent the modem_act_sim_sp as none in the AMON process. Hence, the cellular connectivity in HPE Aruba Networking Central was marked as down even when the connectivity was stable.

The fix ensures that cellular connectivity issues are resolved.

AOS-247455

AOS-247969

HPE Aruba Networking 9004 gateways with 600 Mbps traffic crashed and rebooted unexpectedly. The log file listed the reason for the event as Reboot Cause: Datapath timeout (Intent:cause: 86:56).

This issue occurred because the buffer was wrongly freed, although policymgr did not receive an acknowledgment for the DNS message, which led to a crash while processing a new packet.

The fix ensures that policymgr receives an acknowledgment for the DNS message.

AOS-247675

A few AP-515 access points running AOS-10.4.0.0 or later versions experienced intermittent Out-Of-Service (OOS) mode after booting up. This issue occurred because the uplink status was already UP when the AP selected the uplink for the first time. As a result, the OOS was not notified to trigger an event.

This issue was resolved by a code change to ensure the OOS is notified to trigger an event if the status of the uplink is UP.

AOS-247679

Some 9004 gateways running AOS-10.4.0.2 did not allow internal traffic to internal servers for a few ACLs. This issue was seen due to endianness.

A correction of the endian sequence solved the issue.

AOS-247727

AOS-251147

In Branch Gateways running AOS-10.3.1.0 or later versions, the DNS IP allocation failed because the DNS IP list is not cleared periodically. The Netdestination whitelist did not work because the DNS entries are not added to the firewall DNS Name.

The fix ensures whitelist DNS entries are added to the DNS IP list successfully.

AOS-247775

HPE Aruba Networking gateways running AOS-10.5.0.0, failed to do EST enrollment. This issue occurred when the EST profile name configured was longer than 24 characters.

This issue was resolved by increasing the EST profile name size to 63 characters.

AOS-247776

In AP-303H running AOS-10.4.0.3, IPV6 traffic did not work when both DMO and broadcast-filter-ipv6 unicast-router-advertisement are enabled.

The fix ensures that the traffic passes when ipv6-broadcast-filter is enabled.

AOS-247778

AP failed to re-enroll with ClearPass that ran as an EST server. This issue was observed in AP-615 and AP-635 access points running AOS-10.4.0.0 or later versions.

The fix ensures that the APs re-enroll with an EST server seamlessly.

AOS-248026

AOS-248088

AOS-248126

A few APs running AOS-10.4.0.2 or later versions were incorrectly displayed in an unsynchronized state in HPE Aruba Networking Central. The log files listed the reason for this event as no ap-poe-power-optimization. This issue occurred because the AP boot environment variable was set to 0. As a result, AP reported an incorrect configuration to HPE Aruba Networking Central.

The fix ensures that the AP reports ap-poe-power-optimization enable only when the value of the boot environment variable is 1.

AOS-248076

For some APs running AOS-10.5.0.0 or later versions, certificate re-enrollment failed when Enrollment over Secure Transport (EST) was enabled. This issue occurred when the renewal of the certificate for re-enrollment on CPPM 6.11 was triggered, because the AP did not include Subject Alternative Name (SAN) in the Certificate Signing Request (CSR) when generating the CSR for re-enrollment.

The fix ensures that SAN from the enrolled certificate is added to the re-enrollment CSR.

AOS-248121

The AVS process caused AP-577 access points to crash after recovering from low temperatures, since the AVS voltage was not high enough. This issue was observed in AP-577 access points running AOS-10.4.1.0 or later versions.

An increase of the AVS register setting to (100,75) fixed the issue.

AOS-248193

Traffic loss occurred in gateway static VXLAN tunnels with VNI/VLAN mapping. This issue was observed in gateways running AOS-10.4.0.3 or later versions. The issue occurred because VLAN was not correctly converted to VNI in the gateway. As a result, VNI ID was set to 0 for all encapsulated packets.

This issue is resolved by deleting and recreating VLAN to VNI mapping of the gateway static VXLAN tunnel using a different VLAN.

AOS-248212

AOS-249063

In AOS-10.4.1.0 or later versions, certain Port-Based Tunnel (PBT) user-table entries were not deleted. As a result, new entries for the same users were not created and authenticated.

This issue is resolved by altering the way the deleted messages are processed for PBT user-table entries.

AOS-248392

While deploying AOS 10 cluster for a site, running AOS-10.5.0.1, a few gateways crashed and rebooted with datapath timeout when downgraded to AOS-10.4.0.3. This issue occurred because FEC resources were freed in SP while the resources were still used by FP.

The fix ensures that the FEC resources are not freed while still in use so that the gateways do not crash.

AOS-248443

AOS-248487

EST re-enrolment failed on a few APs when the EST key type was set to 4096-bit RSA. This issue occurred because the 4096-bit RSA key took a long time to generate. This issue was observed in APs running AOS-10.4.0.0 or later versions.
The fix ensures a successful EST re-enrolment.

AOS-248543

AOS-248670

AOS-250147

APs running AOS-10.4.1.0 or later versions were stuck in survived mode when rekeyed. This issue occurred because the APs did not update the key with the new SPI.

The fix ensures successful rekeying on APs.

AOS-248571

AOS-248645

The tunnel to Axis SSE did not establish when LTE uplink was used in Microbranch. This issue occurred because the traffic skipped the tunnel process and dropped the packet.

The fix ensures that the tunnel to Axis SSE establishes successfully.

AOS-248607

Some APs running AOS-10.4.0.3 or later versions incorrectly moved to the 20 MHz channel even when the minimum channel bandwidth was set to 40 MHz.

The fix ensures that the APs don’t move to incorrect channels.

AOS-248762

The Web Content Classification process was crashing due to segmentation. This issue was observed in gateways runningAOS-10.4.0.1 or later versions.

The fix ensures the web_cc process and its classification functionality work as expected.

AOS-248722

AOS-250724

Clients were unable to connect to AP-515 access points running AOS-10.4.0.3 or later versions and an error message, Module AP STM Low Priority is busy was displayed. This issue occurred as the list of users performing 802.1x authentication got corrupted while executing the show ap debug auth-throttle status command, which resulted in the AP crash and subsequent connection failure.

The fix ensures that the APs work as expected when users connect using 802.1x authentication.

AOS-249109

A ping latency was observed on the HPE Aruba Networking 9012 and 9004-LTE gateways, running AOS-10.4.0.2 or later versions. This delay occurred because collecting port statistics utilized the time after every 15 pings.

The fix ensures that the latency is reduced to the ranges of 23ms-30ms for HPE Aruba Networking 9012 and 7ms-11ms for HPE Aruba Networking 9004-LTE.

AOS-249127

AOS-251681

HPE Aruba Networking 9004 gateways running AOS-10.4.0.2 crashed and rebooted unexpectedly. This issue occurred because of a NULL pointer user entry access.

This issue was resolved by adding a NULL check before accessing the user entry.

AOS-249285

After the transition to Microbranch APs, phone calls had only one-way audio. This issue occurred on APs running AOS-10.4.0.2 or later versions because RTP packets were not updated with PBR.

The fix ensures that phone calls have two-way audio.

AOS-249449

AOS-249943

The auth process crashed on HPE Aruba Networking 9240 gateways running AOS-10.4.0.0 and later versions. This issue caused a cluster split and the gateways dropped off from the cluster, resulting in a network disconnection.

The fix ensures that the gateways work as expected and the client is able to access the network.

AOS-249514

In site-to-site configuration, when source network is configured as the IP address, the running configuration incorrectly displayed it as the destination address. This issue was observed in HPE Aruba Networking gateways running AOS-10.4.0.3.

The fix ensures that the source network configuration is displayed correctly.

AOS-249520

HPE Aruba Networking 9004 Branch Gateway running AOS-10.4.0.2 generated a very high number of logs as Unexpected HCM runtime error at hcm_rtpa_calc_latency 640 s_done 0 for Seq 35832 ip: 63.35.63.34 vlan 776.

This issue occurred because the probe packet was not identified as UDP probe and timestamped when the Egress scheduler profile was configured on the PPPoE interface.

The fix ensures that the UDP probe packet is handled correctly when Egress scheduler profile is configured on the PPPoE.

AOS-249528

End users experienced connectivity issues with a few gateways. The OFA process in a gateway continuously accessed the TPM (every minute) and entered the not responding or critical state impacting client connectivity. This caused contention with other services in gateway.

This issue was resolved by allowing the OFA process to access the TPM only once when establishing a connection for a client.

AOS-249553

AOS-249752

A few APs running AOS-10.5.1.0 sent CoA-NAK (42) message with Session-Context-Not-Found(503) error code. This issue occurred when the CoA request was sent from ClearPass Policy Manager and the user name length was 32.

The fix ensures that user name length is accepted and CoA request is executed successfully.

AOS-249835

Users trying to migrate their remote APs from AOS 8 to AOS-10.4.0.0 using the ap-convert command found that the external Captive Portal did not work. Although the Captive Portal page was not displayed, a client of a remote AP was able to connect to the SSID.

The fix ensures that the Captive Portal page is displayed during the migration.

AOS-249970

The authentication module crashed repeatedly on a few HPE Aruba Networking 9240 gateways running AOS-10.4.0.0 or later versions. This issue occurred due to a coding error with MAC address that was not validated.

The fix ensures that the authentication module in the gateway works as expected.

AOS-250039

AOS-250206

Clients were disconnected and the assigned Designated Device Gateway (DDG) were in a deleted state, after a cluster failover between the gateways. This issue was observed on 9240 gateways running AOS-10.4.0.0 or later versions.

The fix ensures that the clients are connected during a cluster failover between the gateways.

AOS-250194

AirMatch reporting radios displayed AIRMATCH_INIT as the EIRP change reason when the change was initiated from the AirMatch solver. This issue occurred because the global variables and radio profile were not synchronized. This issue was observed in APs running AOS-10.4.0.3 or later versions.

The fix synchronizes the global variables and radio profile.

AOS-250199

A few users were unable to connect to the network when the primary uplink failed, on HPE Aruba Networking 9004 gateways running AOS-10.4.0.2 or later versions. This issue occurred because the uplink manager deleted the IP probe from the Global System for Mobile Communications (GSM) when the VLAN was down, but the PBR module was not notified.

The fix ensures that the PBR module is notified when the IP probe is deleted.

AOS-250288

AOS-250404

A few AP-345 access points running AOS-10.4.1.0 or later versions crashed and rebooted unexpectedly. The log files listed the reason for the event as Panic:MemLeak: mem low for 84 seconds, under 0MB 22 times, MB free 7 (1%), total 409 Warm-reset.

This issue occurred because the APs downloaded the ClearPass Certificate Authority (CA) repeatedly through multiple wget processes. As a result, the APs reported high memory utilization.

The issue is resolved by removing the ClearPass CA download timer.

AOS-250350

The resolvwrap process continuously crashed and restarted on HPE Aruba Networking 9004-LTE gateways running AOS-10.5.0.0. This issue occurred because of unsupported configuration of the domain name. The string contained multiple domains and the dnsmasq did not support the format.

The fix ensures that the gateways do not crash.

AOS-250405

A few clients that used MPSK SSIDs with user-specific VLANs, lost connectivity when roaming to nearby APs. This issue occurred because incorrect VLAN information was shared between APs, causing clients to fall back to a default VLAN without a DHCP server. This issue was observed in APs running AOS-10.4.1.1 or later versions.

The fix ensures that clients maintain a seamless connection using the correct VLAN.

AOS-250572

Clients experienced audio failure during multicast for group communication when roaming between APs within the same gateway cluster (Device Designated Gateway). This issue occurred due to incorrect internal device information stored on the AP. This issue was observed in AP-515 access points running AOS-10.5.0.1 or later versions.

The fix ensures proper device information updates during roaming, preventing audio failure.

AOS-250770

The configurations from HPE Aruba Networking Central were not applied to the gateways and the devices were stuck in the Update Required state. This issue occurred because HPE Aruba Networking Central sent a burst of set configuration ids, due to which multiple copies were made on the device, and the flash was full. This prevented the rollback logic that archives or deletes unwanted files.

The fix ensures that set configuration id request from HPE Aruba Networking Central is handled correctly.

AOS-250722

Some AP-655 access points running AOS-10.5.0.1 or later versions experienced quality issues during Voice over Internet Protocol (VoIP) calls. This issue occurred when U-APSD was enabled on the APs.

The fix ensures that the VoIP calls are established with improved quality.

AOS-250889

AOS-239553

The Dot1x-proc process generated error messages. The Dot1x process periodically sends trace-buffers to authentication process, that is used in debug show commands. This exceeded an internal message buffer size resulting in repeated failures to send those messages.

The fix ensures that the message size does not exceed the buffer size.

AOS-250931

A tunnel flap issue was observed between the Branch Gateway and VPNC running AOS-10.4.0.3. This issue occurred because IKE used the uplink tag as the key in the uplink table while the Uplink manager used the VLAN ID, causing a mismatch.

This issue was resolved by changing the key as VLAN ID for the uplink table in IKE to be consistent with Uplink manager.

AOS-251014

The /flash/boot_log/dmesg.log file kept increasing in size, leading to the disk being full for virtual gateways running AOS-10.5.0.1. This issue occurred because the output of the dmesg command was appended into the file every minute.

This issue was resolved by redirecting the dmesg command output to /flash/boot_log/dmesg.log, instead of appending it to the file.

AOS-251057

The OpenFlow agent (OFA) process crashed on an HPE Aruba Networking 7240XM gateway running AOS-10.4.0.3. This issue occurred due to memory corruption in the OFA process.

The fix ensures that the OFA process does not crash.

AOS-251092

The output of the show tunneled-node-mgr stats command displayed an incorrect switch count. This issue occurred because the switch count was incorrectly incremented in case of cluster failover. This issue was observed on HPE Aruba Networking 9012 gateways running AOS-10.4.0.2.

The fix ensures that the switch_count variable is incremented only if the switch mac is not present in the hash table.