HPE 5900_5920-CMW710-R2432P01-US

HPE 5900_5920-CMW710-R2432P01-US
Release Notes
The information in this document is subject to change without notice.
© Copyright 2017 Hewlett Packard Enterprise Development LP
Contents
Version information ···········································································1
Version number ··························································································································· 1
Version history ···························································································································· 1
Hardware and software compatibility matrix ···················································································· 30
ISSU compatibility list ················································································································· 32
Upgrading restrictions and guidelines····························································································· 32
Hardware feature updates ································································ 33
R2432P01 ································································································································ 33
R2432 ······································································································································ 33
F2431 ······································································································································ 33
F2430 ······································································································································ 33
F2429 ······································································································································ 33
F2428 ······································································································································ 33
F2427 ······································································································································ 33
F2426 ······································································································································ 33
F2424 ······································································································································ 33
R2423 ······································································································································ 33
R2422P02 ································································································································ 34
R2422P01 ································································································································ 34
R2422 ······································································································································ 34
F2421 ······································································································································ 34
F2420 ······································································································································ 34
R2418P06 ································································································································ 34
R2418P01 ································································································································ 34
E2415 ······································································································································ 34
R2311P06 ································································································································ 34
R2311P05 ································································································································ 34
R2311P04 ································································································································ 35
R2311P03 ································································································································ 35
R2311P02 ································································································································ 35
R2311P01 ································································································································ 35
R2311 ······································································································································ 35
R2310 ······································································································································ 35
R2308P01 ································································································································ 35
R2307 ······································································································································ 35
E2306 ······································································································································ 36
E2305 ······································································································································ 36
F2210 ······································································································································ 36
R2209 ······································································································································ 36
R2208P01 ································································································································ 36
R2208 ······································································································································ 36
R2207 ······································································································································ 36
E2206P02 ································································································································ 36
E2206 ······································································································································ 36
R2108P03 ································································································································ 36
R2108P02 ································································································································ 37
R2108P01 ································································································································ 37
R2108 ······································································································································ 37
E2107 ······································································································································ 37
Software feature and command updates ············································· 37
MIB updates·················································································· 37
Operation changes ········································································· 46
Operation changes in R2432P01 ·································································································· 46
i
Operation changes in R2432 ········································································································ 46
Operation changes in F2431 ········································································································ 47
Operation changes in F2430 ········································································································ 48
Operation changes in F2429 ········································································································ 48
Operation changes in F2428 ········································································································ 48
Operation changes in F2427 ········································································································ 48
Operation changes in F2426 ········································································································ 49
Operation changes in F2424 ········································································································ 49
Operation changes in R2423 ········································································································ 49
Operation changes in R2422P02 ·································································································· 49
Operation changes in R2422P01 ·································································································· 49
Operation changes in R2422 ········································································································ 49
Operation changes in F2421 ········································································································ 50
Operation changes in F2420 ········································································································ 50
Operation changes in R2418P06 ·································································································· 51
Operation changes in R2418P01 ·································································································· 51
Operation changes in R2416 ········································································································ 51
Operation changes in E2415 ········································································································ 52
Operation changes in R2311P06 ·································································································· 52
Operation changes in R2311P05 ·································································································· 52
Operation changes in R2311P04 ·································································································· 53
Operation changes in R2311P03 ·································································································· 55
Operation changes in R2311P02 ·································································································· 56
Operation changes in R2311P01 ·································································································· 56
Operation changes in R2311 ········································································································ 57
Operation changes in R2310 ········································································································ 57
Operation changes in R2308P01 ·································································································· 57
Operation changes in R2307 ········································································································ 58
Operation changes in E2306 ········································································································ 59
Operation changes in E2305 ········································································································ 59
Operation changes in F2210 ········································································································ 59
Operation changes in R2209 ········································································································ 59
Operation changes in R2208P01 ·································································································· 59
Operation changes in R2208 ········································································································ 60
Operation changes in R2207 ········································································································ 60
Operation changes in E2206P02··································································································· 60
Operation changes in E2206 ········································································································ 60
Operation changes in R2108P03 ·································································································· 61
Operation changes in R2108P02 ·································································································· 61
Operation changes in R2108P01 ·································································································· 61
Operation changes in R2108 ········································································································ 61
Operation changes in E2107 ········································································································ 61
Restrictions and cautions ································································· 61
Open problems and workarounds ······················································ 62
List of resolved problems ································································· 62
Resolved problems in R2432P01 ·································································································· 62
Resolved problems in R2432········································································································ 63
Resolved problems in F2431 ········································································································ 70
Resolved problems in F2430 ········································································································ 74
Resolved problems in F2429 ········································································································ 77
Resolved problems in F2428 ········································································································ 80
Resolved problems in F2427 ········································································································ 84
Resolved problems in F2426 ········································································································ 88
Resolved problems in F2424 ········································································································ 92
Resolved problems in R2423········································································································ 94
Resolved problems in R2422P02 ·································································································· 95
Resolved problems in R2422P01 ·································································································· 95
Resolved problems in R2422········································································································ 96
Resolved problems in F2421 ······································································································ 100
ii
Resolved problems in F2420 ······································································································
Resolved problems in R2418P06 ································································································
Resolved problems in R2418P01 ································································································
Resolved problems in R2416······································································································
Resolved problems in E2415 ······································································································
Resolved problems in R2311P06 ································································································
Resolved problems in R2311P05 ································································································
Resolved problems in R2311P04 ································································································
Resolved problems in R2311P03 ································································································
Resolved problems in R2311P02 ································································································
Resolved problems in R2311P01 ································································································
Resolved problems in R2311······································································································
Resolved problems in R2310······································································································
Resolved problems in R2308P01 ································································································
Resolved problems in R2307······································································································
Resolved problems in E2306 ······································································································
Resolved problems in E2305 ······································································································
Resolved problems in F2210 ······································································································
Resolved problems in R2209······································································································
Resolved problems in R2208P01 ································································································
Resolved problems in R2208······································································································
Resolved problems in R2207······································································································
Resolved problems in E2206P02 ································································································
Resolved problems in E2206 ······································································································
Resolved problems in R2108P03 ································································································
Resolved problems in R2108P02 ································································································
Resolved problems in R2108P01 ································································································
Resolved problems in R2108······································································································
Resolved problems in E2107 ······································································································
104
109
111
116
119
119
123
127
130
133
136
139
143
158
163
172
179
179
184
192
193
194
201
202
202
203
205
206
207
Support and other resources··························································· 208
Accessing Hewlett Packard Enterprise Support··············································································
Documents ·····························································································································
Related documents ············································································································
Documentation feedback ····································································································
208
208
208
209
Appendix A Feature list ································································· 210
Hardware features ···················································································································· 210
Software features ····················································································································· 212
Appendix B Upgrading software ······················································ 218
System software file types ·········································································································
System startup process ·············································································································
Upgrade methods ····················································································································
Upgrading from the CLI ·············································································································
Preparing for the upgrade ···································································································
Downloading software images to the master switch ·································································
Upgrading the software images ····························································································
Installing a patch package ···································································································
Upgrading from the Boot menu ···································································································
Prerequisites ····················································································································
Accessing the Boot menu ···································································································
Accessing the basic Boot menu ···························································································
Accessing the extended Boot menu ······················································································
Upgrading Comware images from the Boot menu ····································································
Upgrading Boot ROM from the Boot menu ·············································································
Managing files from the Boot menu ·······················································································
Handling software upgrade failures······························································································
iii
218
218
219
220
220
221
223
225
225
226
227
228
229
230
238
245
248
List of Tables
Table 1 Version history ............................................................................................................................... 1
Table 2 Hardware and software compatibility matrix ............................................................................... 30
Table 3 ISSU compatibility list .................................................................................................................. 32
Table 4 MIB updates ................................................................................................................................ 37
Table 5 5900/5920 series hardware features ......................................................................................... 210
Table 6 Software features of the 5900/5920 series ............................................................................... 212
Table 7 Minimum free storage space requirements ............................................................................... 226
Table 8 Shortcut keys ............................................................................................................................. 227
Table 9 Basic Boot ROM menu options ................................................................................................. 228
Table 10 BASIC ASSISTANT menu options .......................................................................................... 228
Table 11 Extended Boot ROM menu options ......................................................................................... 229
Table 12 EXTENDED ASSISTANT menu options .................................................................................. 230
Table 13 TFTP parameter description .................................................................................................... 231
Table 14 FTP parameter description ...................................................................................................... 233
Table 15 TFTP parameter description .................................................................................................... 239
Table 16 FTP parameter description ...................................................................................................... 240
iv
This document describes the features, restrictions and guidelines, open problems, and workarounds
for version 5900_5920-CMW710-R2432P01 & R2432P01-US. In the interest of brevity, any
reference to R2432P01 is also applicable to R2432P01-US for the remainder of this document.
Before you use this version in a live network, back up the configuration and test the version to avoid
software upgrade affecting your live network.
Use this document in conjunction with <HPE 5900_5920-CMW710-R2432P01-US Release Notes
(Software Feature Changes)> and the documents listed in "Related documents."
Version information
Version number
HPE Comware Software, Version 7.1.045, Release 2432P01
Note: You can see the version number with the command display version in any view. Please see
Note.
Version history
Table 1 Version history
Version
number
Last version
Release
Date
Release
type
Remarks
5900_5920-CMW
710-R2432P01
5900_5920-CMW71
0-R2432
2017-01-20
Release
version
Fixed bugs.
Release
version
Added features:
•
New feature: Parity error
alarming for entries on
forwarding chips
•
New feature: Excluding a
subnet from load sharing on
link aggregations
•
New feature: ISP domain for
users assigned to
nonexistent domains
Modified features:
•
Modified feature: Software
patching
•
Modified feature: User
password configuration in
RADIUS test profiles
•
Modified feature: Configuring
SSH client access control
•
Modified feature: Predefined
user roles of SSH client and
FTP client commands
•
Modified feature: Username
format modification for device
login
•
Modified feature: Specifying
a PW data encapsulation
type
•
Modified feature: Device
diagnostic information
5900_5920-CMW
710-R2432
5900_5920-CMW71
0-F2431
2017-01-05
1
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
Modified feature: Memory
usage statistics
Modified feature: Displaying
group table statistics
Fixed bugs.
5900_5920-CMW
710-F2431
5900_5920-CMW71
0-F2430
2016-09-14
Feature
version
Added features:
•
New feature: Specifying
ignored packet fields for the
default link-aggregation load
sharing
Modified features:
•
Modified feature: Defining
QoS match criteria
•
Modified feature: NTP
support for ACL
Fixed bugs.
5900_5920-CMW
710-F2430
5900_5920-CMW71
0-F2429
2016-08-01
Feature
version
Added features:
•
New feature: Ignoring the
ingress ports of ARP packets
during user validity check
Modified features:
•
Modified feature: ISSU
command prompt information
Fixed bugs.
5900_5920-CMW
710-F2429
5900_5920-CMW71
0-F2428
2016-06-15
Feature
version
Added features:
•
New feature: Displaying burst
records for interfaces
•
New feature: Configuring FC
port security
•
New feature: Loop guard for
an OpenFlow instance
•
New feature: Shutting down
an interface by OpenFlow
Modified features:
•
Modified feature: Displaying
operating information for
diagnostics
•
Modified feature: Displaying
history about ports that are
blocked by spanning tree
protection features
•
Modified feature: Displaying
BGP MDT peer or peer group
information
•
Modified feature: Displaying
BGP MDT routing information
•
Modified feature: Applying an
ACL to an interface for packet
filtering
•
Modified feature: Applying a
QoS policy to an interface
•
Modified feature: Configuring
data buffer monitoring
Fixed bugs.
2
Version
number
5900_5920-CMW
710-F2428
Last version
5900_5920-CMW71
0-F2427
Release
Date
2016-05-05
Release
type
Feature
version
Remarks
Added features:
•
New feature: Configuring the
RIB to flush route attribute
information to the FIB
•
New feature: Displaying the
outbound PBR configuration
and statistics for an interface
•
New feature: RADIUS
stop-accounting packet
buffering
•
New feature: HWTACACS
stop-accounting packet
buffering
•
New feature: 802.1X MAC
address binding
•
New feature: Support of
802.1X for redirect URL
assignment
•
New feature: Support of MAC
authentication for redirect
URL assignment
•
New feature: Support of port
security for redirect URL
assignment in specific modes
Modified features:
•
Modified feature: Displaying
PBR configuration
•
Modified feature: Enabling
the BFD echo packet mode
•
Modified feature: NTP
authentication
•
Modified feature: Displaying
MAC address move records
•
Modified feature: MAC
address move notifications
Fixed bugs.
5900_5920-CMW
710-F2427
5900_5920-CMW71
0-F2426
2016-03-10
3
Feature
version
Added features:
•
New feature: Specifying ITU
channel numbers for
transceiver modules
•
New feature: Setting the
MAC address for a Layer 3
Ethernet interface or Layer 3
aggregate interface
•
New feature: Configuring the
DHCP smart relay feature
•
New feature: Configuring the
RIB to flush route attribute
information to the FIB
•
New feature: Configuring a
description for a network
access user
•
New feature: Configuring the
validity period for a network
access user
•
New feature: Enabling the
Version
number
Last version
Release
Date
Release
type
Remarks
auto-delete feature for
expired local user accounts
•
New feature: Configuring
periodic MAC
reauthentication
•
New feature: Enabling
preprovisioning
•
New feature: Enabling SNMP
notifications for RRPP
Modified features:
•
Modified feature: Displaying
detailed information about
UDP connections and RawIP
connections
•
Modified feature: Displaying
detailed information about
IPv6 UDP connections and
IPv6 RawIP connections
•
Modified feature: Default size
of the TCP receive and send
buffer
•
Modified feature: Displaying
MPLS LSP statistics
•
Modified feature: Configuring
BGP route summarization
•
Modified feature: Displaying
OSI connection information
Fixed bugs.
5900_5920-CMW
710-F2426
5900_5920-CMW71
0-F2424
2016-02-02
4
Feature
version
Added features:
•
New feature: Transceiver
module alarm suppression
•
New feature: Enabling SNMP
notifications for port security
•
New feature: Setting the
packet sending mode for
IPv4 VRRPv3
•
New feature: Enabling
periodic sending of gratuitous
ARP packets for IPv4 VRRP
•
New feature: Enabling
periodic sending of ND
packets for IPv6 VRRP
•
New feature: Configuring a
subordinate IPv4 VRRP
group to follow a master IPv4
VRRP group
•
New feature: Configuring a
subordinate IPv6 VRRP
group to follow a master IPv6
VRRP group
•
New feature: Displaying
master-to-subordinate IPv4
VRRP group bindings
•
New feature: Displaying
master-to-subordinate IPv6
VRRP group bindings
Version
number
Last version
Release
Date
Release
type
Remarks
•
New feature: Configuring the
threshold for triggering
monitor link group state
switchover
•
New feature: ACL application
to NETCONF over SOAP
traffic
•
New feature: Allowing link
aggregation member ports to
be in the deployed flow tables
•
New feature: Enabling
OpenFlow connection
backup
•
New feature: Preprovisioning
•
New feature: Enabling BPDU
transparent transmission on
a port
Modified features:
•
Modified feature: 802.1X
guest VLAN assignment
delay
•
Modified feature: Software
image information display
•
Modified feature: Specifying
ECDSA algorithms with
different public key lengths
Fixed bugs.
5900_5920-CMW
710-F2424
5900_5920-CMW
710-R2423
5900_5920-CMW71
0-R2423
5900_5920-CMW71
0-R2422P02
2015-12-14
2015-11-19
5
Release
version
Added features:
•
New feature: LLDP neighbor
validation and aging
•
New feature: Port-specific
802.1X periodic
reauthentication timer
•
New feature: Manual
reauthentication for all online
802.1X users on a port
•
New feature: CFD Port
collaboration
•
New feature: DSCP value for
OpenFlow packets
Modified features:
•
Modified feature: Configuring
the CDP-compatible
operating mode for LLDP
•
Modified feature: Configuring
a traffic policing action
Fixed bugs.
Release
version
Added features:
•
New feature: DHCP address
pool application to a VPN
instance
•
New feature: L2PT
•
New feature: RADIUS server
status detection
•
New feature: RADIUS server
Version
number
Last version
Release
Date
Release
type
Remarks
load sharing
New feature: IP address pool
authorization by AAA
•
New feature: 802.1X guest
VLAN assignment delay
•
New feature: Sending 802.1X
protocol packets without
VLAN tags
•
New feature: 802.1X critical
voice VLAN
•
New feature: MAC
authentication critical voice
VLAN
•
New feature: Parallel
processing of MAC
authentication and 802.1X
authentication
•
New feature: IPsec support
for Suite B
•
New feature: SSH support for
Suite B
•
New feature: Public key
management support for
Suite B
•
New feature: PKI support for
Suite B
•
New feature: SSL support for
Suite B
•
New feature: Disable SSL
session renegotiation for the
SSL server
•
New feature: Configuring log
suppression for a module
Modified features:
•
Modified feature: Displaying
interface information
•
Modified feature: Configuring
the types of advertisable
LLDP TLVs on a port
•
Modified feature: Configuring
the device to not change the
next hop of routes advertised
to EBGP peers
•
Modified feature: Specifying
RADIUS servers
•
Modified feature: 802.1X
command output
•
Modified feature: MAC
authentication command
output
•
Modified feature: Configuring
SSH access control
•
Modified feature: FIPS
self-tests
Fixed bugs.
•
5900_5920-CMW
5900_5920-CMW71
2016-09-01
6
Release
Added features.
Version
number
Last version
710-R2422P02
0-R2422P01
Release
Date
Release
type
Remarks
version
Modified feature.
Fixed bugs.
5900_5920-CMW
710-R2422P01
5900_5920-CMW71
0-R2422
2015-12-18
Release
version
Added features:
New feature: Peer Zone.
Fixed bugs.
Added features:
•
New feature: IRF bridge MAC
address configuration
•
New feature: Checking
sender IP addresses of ARP
packets
•
New feature: Enabling SNMP
notifications for new-root
election and topology change
events
5900_5920-CMW
710-R2422
5900_5920-CMW71
0-F2421
2015-11-13
Release
version
Modified features:
•
Modified feature: Multicast
storm suppression for
unknown multicast packets
•
Modified feature: Tracert
TRILL
•
Modified feature: Forbidding
an OpenFlow instance to
report the specified types of
ports to controllers
•
Modified command:
forbidden port
•
Modified feature: Creating
RMON statistics entries
Fixed bugs.
HPE rebranding.
5900_5920-CMW
710-F2421
5900_5920-CMW71
0-F2420
2015-9-21
7
Feature
version
Added features:
•
New feature: Saving the IP
forwarding entries to a file
•
New feature: VPN instance
for the destination address of
a tunnel interface
•
New feature: System stability
and status displaying
•
New feature: Support for
BPDU guard configuration in
interface view
•
New feature: Link
aggregation management
VLANs and management
port
•
New feature: Keychain
authentication for OSPFv3
•
New feature: Data buffer
monitoring
•
New feature: Configuring
keychains
•
New feature: Configuring
Smart SAN
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
New feature: SNMP silence
New feature: DSCP value for
NETCONF over SOAP over
HTTP/HTTPS packets
Modified features:
•
Modified feature: Setting the
MDIX mode of an Ethernet
interface
•
Modified feature: Configuring
the HTTPS listening port
number for the local portal
Web server
•
Modified feature: Matching
order for frame match criteria
of Ethernet service instances
Fixed bugs.
5900_5920-CMW
710-F2420
5900_5920-CMW71
0-R2418P01
2015-7-27
8
Feature
version
Added features:
•
New feature: Configuration
commit delay
•
New feature: Interface
connection distance
•
New feature: MAC
authentication offline
detection
•
New feature: Displaying the
maximum number of ARP
entries
•
New feature: Displaying the
maximum number of ND
entries t
•
New feature: IP address
assignment to the
management Ether
•
New feature: DHCP snooping
logging
•
New feature: DHCPv6
snooping logging
•
New feature: Logging of BGP
route flapping
•
New feature: RADIUS DAE
server
•
New feature: Enabling
hardware CC on a MEP
•
New feature: Configuring
service loopback
group-based remo
•
New feature: Display the
FCoE configuration of a
VLAN
•
New feature: Flow entry for
filtering slow protocol packet
•
New feature: QinQ tagging
for double-tagged packets
passin
•
New feature: Testing network
connectivity by using the pin
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
New feature: ARP detection
logging
New feature: Attack detection
and prevention
New feature: Display the
status of a VSAN
New feature: Setting the
operating mode for a VSAN
New feature: Configuring
automatic load balancing for
FCoE
Modified features:
•
Modified feature: Remote file
copying
•
Modified feature: Automatic
configuration
•
Modified feature: Disabling
advertising prefix information
in RA messages
•
Modified feature: Multicast
VLAN
•
Modified feature: Enabling
link-aggregation traffic
redirection
•
Modified feature: TCP
maximum segment size
(MSS) setting
•
Modified feature: 802.1X
timers
•
Modified feature: 802.1X
support for tagged VLAN
assignment
•
Modified feature: MAC
authentication timers
•
Modified feature: MAC
authentication support for
tagged VLAN assignment
•
Modified feature: Configuring
a preemption mode for a
smart link group
•
Modified feature: Creating a
VSAN and entering VSAN
view
•
Modified feature: Configuring
an FCoE mode for the switch
•
Modified feature: Setting the
mode of a VFC interface
•
Modified feature: Setting an
FC-MAP value
•
Modified feature: Setting an
FKA advertisement interval
•
Modified feature: Setting the
system FCF priority
•
Modified feature: Creating an
OpenFlow table for an
OpenFlow instance
9
Version
number
Last version
Release
Date
Release
type
Remarks
•
Modified feature: Frame
match criteria of Ethernet
service instances
Fixed bugs.
5900_5920-CMW
710-R2418P06
5900_5920-CMW
710-R2418P01
5900_5920-CMW71
0-R2418P01
5900_5920-CMW71
0-R2416
2015-8-26
2015-5-29
10
Release
version
Release
version
None.
Added features:
•
Enabling Monitor Link
globally
•
NETCONF logging
•
Displaying the load sharing
path selected for a flow
•
Symmetric load sharing
•
Displaying the PFC
information for an interface
•
Link-aggregation traffic
forwarding information
display
•
802.1X online user
handshake reply
•
MAC authentication requests
carrying user IP addresses
•
Authentication interval for
users in the MAC
authentication guest VLAN
•
Local portal Web server
•
BGP IPv4 MDT address
family
•
Displaying BGP MDT routing
informaiton
Modified features:
•
The default user role feature
for remote AAA users
•
MAC
address/ARP/ND/routing
table capacity mode
•
ARP MAD configuration
•
Displaying BGP peer group
information
•
Displaying BGP peer or peer
group information
•
Displaying BGP update
group information
•
Resetting BGP sessions
•
Enabling route reflection
between clients
•
Configuring the cluster ID for
a route reflector
•
Enabling BGP to exchange
routing information with a
peer or peer group
•
Configuring the device as a
route reflector and specifying
a peer or peer group as a
Version
number
Last version
Release
Date
Release
type
Remarks
•
client
Displaying default-group
information
Fixed bugs.
5900_5920-CMW
710-R2416
5900_5920-CMW71
0-E2415
2015-1-21
Release
version
For more information about the
feature change, see HPE
5900_5920-CMW710-R2416
Release Notes (Software Feature
Changes).
Fixed bugs.
eIRF supported
5900_5920-CMW
710-E2415
5900_5920-CMW71
0-R2311P06
2014-10-11
11
ESS
version
Added features:
•
Configuring one-way DM
•
Configuring two-way DM
•
Configuring TST
•
Configuring EAIS
•
Displaying the CFD
implementation status
•
Clearing CFD test results
•
RRPP
•
Configuring a BFD template
•
Creating a BFD session for
detecting the local interface
state
•
Enabling BFD echo packet
mode for static route FRR
•
Enabling BFD for RIP FRR
•
Configuring BFD for OSPF
PIC
•
Configuring BFD for OSPF
FRR
•
Enabling source address
check for hello packets on a
PPP interface
•
Configuring BFD for IS-IS
FRR
•
Configuring GTSM for BGP
•
Configuring BGP NSR
•
Configuring BGP update
sending delay
•
Configuring BFD for BGP
•
Enabling IPv6 IS-IS MTR
•
Configuring an IPv6 IS-IS
cost for an interface
•
LDP NSR
•
LDP-IGP synchronization
•
LDP FRR
•
MPLS L3VPN FRR
•
Specifying a DSCP value for
outgoing RSVP packets
•
MPLS TE-related features
•
Configuring a TRILL VR
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
Enabling TRILL to forward
traffic from EVB S-channels
Enabling the packet loss
prevention feature for
OpenFlow forwarding
Enabling the global mode for
an OpenFlow instance
Modified features:
•
Displaying information about
TRILL ports
•
Displaying the TRILL unicast
routing table
•
Configuring RBAC user role
rules
•
Bulk configuring interfaces
•
System operating mode
•
Configuring CPU usage
monitoring
•
Displaying memory usage
and threshold
•
Setting memory thresholds
•
Displaying the operating
statistics for multiple feature
modules
•
ACL
•
Defining an ACL-based
match criterion
•
Traffic evaluation algorithms
•
Displaying queue-based
outgoing traffic statistics
•
Associating a class with a
behavior in a QoS policy
•
Displaying the configuration
of priority maps
•
Entering the specified priority
map view
•
Configuring a match rule for a
DHCP user class
•
Specifying a destination
server for UDP helper to
convert broadcast to unicast
•
Creating a tunnel interface
•
Per-flow load sharing
•
Displaying IGMP information
for an interface
•
Displaying user line
information
•
Releasing a user line
•
Entering user line view
•
Sending messages to user
lines
•
The default maximum
number of concurrent users
•
Working directory
authorization for FTP, SFTP,
12
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
13
and SCP users
Fast terminating Stelnet
connections
Authorization attribute
configuration
Enabling the SCP server
function
Specifying startup image files
Startup images
synchronization from the
master to a subordinate
device
Patch image installation and
removal
Enabling the preemptive
mode for the device in an
IPv4 VRRP group and
configuring the preemption
delay
Enabling the preemptive
mode for the device in an
IPv6 VRRP group and
configuring the preemption
delay
Associating an IPv4 VRRP
group with a track entry
Associating an IPv6 VRRP
group with a track entry
Configuring the
authentication mode for
single-hop BFD control
packets
Configuring the
authentication mode for
multihop BFD control packets
Ping IPv6
Disabling an interface from
processing NTP messages
Specifying the log file
directory
Specifying a log host
Adding a user to an SNMPv1
or SNMPv2c group
Calculating a digest for the
ciphertext authentication or
privacy key converted from a
plaintext key
Using the RBAC mode to
configure an SNMPv3 user
Using the RBAC mode to
configure an SNMP
community
Configuring the SNMP agent
to send SNMP notifications to
a host
Enabling SNMP logging
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
•
•
•
•
•
Creating NQA templates
Configuring the local
connection properties for the
main connection
OSPF commands
Displaying BGP peer or peer
group information
Configuring dynamic BGP
peers
Displaying and resetting
backup routing information
for an IRF member device
Configuring BGP load
balancing
Configuring the RIB purge
timer and the time to wait for
the End-of-RIB marker
Configuring the ingress and
transit nodes of a static
CRLSP
Deregistering an OpenFlow
instance
Removed feature:
•
IP virtual fragment
reassembly
•
Displaying IP virtual fragment
reassembly information for
an interface
Fixed bugs.
5900_5920-CMW
710-R2311P06
5900_5920-CMW71
0-R2311P05
2015-4-2
Release
version
Added features:
• Login delay
• Enabling Monitor Link globally
Modified features:
• BFD MAD
Fixed bugs.
5900_5920-CMW
710-R2311P05
5900_5920-CMW71
0-R2311P04
2014-12-29
Release
version
Added features:
• Applicable scope of packet
filtering on a VLAN interface
• Disabling SSL 3.0
• Support of OpenFlow for
reserved ports of the In Port
type
• Support of OpenFlow for
groups of the Indirect type
Modified features:
• Configuring BFD MAD
• Executing Comware
commands in Tcl configuration
view
• Displaying queue-based
outgoing traffic statistics for
interfaces
Fixed bugs.
14
Version
number
5900_5920-CMW
710-R2311P04
Last version
5900_5920-CMW71
0-R2311P03
Release
Date
2014-11-11
Release
type
Release
version
Remarks
Added features:
• Per-flow load sharing
algorithm configuration for
Ethernet link aggregation
• Local-first load sharing
• Queue aging time
• Packet rate-limiting for the
table-miss flow entry
Modified features:
• Displaying queue-based
outgoing traffic statistics
• Per-flow load sharing
Fixed bugs.
Added features:
•
DHCPv6 client DUID
•
Configuration differences
display between
configuration files
•
ARP blackhole route probe
settings
•
Interval for sending periodical
notifications
5900_5920-CMW
710-R2311P03
5900_5920-CMW71
0-R2311P02
2014-9-15
Release
version
Modified features:
•
Including time zone
information in the timestamp
of system information sent to
a log host
•
Flow-based remote mirroring
•
HTTPS service association
with a certificate
attribute-based access
control policy
•
HTTPS service association
with an SSL server policy
•
TRILL Hello interval and
Hello multiplier
•
Service loopback group
•
Multiport ARP
Fixed bugs.
5900_5920-CMW
710-R2311P02
5900_5920-CMW71
0-R2311P01
2014-8-9
15
Release
version
Added features:
•
NSR for ISIS-SPB
•
SPBM Graceful Restart log
management
•
SPBM information display on
a subordinate device
•
Support for BFD
configuration in Layer 2
aggregate interface view
•
BFD for Ethernet link
aggregation
•
Configuring OSPFv3 prefix
suppression
•
Configuring OSPFv3 route
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
•
•
•
•
•
•
•
summarization on an ASBR
Configuring OSPFv3 stub
routers
Triggering OSPFv3 GR
Configuring OSPFv3 NSR
Configuring an OSPFv3
NSSA area
Configuring tags for routes
redistributed by OSPFv3
Restarting OSPFv3
processes
Restarting OSPFv3 route
redistribution
Clearing OSPFv3 statistics
Configuring an OSPFv3
sham link
Extended OSPFv3 PE-CE
and PE-MCE routing
FC interfaces support for port
mirroring
Remote flow mirroring
Modified features:
•
OSPFv3 support for global
GR and planned GR
•
Limiting the route
advertisement to NSSA
areas and configuring a tag
for external OSPFv3 LSAs
•
Enhanced CC authentication
•
Per-flow load sharing
Fixed bugs.
Added features:
•
TCP fragment attack
protection
•
DHCPv6 client
•
Static IPv6 prefix
configuration
•
IPv6 prefix information
display
5900_5920-CMW
710-R2311P01
5900_5920-CMW71
0-R2311
2014-7-16
Release
version
Modified features:
•
BGP support for IPv6
link-local address for peer
relationship establishment
•
Displaying BGP peer log
information
Deleted features:
•
Clearing outgoing
queue-based traffic statistics
Fixed bugs.
5900_5920-CMW
710-R2311
5900_5920-CMW71
0-R2310
2014-6-25
16
Release
version
Added features:
•
CWMP
•
NETCONF over SSH
Version
number
Last version
Release
Date
Release
type
Remarks
Modified features:
•
Generating SSH key pairs
Fixed bugs.
Added features:
•
Service consistency check
mode configuration for SSH,
FTP, and terminal users
5900_5920-CMW
710-R2310
5900_5920-CMW71
0-R2308P01
2014-5-23
Release
version
Modified features:
•
Default FTP file transfer
mode
•
MAC address moving
notifications
•
SPBM bandwidth reference
for automatic link metric
calculation
•
Customizing DHCP options
Fixed bugs.
Added features:
•
discarding IPv6 packets that
contain extension headers
5900_5920-CMW
710-R2308P01
5900_5920-CMW71
0-R2307
2014-3-6
Release
version
Modified features:
•
Specifying AAA servers by
hostname
•
Specifying a log host by
hostname
Fixed bugs.
Added features:
•
Setting CPU usage
thresholds
•
Setting memory usage
thresholds
•
Configuring an edge
aggregate interface
•
Configuring discard routes
for summary networks
5900_5920-CMW
710-R2307
5900_5920-CMW71
0-E2306
2014-1-9
Release
version
Modified features:
•
Setting the maximum number
of concurrent 802.1X users
on a port
•
Setting the maximum number
of concurrent MAC
authentication users on a
port
•
Setting port security's limit on
the number of secure MAC
addresses on a port
•
Setting the port number used
to establish connections to
the controller
•
ACL-based packet filtering
on a VLAN interface
Fixed bugs.
17
Version
number
5900_5920-CMW
710-E2306
Last version
5900_5920-CMW71
0-E2305
Release
Date
2013-10-18
Release
type
ESS
version
Remarks
Added features:
•
Computing a file digest
•
Archiving/extracting files
•
Specifying an IRF member
device for forwarding the
traffic on the current interface
•
FC
•
Enabling hard zoning
•
Enabling SNMP notifications
for fabric changes
•
IP virtual fragment
reassembly
•
Stateless address
autoconfiguration on a Layer
3 aggregate interface
•
BGP FRR
•
Configuring an IPv6 prefix list
with a reverse mask
•
Configuring a Layer 3
Ethernet subinterface
•
Configuring a Layer 3
aggregate subinterface
•
Configuring IP subnet-based
VLANs
•
Configuring protocol-based
VLANs
•
Configuring the downlink port
for the private VLAN to
operate in trunk secondary
mode
•
Enabling Layer 3
communication between
secondary VLANs that are
associated with a primary
VLAN
•
PVST
•
Configuring ISIS-SPB
authentication
•
Displaying statistics for LSP
fast-flooding
•
Managing security logs
•
Assigning the security-audit
user role to users
•
Configuring user roles for a
schedule
Modified features:
•
Configuring the DCBX
version
•
I-SID value range
•
Configuring physical state
change suppression on an
Ethernet interface
•
Configuring MTU on a Layer
3 interface
•
Specifying the VPN to which
18
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
the controller belongs
BGP load balancing
Specifying the remote host
name string for IPsec Tunnel
Displaying the zone
configuration and running
status
Fixed bugs.
5900_5920-CMW
710-E2305
5900_5920-CMW71
0- F2210
2013-8-20
19
ESS
version
Added features:
•
Configuring the load sharing
mode
•
Restoring the factory-default
settings and states
•
Partitioning a USB disk
•
USB disk
mounting/unmounting
•
Python
•
MPLS
•
Configuring the maximum
lifetime for routes
•
Displaying the RIB
•
Configuring the enhanced
ECMP mode
•
Displaying static routing
•
Enabling RIP on an interface
•
Specifying a RIP neighbor
•
Setting the maximum length
of RIP packets
•
Configuring RIP network
management
•
Configuring BFD for RIP
(single-hop echo detection
for a specific destination)
•
Configuring BFD for RIP
(bidirectional control
detection)
•
Configuring a DSCP value for
OSPF packets
•
Configuring prefix
suppression
•
Configuring prefix
prioritization
•
Configuring OSPF PIC
•
Configuring OSPF NSR
•
Configuring enhanced
functions for a stub router
•
Displaying OSPF
•
Configuring IS-IS network
management
•
Configuring IS-IS NSR
•
Displaying and clearing IS-IS
•
Configuring 6PE
•
Configuring IPsec for IPv6
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
20
BGP
Configuring BGP to ignore
the ORIGINATOR_ID
attribute
Configuring local PBR
Displaying IPv6 static routes
Applying an IPsec profile to a
RIPng process or interface
Configuring the LSU
transmission interval and the
maximum number of LSU
packets that can be sent at
each interval
Applying an IPsec profile to
an OSPFv3 area or interface
Displaying OSPFv3 next hop
and topology information
Assigning a convergence
priority to specific IPv6 IS-IS
routes
Displaying IPv6 IS-IS
topology information
Displaying and configuring
IPv6 local PBR
Specifying the MPLS label
match criterion and setting
MPLS labels for routing
information
Setting a prefix priority for
routes
Configuring PIM snooping
Configuring IPv6 PIM
snooping
Configuring multicast VLAN
Configuring IPv6 multicast
VLAN
Configuring MSDP
Configuring Multicast VPN
Enabling IGMP snooping for
multiple VLANs
Enabling MLD snooping for
multiple VLANs
Specifying IGMP snooping
version for multiple VLANs
Specifying MLD snooping
version for multiple VLANs
Configuring IGMP report
suppression
Configuring MLD report
suppression
Displaying Layer 2 multicast
group information
Displaying IPv6 Layer 2
multicast group information
Configuring Layer 3 multicast
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
21
features for VPN instances
Configuring multicast
forwarding between
sub-VLANs of a super VLAN
Configuring IPv6 multicast
forwarding between
sub-VLANs of a super VLAN
Displaying information about
interfaces maintained by
MRIB
Displaying information about
interfaces maintained by
IPv6 MRIB
Displaying and clearing
statistics for multicast
forwarding events
Displaying and clearing
statistics for IPv6 multicast
forwarding events
Configuring BIDIR-PIM
Configuring IPv6 BIDIR-PIM
Configuring PIM-SSM
Configuring IPv6 PIM-SSM
Displaying statistics for PIM
packets
Displaying statistics for IPv6
PIM packets
Configuring a global static
IPv4/IPv6 source guard
binding entry
Configuring enhanced ARP
packet rate limit features
MFF
Portal authentication
Displaying and maintaining
crypto engines
Configuring AAA for portal
users
Configuring and displaying
HTTP and HTTPS local users
Setting the maximum number
of concurrent login users
Setting the maximum number
of concurrent logins using the
same local user name
Configuring authorization
attributes for users in an ISP
domain
Enabling SNMP notifications
for RADIUS
Configuring the device to use
one TCP connection for all
users to exchange packets
with the HWTACACS server
Configuring password
complexity checking policy
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
22
for a local user or user group
Specifying the maximum
number of consecutive failed
login attempts for a local user
or user group and the action
to be taken for login failures
Specifying the DSCP value in
SSH packets
Exiting FIPS mode through
automatic reboot
Configuring SNMP
notifications for Ipsec
Configuring SNMP
notifications for IKE
Configuring IPsec for IPv6
routing protocols
Configuring Smart Link
Configuring Monitor Link
Modem dial-in to the device
Banner for modem dial-in
users
Web login to the device
specifying the system time
source
CPU usage monitoring
Safe file download from a
TFTP server
DSCP for outgoing
FTP/TFTP packets
DSCP for outgoing Telnet
packets
User line and user line class
SSL server policy association
with the FTP service
Configuring the expected
bandwidth of an interface
Configuring the link mode of
an Ethernet interface
Configuring the MTU for an
interface
Forcibly bringing up a fiber
port
Displaying and clearing the
Ethernet statistics
Displaying and maintaining
inloopback interfaces
Bulk displaying and
maintaining interfaces
Configuring a Layer 3
aggregation group
Configuring the LACP
operating mode
Configuring MAC
authentication delay
Enabling MAC move
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
23
Enabling MAC address
moving notifications
Configuring the MAC
address table in EVB
S-channel aggregate
interface view
Enabling SNMP notifications
for the MAC address table
Deleting unicast MAC
address entries based on the
RBs through which packets
leave the TRILL network
Configuring the expected
bandwidth for a VLAN
interface
Assigning an S-channel
aggregate interface of EVB to
a VLAN
Super VLAN
Private VLAN
Configuring the LLDP bridge
mode
Configuring the token bucket
size for sending LLDPDUs
Setting the interval for fast
LLDPDU transmission
Configuring LLDP in Layer
2/Layer 3 aggregate and
Layer 3/management
Ethernet interface views
Configuring LLDP to support
nearest customer bridge
agents and nearest
non-TPMR bridge agent
MVRP
Configuring PBB
Configuring the system ID
and nickname for an RB
Configuring the link cost for a
TRILL port
Configuring the designated
VLANs for exchanging TRILL
frames
Configuring the maximum
length of an LSP originated
by an RB
Configuring the maximum
length of an LSP that can be
received by an RB
Setting the Overload bit of
LSPs and setting the lifetime
for the set Overload bit
Setting the SPF calculation
interval for TRILL
Configuring the maximum
number of TRILL unicast
equal-cost routes
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
24
Configure SNMP for TRILL
Displaying the TRILL unicast
routing table for the specified
RB
Configuring SPBM
IRDP
Enabling ARP logging
Setting the maximum number
of dynamic ARP entries for a
device
Enabling IP conflict
notification
Setting the DSCP value for
DHCP packets sent by the
DHCP server or the DHCP
relay agent
Configuring the aging time for
MAC address check entries
on the DHCP relay agent
Displaying MAC address
check entries on the DHCP
relay agent
Setting the DSCP value for
DHCP packets sent by the
DHCP client
Setting the maximum number
of DHCP snooping entries
that an interface can learn
Setting the DSCP value for
outgoing DNS packets
Setting the DSCP value for
outgoing IPv6 DNS packets
Setting the DSCP value for
outgoing DDNS packets
Configuring the rate limit for
ICMP error messages
pecifying the source address
for outgoing ICMP packets
Configuring the temporary
address function
Enabling ND proxy
Configuring the rate limit for
outgoing ICMPv6 error
messages
Specifying the source
address for outgoing ICMPv6
packets
IPv6 stateless address
autoconfiguration
Setting the DSCP value for
DHCPv6 packets sent by the
DHCPv6 server
Configuring the DHCPv6
relay agent
Configuring DHCPv6
snooping
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
25
Specifying the MPLS TE
tunnel mode
Configuring Web menu rule
Configuring XML element
rule
Enabling SNMP notifications
for VRRP globally
Creating a track entry and
associating it with CFD
PTP
RMON
EAA
NETCONF
Configuring the traffic class
feature for ping ipv6
Configuring the ToS feature
for tracert
Configuring the traffic class
feature for tracert ipv6
Configuring a DSCP value for
NTP packets
Saving diagnostic logs to the
diagnostic log file
Setting the size of the trace
log file
Configuring the format for
logs output to a log host
Configuring Layer 3 remote
port mirroring
Configuring a process to
generate or not generate
core files for exceptions
Configuring an SNMP
context
Displaying SNMP MIB node
information
Specifying the UDP port for
receiving SNMP packets
Enabling SNMP notification
logging
Configuring NQA templates
Configuring the NQA server
Configuring NQA operation
types
Applying an operation to a
specific VPN
Sending traps to the NMS
under specific conditions
Configuring a reaction entry
for monitoring packet
round-trip time
Configuring a reaction entry
for monitoring packet loss in
a UDP jitter or voice
operation
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
26
Configuring a reaction entry
for monitoring one-way jitter
in an NQA operation
Configuring a reaction entry
for monitoring the one-way
delay
Configuring a reaction entry
for monitoring the ICPIF
value in a voice operation
Configuring a reaction entry
for monitoring the MOS value
in a voice operation
Sending traps when the
probe duration exceeds the
threshold
ISSU for feature images
Displaying the FCoE mode of
a switch
Configuring the expected
bandwidth of a VFC interface
Displaying ENode
information obtained by a
Transit switch
Displaying FCF switch
information obtained by a
Transit switch
Displaying the FIP snooping
rules that a Transit switch is
flushing
Displaying the FIP snooping
rules that a Transit switch has
flushed
Displaying the FIP snooping
sessions
Enabling FIP snooping
Configuring the FC-MAP
value for a VLAN
Configuring the operating
mode of an Ethernet
interface on a Transit switch
Enabling RSCN aggregation
Configuring the RSCN
aggregation timer
Starting a topology discovery
Stopping a topology
discovery
Displaying the topology
discovery status
Displaying FCS database
information
Displaying the FCS IE
information
Displaying the FCS port
information
Displaying FDMI database
information
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
•
•
•
Configuring a switch to
operate in Transit mode
OpenFlow
Shutting down an S-channel
interface or an S-channel
aggregate interface
Enabling LACP MAD on
Layer 3 aggregate interface
Hop-by-Hop Options header
types for IPv6 advanced
ACLs
Displaying QoS policies by
IRF member ID
Configuring the EXP
mapping tables
Displaying data buffer usage
Modified features:
•
Setting the interface
description
•
Displaying brief information
about interfaces only in down
state
•
Configuring a description for
a VLAN or VLAN interface
•
Configuring the LLDP
operating mode for nearest
non-TPMR bridge agents
•
Configuring service loopback
group
•
Configuring BGP
•
Displaying information about
Layer 2 multicast forwarding
table
•
Displaying information about
IPv6 Layer 2 multicast
forwarding table
•
Enabling multicast routing
and forwarding
•
Enabling IPv6 multicast
routing and forwarding
•
Max concurrent 802.1X users
on a port
•
Max concurrent MAC
authentication users on a
port
•
Applying an IPsec policy to
an interface
•
Value range for the system
name
•
Value range for the memory
threshold
•
Value range for the VTY user
line
•
Specifying the URL for a
DHCP snooping database file
on a remote device
27
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
•
•
•
•
•
•
Specifying the username and
password separately for
DDNS update requests
Configuring the bandwidth for
an interface
Configuring a description for
a VFC interface
Displaying name service
database information
Displaying the SCR list of
N_Ports
Configuring the directory
where a log file is saved
Configuring an SNMP
community
Configuring the system
contact
Configuring the system
location
Displaying the queuing
configuration
Deleted features:
•
Setting the LLDPDU transmit
delay
Removed features:
•
Specifying a member device
to forward the traffic on the
current interface
Fixed bugs.
5900_5920-CMW
710-F2210
5900_5920-CMW71
0-R2209
2013-8-5
Add
feature
version
Added features:
•
Configuring ARP fast update
•
Configuring the DCBX
version
•
Support of TRILL distribution
trees for multicast ECMP
Fixed bugs.
5900_5920-CMW
710-R2209
5900_5920-CMW71
0-R2208P01
2013-7-4
28
Release
version
Added features:
•
Specifying an IRF member
device for forwarding the
traffic on the current interface
•
Configuring the TRILL
announcing VLANs
•
Configuring a TRILL access
port with the alone attribute
•
Specifying ignored VLANs on
a Layer 2 aggregate interface
•
Configuring IS-IS generic
cryptographic authentication
•
Managing security logs
•
Configuring the SSH server
to use CA certificates for
client authentication
•
Configuring the DHCP relay
and DHCP server functions
Version
number
Last version
Release
Date
Release
type
Remarks
•
•
•
•
on management Ethernet
ports
Matching the Hop-by-Hop
Options headers in IPv6
packets
Enabling auto discovery of
SCSI-FCP information
Configuring the default FC4
information for a node
Supporting soft zoning
Modified features:
•
Specifying the host name
string
Fixed bugs.
5900_5920-CMW
710-R2208P01
5900_5920-CMW
710-R2208
5900_5920-CMW71
0-R2208
5900_5920-CMW71
0-R2207
2013-2-25
2013-1-28
Release
version
Release
version
Fixed bugs.
Added features:
•
Verifying the correctness and
integrity of the file
•
Enabling log file
overwrite-protection
•
IPsec
•
IKE
•
FIPS
Fixed bugs.
Added features:
•
Enabling the session-control
feature
•
Configuring MD5
authentication for BGP
5900_5920-CMW
710-R2207
5900_5920-CMW71
0-E2206P02
2012-12-21
Release
version
Modified features:
Displaying the nodes on downlink
interfaces and their mapped uplink
interfaces
Displaying node login information
Fixed bugs.
5900_5920-CMW
710-E2206P02
5900_5920-CMW71
0-E2206
2012-10-12
ESS
version
Fixed bugs.
5900_5920-CMW
710-E2206
5900_5920-CMW71
0-R2108P03
2012-9-14
ESS
version
Added and modified features.
5900_5920-CMW
710-R2108P03
5900_5920-CMW71
0-R2108P02
2012-8-15
Release
version
5900_5920-CMW
710-R2108P02
5900_5920-CMW71
0-R2108P01
2012-5-29
Release
version
Modified a feature: Duplex and
rate configuration for 40GE ports.
Fixed bugs.
Added a new feature: Enabling
display of debugging information
on the current terminal.
Fixed bugs.
5900_5920-CMW
710-R2108P01
5900_5920-CMW71
0-R2108
2012-4-9
Release
version
Fixed bugs.
5900_5920-CMW
First release
2012-1-20
Release
Added a new feature: Configuring
29
Version
number
Last version
Release
Date
Release
type
710-R2108
version
Remarks
the maximum number of
equal-cost routes.
Modified features.
Fixed bugs.
5900_5920-CMW
710-E2107
Controlled release
2011-12-15
Release
version
None
Hardware and software compatibility matrix
Table 2 Hardware and software compatibility matrix
Item
Specifications
Produ
ct
family
HPE 5900 Series
HPE 5920 Series
5900AF-48XG-4QSFP+ Switch JC772A
5900AF-48XG-4QSFP+ TAA Switch
JG554A
5900AF-48G-4XG-2QSFP+ Switch
JG510A
Hardw
are
platfor
m
5900AF-48G-4XG-2QSFP+ TAA Switch
JH038A
5900AF-48XGT-4QSFP+ Switch JG336A
5920AF-24XG Switch JG296A
5900AF-48XGT-4QSFP+ TAA Switch
JH037A
5920AF-24XG TAA Switch JG555A
FF 5900CP-48XG-4QSFP+ Switch
JG838A
FF 5900CP-48XG-4QSFP+ TAA Switch
JH036A
5900CP-48XG-4QSFP+ 8Gb FC B-F
Switch E7W29A
Memor
y
2GB
Flash
512M
Boot
ROM
versio
n
Version 155 or higher (Note: Perform the command display version command in any view to view
the version information. Please see Note②)
Host
softwa
re
256M
Filename
SHA256 checksum
5900-CMW710-R2432P01-US.ipe
d80e116d57529a8436a64cb4d5a84861a
81fdc8f7be0b59cac3cb88bf4936ea2
5900_5920-cmw710-packet-capture-r2432p01-US.bin
8c71d1bc6150b40205197cdfaddefa2f9f9
708d2b2af5c558a5f100345e281bf
30
Item
Specifications
iMC BIMS 7.2 (E0402)
iMC EAD 7.2 (E0402)
iMC TAM 7.2 (E0402)
iMC UAM 7.2 (E0402)
iMC MVM 7.2 (E0402)
iMC NTA 7.2 (E0401)
iMC
versio
n
iMC PLAT 7.2 (E0403P04)
iMC QoSM 7.2 (E0403)
iMC RAM 7.2 (E0402)
iMC SDNM 7.2 (E0402)
iMC SHM 7.2 (E0402)
iMC UBA 7.2 (E0401)
iMC VCM 7.2 (E0402)
iMC VFM 7.2 (E0403)
iNode
versio
n
iNode PC 7.2 (E0401)
Web
versio
n
None
OAA
versio
n
None
To display version information for the system software and Boot ROM of 5900/5920:
<HPE> display version
HPE Comware Software, Version 7.1.045, Release 2432P01
------- Note
Copyright (c) 2010-2017 Hewlett-Packard Development Company, L.P.
HPE 5900AF-48XG-4QSFP+ Switch uptime is 0 weeks, 0 days, 20 hours, 54 minutes
Last reboot reason : USER reboot
Boot image: flash:/5900_5920-cmw710-boot-r2432p01.bin
Boot image version: 7.1.045, Release 2432P01
Compiled Jan 04 2017 16:00:00
System image: flash:/5900_5920-cmw710-system-r2432p01.bin
System image version: 7.1.045, Release 2432P01
Compiled Jan 04 2017 16:00:00
Slot 1:
Uptime is 0 weeks,0 days,20 hours,54 minutes
5900AF-48XG-4QSFP+ Switch with 2 Processors
BOARD TYPE:
5900AF-48XG-4QSFP+ Switch
DRAM:
1024M bytes
FLASH:
512M bytes
PCB 1 Version:
VER.A
31
Bootrom Version:
155
CPLD 1 Version:
002
CPLD 2 Version:
002
Release Version:
HPE 5900AF-48XG-4QSFP+ Switch-2432P01
Patch Version
None
Reboot Cause
:
:
------ Note
UserReboot
[SubSlot 0] 48SFP Plus+4QSFP Plus
ISSU compatibility list
Table 3 ISSU compatibility list
Current version
Earlier version
Compatibility
5900_5920-CMW710-R2432P01
5900_5920-CMW710-R2432
YES
5900_5920-CMW710-F2431
YES
5900_5920-CMW710-F2430
YES
5900_5920-CMW710-F2429
YES
5900_5920-CMW710-F2428
YES
5900_5920-CMW710-F2427
YES
5900_5920-CMW710-F2426
YES
5900_5920-CMW710-F2424
YES
5900_5920-CMW710-R2423
YES
5900_5920-CMW710-R2422P02
YES
5900_5920-CMW710-R2422P01
YES
5900_5920-CMW710-R2422
YES
5900_5920-CMW710-F2421
YES
5900_5920-CMW710-R2418P06
YES
5900_5920-CMW710-R2418P01
YES
5900_5920-CMW710-R2416
YES
Upgrading restrictions and guidelines
•
FC/FCoE traffic is interrupted during an ISSU (ISSU reboot) from R2310 or before to R2311.
•
When you use ISSU to upgrade the software from R2307 to this version for a switch that
supports FC interfaces, the mode of the FC interfaces changes from Auto to F after the ISSU
reboot.
•
To use ISSU to upgrade the software to this version after ISIS is configured on a switch running
R2307, you must save the ISIS configuration first and use the ISSU reboot method.
•
Do not use ISSU to roll back R2308P01 or later versions to R2307. Otherwise, the switch fails.
•
If you want to use the issu command to upgrade the software from R2207 to R2208 or later, you
must first load the R2207H01 patch on R2207 and then execute the issu command to upgrade
the software. This requirement is not available if you use the boot-loader command or use the
BootRom menu to upgrade the software.
32
•
Use the boot-loader command or the BootRom menu to upgrade the software from 22XX to
23XX, rather than using the issu command.
Hardware feature updates
R2432P01
None.
R2432
None.
F2431
None.
F2430
None.
F2429
None.
F2428
None.
F2427
The HPE X130 10G SFP+ LC LH80 tunable Transceiver.
F2426
None.
F2424
None.
R2423
None.
33
R2422P02
None.
R2422P01
None.
R2422
None.
F2421
The HPE 5900_5920 switch supports the Mellanox 655874-B21 QSFP+ to SFP+ adapters.
F2420
None.
R2418P06
None.
R2418P01
Added support for the following modules:
•
H6Z42A.
•
Support SFP+ AOC.
•
Support QSFP+ AOC.
E2415
None.
R2311P06
Added support for the following modules:
•
SFP+ AOC module.
R2311P05
None.
34
R2311P04
None.
R2311P03
None.
R2311P02
None.
R2311P01
None.
R2311
Added support for the following modules:
•
HPE X180 10G SFP+ LC LH 80km 1538.19nm DWDM Transceiver.
•
HPE X180 10G SFP+ LC LH 80km 1537.40nm DWDM Transceiver.
R2310
Supports the following switches:
•
5900AF-48XGT-4QSFP+ TAA
•
5900AF-48G-4XG-2QSFP+ TAA
•
5900CP-48XG-4QSFP+ TAA
R2308P01
None.
R2307
Added support for identifying SFP-FC-8G-LW-SM1310 (AW584A) modules.
Added support for 300W Power modules.
Supports the following switches:
•
HPE FF 5900CP-48XG-4QSFP+ Switch
•
HPE 5900CP-48XG-4QSFP+ 8Gb FC B-F Switch
35
E2306
None.
E2305
None.
F2210
None.
R2209
None.
R2208P01
Support HPE 5900AF-48XGT-4QSFP+ switch.
R2208
This release supports the following switches:
•
HPE 5900AF-48XG-4QSFP+ TAA
•
HPE 5920AF-24XG TAA
•
5900AF-48G-4XG-2QSFP+
R2207
None
E2206P02
None
E2206
None
R2108P03
None
36
R2108P02
None
R2108P01
None
R2108
None
E2107
None
Software feature and command updates
For more information about the software feature and command update history, see HPE
5900_5920-CMW710-R2432P01 Release Notes (Software Feature Changes).
MIB updates
Table 4 MIB updates
Item
MIB file
Module
Description
5900_5920-CMW710-R2432P01
New
None
None
None
Modified
None
None
None
None
None
5900_5920-CMW710-R2432
New
None
Modified
hh3cProcessTable
Modified
Modified
hh3c-entity-ext.mib
HH3C-ENTITY-EXT-MIB
hh3cEntityExtPowerPh
ysicalIndex
hh3cEntityExtNominal
Powerhh3cEntityExtCu
rrentPower
5900_5920-CMW710-F2431
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-F2430
New
hh3c-ifqos2.mib
HH3C-IFQOS2-MIB
37
Added
hh3cIfQoSHardwareQu
Item
MIB file
Module
Description
eueRunInfoTable
Modified
None
None
None
5900_5920-CMW710-F2429
New
None
None
None
Modified
None
None
None
None
None
5900_5920-CMW710-F2428
New
None
Modified
Modified
ieee8021-spb.mib
IEEE8021-SPB-MIB
ieee8021SpbEctStatic
Table
5900_5920-CMW710-F2427
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-F2426
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-F2424
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-R2423
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-R2422P02
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-R2422P01
New
None
None
None
Modified
None
None
None
None
None
5900_5920-CMW710-R2422
New
None
Modified
Modified
ieee8021-secy.mib
IEEE8021-SECY-MIB
secyTXSATable
rfc2233-if.mib
IF-MIB
Modified
ifTable
5900_5920-CMW710-F2421
Added
New
ieee8021-secy.mib
IEEE8021-SECY-MIB
IEEE8021-SECY-MIB
ieee8021x-pae.mib
IEEE8021X-PAE-MIB
Added
hh3c-macsec.mib
HH3C-MACSEC-MIB
IEEE8021X-PAE-MIB
Added
38
Item
MIB file
Module
Description
hh3cMACsecCFGPort
Table
Modified
None
None
None
5900_5920-CMW710-F2420
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-R2418P06
Added
New
hh3c-common-system.mib
HH3C-COMMON-SYSTEM-MIB
rfc4044-fc-mgmt.mib
FC-MGMT-MIB
hh3cSystemWorkingM
ode
hh3cSystemWorkingM
odeTable
Added
fcmPortErrorsTable
Modified
None
None
None
5900_5920-CMW710-R2418P01
Added
hh3cFlhHCSize
New
hh3c-flash-man.mib
HH3C-FLASH-MAN-MIB
hh3cFlhPartHCSpace
hh3cFlhPartHCSpaceF
ree
hh3cFlhFileHCSize
Modified
None
None
None
5900_5920-CMW710-R2416
New
hh3c-stack.mib
HH3C-STACK-MIB
Added
hh3cStackDomainId
Modified
None
None
None
hh3c-multicast-snooping.mi
b
HH3C-MULTICAST-SNOOPING
-MIB
Added
HH3C-MULTICAST-S
NOOPING-MIB
hh3c-splat-igsp.mib
HH3C-LswIGSP-MIB
Added
hh3cLswIgmpsnooping
MibObject
None
None
None
5900_5920-CMW710-E2415
New
Modified
5900_5920-CMW710-R2311P06
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-R2311P05
New
None
None
None
Modified
None
None
None
HH3C-STACK-MIB
Added
5900_5920-CMW710-R2311P04
New
hh3c-stack.mib
39
Item
MIB file
Module
Description
hh3cStackDomainId
Modified
None
None
None
None
None
5900_5920-CMW710-R2311P03
New
None
isisCircLevelHelloMu
ltiplier change “Range
Modified
rfc4444-isis.mib
ISIS-MIB (for TRILL)
from 2 to 100” to
“Range from 2 to 100”.
isisCircLevelHelloTime
rchange “Range from
3000” to “Range from
1000”.
5900_5920-CMW710-R2311P02
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-R2311P01
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-R2311
New
Modified
hh3c-mpm.mib
HH3C-MPM-MIB
hh3c-splat-igsp.mib
HH3C-LswIGSP-MIB
rfc1213.mib
RFC1213-MIB
hh3c-lsw-dev-adm.mib
HH3C-LSW-DEV-ADM-MIB
For detailed
information, see <
Comware V7
S5820V2&S5830V2&H
P6125XLG MIB
Companion(R2311).do
cx>
For detailed
information, see <
Comware V7
S5820V2&S5830V2&H
P6125XLG MIB
Companion(R2311).do
cx>
5900_5920-CMW710-R2310
New
Modified
None
None
hh3c-trap.mib
HH3C-TRAP-MIB
lldp-ext-dot1-v2.mib
LLDP-EXT-DOT1-V2-MIB
hh3c-entity-ext.mib
HH3C-ENTITY-EXT-MIB
hh3c-lsw-dev-adm.mib
HH3C-LSW-DEV-ADM-MIB
None
For detailed
information, see <
Comware V7
S5820V2&S5830V2&H
P6125XLG MIB
Companion(R2310).do
cx>
5900_5920-CMW710-R2308P01
New
Modified
None
None
hh3c-config-man.mib
HH3C-CONFIG-MAN-MIB
lldp-ext-dot1-v2.mib
LLDP-EXT-DOT1-V2-MIB
hh3c-entity-ext.mib
HH3C-ENTITY-EXT-MIB
40
None
For detailed
information, see <
Comware V7
S5820V2&S5830V2&H
P6125XLG MIB
Companion(R2308P01
Item
MIB file
Module
Description
).docx>
5900_5920-CMW710-R2307
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-E2306
New
lldp-ext-dot1-evb-extensions
.mib
LLDP-EXT-DOT1-EVB-EXTENSI
ONS-MIB
ieee8021-evb.mib
IEEE8021-EVB-MIB
hh3c-evb.mib
HH3C-EVB-MIB
hh3c-fdmi.mib
HH3C-FDMI-MIB
hh3c-fc-flogin.mib
HH3C-FC-FLOGIN-MIB
hh3c-fc-ping.mib
HH3C-FC-PING-MIB
hh3c-fc-trace-route.mib
HH3C-FC-TRACE-ROUTE-MIB
hh3c-fcoe-mode.mib
HH3C-FCOE-MODE-MIB
hh3c-npv.mib
HH3C-NPV-MIB
hh3c-vsan.mib
HH3C-VSAN-MIB
hh3c-common-system.mib
rfc2925-disman-ping.mib
Modified
hh3c-splat-inf.mib
hh3c-lsw-dev-adm.mib
rfc4747-t11-fc-virtual-fabric.
mib
HH3C-COMMON-SYSTEM-MIB
DISMAN-PING-MIB
HH3C-LswINF-MIB
HH3C-LSW-DEV-ADM-MIB
T11-FC-VIRTUAL-FABRIC-MIB
For detailed
information, see <
Comware V7
S5820V2&S5830V2&H
P6125XLG MIB
Companion(E2306).do
cx>
For detailed
information, see <
Comware V7
S5820V2&S5830V2&H
P6125XLG MIB
Companion(E2306).do
cx>
5900_5920-CMW710-E2305
New
rfc4382-mpls-l3vpn-std.mib
MPLS-L3VPN-STD-MIB
hh3c-ifqos2.mib
HH3C-IFQOS2-MIB
rfc2819-rmon.mib
RMON-MIB
rfc4502-rmon.mib
RMON2-MIB
hh3c-rmon-ext2.mib
HH3C-RMON-EXT2-MIB
hh3c-mirrorgroup.mib
HH3C-MIRRORGROUP-MIB
hh3c-ui-man.mib
HH3C-UI-MAN-MIB
rfc4444-isis.mib
ISIS-MIB
hh3c-trng2.mib
HH3C-TRNG2-MIB
rfc3635-EtherLike.mib
EtherLike-MIB
rfc4836-mau.mib
MAU-MIB
rfc2465-ipv6.mib
IPV6-MIB
rfc2452-ipv6-tcp.mib
IPV6-TCP-MIB
rfc2454-ipv6-udp.mib
IPV6-UDP-MIB
rfc2466-ipv6-icmp.mib
IPV6-ICMP-MIB
hh3c-ipv6-address.mib
HH3C-IPV6-ADDRESS-MIB
rfc2925-disman-ping.mib
DISMAN-PING-MIB
rfc2787-vrrp.mib
VRRP-MIB
hh3c-dns.mib
HH3C-DNS-MIB
hh3c-ssh.mib
HH3C-SSH-MIB
rfc2933-igmp-std.mib
IGMP-STD-MIB
hh3c-evc.mib
HH3C-EVC-MIB
41
For detailed
information, see
<Comware V7
S5820V2&S5830V2
MIB
Companion(E2305).do
cx>
Item
MIB file
Module
Description
hh3c-arp-ratelimit.mib
HH3C-ARP-RATELIMIT-MIB
hh3c-infocenter.mib
HH3C-INFO-CENTER-MIB
hh3c-ike-monitor.mib
HH3C-IKE-MONITOR-MIB
hh3c-ipsec-monitor-v2.mib
lldp-v2.mib
HH3C-IPSEC-MONITOR-V2-MI
B
lldp-ext-dot1-v2.mib
LLDP-V2-MIB
lldp-ext-dot3-v2.mib
LLDP-EXT-DOT1-V2-MIB
rfc2620-radius-acc-client.mi
b
LLDP-EXT-DOT3-V2-MIB
rfc2618-radius-auth-client.m
ib
RADIUS-AUTH-CLIENT-MIB
hh3c-domain.mib
HH3C-RADIUS-MIB
hh3c-radius.mib
HH3C-USER-MIB
hh3c-user.mib
HH3C-QOS-CAPABILITY-MIB
hh3c-qos-capability.mib
IEEE8021-SPB-MIB
ieee8021-spb.mib
HH3C-SPB-MIB
RADIUS-ACC-CLIENT-MIB
HH3C-DOMAIN-MIB
hh3c-spb.mib
Modified
rfc3413-snmp-notification.mi
b
SNMP-NOTIFICATION-MIB
lldp-ext-med.mib
HH3C-SYS-MAN-MIB
hh3c-sys-man.mib
HH3C-FLASH-MAN-MIB
hh3c-flash-man.mib
HH3C-IFQOS2-MIB
hh3c-ifqos2.mib
HH3C-ACL-MIB
hh3c-acl.mib
HH3C-CONFIG-MAN-MIB
hh3c-config-man.mib
LLDP-EXT-MED-MIB
lldp-ext-med.mib
LLDP-MIB
lldp.mib
RIPv2-MIB
rfc1724-rip.mib
HH3C-IP-ADDRESS-MIB
hh3c-ip-address.mib
RFC1213-MIB
rfc1213.mib
RMON-MIB
rfc2819-rmon.mib
RMON2-MIB
rfc4502-rmon.mib
HH3C-LswVLAN-MIB
hh3c-splat-vlan.mib
HH3C-STACK-MIB
hh3c-stack.mib
IF-MIB
rfc2233-if.mib
HH3C-TRNG2-MIB
hh3c-trng2.mib
HH3C-LswINF-MIB
hh3c-splat-inf.mib
LLDP-EXT-DOT1-MIB
lldp-ext-dot1.mib
HH3C-NQA-MIB
hh3c-nqa.mib
HH3C-COMMON-SYSTEM-MIB
hh3c-common-system.mib
hh3c-transceiver-info.mib
HH3C-TRANSCEIVER-INFO-MI
B
hh3c-lsw-dev-adm.mib
HH3C-LSW-DEV-ADM-MIB
rfc2096-ip-forward.mib
IP-FORWARD-MIB
rfc3415-snmp-vacm.mib
SNMP-VIEW-BASED-ACM-MIB
LLDP-EXT-MED-MIB
For detailed
information, see
<Comware V7
S5820V2&S5830V2
MIB
Companion(E2305).do
cx>
5900_5920-CMW710-F2210
New
None
None
42
None
Item
MIB file
Module
Description
Modified
None
None
None
5900_5920-CMW710-R2209
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-R2208P01
New
rfc1213.mib
RFC1213-MIB
Added sysObjectID in
system Group of
RFC1213-MIB.
Modified
None
None
None
5900_5920-CMW710-R2208
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-R2207
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-E2206P02
New
None
None
None
Modified
None
None
None
5900_5920-CMW710-E2206
New
hh3c-ip-address.mib
HH3C-IP-ADDRESS-MIB
hh3c-splat-inf.mib
HH3C-LswINF-MIB
hh3c-splat-mam.mib
HH3C-LswMAM-MIB
rfc2674-qbridge.mib
Q-BRIDGE-MIB
hh3c-lag.mib
HH3C-LAG-MIB
ieee8023-lag.mib
IEEE8023-LAG-MIB
rfc1493-bridge.mib
BRIDGE-MIB
rfc2674-pbridge.mib
P-BRIDGE-MIB
hh3c-storm-constrain.mib
hh3c-if-ext.mib
HH3C-STORM-CONSTRAIN-MI
B
hh3c-splat-mstp.mib
HH3C-IF-EXT-MIB
hh3c-splat-devm.mib
HH3C-LswMSTP-MIB
hh3c-flash-man.mib
HH3C-LswDEVM-MIB
hh3c-common-system.mib
HH3C-FLASH-MAN-MIB
hh3c-splat-mix.mib
HH3C-COMMON-SYSTEM-MIB
hh3c-lsw-dev-adm.mib
HH3C-LswMix-MIB
hh3c-transceiver-info.mib
HH3C-LSW-DEV-ADM-MIB
rfc4273-bgp4.mib
hh3c-splat-vlan.mib
HH3C-TRANSCEIVER-INFO-MI
B
hh3c-mac-information.mib
BGP4-MIB
hh3c-dldp2.mib
HH3C-LswVLAN-MIB
hh3c-lpbkdt.mib
HH3C-MAC-INFORMATION-MIB
rfc2096-ip-forward.mib
HH3C-DLDP2-MIB
hh3c-sys-man.mib
HH3C-LPBKDT-MIB
43
For detailed
information, see
<Comware V7
S5820V2&S5830V2
MIB Companion
V1.01(E2206)>
Item
MIB file
Module
rfc4750-ospf.mib
IP-FORWARD-MIB
rfc4750-ospf-trap.mib
HH3C-SYS-MAN-MIB
rfc4022-tcp.mib
OSPF-MIB
rfc4113-udp.mib
OSPF-TRAP-MIB
rfc4044-fc-mgmt.mib
TCP-MIB
rfc4747-t11-fc-virtual-fabric.
mib
UDP-MIB
rfc4936-t11-fc-zone-server.
mib
T11-FC-VIRTUAL-FABRIC-MIB
hh3c-acl.mib
rfc4878-dot3-oam.mib
ieee8021-cfm.mib
ieee8021-cfm-v2.mib
hh3c-trap.mib
hh3c-ntp.mib
rfc4438-t11-fc-name-server.
mib
Description
FC-MGMT-MIB
T11-FC-ZONE-SERVER-MIB
HH3C-ACL-MIB
DOT3-OAM-MIB
IEEE8021-CFM-MIB
IEEE8021-CFM-V2-MIB
HH3C-TRAP-MIB
HH3C-NTP-MIB
T11-FC-NAME-SERVER
rfc4625-t11-fc-route.mib
T11-FC-ROUTE-MIB
hh3c-fcoe.mib
HH3C-FCOE-MIB
Added
ipNetToMediaTable,at
Table, interfaces
Group, ipRouteTable,
icmp Group in
RFC1213-MIB.
Added tcpConnTable in
tcp Group, udpTable in
udp Group of
RFC1213-MIB.
rfc1213.mib
Modified
rfc2233-if.mib
lldp-ext-med.mib
hh3c-splat-mam.mib
RFC1213-MIB
LLDP-EXT-MED-MIB
IF-MIB
H3C-LswMAM-MIB
Supported Notification
Modified description of
ipRoutingDiscards,
ipForwarding,
ipDefaultTTL,
ipInDelivers,
ipOutRequests,
ipReasmTimeout,
ipReasmReqds,
ipReasmOKs,
ipFragOKs,
ipFragCreates in ip
Group of
RFC1213-MIB.
Modified description of
tcpRtoAlgorithm,
tcpRtoMin, tcpRtoMax,
tcpMaxConn,
tcpActiveOpens,
tcpPassiveOpens,
tcpAttemptFails,
tcpEstabResets,
tcpCurrEstab,
tcpRetransSegs in tcp
Group of
RFC1213-MIB.
Modified
44
Item
MIB file
Module
Description
lldpXMedLocLocationT
able in
LLDP-EXT-MED-MIB.
Modified description of
ifDescr,
ifPromiscuousMode in
IF-MIB.
Modified description of
hh3cdot1qTpFdbSetOp
erate in
H3C-LswMAM-MIB.
Deleted
hh3cEntityExtMemAllo
catedFailed,
hh3cEntityExtECCParit
yAlarm,
hh3cMasterPowerNor
mal,
hh3cMasterPowerNor
mal,
hh3cBackBoardModeS
etFuilure,
hh3cBackBoardModeS
etOK in Supported
Notification.
Modified description of
hh3cBoardTemperatur
eLower,
hh3cBoardTemperatur
eFromLowerToNormal,
hh3cBoardTemperatur
eHigher,
hh3cBoardTemperatur
eFormHigherToNormal
,
hh3cEntityExtCritLower
TempThresholdNotifica
tion,
hh3cEntityExtTemperat
ureTooLow in
Supported Notification.
5900_5920-CMW710-R2108P03
New
None
None
None
Modified
None
None
None
None
None
5900_5920-CMW710-R2108P02
New
None
Modify the description
of MIB node
“sysObjectID”
Modified
rfc1213.mib
RFC1213-MIB
45
For detailed
information, see
<Comware V7
S5820V2&S5830V2
MIB
Companion(V0.10)>
Item
MIB file
Module
Description
5900_5920-CMW710-R2108P01
New
Modified
rfc1493-bridge.mib
BRIDGE-MIB
rfc2674-pbridge.mib
P-BRIDGE-MIB
rfc2674-qbridge.mib
Q-BRIDGE-MIB
hh3c-splat-inf.mib
HH3C-LswINF-MIB
hh3c-splat-vlan.mib
HH3C-LswVLAN-MIB
hh3c-sys-man.mib
HH3C-SYS-MAN-MIB
hh3c-ip-address.mib
HH3C-IP-ADDRESS-MIB
hh3c-mac-information.mib
HH3C-MAC-INFORMATION-MIB
hh3c-splat-devm.mib
HH3C-LswDEVM-MIB
hh3c-splat-mam.mib
HH3C-LswMAM-MIB
hh3c-splat-mstp.mib
HH3C-LswMSTP-MIB
ieee8023-lag.mib
IEEE8023-LAG-MIB
hh3c-flash-man.mib
HH3C-FLASH-MAN-MIB
rfc2013-udp.mib
UDP-MIB
rfc4022-tcp-mib.mib
TCP-MIB
rfc2925-disman-ping.mib
DISMAN-PING-MIB
rfc1213.mib
RFC1213-MIB
For detailed
information, see
<Comware V7
S5820V2&S5830V2
MIB
Companion(V0.10)>
Added "Address
Translation
Group","ICMP Group","
ARP MIB", "
tcpConnTable",
"udpTable".
Modified Description for
Scalar objects of tcp
Group.
5900_5920-CMW710-R2108
New
First release
First release
First release
Modified
First release
First release
First release
5900_5920-CMW710-E2107
New
Controlled release
Controlled release
Controlled release
Modified
Controlled release
Controlled release
Controlled release
Operation changes
Operation changes in R2432P01
None.
Operation changes in R2432
•
Added support for domain name separators forward slashes (/) and back slashes (\).
Before modification: When a user logs in to the device by using Telnet, SSH, or FTP, forward
slashes (/) and back slashes (\) cannot be used as domain name separators.
46
After modification: When a user logs in to the device by using Telnet, SSH, or FTP, forward
slashes (/) and back slashes (\) can be used as domain name separators.
•
Added response of IBGP to interface down events.
Before modification: If an IBGP neighbor relationship is established through a
directly-connected interface and the peer connect-interface command is used to specify a
source interface or source address for establishing TCP connections to a peer or peer group,
when the corresponding interface (a non-loopback interface) goes down, BGP must wait for the
hold timer to expire before disconnecting the neighbor relationship. Before the neighbor
relationship is disconnected, route blackholes will appear.
After modification: If an IBGP neighbor relationship is established through a directly-connected
interface and the peer connect-interface command is used to specify a source interface or
source address for establishing TCP connections to a peer or peer group, when the
corresponding interface (a non-loopback interface) goes down, BGP immediately disconnects
the neighbor relationship. This implementation accelerates route convergence.
•
•
Added support for connecting member ports of two local Layer 3 dynamic aggregate interfaces.

Before modification: If two Layer 3 Ethernet interfaces on the device are assigned to
different dynamic aggregation groups, the interfaces cannot be Selected when they are
connected.

After modification: If two Layer 3 Ethernet interfaces on the device are assigned to different
dynamic aggregation groups, the interfaces can be Selected when they are connected.
Added support for configuring the MAC address for a Layer 3 Ethernet subinterface or Layer 3
aggregate subinterface.
Before modification: You cannot configure the MAC address for a Layer 3 Ethernet subinterface
or Layer 3 aggregate subinterface.
After modification: You can configure the MAC address for a Layer 3 Ethernet subinterface or
Layer 3 aggregate subinterface.
•
Added the feature of service chain entry merging to resolve the problem of insufficient EFP ACL
resources.
Before modification: This feature is not supported.
After modification: This feature is supported. A service chain can be assigned only one EFP
ACL.
•
Changed the value of "Input interface" field for outgoing unicast packets sampled by sFlow.
Before modification: This field displays N/A.
After modification: This field displays the name of the input interface.
•
Added the support for deploying an extensibility flow entry with match field VLAN ID 0000 and
action push vlan.
Before modification: The extensibility flow entry cannot be deployed.
After modification: The extensibility flow entry can be deployed.
Operation changes in F2431
•
Added accounting for discarded packets on FC interfaces.
Before modification: Accounting for discarded packets on FC interfaces is not supported.
After modification: Accounting for discarded packets on FC interfaces is supported.
•
Modified the method for assigning FIPS NORMAL ACLs to aggregate interfaces.
Before modification: The device assigns FIPS NORMAL ACLs to aggregate interfaces on a
per-member-port basis.
After modification: The device assigns FIPS NORMAL ACLs to aggregate interfaces on a
per-aggregation-group basis.
47
Operation changes in F2430
•
Logging of reboots triggered by watch dog timer expiration
This release added logging of reboots triggered by watch dog timer expiration. Error information
is recorded after the system is rebooted for expiration of the watch dog timer.
Operation changes in F2429
•
Added support for NSR after MDT is configured for BGP
Before modification, NSR is not supported after MDT is configured for BGP.
After modification, NSR is supported after MDT is configured for BGP.
Operation changes in F2428
•
Added support of NETCONF for the ospf bfd enable command
Before modification, NETCONF does not support the ospf bfd enable command.
After modification, NETCONF supports the ospf bfd enable command.
•
Modified the default of endless loop detection
Before modification, endless loop detection is disabled by default.
After modification, endless loop detection is enabled by default.
•
Modified the LLDP aggregation port ID index carried by an aggregation group member port
Before modification, the LLDP aggregation port ID index carried by an aggregation group
member port is the ifindex of the port.
After modification, the LLDP aggregation port ID index carried by an aggregation group
member port is the ifindex of the aggregate interface.
•
Modified the maximum number of static multicast MAC address entries
Before modification, the maximum number of static MAC address entries is 256.
After modification, the maximum number of static MAC address entries is 4096.
•
Modified the forwarding method for traffic matching two flow tables
Before modification, if packets match both OpenFlow table 0 and table 1, and table 1 is
ineffective, the switch forwards the packets by using table 0.
After modification, if packets match both OpenFlow table 0 and table 1, and table 1 is
ineffective, the switch forwards the packets by using table 1.
•
Modified the names and transfer distance for three transceiver modules in the MIB
The names of transceiver modules SFP-GE-LH70-SM1550, SFP-GE-LH70-SM1550-D, and
HPE X125 1G SFP LC LH70 Transceiver were changed to SFP-GE-LH80-SM1550,
SFP-GE-LH80-SM1550-D, and HPE X125 1G SFP LC LH80 Transceiver. The value of the
Transfer Distance(km) field for these transceiver modules was changed from 70(SMF) to
80(SMF).
Operation changes in F2427
•
Added syslog messages for OSPF configuration conflicts
Added the following syslog messages for reporting OSPF configuration conflicts:

OSPF [UINT16] Received newer self-originated network-LSAs. Possible conflict of IP
address [IPADDR] in area [STRING] on interface [STRING].
48

OSPF [UINT16] Received newer self-originated router-LSAs. Possible conflict of router ID
[STRING] in area [STRING].

OSPF [UINT16] Received newer self-originated ase-LSAs. Possible conflict of router ID
[STRING].

OSPF [UINT16] Duplicate router ID [STRING] on interface [STRING], sourced from IP
address [IPADDR].
Operation changes in F2426
•
The maximum number of secondary IP addresses supported on an interface was changed from
64 to 1024.
Operation changes in F2424
•
Added the unit pps to the car command
Before modification, you can configure the CIR and PIR only in kbps in the car command.
After modification, you can configure the CIR and PIR in kbps or pps in the car command.
•
Increased the length of error packets that a controller can capture
Before modification, a controller can capture error packets with the length of 64 bytes.
After modification, a controller can capture error packets with the length of 128 bytes.
Operation changes in R2423
•
Changed the fan speed adjustment policy when the direction of the fan is different from the
direction configured by using the fan prefer-direction command
Before modification, the fan is started at full speed, with a large noise.
After modification, the fan speed is adjusted based on the temperature.
Operation changes in R2422P02
None.
Operation changes in R2422P01
None.
Operation changes in R2422
•
Added the DSCP priority field to OpenFlow and NETCONF protocol packets before sending
them.
Before modification, these packets do not carry the DSCP priority field.
After modification, these packets carry the DSCP priority field.
•
Added the auto restart feature in high temperature environments.
Added the auto restart feature for the switch to restart repeatedly to protect the hardware when
the temperature of the switch reaches the upper limit.
49
Operation changes in F2421
•
Modified the value of the VRF field in the information obtained through the GET/GET-BULK
operation for the BGP Netconf SessionCounts table.
Before modification, the VRF field displays the number of VRF sessions for both public and
private networks.
After modification, the VRF field displays the number of VRF sessions for the public network.
•
Added statistics for the meter action in an OpenFlow instance.
Before modification, the meter action rate-limits normal data packets.
After modification, the meter action rate-limits normal data packets and collects statistics about
forwarded packets and dropped packets.
•
Added check for outbound traffic forwarding on an interface.
Before modification, check for outbound traffic forwarding on an interface is not supported.
After modification, check for outbound traffic forwarding on an interface is supported. When
outbound traffic forwarding is not operating correctly, the system displays logs.
Operation changes in F2420
•
Change to the return value for a multi-part request sent by a port that is not in an OpenFlow
instance.
Before modification, the return value is port error.
After modification, the return value is bad queue error.
•
Increased the maximum number of Layer 3 subinterfaces supported by a port from 512 to
1024 .
•
Increased the maximum number of syslog servers that can be configured on a switch from 4 to
20.
•
Added support for processing broadcast ARP requests.
Before modification, the switch does not support broadcast ARP requests.
After modification, the switch supports broadcast ARP requests.
•
Change to the default rate limits for OSPF protocol packets in hardware, software, and CPU
queues.
Before modification, the default rate limits for OSPF protocol packets are as follows:

Hardware: 256 kbps.

Software: 100 pps.

CPU queue: 200 pps.
After modification, , the default rate limits for OSPF protocol packets are as follows:
•

Hardware: 1 Mbps.

Software: 1000 pps.

CPU queue: 2000 pps.
Added the output from the following commands to the display diagnostic-information
command output.

display qos policy user-defined.

display lldp local-information interface.

display lldp tlv-config interface.

display qos map-table dot1p-lp.
50
•
•
•

display fc login.

display npv login.

display npv status.

display fcs data.

display fc name-service database.

display fc domain.

display fc domain-list.

display vsan port-member.
Added the following functions to NETCONF:

Network querying and summary route querying for BGP.

Routing policy.
Added support for tunnel interfaces to OpenFlow:

Before modification, flow entries do not support tunnel interfaces.

After modification, flow entries support tunnel interfaces.
Added support for the mac-address static source-check enable command in Layer 2
aggregate interface view and Layer 3 aggregate interface view.
Operation changes in R2418P06
•
Added check for outbound traffic forwarding on an interface.
Before modification, check for outbound traffic forwarding on an interface is not supported.
After modification, check for outbound traffic forwarding on an interface is supported. When
outbound traffic forwarding is not operating correctly, the system displays logs.
Operation changes in R2418P01
•
Increased the maximum number of secondary VLANs that can be associated with a primary
VLAN from 96 to 256.
•
Change to the count of IfInDiscards for an IRF physical interface
Before modification, the value of dropped packets by blocking is collected.
After modification, the value of dropped packets by blocking is not collected.
Operation changes in R2416
•
Modified the Protection field in the display stp command output.
Before modification, the Protection field displays the protection type configured for an
interface.
After modification, the Protection field displays the active protection type on an interface.
•
A domain ID cannot contain letters
Before modification, when the domain ID is configured as 123abc in the configuration file and
the switch starts up with the configuration file, the domain ID is automatically parsed into 123. A
domain ID cannot be configured as 123abc at the CLI.
After modification, when a domain ID contains letters, it cannot be issued either in a
configuration file or at the CLI. A domain ID must meet the following requirements:

A domain ID supports 0 and positive decimal integers, and does not support negative
numbers.
51
•

A domain ID can start with multiple zeros, for example, 000123568.

The domain ID configuration command supports multiple spaces, for example, irf domain
333

The domain ID configuration command supports adding a plus sign before the domain ID,
for example, irf domain +333

A domain ID can be up to 4294967295. When you configure the irf domain 4294967296
command, the configuration fails and the domain ID will be set to the default value (0).
Change to the maximum number of Layer 3 aggregate subinterfaces on a Layer 3 aggregate
interface
Before modification, a Layer 3 aggregate interface can have up to 500 Layer 3 aggregate
subinterfaces.
After modification, a Layer 3 aggregate interface can have up to 50 Layer 3 aggregate
subinterfaces.
•
Change to the forwarding for packets with the destination MAC address 0180-c200-000e by
default
Before modification, packets with the destination MAC address 0180-c200-000e and the
protocol type 0x88cc are not forwarded by default.
After modification, packets with the destination MAC address 0180-c200-000e are not
forwarded by default, regardless of the protocol type.
Operation changes in E2415
None.
Operation changes in R2311P06
•
Increased the maximum number of secondary VLANs that can be associated with a private
VLAN from 96 to 256.
Before modification, there are 96 secondary VLANs can be associated with a private VLAN.
After modification, there are 256 secondary VLANs can be associated with a private VLAN.
•
Modified the implementation of OpenFlow flow table
Before modification, both packet-in messages and table-miss entries do not include meter
information.
After modification, both packet-in messages and table-miss entries can include meter
information.
•
Modified the way the TRILL MAC address is treated when the VLAN of a TRILL AVF changes
Before modification, when the VLAN of a TRILL AVF changes, the TRILL MAC address is
automatically deleted.
After modification, when the VLAN of a TRILL AVF changes, the TRILL MAC address is not
deleted.
Operation changes in R2311P05
•
Clearing the useless fields of zone merge packets
Before modification, some reserved fields of zone merge packets are set to random values
rather than cleared. These fields are useful in later versions. As a result, zone merge might fail
during interoperation with later versions.
52
After modification, the reserved fields in zone merge packets are cleared to ensure
interoperation with later versions.
•
Change to using the DHCPv6 client to obtain IPv6 addresses
Before modification, route prefixes cannot be obtained through RA messages.
After modification, route prefixes can be obtained through RA messages.
•
Enhanced the feature of establishing neighborship through LLDP
Before modification, LLDP cannot establish neighborship when both PSE and PD features are
set in the TLVs sent by the neighbor.
After modification, LLDP can establish neighborship when both PSE and PD features are set in
the TLVs sent by the neighbor.
•
Support of the OpenFlow apply action for issuing groups
Before modification, the OpenFlow apply action does not support issuing groups.
After modification, the OpenFlow apply action supports issuing groups.
•
Support of OpenFlow for adding and deleting flow entries with invalid buffer IDs
Before modification, when OpenFlow issues or deletes a flow entry, it checks the buffer ID
carried in the packet. If the buffer ID does not exist, OpenFlow does not add or delete the flow
entry, and it returns an error code.
After modification, when OpenFlow issues or deletes a flow entry, it checks the buffer ID carried
in the packet. If the buffer ID does not exist, OpenFlow continues to add or delete the flow entry,
and it prints a trace message.
Operation changes in R2311P04
•
Collecting statistics about packets that do not match flow entries in an OpenFlow network
Before modification, the number of replies to aggregate statistic multi-part requests does not
contain the number of packets that do not match flow entries.
After modification, the number of replies to aggregate statistic multi-part requests contains the
number of packets that do not match flow entries.
•
Collecting port statistics at a nanosecond-level interval in an OpenFlow network
Before modification, OpenFlow does not support collecting reply statistics for a port at a
nanosecond-level interval.
After modification, OpenFlow supports collecting reply statistics for a port at a
nanosecond-level interval.
•
Cancelling responding to OpenFlow multipart reply messages with blank messages
Before modification, the system responds to a multipart reply message with two messages. The
second message is blank, which indicates that the message ends.
After modification, the system does not respond to a multipart reply message with a blank
message.
•
Change to the response to the pop VLAN action in an OpenFlow network
Before modification, when a pop VLAN action is executed for packets that match flow entries
and do not have VLAN tags, the switch returns an OFPET_BAD_ACTION
OFPBAC_MATCH_INCONSISTENT error message.
After modification, when a pop VLAN action is executed for packets that match flow entries and
do not have VLAN tags, the switch returns an OFPBAC_BAD_TYPE message.
•
Returning error codes when the switch receives unsupported configuration sets in an
OpenFlow network
Before modification, when the switch receives unsupported configuration sets in an OpenFlow
network, the switch ignores them and does not return error codes to the controller.
53
After modification, when the switch receives unsupported configuration sets in an OpenFlow
network, the switch returns error codes to the controller.
•
Change to the processing when the packet out action is modified into the normal action in an
OpenFlow network
Before modification, when the packet out action is modified into the normal action, Layer 2
packets whose destination MAC address is not the MAC address of a local VLAN interface and
Layer 2 packets that do not match MAC address entries are dropped.
After modification, when the packet out action is modified into the normal action, Layer 2
packets whose destination MAC address is not the MAC address of a local VLAN interface and
Layer 2 packets that do not match MAC address entries are broadcast.
•
Change to the output for the startup self test on a switch in non-FIPS mode
Before modification, when the switch operates in non-FIPS mode, the following output appears
for the startup self test:
−
Cryptographic Algorithms Tests are running ...
−
Slot 1:
−
Starting Known-Answer tests in the user space.
−
Known-answer test for SHA1 passed.
−
Known-answer test for SHA224 passed.
−
Known-answer test for SHA256 passed.
−
Known-answer test for SHA384 passed.
−
Known-answer test for SHA512 passed.
−
Known-answer test for HMAC-SHA1 passed.
−
Known-answer test for HMAC-SHA224 passed.
−
Known-answer test for HMAC-SHA256 passed.
−
Known-answer test for HMAC-SHA384 passed.
−
Known-answer test for HMAC-SHA512 passed.
−
Known-answer test for AES passed.
−
Known-answer test for RSA(signature/verification) passed.
−
Pairwise conditional test for RSA(signature/verification) passed.
−
Pairwise conditional test for RSA(encrypt/decrypt) passed.
−
Pairwise conditional test for DSA(signature/verification) passed.
−
Pairwise conditional test for ECDSA(signature/verification) passed.
−
Known-answer test for DRBG passed.
−
Known-Answer tests in the user space passed.
−
Starting Known-Answer tests in the kernel.
−
Known-answer test for AES passed.
−
Known-answer test for SHA1 passed.
−
Known-answer test for HMAC-SHA1 passed.
−
Known-Answer tests in the kernel passed.
−
Cryptographic Algorithms Tests passed.
After modification, when the switch operates in non-FIPS mode, the following output appears
for the startup self test:
−
•
Cryptographic algorithms tests passed.
Change to the random number algorithm
54
Before modification, the randomness of random numbers generated by the random number
algorithm is low.
After modification, the randomness of random numbers generated by the random number
algorithm is high.
•
Change to the prompt message if the underlayer resources are insufficient when the ip verify
source command is used
Before modification, when the underlayer resources are insufficient, no message appears, a
user can obtain an IP address, but the user cannot access the network.
After modification, the following message appears when the underlayer resources are
insufficient.
−
•
Failed to add an IP source guard binding (IP 1.1.1.1, MAC 0001-0001-0001, and
VLAN 65535) on interface Vlan-interface1. Feature not supported.
Change to the maximum number of characters allowed in the system prompt
Before modification, the system prompt can contain up to 127 characters, and the exceeding
characters are truncated.
After modification, the system prompt can contain up to 360 characters.
•
A domain ID cannot contain letters
Before modification, when the domain ID is configured as 123abc in the configuration file and
the switch starts up with the configuration file, the domain ID is automatically parsed into 123. A
domain ID cannot be configured as 123abc at the CLI.
After modification, when a domain ID contains letters, it cannot be issued either in a
configuration file or at the CLI. A domain ID must meet the following requirements:
•

A domain ID supports 0 and positive decimal integers, and does not support negative
numbers.

A domain ID can start with multiple zeros, for example, 000123568.

The domain ID configuration command supports multiple spaces, for example, irf
domain 333

The domain ID configuration command supports adding a plus sign before the domain ID,
for example, irf domain +333

A domain ID can be up to 4294967295. When you configure the irf domain 4294967296
command, the configuration fails and the domain ID will be set to the default value (0).
Change to the output from the display OpenFlow instance command (PNR-11610)
Before modification, the output does not contain a colon after the Classification field, as
follows:
−
Classification VLAN, total VLANs(1)
After modification, the output contains a colon after the Classification field, as follows:
−
Classification: VLAN, total VLANs(1).
Operation changes in R2311P03
•
Added the bcm slot-number 0 show/c command to show MAC chip statistics in the output from
the display diagnostic-information command.
•
Added a requirement of configuring a multiport service loopback group by using
service-loopback group for multiport ARP:
Before modification, there is no need to configure a multiport service loopback group for
multiport ARP.
After modification, a multiport service loopback group must be configured to support multiport
ARP.
55
Operation changes in R2311P02
•
Change to management user login information:
Before modification, the system does not record login failure times for management users.
After modification, the system, if enabled with password control, displays the last login time, and
the number of login failure times between the last login and this login for a management user
that logs into the system.
•
Change to user authentication and login information:
Before modification, the system does not record information about authentication success,
authentication failure, login, and logout for users.
After modification, the system records information about authentication success, authentication
failure, login, and logout for users.
•
Change to FIPS log information:
Before modification, if the old password entered for password modification is incorrect, the
switch in FIP mode prompts a message but does not record the message.
After modification, if the old password entered for password modification is incorrect, the switch
in FIP mode prompts a message and records the message.
•
Change to the maximum number of IPv6 routes that have a prefix longer than 64 bits:
Before modification, the maximum number of IPv6 routes that have a prefix longer than 64 bits
is 128.
After modification, the maximum number of IPv6 routes that have a prefix longer than 64 bits is
256.
•
Change to MAC learning for LLDP:
Before modification, the switch learns the source MAC addresses of LLDP packets.
After modification, the switch does not learn the source MAC addresses of LLDP packets.
Operation changes in R2311P01
•
Change to SSH login banner information:
Before modification, the SSH login banner information is displayed in the sequence of
username, password, copyright, legal, motd, login, and shell.
After modification, the SSH login banner information is displayed in the sequence of username,
login, password, copyright, legal, motd, and shell.
•
Change to the number of MAC addresses that can be displayed:
Before modification, MAC addresses from the maximum number of preserved MAC addresses
plus 1 to the maximum number of preserved MAC addresses plus 41 cannot be displayed.
Preserved MAC addresses include the bridge MAC address and Layer 3 interfaces' MAC
addresses. Preserved MAC addresses are from the bridge MAC address to the bridge MAC
address plus n. The following shows the value of n on different switch models:

105 for 5900AF-48XG-4QSFP+/5900AF-48XG-4QSFP+ TAA/5900AF-48XGT-4QSFP+/FF
5900CP-48XG-4QSFP+ Switch/5900CP-48XG-4QSFP+ 8Gb FC B-F Switch

89 for 5900AF-48G-4XG-2QSFP+

65 for 5920AF-24XG/5920AF-24XG TAA
After modification, MAC addresses from the maximum number of preserved MAC addresses
plus 1 to the maximum number of preserved MAC addresses plus 41 can be displayed.
56
Operation changes in R2311
•
Change to BGP MED operation
Before modification, BGP considers a MED being 0 and a MED being empty are different
values. Routes with those MEDs cannot form ECMP routes.
After modification, BGP considers a MED being 0 and a MED being empty are the same value.
Routes with those MEDs can form ECMP routes.
•
Change to the maximum number of IRF physical ports in an IRF port
Before modification: Up to four physical ports can be bound to an IRF port.
After modification: Up to eight physical ports can be bound to an IRF port.
Operation changes in R2310
•
Added support for both Ctrl+D and Ctrl+C to quit automatic configuration:
Before modification, the command for quitting automatic configuration is Ctrl+C in R2210 and
before, and is Ctrl+D in R2307 and R2308P01.
After modification, both Ctrl+C and Ctrl+D for quitting automatic configuration are supported.
•
Changed the default transfer mode for the FTP client from ASCII to Binary.
•
Added support for carrying multiple values in the level attribute assigned by the login server:
Before modification, the level attribute assigned by the login server carries no or one value.
After modification, the level attribute assigned by the login server carries multiple values.
•
Changed ARP/ND learning method for private VLAN:
Before modification, ARP/ND entries are learned in the secondary VLAN.
After modification, ARP/ND entries are learned in the primary VLAN.
•
Changed ACL policy for OSPF:
Before modification, the system reserves 256 ACLs for OSPF that are used to identify OSPF
packets encapsulated in TRILL packets, regardless of whether TRILL is enabled.
After modification, the system does not reserve 256 ACLs for OSPF if TRILL is not enabled.
Operation changes in R2308P01
•
Change to the field sequence in the output from display commands.
Before modification: In the output from the display fc login vsan command, the Node WWN
field is displayed before the Port WWN field. In the output from the display npv login
command, the Port WWN field is displayed before the Node WWN field.
After modification: In the output from both the display fc login vsan command and the display
npv login command, the Node WWN field is displayed before the Port WWN field.
•
Modified the method for forwarding LLDP packets after LLDP is disabled globally in an
OpenFlow network
Before modification, LLDP packets are not sent to the controller through packet-in messages
after LLDP is disabled globally.
After modification, LLDP packets can be sent to the controller through packet-in messages after
LLDP is disabled globally.
57
Operation changes in R2307
•
Action changes for OAM down state
Before modification, if the physical layer of an interface that is in OAM down state goes down,
the flag for OAM down state is removed. After the physical layer of the interface goes up, the
OAM down state cannot be recovered. If the physical layer of an interface where an OAM
connection has been established goes down, the OAM down state is not set for the interface.
After modification, if the physical layer of an interface that is in OAM down state goes down, the
flag for OAM down state is kept. After the physical layer of the interface goes up, the interface is
still in OAM down state. If the physical layer of an interface where an OAM connection has been
established goes down, the OAM down state is set for the interface.
•
This version modifies the FC zone packet processing method according to the specifications.
As a result, the FC zone packets in version R2210 cannot interoperate with FC zone packets of
any earlier version.
Before modification:

In basic zone packets, the Zoning Object Type field values are as follows: Zone Set is 00.
Zone is 01. Zone Alias is 02.

In basic zone packets, the member type field values are as follows: N_Port_Name is 00.
N_Port_ID is 01. Alias Name is 02.
After modification:
•

In basic zone packets, the Zoning Object Type field values are as follows: Zone Set is 01.
Zone is 02. Zone Alias is 03.

In basic zone packets, the member type field values are as follows: N_Port_Name is 01.
N_Port_ID is 03. Alias Name is 04.
Changes to 802.1X/MAC authentication users per interface
Before modification, 802.1X authentication, MAC authentication, or port security supports a
maximum of 1024 concurrent users on an interface ;an interface card supports a maximum of
1024 secure MAC addresses.
After modification, 802.1X authentication, MAC authentication, or port security supports a
maximum of 2048 concurrent users on an interface ;an interface card supports a maximum of
2048 secure MAC addresses.
•
Display command response time
Before modification, most display commands have unacceptable interruption during
information output. This symptom is more evident when a question mark is input or a Tab is
pressed to complete a keyword.
After modification, this problem no longer exists.
•
PFC and flow-control
Before modification, priority-flow-control no-drop dot1p and flow-control commands can
both be issued.
After modification, priority-flow-control no-drop dot1p and flow-control commands cannot
be both issued.
•
Cancelling VN interface keepalive on FCF
Before modification, an FCF switch requires the VN interfaces of registered ENodes to send
keepalives every 90 seconds. The FCF switch removes a VN interface if no keepalives are
received from that VN interface within 2.5 × 90 seconds.
After modification, an FCF switch does not require the VN interfaces of registered ENodes to
send keepalives, but its NP ports still send keepalives to interoperate with devices from other
venders.
58
Operation changes in E2306
None.
Operation changes in E2305
•
Changed the hotkey for stopping DHCP AUTOCONF function from CTRL+C to CTRL+D.
•
Factory default changes for global spanning tree status
Before modification, spanning tree is globally disabled if the device starts up with factory
defaults.
After modification, the stp global enable command is added to the factory defaults. Spanning
tree is globally enabled if the device starts up with the factory defaults.
Operation changes in F2210
•
Flow control capability negotiation in the PHY chip
The versions before the modification do not support the flow control capability negotiation.
When flow control has been enabled with the flow-control command on an Ethernet interface,
the switch might fail to receive pause frames when congestion occurs on the Ethernet interface.
In the versions after the modification, flow control capability negotiation is enabled when the
flow-control command is configured, and flow control capability negotiation is disabled when
the undo flow-control command is configured.
•
Support for parity error check and recovery of the L3_ENTRY_ONLY, ING_L3_NEXT_HOP,
EGR_L3_NEXT_HOP, MPLS_ENTRY, VFP_POLICY_TABLE, and FP_POLICY_TABLE
entries.
Before modification, a parity error of these entries interrupts traffic forwarding.
After modification, when a parity error of these entries occurs, the correct value is restored, and
traffic forwarding is not interrupted.
•
Support for disabling password control in FIPS mode
Operation changes in R2209
•
Added support for negotiating pause capability on PHY chips.
Before modification, pause capability negotiation is not supported. No pause packets are sent
to the device when congestion occurs even if flow control is enabled.
After modification, enabling flow control also enables pause capability negotiation, and
disabling flow control also disables pause capability negotiation.
•
Added support for examining and restoring a parity error in the following entries:
L3_ENTRY_ONLY, ING_L3_NEXT_HOP, EGR_L3_NEXT_HOP, MPLS_ENTRY,
VFP_POLICY_TABLE, and FP_POLICY_TABLE.
Before modification, a parity error in the specified entries affects traffic forwarding.
After modification, a parity error in the specified entries is corrected automatically and does not
affect traffic forwarding.
Operation changes in R2208P01
None.
59
Operation changes in R2208
•
Added support for inserting a 10G module into a 10GE port and configuring the port rate as
1000 Mbps after the port goes up.
Operation changes in R2207
•
Changed the default state of the Telnet server from enabled to disabled.
•
Changed the default state of UDP ports 514 and 1812:
•
•

Before modification, if the switch starts up without loading a configuration file, UDP port 514
is always enabled for sending syslogs, and UDP port 1812 is always enabled for AAA
session control function.

After modification, if the switch starts up without loading a configuration file, UDP port 514 is
enabled only when syslogs are sent, and UDP port 1812 is enabled only when AAA session
control function is enabled.
Changed the display of control characters \r \n for syslogs on a log host

Before modification, the control characters \r \n in syslogs are displayed as characters on a
log host.

After modification, the control characters \r \n in syslogs are displayed as Enter or Space.
Changed the identification method for the privilege attributes issued by the TACACS server for
5900_5920 devices

Before modification, the device identifies the attributes "role=network-admin" or "role=
level-15" issued by the TACACS server as the administrator privileges.

After modification, the device identifies the attribute "privilege level=15" issued by the
TACACS server as the administrator privileges, and also support identification of
customized attributes.
Operation changes in E2206P02
None
Operation changes in E2206
•
Changed the value range for max-ecmp-num.
For 22xx releases, the max-ecmp-num ranges from 1 to 32.
For 21xx releases, the max-ecmp-num can be configured only as 8, 16, or 32.
After a downgrade from 22xx to 21xx, if the 21xx release does not support the max-ecmp-num
previously configured for 22xx, the max-ecmp-num is restored to the default value of 8 on the
switch.
•
Configuration changed for SSH users using public-key authentication
On 21xx releases, an SSH user using public-key authentication can log in to the switch without
needing to configure a corresponding local user.
On 22xx releases, an SSH user using public-key authentication must have a corresponding
local user configured and have right authorization assigned before the user can log in to the
switch.
60
Operation changes in R2108P03
None
Operation changes in R2108P02
None
Operation changes in R2108P01
None
Operation changes in R2108
This release provides a more secure way to enter passwords. Two keywords simple and cipher are
introduced. If the simple keyword is specified, you enter passwords in plain text. If the cipher
keyword is specified, you enter passwords in cipher text. If you have configured cipher text
passwords in earlier releases, you must configure them again in plain text because the release
upgrade cannot recover the cipher text passwords. They are displayed in cipher text in BuildRun.
Operation changes in E2107
None
Restrictions and cautions
•
PFC does not work on an IRF fabric where burst-mode is enabled, the traffic egress port
belongs to a 5920 switch, and the traffic ingress port belongs to another switch.
•
If more than 7 VSANs are configured on a 5900_5920 switch's VFC interface that connects to
HPE storage device, the 5900_5920 switch cannot establish a connection to HPE storage.
Use one of the following methods to avoid this problem:

Change the default VLAN on the FCoE port of HPE storage to a VLAN that is permitted by
the connected port on the 5900_5920 switch.

Change the configuration on 5900_5920 switch; configure one VSAN on the VFC interface
that connects to HPE storage device.
•
After the software is upgraded to R2311 from an old version, it cannot be downgraded to that
old version through ISSU.
•
Since version R2422, H3C switches cannot load HPE software, and HPE switches cannot load
H3C software.
•
On a 5920 switch, attack detection does not take effect on ICMP packets after the Burst feature
is enabled by using the burst-mode enable command.
61
Open problems and workarounds
LSV7D008033
•
Symptom: An SSH connection cannot be terminated by using the compound key CTRL+C or
CTRL+K.
•
Condition: This symptom occurs when you use the compound key CTRL+C or CTRL+K to
terminate a connection to the SSH server.
•
Workaround: None.
201509180260
•
Symptom: ARP information moves successfully between interfaces after the switch receives
RARP requests, but the MAC address move records displayed by using the display
mac-address mac-move command are incorrect.
•
Condition: This symptom might occur if the display mac-address mac-move command is
executed.
•
Workaround: None.
201602290204
•
Symptom: On an IRF fabric, Layer 3 remote mirroring fails to send mirrored packets if the ports
in the service loopback group for the GRE tunnel and the physical source interface of the GRE
tunnel are on different IRF member switches.
•
Condition: This symptom might occur if the ports in the service loopback group for the GRE
tunnel and the physical source interface of the GRE tunnel are on different IRF member
switches.
•
Workaround: None.
List of resolved problems
Resolved problems in R2432P01
201701120396
•
Symptom: The system prompts that "MAD BFD cannot be configured in this interface." when
BFD MAD is enabled on a VLAN interface by using the mad bfd enable command.
•
Condition: None.
201612300373
•
Symptom: The device might reboot unexpectedly.
•
Condition: This symptom occurs with a low probability if the CPU sends a unicast IP packet and
the destination IP address of the packet is deleted from the outgoing interface.
201701130106
•
Symptom: Multicast traffic cannot be forwarded correctly.
•
Condition: This symptom occurs if the following tasks are performed on the switch:
a. Create a Layer 3 aggregation group and add multiple Layer 3 interfaces to the aggregation
group.
b. Enable PIM-SM or PIM-DM on the Layer 3 aggregate interface.
62
Resolved problems in R2432
201612130462
•
Symptom: After an interface is configured as a customer-side port, IPv4 routes and ARP entries
fail to be issued.
•
Condition: This symptom occurs if the following operations are performed:

Configure a VLAN interface as a customer-side port, and bind the VLAN interface to a VPN
instance. Configure another VLAN interface in the same way. ARP packets are transmitted
between the two VLAN interfaces.

Configure a VSI interface as a customer-side port, and bind the VSI interface to a VPN
instance. Configure another VSI interface in the same way. ARP packets are transmitted
between the two VSI interfaces.
201611280365
•
Symptom: OSPF neighbor relationship cannot be established.
•
Condition: This symptom occurs if the following operations are performed:
a. Establish OSPF neighbor relationship among multiple devices, and configure the network
type as P2MP for the OSPF interfaces.
b. Execute the reset ospf command multiple times.
201611150075
•
Symptom: After an interface is installed with a GE transceiver module, the interface cannot
come up.
•
Condition: This symptom occurs if the following operations are performed:
a. Bind the interface to an IRF port, and then unbind the interface from the IRF port.
b. Install a GE transceiver module in the interface.
201610270242
•
Symptom: A service loopback group fails to be created.
•
Condition: This symptom occurs if the following operations are performed:
a. Before creating a service loopback group, configure multiport ARP entries on the device.
b. Delete multiport ARP entries or clear all ARP entries.
c. Configure multiport ARP entries again and create the service loopback group.
201608300066
•
Symptom: Some NQA operation intervals are different from those configured.
•
Condition: This symptom occurs if the device is configured with multiple NQA operations.
201612170183
•
Symptom: STP loops might occur at a low probability.
•
Condition: This symptom occurs if the following operations are performed:
a. Configure STP on an IRF fabric.
b. View the STP status after a master/subordinate switchover.
201612120417
•
Symptom: The OpenFlow connections between the device and controller continuously flap.
•
Condition: This symptom occurs if the following operations are performed:
a. The device is configured with the OpenFlow connection backup feature by default.
63
b. The whole IRF fabric is rebooted.
201612090546
•
Symptom: After an IRF member device leaves an IRF fabric, the aggregation group member
ports on the member device are not deleted from the OpenFlow instance.
•
Condition: This symptom occurs if an IRF member device leaves an IRF fabric because the IRF
physical interface that connects the master device to the member device is shut down.
201612090352
•
Symptom: The aggregation group MAC address on the device is different from the MAC
address reported to the controller.
•
Condition: This symptom occurs if the aggregation group is down and the device reports the
aggregation group MAC address to the controller.
201612080309
•
Symptom: Though the Leap indicator is changed to 01 on the NTP packet sender, the Leap
indicator is still 00 in the NTP packets received on the NTP packet receiver.
•
Condition: This symptom occurs if NTP is configured and the Leap indicator field is manually
changed to 01 on the NTP packet sender.
201612070503
•
Symptom: Memory leaks occur in an OpenFlow instance.
•
Condition: This symptom occurs if the OpenFlow instance is activated and then deactivated.
201611180181
•
Symptom: When the configuration of the device is rolled back by using an .mdb configuration
file, the Smart Link configuration is lost.
•
Condition: This symptom occurs if the index of the interface configured with Smart Link
changes.
201611070207
•
Symptom: The LowFree memory of the device keeps decreasing.
•
Condition: This symptom occurs if users frequently log in to the device by using SSH or Telnet.
201609060517
•
Symptom: Because the bandwidth of a VFC interface uses the default value and does not
respond to the bandwidth of the Layer 2 aggregate interface bound to the VFC interface, the
FSPF route calculated is not the optimal route.
•
Condition: This symptom occurs if the VFC interface is bound to a Layer 2 aggregate interface
and the corresponding Layer 2 aggregation group has multiple member ports.
201611160492
•
Symptom: A user might fail to log in to an IRF fabric through the console port of the master
device.
•
Condition: This symptom occurs if the following operations are performed:
a. Log out from the IRF fabric, and log in to the IRF fabric through the console port of the
master device again.
b. Restart the ttymgr process.
201611100160
•
Symptom: An OpenFlow controller receives incorrect PVID change logs.
•
Condition: This symptom occurs if the following operations are performed:
64
a. An interface on the device and an OpenFlow controller establish a connection.
b. In interface view, change the link type of the interface from access to trunk.
201609070089/201611080312
•
Symptom: The interface management process is always running and cannot be stopped. The
CLI does not respond to input commands.
•
Condition: This symptom occurs at a low probability if the following operations are performed:
a. Bind a 40-GE interface to an IRF port.
b. Unbind the 40-GE interface from its IRF port.
c. Split the 40-GE interface into four 10-GE breakout interfaces, and bind the 10-GE breakout
interfaces to an IRF port.
d. Unbind the 10-GE breakout interfaces from the IRF port.
e. Repeat the steps above.
201611080299
•
Symptom: All IRF member devices reboot unexpectedly at a low probability.
•
Condition: This symptom occurs if the following operations are performed:
a. Bind a 40-GE interface to an IRF port.
b. Unbind the 40-GE interface from its IRF port.
c. Split the 40-GE interface into four 10-GE breakout interfaces, and bind the 10-GE breakout
interfaces to an IRF port.
d. Unbind the 10-GE breakout interfaces from the IRF port
e. Repeat the steps above.
201610170074/201611040063
•
Symptom: The BGP sessions between BGP peers on the IRF master member might go down.
•
Condition: This symptom occurs if the following operations are performed:
a. Configure BGP NSR for the IRF fabric.
b. A subordinate member device fails and the IRF fabric splits. As a result, the subordinate
member device becomes MAD Down.
201611020283
•
Symptom: Multicast packets cannot be forwarded.
•
Condition: This symptom occurs if both 802.1X authentication and MAC authentication are
configured in interface view.
201610280266
•
Symptom: Patch installation might fail.
•
Condition: This symptom occurs if the following operations are performed:
a. In an IRF fabric, the fclink process is restarted.
b. Use the install activate all command to install the patch file that fixes the problems of the
FC module.
201610260898
•
Symptom: The CLI might fail to respond to input commands.
•
Condition: This symptom occurs if the following operations are performed:
a. An IRF fabric is connected to a server. Distributed aggregation groups are set up.
b. A large number of LACP packets cause the LACP protocol to repeatedly flap.
65
201610260589
•
Symptom: The memory leaks.
•
Condition: This symptom occurs if the following operations are performed:
a. Install and remove the patch file.
b. Use the install commit command to refresh the next startup software image list for the
master device.
201610210440
•
Symptom: Switching an IRF physical interface to a normal Ethernet interface fails.
•
Condition: This symptom occurs if the following operations are performed:
a. Bind a physical interface to an IRF port.
b. Install a GE transceiver module in the interface.
201609280064
•
Symptom: A DHCP client fails to obtain an IP address.
•
Condition: This symptom occurs if the following operations are performed:
a. Configure the load sharing mode for an aggregation group spanning multiple IRF member
devices.
b. Enable DHCP relay on all IRF member devices.
c. Use the link-aggregation management-port command to configure the management port
for the aggregation group member ports.
201608050297
•
Symptom: Some aggregation group member ports flap.
•
Condition: This symptom occurs if the following operations are performed:
a. Assign a large number of ports to an aggregation group.
b. In aggregation group view, configure the port trunk permit vlan all command.
201608240186
•
Symptom: Deleting traffic behaviors failed.
•
Condition: This symptom occurs if the following operations are performed:
a. Configure 100 traffic classes and 100 traffic behaviors in a QoS policy.
b. Configure a flow mirroring action in a traffic behavior.
c. Apply the QoS policy to 10-GE breakout interfaces split from a 40-GE interface.
d. Combine the breakout interfaces, and delete the traffic behaviors in the QoS policy.
201611030383/201610290030
•
Symptom: The CLI does not respond after a user logs in through a management interface or
console port when certain conditions exist.
•
Condition: This symptom might occur if the following conditions exist:
a. Password control is enabled.
b. A large number of users log in to the switch at the same time.
201610260431
•
Symptom: An SSH or Telnet user cannot log in when certain conditions exist.
•
Condition: This symptom might occur if the following conditions exist:
a. SYN Cookie is enabled.
b. The client is not directly connected to the switch.
66
c. The SSH or Telnet user uses an IPv6 address of the switch.
201610120394
•
Symptom: Memory leaks occur when more than 500 VLAN interfaces are created on the switch.
•
Condition: This symptom might occur if more than 500 VLAN interfaces are created on the
switch.
201608300620
•
Symptom: It takes a long time to install a patch on the master device of an IRF fabric.
•
Condition: This symptom occurs if this patch is first installed on the master device rather than
the subordinate devices.
201610240077
•
Symptom: After packets on GRE tunnel interfaces are decapsulated, the VRF IDs of L3 entries
obtained are incorrect.
•
Condition: This symptom occurs if the following operations are performed:
a. Configure GRE tunnels on an IRF fabric.
b. Associate GRE tunnel interfaces with VPN instances.
c. Reboot the IRF fabric.
201611240492
•
Symptom: A QoS policy fails to be applied.
•
Condition: This symptom occurs if the OVSDB controller deploys a QoS policy that does not
contain a DSCP marking action.
201609300136/201609300233
•
Symptom: When binding a VFC interface to a physical interface fails, using the MIB to obtain
the failure reason fails.
•
Condition: This symptom occurs if the following operations are performed:
a. On an FCF switch, create a VFC interface and bind the VFC interface to a physical
interface.
b. The binding fails.
201611180048
•
Symptom: The switch prints parity error and recovery logs every five minutes.
•
Condition: This symptom occurs if the L3 module has parity errors on the switch.
201611110084
•
Symptom: An IRF master/subordinate switchover occurs unexpectedly and the OVSDB server
function fails to be enabled after the switchover.
•
Condition: This symptom occurs if the OVSDB server function is repeatedly enabled and
disabled on an IRF fabric.
201611090112
•
Symptom: An OVSDB controller fails to deploy a QoS policy.
•
Condition: This symptom occurs if the controller deploys the QoS policy that contains a CAR
action for rate limiting and the CAR rate limit parameters are not configured according to the
granularity.
201610310073
•
Symptom: Incompatibility problems occur after the software is upgraded for the device
configured with OVSDB.
67
•
Condition: This symptom occurs if the following operations are performed:
a. Start the OVSDB process on the device.
b. Upgrade the software for the device. In the new software version, OVSDB entries change.
c. In the new software version, start the OVSDB process.
201610190100
•
Symptom: The QoS entry name is incorrect, and the QoS entry fails to be deployed.
•
Condition: This symptom occurs if OVSDB is configured on the device and the OVSDB
controller is used to deploy a QoS entry to the device.
201609200237
•
Symptom: Configuring a VSAN to allow any WWN to log in through the specified interfaces
fails.
•
Condition: This symptom occurs if the following operations are performed:
a. In a VSAN, configure the any-wwn interface interface-list command to allow any WWN to
log in through the specified interfaces.
b. In the same VSAN, configure the any-wwn interface interface-list command again.
201609080266
•
Symptom: The display this command output and the display current-configuration
command output for the FC port security policy are different.
•
Condition: This symptom occurs if the following operations are performed:
a. In VSAN view, configure the fc-port-security enable command and the fc-port-security
auto-learn command.
b. Use the display this and display current-configuration commands to view the FC port
security policy.
201609070500
•
Symptom: When a VFC interface is assigned to multiple VSANs and the port security policy is
configured for a VSAN, a user cannot log in through ports in other VSANs.
•
Condition: This symptom occurs if the following operations are performed:
a. Assign a VFC interface to multiple VSANs.
b. Configure the fc-port-security enable command for a VSAN.
201611170145
•
Symptom: The OVSDB process fails to be started.
•
Condition: This symptom occurs if the OVSDB process is restarted when the vtep.db file is
corrupt.
201606030317
•
Symptom: CVE-2016-2105
•
Condition: Fixed vulnerability in “EVP Encode” in OpenSSL before 1.0.1t and 1.0.2 before
1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a
large amount of binary data.
•
Symptom: CVE-2016-2106
•
Condition: Fixed vulnerability in “EVP Encrypt” in OpenSSL before 1.0.1t and 1.0.2 before
1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a
large amount of binary data.
•
Symptom: CVE-2016-2107
68
•
Condition: Fixed vulnerability in OpenSSL before 1.0.1t and 1.02h allows remote attackers to
obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session.
•
Symptom: CVE-2016-2108
•
Condition: Fixed vulnerability in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote
attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory
corruption).
•
Symptom: CVE-2016-2109
•
Condition: Fixed vulnerability in “asn” before 1.0.1t and 1.0.2 before 1.0.2h allows remote
attackers to cause a denial of service (memory consumption) via a short invalid encoding.
•
Symptom: CVE-2016-2176
•
Condition: Fixed vulnerability in “X509” in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h
allows remote attackers to obtain sensitive information from memory or cause a denial of
service
201611080340
•
Symptom:CVE-2016-5195
•
Condition:An unprivileged local user could use this flaw to gain write access to otherwise
read-only memory mappings and thus increase their privileges on the system.
201611070389
•
Symptom:CVE-2016-8858
•
Condition:A remote user can send specially crafted data during the key exchange process to
trigger a flaw in kex_input_kexinit() and consume excessive memory on the target system. This
can be exploited to consume up to 384 MB per connection.
201610290084
•
Symptom: The log buffer cannot record log messages after the system time is set back.
•
Condition: This symptom might occur if the system time is set back.
201610220217
•
Symptom: CVE-2016-6304:
•
Condition: Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and
1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption)
via large OCSP Status Request extensions.
•
Symptom: CVE-2016-6306
•
Condition: The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow
remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate
operations, related to s3_clnt.c and s3_srvr.c.
201608290406
•
Symptom:CVE-2009-3238
•
Condition:The get_random_int function in the Linux kernel before 2.6.30 produces
insufficiently random numbers, which allows attackers to predict the return value, and possibly
defeat protection mechanisms
201609080061/201609080062
•
Symptom: The BFD MAD status of an IRF fabric is Faulty.
•
Condition: This symptom occurs if the following conditions exist:

Two IRF fabrics configured with BFD MAD are connected with each other.

One IRF fabric receives BFD MAD detection packets from the other IRF fabric.
69
201608310495
•
Symptom: The error message "Scanning is interrupted" occurs during ARP scanning.
•
Condition: This symptom occurs if the following tasks are performed:
a. Assign secondary addresses to a Layer 3 interface when no primary address is assigned to
the interface.
b. Enable ARP scanning on the Layer 3 interface to scan secondary IP addresses.
201608290242
•
Symptom: The unknown unicast storm control configuration does not take effect.
•
Condition: This symptom occurs if unknown unicast storm control is enabled and the upper and
lower thresholds are set on an interface by using the storm-constrain unicast kbps
max-pps-values min-pps-values command.
201608160221
•
Symptom: Traffic cannot be forwarded.
•
Condition: This symptom occurs if the following tasks are performed:
a. Use the mirror-to interface interface-type interface-number loopback command to
configure an interface as a flow mirroring destination interface with the loopback feature.
b. Cancel the configuration.
Resolved problems in F2431
201608040531
•
Symptom: PBR-based forwarding fails on the VLAN interface of a super VLAN. Packets are
forwarded through the previous forwarding route rather than the route specified by the PBR
policy even though the next hop in the PBR policy is reachable.
•
Condition: This symptom occurs if PBR is configured on the VLAN interface of the super VLAN.
201608100354/201607260156
•
Symptom: The CLI hangs.
•
Condition: This symptom occurs if a script including the display clock command is repeatedly
executed.
201608080408
•
Symptom: The display system internal startup cache command displays None after an IRF
master/subordinate switchover, which indicates the .mdb binary configuration file on the device
is lost.
•
Condition: This symptom occurs if the following tasks are performed:
a. Save the running configuration and reboot the IRF fabric. A master/subordinate switchover
occurs.
b. Display the file path of the .mdb binary configuration file used at the current startup by using
the display system internal startup cache command.
201608050487
•
Symptom: A checksum error occurs in an Efp_meter_table entry and the entry fails to be
restored.
•
Condition: This symptom occurs if a parity error exists in the Efp_meter_table entry.
201607210018
•
Symptom: Flow entries for the service chain module do not take effect.
70
•
Condition: This symptom occurs if the following tasks are performed:
a. Shut down the output interface of a tunnel interface by using the shutdown command.
b. Deploy flow entries for the service chain module.
c. Bring up the output interface of the tunnel interface by using undo shutdown the
command.
201607190405
•
Symptom: The number of multicast packets received by a multicast client is greater than or less
than the expected number.
•
Condition: This symptom occurs if the following tasks are performed:
a. An IRF fabric is connected a PE device.
b. The upstream interface and the RPF neighbor of the multicast tunnel interface are not the
same.
c. A master/subordinate switchover occurs or multicast forwarding entries are cleared.
201607150396
•
Symptom: The device reboots unexpectedly.
•
Condition: This symptom occurs if the following tasks are performed:
a. Create multiple traffic classes by using the traffic classifier classifier-name [ operator {
and | or } ] command.
b. Create multiple traffic behaviors by using the traffic behavior behavior-name command.
c. Create a QoS policy by using the qos policy policy-name command.
d. Associate traffic behaviors with the traffic classes in the QoS policy.
e. Apply the QoS policy to incoming and outgoing traffic of a VLAN by using the qos
vlan-policy policy-name vlan vlan-id-list { inbound | outbound } command.
f. Remove the QoS policy applied to the incoming and outgoing traffic of the VLAN by using
the undo qos vlan-policy policy-name vlan vlan-id-list { inbound | outbound } command.
g. Repeat tasks e to f.
201607110396
•
Symptom: Some configuration of the device is lost after the device starts up.
•
Condition: This symptom occurs if the following tasks are performed:
a. Download a configuration file to the device through the HTTP server.
b. Specify the configuration file as the next-startup configuration file.
c. Save the running configuration and reboot the device.
201606280648
•
Symptom: The description configured for an interface does not take effect.
•
Condition: This symptom occurs if the description includes unsupported characters.
201608300525
•
Symptom: The later-applied ACL on an interface cannot be used to filter outgoing packets.
•
Condition: This symptom occurs if the following conditions exist:
a. An interface is applied with an IPv4 advanced ACL and an IPv6 advanced ACL to filter
outgoing packets.
b. The number of rules in the IPv4 advanced ACL is in the range of 256 to 512.
c. The IPv6 advanced ACL includes the following rules:
−
rule rule-id permit icmpv6.
71
−
rule rule-id permit ipv6 source source-address.
−
rule rule-id permit tcp destination destination-address destination-port eq xx.
201606060209
•
Symptom: In an IRF fabric, traffic cannot be correctly forwarded after a patch is installed.
•
Condition: This symptom occurs if the following conditions exist:
a. The device has a hot patch installed to fix STP problems.
b. The spanning tree protocol operates in PVST mode on the device.
c. VLANs have been irregularly added and deleted on the device.
201608200139
•
Symptom: Device memory leaks slowly.
•
Condition: This symptom occurs if L2VPN is enabled by using the l2vpn enable command in
system view.
201606290308
•
Symptom: The model name displayed in local LLDP information is incorrect.
•
Condition: This symptom occurs if local LLDP information is displayed by using the display lldp
local-information command.
201607290021
•
Symptom: CVE-2016-2177
•
Condition: Fixed vulnerability in s3_srvr.c, ssl_sess.c, and t1_lib.c functions in OpenSSL
through 1.0.2h that allows remote attackers to cause a denial of service (integer overflow and
application crash), or possibly have an unspecified other impact by leveraging unexpected
malloc behavior.
201607290007
•
Symptom: CVE-2012-0036
•
Condition: Fixed vulnerability in curl and libcurl 7.2x before 7.24.0 that allows remote attackers
to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack
on the (1) IMAP, (2) POP3, or (3) SMTP protocol.
201603170153
•
Symptom: CVE-2016-0701
•
Condition: Fixed vulnerability in the DH_check_pub_key function which makes it easier for
remote attackers to discover a private DH (Diffie-Hellman) exponent by making multiple
handshakes with a peer that chose an inappropriate number. This issue affects OpenSSL
version 1.0.2. and addressed in 1.0.2f. OpenSSL 1.0.1 is not affected by this CVE.
•
Symptom: CVE-2015-3197
•
Condition: Fixed vulnerability when using SSLv2 which can be exploited in a man-in-the-middle
attack, if device has disabled ciphers.
201512280205
•
Symptom: CVE-2015-3194
•
Condition: Fixed vulnerability which can be exploited in a DoS attack, if device is presented with
a specific ASN.1 signature using the RSA.
•
Symptom: CVE-2015-3195
•
Condition: Fixed vulnerability with malformed OpenSSL X509_ATTRIBUTE structure used by
the PKCS#7 and CMS routines which may cause memory leak.
•
Symptom: CVE-2015-3196
72
•
Condition: Fixed vulnerability where a race condition can occur when specific PSK identity hints
are received.
•
Symptom: CVE-2015-1794
•
Condition: Fixed vulnerability if a client receives a ServerKeyExchange for an anonymous
Diffie-Hellman (DH) ciphersuite which can cause possible Denial of Service (DoS) attack.
201607040265
•
Symptom: CVE-2016-4953
•
Condition: Fixed vulnerability in NTP 4.x before 4.2.8p8 allows remote attackers to cause a
denial of service by sending a spoofed packet with incorrect authentication data at a certain
time.
•
Symptom: CVE-2016-4954
•
Condition: Fixed vulnerability in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to
cause a denial of service by sending spoofed packets from source IP addresses in a certain
scenario.
•
Symptom: CVE-2016-4956
•
Condition: Fixed vulnerability in NTP 4.x before 4.2.8p8 allows remote attackers to cause a
denial of service via a spoofed broadcast packet.
201605090023
•
Symptom: CVE-2015-8138
•
Condition: Fixed vulnerability in ntpd which attackers may be able to disable time
synchronization by sending a crafted NTP packet to the NTP client.
•
Symptom: CVE-2015-7979
•
Condition: Fixed vulnerability in ntpd allows attackers to send special crafted broadcast packets
to broadcast clients, which may cause the affected NTP clients to become out of sync over a
longer period of time.
•
Symptom: CVE-2015-7974
•
Condition: Fixed vulnerability in NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 which might
allow remote attackers to conduct impersonation attacks via an arbitrary trusted key.
•
Symptom: CVE-2015-7973
•
Condition: Fixed vulnerability when NTP is configured in broadcast mode, a man-in-the-middle
attacker or a malicious client could replay packets received from the broadcast server to all
(other) clients, which cause the time on affected clients to become out of sync over a longer
period of time.
201605160326
•
Symptom: CVE-2016-1547
•
Condition: Fixed vulnerability where an off-path attacker can deny service to ntpd clients by
demobilizing preemptable associations using spoofed crypto-NAK packets.
•
Symptom: CVE-2016-1548
•
Condition: Fixed vulnerability where an attacker can change the time of an ntpd client or deny
service to an ntpd client by forcing it to change from basic client/server mode to interleaved
symmetric mode.
•
Symptom: CVE-2016-1550
•
Condition: Fixed vulnerability in ntpd function allow an attacker to conduct a timing attack to
compute the value of the valid authentication digest causing forged packets to be accepted by
ntpd.
•
Symptom: CVE-2016-1551
73
•
Condition: Fixed vulnerability in ntpd allows unauthenticated network attackers to spoof refclock
packets to ntpd processes on systems that do not implement bogon filtering.
•
Symptom: CVE-2016-2519
•
Condition: Fixed vulnerability in ntpd will abort if an attempt is made to read an oversized value.
•
Symptom: CVE-2015-7704
•
Condition: Fixed vulnerability in ntpd that a remote attacker could use, to send a packet to an
ntpd client that would increase the client's polling interval value, and effectively disable
synchronization with the server.
Resolved problems in F2430
201606200288
•
Symptom: ARP requests are broadcasted on Layer 3 interfaces.
•
Condition: This symptom might occur if a Layer 3 interface receives an ARP request with a
all-0s source MAC address.
201606160058
•
Symptom: After an IRF fabric splits, the network ports on the Recovery-state IRF fabric stay in
the down state for a long period of time.
•
Condition: This symptom might occur if a MAD-enabled IRF fabric splits.
201606170104
•
Symptom: After a QoS policy for flow mirroring is removed, new QoS policies cannot be applied
to implement flow mirroring.
•
Condition: This symptom might occur if the following conditions exist:

The number of mirroring destination ports of a mirroring group or a flow mirroring QoS policy
exceeds the limit.

Application of a QoS policy for flow mirroring fails, and the QoS policy is removed.
201606160056
•
Symptom: When multicast VPN or GRE tunneling is configured on an IRF fabric, outgoing traffic
has an additional tag of VLAN 0.
•
Condition: This symptom might occur if the following conditions exist:

Multicast VPN or GRE tunneling is configured on an IRF fabric.

The outgoing interface of the traffic is not on the same card as the ports in the service
loopback group used for multicast VPN or GRE tunneling.
201606070629
•
Symptom: PVST instances flap constantly when the network topology changes.
•
Condition: This symptom might occur if the following conditions exist:

The number of PVST instances reaches 1 K.

sFlow is configured on the switch.

The network topology changes.
201605240067
•
Symptom: The same MAC address is configured for two Layer 3 interfaces. When the MAC
address of one interface is deleted, the other interface cannot forward traffic.
•
Condition: This symptom might occur if the following operations are performed:
a. Configure the same MAC address for two Layer 3 interfaces.
74
b. Delete the MAC address of one Layer 3 interface.
201606120228
•
Symptom: OSPF cannot establish a neighbor relationship through a sham link.
•
Condition: This symptom might occur if the following operations are performed:
a. Configure MD5 authentication multiple times for a sham link.
b. Save the configuration and reboot the switch.
201606210535
•
Symptom: A user-defined ACL cannot match packets with tunnel encapsulation by the inner IP
header.
•
Condition: This symptom might occur if a user-defined ACL is configured to match packets with
tunnel encapsulation by the inner IP header.
201606230190
•
Symptom: On an IRF fabric, the display mac-address command does not display the MAC
addresses learned on an aggregate interface.
•
Condition: This symptom might occur if the following conditions exist:

A multichassis aggregate interface is configured.

Traffic of the aggregate interface is forwarded by only one IRF member.
201606280429
•
Symptom: When IPv4 IS-IS MTR and IPv6 IS-IS MTR are enabled, the switch cannot obtain
routes from a Cisco NX9000 device.
•
Condition: This symptom might occur if IPv4 IS-IS MTR and IPv6 IS-IS MTR are enabled, and
the peer is a Cisco NX9000 device.
201606300317
•
Symptom: When a Telnet user uses an overlength username, the switch might reboot for
memory exhaustion.
•
Condition: This symptom might occur if a Telnet user uses an overlength username.
201607040218
•
Symptom: After certain operations, a directly connected device cannot ping the switch, and the
switch cannot forward Layer 3 traffic.
•
Condition: This symptom might occur if the following operations are performed:
a. Create a VLAN interface and assign it an IP address.
b. Associate the VLAN of the VLAN interface with a primary VLAN.
c. Remove the association between the VLAN and the primary VLAN.
201607080232
•
Symptom: When a management VLAN is configured for an aggregation group, the
management VLAN cannot be pinged.
•
Condition: This symptom might occur if the following operations are performed:
a. Configure a management VLAN for an aggregation group.
b. Remove ports from the aggregation group.
201607110490
•
Symptom: Two servers connected to the switch through two SPB ACs cannot ping each other.
•
Condition: This symptom might occur if the following conditions exist:

The encapsulation default command is configured for two interfaces that each host an AC.
75

The interfaces have different PVIDs.
201607120092
•
Symptom: On an IRF fabric, when traffic is forwarded between two SPB ACs on different cards,
traffic is added an incorrect VLAN tag.
•
Condition: This symptom might occur if the following conditions exist:

An IRF fabric forwards traffic between two SPB ACs on different cards.

The encapsulation default command is configured for the interfaces that host the ACs.
201607190025
•
Symptom: When a large number of multicast entries are generated, available memory reaches
the lower limit.
•
Condition: This symptom might occur if a large number of multicast entries are generated.
201607010074
•
Symptom: After an IRF master/subordinate switchover, multicast traffic forwarding is
interrupted in one direction for a short period of time.
•
Condition: This symptom might occur if the following operations are performed:
a. Configure multicast VPN for an IRF fabric, and enable the PIM-SSM mode for the public
network.
b. Enable PIM NSR.
c. Configure the default-group command in MD view for a VPN instance.
201607010084
•
Symptom: When certain conditions exist, some or all VPN instances on an IRF fabric cannot
forward traffic.
•
Condition: This symptom might occur if the following conditions exist:

Multicast VPN and PIM NSR are enabled for an IRF fabric.

The data-group command is configured in MD view for VPN instances.

Links for forwarding traffic are down during an IRF master/subordinate switchover.
201607060510/201607080302
•
Symptom: When a 5900CP-48XG-4QSFP+ Switch JG838A switch is connected to a HUAWEI
server through an FC interface, VSAN mode negotiation fails, and login to the server fails.
•
Condition: This symptom might occur if a 5900CP-48XG-4QSFP+ Switch JG838A switch is
connected to a HUAWEI server through an FC interface, and VSANs are configured on the
switch.
201606270231
•
Symptom: An FC interface processes FLOGI packets with the set virtual fabric bit in the way of
auto or on trunk mode after the port trunk mode off command is configured.
•
Condition: This symptom might occur if the port trunk mode off command is configured for an
FC interface.
201606210158
•
Symptom: The unicast traffic statistics displayed by the display interface command are
incorrect when a 40-GE interface receives unicast traffic at wire speed.
•
Condition: This symptom might occur if a 40-GE interface receives unicast traffic at wire speed.
76
Resolved problems in F2429
201606010533
•
Symptom: A switch cannot start up properly if the switch is rebooted after an OpenFlow
instance is deactivated.
•
Condition: This symptom occurs if the following operations are performed:
a. Deactivate an OpenFlow instance on the switch.
b. Specify a startup configuration file for the switch.
c. Reboot the switch.
201606010234
•
Symptom: The switch reboots exceptionally.
•
Condition: This symptom occurs if the following operations are performed:
a. Use the IMC server to monitor interface A of the switch.
b. Apply a QoS policy to interface A.
c. Use the undo classifier classifier-name command to delete all traffic classes of the QoS
policy.
201605130329
•
Symptom: When CCM sending is disabled on the local interface, the remote directly-connected
interface is not shut down by CFD. The CFD continuity check function does not take effect.
•
Condition: This symptom occurs if the following operations are performed:
a. Configure CFD on the directly-connected switches.
b. On the directly-connected interfaces, configure outward-facing MEPs without VLANs and
enable CFD continuity check.
c. Execute the undo cfd cc service-instance instance-id mep mep-id enable command on
the local interface.
201605100323/201605120216
•
Symptom: An IRF fabric is rebooted when endless loops are detected.
•
Condition: This symptom occurs if parity errors occur to the l2_entries of the switch.
201604280163
•
Symptom: The dropped packet statistics cannot be cleared by using the reset packet-drop
interface command for an interface.
•
Condition: This symptom occurs if the interface drops packets because the data buffer is
insufficient.
201604260478
•
Symptom: When radar detection flow entries are issued to the switch, the display of
interface-up and interface-down logs is delayed.
•
Condition: This symptom occurs if radar detection flow entries are issued to the switch and
interfaces on the switch are shut down or brought up.
201604250427
•
Symptom: The mac-address mac-move fast-update configuration does not take effect.
•
Condition: This symptom occurs if the mac-address mac-move fast-update command is
configured.
77
201604250066/201308080141
•
Symptom: In an IRF fabric configured with OpenFlow, delay occurs when you display flow table
information for an OpenFlow instance.
•
Condition: This symptom occurs if a large number of VLANs are associated with the OpenFlow
instance.
201604220354
•
Symptom: In an IRF fabric with multidevice link aggregation, OSPF log information cannot be
displayed and OSPF configuration cannot be deleted.
•
Condition: This symptom occurs if the following conditions exist:

Routing entries change frequently.

OSPF neighbors change frequently.

The reset ospf process command is executed repeatedly.
201604190259
•
Symptom: The device enabled with CDP compatibility cannot recognize CDP packets and
discards unrecognized CDP packets.
•
Condition: This symptom occurs after the lldp compliance admin-status cdp txrx command
is executed.
201604190234
•
Symptom: In an IRF fabric with multidevice link aggregation, protocol flapping occurs on all link
aggregation groups.
•
Condition: This symptom occurs after the following operations are performed on an aggregation
group:
a. Configure the aggregate interface as a trunk port and assign it to all VLANs by using the
port trunk permit vlan all command.
b. Configure the aggregation group to operate in dynamic aggregation mode by using the
link-aggregation mode dynamic command.
c. Configure the aggregation group to operate in static aggregation mode by using the undo
link-aggregation mode command.
d. Configure the aggregation group to operate in dynamic aggregation mode by using the
link-aggregation mode dynamic command.
201604150307/201510190119
•
Symptom: A BGP peer of the device reboots exceptionally.
•
Condition: This symptom occurs after the device is disabled to exchange labeled routes with the
BGP peer by using the undo peer label-route-capability command.
201604140273
•
Symptom: When an ENode receives RSCNs, it cannot timely obtain information about other
ENodes in the same zone from the name server. As a result, ENodes in the same zone cannot
access each other.
•
Condition: This symptom occurs if the following conditions exists:

A large number of ENodes exist on the network.

A zone set is activated and distributed to the entire fabric by using the zoneset activate
command.
201604120244
•
Symptom: The switch cannot learn routes from two OSPF LSAs.
78
•
Condition: This symptom might occur if two OSPF LSAs from a neighbor contain different
information for the same transnet link.
201603220013
•
Symptom: The device configured with OpenFlow cannot send packets out of the specified
output port and cannot assign packets to the specified queue.
•
Condition: This symptom occurs if an output port and a queue ID are specified in a flow entry
issued by the controller.
201603170204
•
Symptom: The device operating in the expert mode reboots exceptionally.
•
Condition: This symptom occurs after the undo flex10 enable command is executed in
Ethernet interface view.
201603120042
•
Symptom: CLI does not respond to input commands after a client fails both 802.1X
authentication and MAC authentication.
•
Condition: This symptom occurs if the following conditions exist:

The device connects to a Cisco telephone through a port.

Both 802.1X authentication and MAC authentication are enabled on the port.

The device is configured to disable the port permanently upon detecting an illegal frame
received on the port.
201603110240
•
Symptom: On an MPLS L3 VPN network, the route between two PE devices which are
interconnected through a P device is not reachable.
•
Condition: This symptom occurs if a PE device connects to the P device through a Layer 3
Ethernet interface.
201602040439
•
Symptom: The device fails to restart up by using the .cfg configuration file.
•
Condition: This symptom occurs if spaces are included in the name of the NTP or SNTP server.
201511100575
•
Symptom: A DHCPv6 client fails to obtain a static IPv6 address from the DHCPv6 server.
•
Condition: This symptom occurs if no subnet is specified in the DHCPv6 address pool on the
DHCPv6 server.
201508300025
•
Symptom: STP status of a port is not correct.
•
Condition: This symptom occurs after the following operations are performed:
a. Create an aggregation group.
b. Enable or disable STP globally on the local device.
c. Bring up or shut down an aggregation member port in the aggregation group on the peer
device.
201604161225/201604161188
•
Symptom: CVE-2016-0705
•
Condition: Fixed vulnerability when OpenSSL parses malformed DSA private keys and could
lead to a DoS attack or memory corruption for applications that receive DSA private keys from
untrusted sources.
•
Symptom: CVE-2016-0798
79
•
Condition: Fixed vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows
remote attackers to cause a denial of service (memory consumption) by providing an invalid
username in a connection attempt.
•
Symptom: CVE-2016-0797
•
Condition: Fixed vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow
remote attackers to cause a denial of service (heap memory corruption or NULL pointer
dereference).
•
Symptom: CVE-2016-0799
•
Condition: Fixed vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g
improperly calculates string lengths, which allows remote attackers to cause a denial of service
which could lead to memory allocation failure or memory leaks.
•
Symptom: CVE-2016-0702
•
Condition: Fixed vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g which
makes it easier for local users to discover RSA keys leveraging cache-bank conflicts, aka a
"CacheBleed" attack.
•
Symptom: CVE-2016-2842
•
Condition: Fixed vulnerability in the doapr_outch function in crypto/bio/b_print.c, which allows
remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or
possibly have unspecified other impact via a long string.
201605260046
•
Symptom: The effective storm suppression threshold is 0 when the
broadcast-suppression/unicast-suppression/multicast-suppression pps 1 command is
executed in interface view.
•
Condition: This symptom occurs if the
broadcast-suppression/unicast-suppression/multicast-suppression pps 1 command is
executed in interface view.
Resolved problems in F2428
201603230243/201605210012/201605030457
•
Symptom: The switch reboots unexpectedly when an 802.1X user or DHCP client comes online
after migration.
•
Condition: This symptom might occur if an 802.1X user or DHCP client comes online after
migration.
201603220560
•
Symptom: Only the most recent traffic mirroring configuration in a traffic behavior takes effect.
•
Condition: This symptom occurs if the following operations are performed:
a. In a traffic behavior of a QoS policy, configure multiple traffic mirroring actions to mirror
traffic to different interfaces.
b. Use the qos apply policy policy-name { inbound | outbound } command to apply the QoS
policy globally, to a VLAN, or to an interface.
201602150629
•
Symptom: In an IRF fabric, the BGP process exits abnormally after BGP NSR is configured.
•
Condition: This symptom occurs if the following operations are performed:
a. Start a BGP instance.
b. Configure the address-family ipv4 mdt command.
c. Configure the non-stop-routing command.
80
201511190281
•
Symptom: The switch fails to establish a connection with the controller.
•
Condition: This symptom occurs if the following operations are performed:
a. Execute the in-band management vlan command in OpenFlow instance view to configure
an inband management VLAN.
b. Use the network command in OSPF area view to enable OSPF on the inband management
VLAN interface.
201603280001
•
Symptom: Two identical static routes exist on the device.
•
Condition: This symptom might occur if the following conditions exist:
a. The preference of a DHCP-assigned static route is the same as a user-defined static route.
b. The display current-configuration command is executed in user view.
201604010506
•
Symptom: IGMP packets are reported to the controller.
•
Condition: This symptom occurs if the controller does not issue flow entries for IGMP packets.
201509020274
•
Symptom: An aggregation group member port in Selected state might be blocked by STP.
•
Condition: This symptom occurs if the following conditions exist:

LLDP, STP, and Ethernet link aggregation are configured in the network.

Loops exist in the network.
201512190244
•
Symptom: The switch constantly outputs OpenFlow debugging information and delays
outputting syslog messages.
•
Condition: This symptom might occur if the OpenFlow-enabled switch receives a flood of
packets that are to be transmitted in packet-in messages.
201603090358
•
Symptom: The output from the display process cpu | include lldp command shows that the
CPU usage of the LLDP process is high.
•
Condition: This symptom might occur if the lldp enable command is executed.
201603140466
•
Symptom: After MAC address move notifications are enabled, the switch does not generate
notifications for MAC address move events.
•
Condition: This symptom might occur if the mac-address notification mac-move command is
executed, and MAC address move events occur.
201604140036
•
Symptom: When an SFP+ AOC module is removed and reinstalled on an IRF physical
interface, the interface goes down unexpectedly.
•
Condition: This symptom might occur if an SFP+ AOC module is removed and reinstalled on an
IRF physical interface.
201601210412
•
Symptom: An IRF physical interface that uses a high power consumption transceiver module
goes down unexpectedly after a switch reboot.
•
Condition: This symptom might occur if the following conditions exist:
81

An IRF physical interface is installed with a high power consumption transceiver module.

The running configuration is saved, and the switch is rebooted.
201601080493
•
Symptom: An OpenFlow instance cannot be activated if it is configured to perform QinQ tagging
for double-tagged packets passing an extensibility flow table.
•
Condition: This symptom might occur if an OpenFlow instance is configured to perform QinQ
tagging for double-tagged packets passing an extensibility flow table.
201512280388
•
Symptom: An online user on an interface receives an EAPOL-Start message and performs
reauthentication.
•
Condition: This symptom might occur if the following conditions exist:
a. The 802.1X authentication feature and the keep-online feature for 802.1X users are
enabled on an interface.
b. The authentication server is unreachable.
201512180152/201512170260
•
Symptom: After an IRF master/subordinate switchover, the management interface on the new
master cannot obtain an IP address.
•
Condition: This symptom might occur if the following conditions exist:
a. The ip address dhcp-alloc command is configured on the management interfaces of
subordinate switches.
b. The master's management interface is down, and a master/subordinate switchover occurs.
201512180133
•
Symptom: When two physical interfaces of the switch are connected, one interface is up and
the other is down.
•
Condition: This symptom might occur if the link-delay delay-time command is executed on
one interface, and the speed of the other interface is modified.
201512150355
•
Symptom: When the master switch of an IRF fabric is rebooted before a starting subordinate
switch displays the "Cryptographic algorithms tests passed" message, the subordinate switch
displays the "The board isn't ready for active and stand" message.
•
Condition: This symptom might occur if the master switch of an IRF fabric is rebooted before a
starting subordinate switch displays the "Cryptographic algorithms tests passed" message.
201603230128
•
Symptom: The switch forwards received ARP packets out of the incoming interface and cannot
ping remote devices.
•
Condition: This symptom might occur if the controller issues a flow entry that contains a group
entry, and the group entry contains an action with the output interface as the incoming interface
of the ARP packets.
201603150263
•
Symptom: On an IRF fabric, an Ethernet service instance still can match traffic after its frame
match criterion is deleted.
•
Condition: This symptom might occur if the following operations are performed:
a. Configure a site-facing Layer 2 aggregate interface.
b. Create an Ethernet service instance on the Layer 2 aggregate interface, and execute the
encapsulation s-vid vlan-id-list command to configure a frame match criterion.
82
c. Execute the undo encapsulation command to delete the frame match criterion.
201602290172
•
Symptom: An OpenFlow meter statistic collection action does not take effect.
•
Condition: This symptom might occur if the controller issues an ACL flow entry with a meter
statistic collection action.
201603170138
•
Symptom: CVE-2016-0701
•
Condition: Fixed vulnerability in the DH_check_pub_key function which makes it easier for
remote attackers to discover a private DH (Diffie-Hellman) exponent by making multiple
handshakes with a peer that chose an inappropriate number. This issue affects OpenSSL
version 1.0.2. and addressed in 1.0.2f. OpenSSL 1.0.1 is not affected by this CVE.
•
Symptom: CVE-2015-3197
•
Condition: Fixed vulnerability when using SSLv2 which can be exploited in a man-in-the-middle
attack, if device has disabled ciphers.
201603300098
•
Symptom: The switch cannot forward VPLS traffic if the interface that hosts an Ethernet service
instance is not assigned to the VLANs that match the Ethernet service instance.
•
Condition: This symptom might occur if the following conditions exist:

An Ethernet service instance is mapped to a VPLS VSI.

The interface that hosts the Ethernet service instance is not assigned to the VLANs that
match the Ethernet service instance.
201604120193
•
Symptom: When the copper port of an switch is connected to a 10-GE interface of another
device, the speed autonegotiation takes 20 to 30 seconds, and the speed negotiation result is 1
GE after the interface goes up.
•
Condition: This symptom might occur if the switch is connected to a 10-GE interface of another
device.
201603070301
•
•
Symptom: The output from the display power command shows that the input power is 0 W on
the following models:

HPE 5920AF-24XG(JG296A)

HPE 5920AF-24XG TAA (JG555A)
Condition: This symptom might occur if the display power command is executed on the
following models:

HPE 5920AF-24XG(JG296A)

HPE 5920AF-24XG TAA Switch(JG555A)
201509240266
•
•
Symptom: When the MTU is set for a Layer 3 interface, the MTU setting is not synchronized to
the OSPF and IS-IS modules. As a result:

After the ospf mtu-enable command is configured on the local interface and the peer
interface, the two interfaces can establish OSPF neighborship in full state though the two
ends have different MTU values.

IS-IS cannot establish neighborship.
Condition: This symptom occurs if the MTU is set for a Layer 3 interface.
83
201604140100/201604070440
•
Symptom: A user fails to come online.
•
Condition: This symptom occurs if the RADIUS packets that the RADIUS server sends to the
switch contain RADIUS attributes that the switch cannot recognize.
201604110116
•
Symptom: When IPSG bindings are deleted from a Layer 3 subinterface or the VLAN interface
with the same ID, underlying ACL configuration cannot be deleted completely.
•
Condition: This symptom might occur if the following operations are performed:

Configure the ip verify source and ip source binding commands on a Layer 3
subinterface and the VLAN interface with the same ID.

Delete IPSG bindings from the Layer 3 subinterface or VLAN interface by performing one of
the following operations:
−
Delete the Layer 3 subinterface.
−
Restore the default settings of the Layer 3 subinterface or VLAN interface.
Resolved problems in F2427
201603090041
•
Symptom: Two aggregate interfaces are configured as PBB ACs to match customer traffic.
Aggregate interface 1 uses the encapsulation default match criterion, and aggregate interface
2 uses the encapsulation s-vid match criterion. Aggregate interface 1 cannot forward traffic
correctly if traffic is not received on its first member port. When aggregate interface 1 is deleted,
aggregate interface 2 cannot forward traffic correctly.
•
Condition: This symptom might occur if the following conditions exist:

Aggregate interface 1 and aggregate interface 2 are configured as PBB ACs to match
customer traffic. The aggregate interfaces each have multiple member ports.

Aggregate interface 1 uses the encapsulation default match criterion, and aggregate
interface 2 uses the encapsulation s-vid match criterion.
201602180362
•
Symptom: When multiple SSH clients simultaneously log in to the switch that acts as an SSH
server and constantly create and delete files, the switch cannot respond to commands and
reboots for memory exhaustion.
•
Condition: This symptom might occur if multiple SSH clients simultaneously log in to the switch
that acts as an SSH server and constantly create and delete files.
201602180059
•
Symptom: If the ip ttl-expires enable command is executed and the switch receives packets
with a TTL of 0, the switch can neither forward traffic nor send ICMP error messages.
•
Condition: This symptom might occur if the ip ttl-expires enable command is executed and the
switch receives packets with a TTL of 0.
201602150276
•
Symptom: After the switch is rebooted or the display this command is executed in queue
scheduling profile view, the switch cannot display the configuration of a user-defined queue
scheduling profile.
•
Condition: This symptom might occur if the following operations are performed:
a. Use the qos qmprofile command to create a queue scheduling profile and enter its view.
b. Execute the queue queue-id sp group 1 weight schedule-value command.
84
c. Execute the queue queue-id wfq group 1 byte-count schedule-value command.
201602040154
•
Symptom: The switch cannot ping a peer when the length of ping packets exceeds the MTU of
the outgoing interface.
•
Condition: This symptom might occur if the length of ping packets exceeds the MTU of the
outgoing interface.
201601300194
•
Symptom: The system reports mirroring resource insufficiency when mirroring group
commands are executed multiple times.
•
Condition: This symptom might occur if the following commands are executed in sequence
multiple times.
a. mirroring-group group-id mirroring-port interface-list inbound.
b. mirroring-group group-id monitor-port tunnel.
c. undo mirroring-group all.
201601260421
•
Symptom: When devices are connected through an aggregate link, packet loss occurs for about
1 second.
•
Condition: This symptom occurs if the following operations are performed:
a. Enable BFD for the aggregate interface by using the link-aggregation bfd
ipv4 command.
b. Unplug the Rx optical fiber from the transceiver module of an aggregation group
member interface on the peer device. The state of the member interface changes from
inactive to active and then to inactive. As a result, packet loss occurs for a long period of
time.
201601180429
•
Symptom: The software of an IRF fabric is upgraded from R2418P06 to R2422P01 through an
ISSU. After the upgrade, interfaces cannot establish LLDP neighbor relationships.
•
Condition: This symptom might occur if an ISSU is performed to upgrade the software from
R2418P06 to R2422P01 for an IRF fabric.
201601280089
•
Symptom: An IRF fabric splits when a large number of entry parity errors occur.
•
Condition: This symptom might occur if a large number of entry parity errors occur.
201603050089
•
Symptom: On an IRF fabric, the routing process exits abnormally when certain conditions exist.
•
Condition: This symptom might occur if the following conditions exist:
a. An IRF fabric has BGP peer relationships with other devices.
b. The flush route-attribute bgp command is executed in RIB IPv4 address family view.
c. A master/subordinate switchover occurs.
201602040580
•
Symptom: Constant state flapping occurs on an DLDP-enabled interface that is connected to a
Comware 3 device.
•
Condition: This symptom might occur if DLDP is enabled on an interface that is connected to
Comware 3 device.
85
201603030332
•
Symptom: A user-defined queue scheduling profile uses byte-count WRR for a queue. After a
reboot, weight-based WRR is used for the queue.
•
Condition: This symptom might occur if the following operations are performed:
a. Create a queue scheduling profile, and configure byte-count WRR for a queue.
b. Delete the .mdb configuration file.
c. Save the running configuration and reboot the switch.
201601300181
•
Symptom: On an MSTP root bridge, an aggregate interface is in discarding state when the
interface acts as a designated port.
•
Condition: This symptom might occur if an aggregate interface is configured as a designated
port on an MSTP root bridge.
201601280420
•
Symptom: When a VLAN is deleted, the static MAC address entries of the VLAN are not
deleted.
•
Condition: This symptom might occur if static MAC address entries are created for a VLAN and
the VLAN is deleted.
201603070215
•
Symptom: The lldp neighbor-protection aging block command is executed on a Selected
aggregation member port for the switch to block the port when the LLDP neighbor on the port
ages out. The output from the display link-aggregation verbose command shows that the
port is still in Selected state after its LLDP neighbor ages out.
•
Condition: This symptom might occur if the following conditions exist:

The lldp neighbor-protection aging block command is executed on an aggregation
member port.

The display link-aggregation verbose command is executed after the LLDP neighbor on
the port ages out.
201511300051
•
Symptom: An interface is configured to be blocked after the LLDP neighbor on the interface
ages out. When the LLDP neighbor re-establishes a neighbor relationship with the interface, the
interface cannot be restored to the forwarding state.
•
Condition: This symptom might occur if an aged out LLDP neighbor re-establishes a neighbor
relationship with an interface.
201512280232
•
Symptom: An interface cannot generate a new MAC address entry for an IP phone after the old
MAC address entry ages out.
•
Condition: This symptom might occur if the following conditions exist:

The IP phone is in the critical voice VLAN.

The VLAN ID in the packets sent by the IP phone is different from the VLAN ID of the host
connected to the IP phone.
201512310410
•
Symptom: The switch has two configuration files a.cfg and b.cfg. The historical configuration
file a.cfg contains monitor link group configuration and the uplink up-port-threshold
command. The running configuration file b.cfg does not contain monitor link configuration. After
the configuration replace file command is executed to replace the running configuration with
the configuration in a.cfg, the uplink up-port-threshold setting is missing.
86
•
Condition: This symptom might occur if the following conditions exist:

The historical configuration file a.cfg contains monitor link group configuration and the
uplink up-port-threshold command. The running configuration file b.cfg does not contain
monitor link configuration.

The configuration replace file command is executed to replace the running configuration
with the configuration in a.cfg.
201512190270
•
Symptom: The master switch of an IRF fabric does not display any prompts when a newly
added subordinate switch fails to reboot with the software image downloaded from the master
switch for flash memory shortage.
•
Condition: This symptom might occur if a newly added subordinate switch fails to reboot with
the software image downloaded from the master switch for flash memory shortage.
201602040025
•
Symptom: The LLDP process exits abnormally if the lldp notification med-topology-change
enable command is executed and the switch establishes an LLDP neighbor relationship with an
IP phone.
•
Condition: This symptom might occur if the lldp notification med-topology-change enable
command is executed and the switch establishes an LLDP neighbor relationship with an IP
phone.
201602260104
•
Symptom: If two ACL rules are configured for an IPv6 ACL applied to a Layer 3 interface, the
system reports ACL resource insufficiency and the second ACL rule does not take effect.
•
Condition: This symptom might occur if the following operations are performed in the view of an
IPv6 ACL:
a. Use the rule command to create a rule to match source IPv6 addresses with a prefix length
of 128 bits.
b. Use the rule command to create another rule to match source IPv6 addresses with a prefix
length of 64 bits.
201602040542
•
Symptom: MAC address learning and protocol packet processing slow down on an interface
that has 1024 secondary IP addresses when the interface receives a large number of ARP
packets (for example, 2 K).
•
Condition: This symptom might occur if 1024 secondary IP addresses are assigned to an
interface, and a large number of ARP packets are sent to the interface.
201602160589
•
Symptom: In an MPLS network, multiple PE devices are directly connected to a P device, and
the mpls label advertise explicit-null command is executed on the PE devices. Some of the
PE devices cannot ping one another.
•
Condition: This symptom might occur if multiple PE devices are directly connected to a P
device, and the mpls label advertise explicit-null command is executed on the PE devices.
201602040394
•
Symptom: The switch does not detect an incoming label conflict when the static-lsp egress
lsp-name in-label in-label command and the static-cr-lsp egress lsp-name in-label
in-label-value command specify the same incoming label.
•
Condition: This symptom might occur if the static-lsp egress lsp-name in-label in-label
command and the static-cr-lsp egress lsp-name in-label in-label-value command specify the
same incoming label.
87
201601160182/201601080571
•
Symptom: The LDP-enabled switch reboots unexpectedly when it receives TCP packets that
carry a length value of 0 in the header.
•
Condition: This symptom might occur if the LDP-enabled switch receives TCP packets that
carry a length value of 0 in the header.
201602190606
•
Symptom: A Layer 2 Ethernet interface is assigned to VLAN 2 as an access port. After the link
mode of the interface is set to Layer 3 and then switched back to Layer 2, the interface still can
forward traffic of VLAN 2.
•
Condition: This symptom might occur if the following operations are performed:
a. Execute the port access vlan 2 command on a local Layer 2 Ethernet interface and its peer
interface.
b. Execute the port link-mode route command on the local interface.
c. Execute the port link-mode bridge command on the local interface.
201601180120
•
Symptom: After a master/subordinate switchover occurs on an IRF fabric that is configured with
1000 LDP VPN instances, the CLI stops responding for 3 minutes.
•
Condition: This symptom might occur if 1000 LDP VPN instances are configured on an IRF
fabric, and a master/subordinate switchover occurs.
201601130435
•
Symptom: On an IRF fabric, the CPU usage is close to 100% on the member switch that hosts
the active LDP process.
•
Condition: This symptom might occur if the following conditions exist:

LDP NSR is enabled on an IRF fabric, and a master/subordinate switchover occurs after the
LDP session is up.

The sent message count of the LDP session is incorrect.
201602230103
•
Symptom: An HPE 5900AF-48XGT-4QSFP+ switch enabled with dynamic link aggregation
responds slowly to the state changes of 10-GE breakout interfaces.
•
Condition: This symptom might occur if the following operations are performed:
a. Configure dynamic link aggregation on the switch.
b. Split a 40-GE interface into four 10-GE breakout interfaces.
c. Shut down and then bring up the 10-GE breakout interfaces.
Resolved problems in F2426
201508110063
•
Symptom: IRF physical interfaces go down.
•
Condition: This symptom occurs if the following conditions exist:

Two switches are connected through 40G_BASE_SR_BD_QSFP_PLUS or
40G_BASE_BD_WDM1310_QSFP_PLUS transceiver modules.

The interconnecting interfaces are used as IRF physical interfaces.

The subordinate IRF member switch automatically reboots and joins the IRF fabric.
88
201512250139
•
Symptom: The system fails to write sFlow data statistics in a two-chassis IRF fabric.
•
Condition: This symptom occurs if the following operations have been performed:
a. Execute the sflow collector collector-id [ vpn-instance vpn-instance-name command in
system view.
b. Reboot the device or update the software.
201512210288
•
Symptom: An switch fails to send sFlow packets when the management Ethernet interface acts
as an sFlow agent and uses a DHCP-assigned IP address.
•
Condition: This symptom might occur if the management Ethernet interface acts as an sFlow
agent and uses a DHCP-assigned IP address.
201601190253
•
Symptom: The expiration date in the copyright statement is 2015 in the output from the display
version or display copyright command.
•
Condition: This symptom might occur if the display version or display copyright command is
executed.
201601210131
•
Symptom: The device fails to send messages in OpenFlow.
•
Condition:

The device is configured with OpenFlow.

Execute the stp enable command.

Send messages to the controller.
201601120467
•
Symptom: The system fails to obtain the value of MIB node entphysicalvendortype for a
transceiver module.
•
Condition: This symptom occurs if a 40G_BASE_SR_BD_QSFP_PLUS transceiver module is
installed in the device.
201601080282
•
Symptom: VPLS traffic cannot be processed between a Comware 7 device and a Comware 5
device.
•
Condition: This symptom occurs if the Comware 7 device is connected to the Comware 5
device.
201601060247
•
Symptom: An error message of "Configuration already exists" is displayed when a service
loopback group is created and a port is assigned to the service loopback group by using
NETCONF.
•
Condition: This symptom occurs after a service loopback group is deleted.
201512250152
•
Symptom: The device fails to roll back the configuration by using NETCONF.
•
Condition: This symptom occurs if the following tasks have been performed:
a. Lock the device configuration by using NETCONF.
b. Deploy multiple configurations including incorrect configurations.
89
201512210427
•
Symptom: The fan prefer-direction command in the configuration file does not take effect.
•
Condition: This symptom occurs if the configuration file is changed and the device is rebooted.
201512170149
•
Symptom: Multicast packets are flooded to all ports in the VLANs to which the packets belong.
•
Condition: This symptom occurs if the device operates in NLB multicast mode.
201512020082
•
Symptom: The device fails to load the entropy file during startup.
•
Condition: This symptom occurs if the device is configured with FIPS and enters FIPS mode
through automatic reboot.
201511200516
•
Symptom: CVE-2015-7871
•
Condition: Cause ntpd to accept time from unauthenticated peers.
•
Symptom: CVE-2015-7704
•
Condition: An ntpd client forged by a DDoS attacker located anywhere on the Internet, that can
exploit NTP's to disable NTP at a victim client or it may also trigger a firewall block for packets
from the target machine.
•
Symptom: CVE-2015-7705
•
Condition: The DDoS attacker can send a device a high volume of ntpd queries that are
spoofed to look like they come from the client. The servers then start rate-limiting the client.
•
Symptom: CVE-2015-7855
•
Condition: Ntpd mode 6 or mode 7 packet containing an unusually long data value could
possibly use cause NTP to crash, resulting in a denial of service.
201512110055
•
Symptom: Traffic interruption might occur.
•
Condition: This symptom occurs if the burst-mode enable command is executed when a large
amount of traffic is being forwarded.
201403060134
•
Symptom: The device fails to forward Layer 3 packets.
•
Condition: This symptom occurs if the next hops of ECMP routes change.
201602020053
•
Symptom: An ACL is applied to the NETCONF over SOAP over HTTP or HTTPs traffic. After the
running configuration is saved and the switch is rebooted, the configuration does not take
effect.
•
Condition: This symptom might occur if the following operations are performed:
a. Apply an ACL to the NETCONF over SOAP over HTTP or HTTPs traffic.
b. Save the running configuration and reboot the switch.
201511170067
•
Symptom: OpenFlow flow entries fail to be deployed.
•
Condition: This symptom occurs if flow entries that contain Clear-Actions instructions are
deployed.
90
201511110270
•
Symptom: The packet statistic in the output from the display interface command is different
from the value of the upSpeed field on the Portal page for the associated link.
•
Condition: None.
201511130253
•
Symptom: If non-existent scheduling rules are deleted by using ODL when NETCONF is
deploying configuration to the switch, the system reports that XML has errors and configuration
deployment fails.
•
Condition: This symptom might occur if non-existent scheduling rules are deleted by using ODL
when NETCONF is deploying configuration to the switch.
201511190354
•
Symptom: After an IRF fabric splits, a terminal device cannot ping the directly connected IRF
subordinate switch.
•
Condition: This symptom might occur if an IRF fabric splits.
201512070381
•
Symptom: OpenFlow configuration fails for memory leaks if the OpenFlow instance contains
flow entries with Experimenter match fields.
•
Condition: This symptom might occur if the OpenFlow instance contains flow entries with
Experimenter match fields.
201509170208
•
Symptom: MQC or packet filtering configuration fails if TRILL is enabled and then disabled.
•
Condition: This symptom might occur if TRILL is enabled and then disabled.
201511180127
•
Symptom: The switch reboots unexpectedly if the l2protocol stp tunnel dot1q command is
executed on an aggregate interface that has a large number of Unselected member ports.
•
Condition: This symptom might occur if the l2protocol stp tunnel dot1q command is executed
on an aggregate interface that has a large number of Unselected member ports.
201511300121
•
Symptom: NTP clock synchronization fails on the switch that acts as an NTP client if the
precision of the NTP server is 2-32 second.
•
Condition: This symptom might occur if the precision of the NTP server is 2-32 second.
201511190081
•
Symptom: The undo loopback-detection global enable vlan all command does not take
effect if the running configuration is saved and then the switch is rebooted after this command is
executed.
•
Condition: This symptom might occur if the following operations are performed:
a. Execute the undo loopback-detection global enable vlan all command.
b. Save the running configuration and reboot the switch.
201511110055
•
Symptom: The output for the boot-loader file filename all main command does not include
the prompt for the ALL option if an invalid value is entered for the "Please make a choice.
[Y/N/A]:" message.
•
Condition: This symptom might occur if the following operations are performed:
a. Execute the boot-loader file filename all main command on an IRF fabric.
91
b. Enter an invalid value when the Please make a choice. [Y/N/A]: message is displayed.
201508210207
•
•
Symptom: When port security, 802.1X authentication, or MAC authentication is enabled, log
messages are not generated in the following situations:

ACL resources are insufficient.

The 802.1X unicast trigger feature does not take effect.

SmartOn authentication fails.

802.1X users fail authentication, pass authentication, or go offline.

MAC authentication users fail authentication, pass authentication, or go offline.

Port security fails to issue ACLs or user profiles to the driver.

Intrusion protection of port security is triggered.

Port security learns new secure MAC addresses.
Condition: This symptom might occur if port security, 802.1X authentication, or MAC
authentication is enabled.
201511260539
•
Symptom: PBR configuration does not take effect if the next hop of packets is the local switch.
•
Condition: This symptom might occur if PBR is configured and the next hop of packets is the
local switch.
201511190389
•
Symptom: The IUCT and ACLMGRD processes consume a large amount of CPU resource on
an IRF member switch after the switch is rebooted.
•
Condition: This symptom might occur if an IRF member switch is rebooted.
201601110351
•
Symptom: An switch receives untagged FIP packets. When the FIP packets are sent to the
CPU, their VLAN ID is incorrect.
•
Condition: This symptom might occur if an switch receives untagged FIP packets.
201511270666
•
Symptom: The "Transceiver type and port configuration mismatch" message is displayed when
no such mismatch exists on an interface.
•
Condition: This symptom might occur if the following operations are performed:
a. Install an FC transceiver module in a Layer 2 Ethernet interface of an switch.
b. Execute the port-type fc command to change the Ethernet interface into an FC interface.
c. Execute the display transceiver alarm command to display transceiver alarms for the
interface.
Resolved problems in F2424
201506020183
•
Symptom: More than 128 (the upper limit) IPv6 tunnels can be created. However, the excessive
IPv6 tunnels cannot provide services.
•
Condition: This symptom occurs if the number of IPv6 tunnels created exceeds the upper limit
and the display interface tunnel brief command is executed to view whether the tunnel
interfaces can go up.
92
201511040525
•
Symptom: A phone attached to the switch cannot establish a connection with the voice server if
the phone performs 802.1X authentication.
•
Condition: This symptom might occur if the phone is capable of LLDP and 802.1X and performs
802.1X authentication.
201509160334
•
Symptom: On an IRF fabric, the output from the display lldp local-information command is
incorrect after a master/subordinate switchover.
•
Condition: This symptom might occur if the display lldp local-information command is
executed after a master/subordinate switchover.
201511270136
•
Symptom: OSPF flapping occurs after an IRF fabric splits.
•
Condition: This symptom might occur if BFD MAD is enabled for the IRF fabric, and the IRF split
is caused by the shutdown of IRF physical interfaces.
201509250182
•
Symptom: Two VPNs can communicate with each other. When a PC accesses a VPN through
Telnet and SNMP separately, different ACLs are matched.
•
Condition: This symptom might occur if a PC uses Telnet and SNMP to access a VPN
separately.
201510210150
•
Symptom: The switch sends RSCNs to nodes that do not have peer zone changes.
•
Condition: This symptom might occur if the smartsan enable fcoe command is executed on
the switch.
201511030428
•
Symptom: The switch responds to NTP packets when NTP is disabled.
•
Condition: This symptom occurs when NTP is disabled and SNTP is enabled.
201510300176
•
Symptom: On a port, an Ethernet service instance is configured with the encapsulation
default command, and another Ethernet service instance is configured with the encapsulation
s-vid command. When packets with the specified outer 802.1Q VLAN ID arrive at the port, the
packets match the Ethernet service instance configured with the encapsulation default
command.
•
Condition: This symptom occurs when PBB is used.
201511170528
•
Symptom: Half of the broadcast traffic in the overlay management VLAN is lost if an IRF
member switch is rebooted with configuration.
•
Condition: This symptom might occur if the following operations have been performed:
a. Save the configuration.
b. Reboot the IRF member switch.
201510220079
•
Symptom: On an IRF fabric, traffic forwarding is interrupted for a long period of time if the
master switch is rebooted.
•
Condition: This symptom might occur if BGP and L3VPN are configured on the IRF fabric.
93
201508040358
•
Symptom: On an 5900 switch operating in FCF mode, the operating mode of a VSAN is
displayed as FCF after the fabric-name command is executed in the view of the VSAN.
•
Condition: This symptom might occur if the following operations have been performed:
a. Set the operating mode to FCF for the switch.
b. Execute the fabric-name command in the view of the VSAN.
201510300068/201510300207
•
Symptom: The switch cannot establish an OVSDB connection with the VCF controller if the
VCF controller is in a private network and OpenFlow is also enabled on the switch.
•
Condition: This symptom might occur if the VCF controller is in a private network and OpenFlow
is also enabled on the switch.
201511120241
•
Symptom: An FC interface cannot come UP, and it stays in the NPV down state.
•
Condition: This symptom occurs if the following conditions exist:

The switch operates in FCF-NPV mode, a VSAN operates in NPV mode, and the FC
interface is assigned to the VSAN as an access port.

The operating mode of the VSAN is changed from NPV to FCF.
Resolved problems in R2423
201509070220
•
Symptom: A TCL script used to configure a VSAN to operate in FCF mode is terminated
unexpectedly.
•
Condition: This symptom occurs if the TCL script is executed on a switch operating in FCF-NPV
mode.
201504280282
•
Symptom: In an IRF fabric, a table-miss flow entry configured to count traffic in packets and in
bytes at the same time fails to be deployed.
•
Condition: This symptom occurs if the controller removes the flags parameter when deploying
the flow entry.
201506110097
•
Symptom: In an IRF fabric, when the switch is connected to a controller, the statistics collected
by using the send_stat_table instruction are incorrect.
•
Condition: This symptom occurs if the switch receives packets that match the flow entries and
the packets that do not match the flow entries at the same time.
201506260236
•
Symptom: After the controller deploys an OpenFlow flow entry for mirroring packets to a GRE
tunnel interface, the matching packets cannot be forwarded out of the interface.
•
Condition: This symptom occurs if OpenFlow is configured on the switch and the default
•
table-miss flow entry, which drops packets, is used.
201508190171
•
Symptom: A flow entry with the MAC address of a multiport MAC address entry fails to be
deployed.
•
Condition: This symptom occurs if the following conditions exist:
94

The global mode is enabled for the OpenFlow instance.

The default table-miss permit command is configured.

Multiport MAC address entries are configured.
201507290144
•
Symptom: OSPF routes are incorrect. As a result, devices cannot communicate with each
other.
•
Condition: This symptom occurs if the following conditions exist:

A server running OSPF establishes OSPF neighborship with a Layer 3 virtual interface of
the 5900 switch.

The 5900 switch receives Type-2 LSAs with the same network segment from the server and
a neighbor switch.
Resolved problems in R2422P02
201512091527/201605120175
•
Symptom: The CLI does not respond.
•
Condition: This symptom occurs if the following tasks are performed:
a. Log in to the device through SSH.
b. Enter the tclsh command.
c. Enter any command.
201510120304
•
Symptom: After a user remotely logs in to the device, the console port does not respond.
•
Condition: This symptom occurs if the following tasks are performed:
a. Configure RADIUS authentication on the device. The RADIUS server does not authorize
any roles.
b. The device is not configured with the default user role assignment function.
Resolved problems in R2422P01
201510190093
•
Symptom: After an FCF switch is rebooted, the peer zone type fails to be restored in a zone set.
•
Condition: This symptom occurs if the following operations are performed:
a. Create a peer zone on the FCF switch according to the configuration on the storage device.
b. Save the configuration, and delete the .mdb configuration file.
c. Restore the configuration by using the .cfg configuration file.
201511280147
•
Symptom: An 10GE interface on an switch cannot come up after an optical transceiver module
is removed and then re-installed for the interface.
•
Condition: This symptom might occur if an optical transceiver module is removed and then
re-installed for an 10GE interface of an switch.
201512080300
•
Symptom: Two storage devices cannot communicate with each other through an 5900 switch.
•
Condition: This symptom might occur if two storage devices communicate through an 5900
switch.
95
201511260190
•
Symptom: MPLS cannot be enabled on VLAN interfaces if the total number of Layer 3
interfaces and subinterfaces exceeds 512 on the switch.
•
Condition: This symptom might occur if the total number of Layer 3 interfaces and subinterfaces
exceeds 512 on the switch.
201512070290
•
Symptom: A server cannot recognize a storage device.
•
Condition: This symptom occurs if the following conditions exist:

An FCF switch is connected to the server, and a VSAN is created on the switch.

When the software is upgrade, the BootROM version changes, and the configuration of the
switch is restored by using the .cfg configuration file.
201511270666
•
Symptom: The system displays "Transceiver type and port configuration mismatch" if an FC
module is installed in an interface of the HPE JG838A/JH036A-52QF-U switch.
•
Condition: This symptom might occur if the following operations have been performed:
a. Install an FC module in an Ethernet interface.
b. Change the type of the interface to FC, and execute the display transceiver alarm
interface fc interface-number command.
Resolved problems in R2422
201510280327
•
Symptom: The system displays "Invalid version" if the boot-loader file ipe-filename all main
command is executed on an IRF fabric.
•
Condition: This symptom might occur if the boot-loader file ipe-filename all main command
is executed in user view.
201511130045
•
Symptom: The NMS fails to obtain the value of the entPhysicalModelName object through
SNMP.
•
Condition: The value of the entPhysicalModelName object exceeds 31 characters.
201506170119
•
Symptom: FCoE packets are out of order.
•
Condition: This symptom might occur if FIP snooping is enabled on Transit switches, and STP
flapping occurs.
201508190332
•
Symptom: The interfaces in the output from the tracert trill –v command are identified by their
circuit IDs instead of physical port numbers.
•
Condition: This symptom might occur if the tracert trill –v command is executed.
201509010033
•
Symptom: The switch can receive Path messages from a Juniper device but cannot establish a
CRLSP with the device.
•
Condition: This symptom might occur if the switch works with a Juniper device.
96
201509020039
•
Symptom: Users fail authentication if the switch uses an ACS5.6 server to perform TACACS
authentication.
•
Condition: This symptom might occur if the switch uses an ACS5.6 server to perform TACACS
authentication.
201509240030
•
Symptom: The member switches in an IRF fabric do not operate correctly if link aggregation has
multiple management VLANs.
•
Condition: This symptom might occur if multiple management VLANs are configured for link
aggregation by using the link-aggregation management-vlan command.
201508280352
•
Symptom: When the display openflow flow-table command is executed to display the
extensibility flow table, the byte count for the table-miss flow entry is incorrect in the command
output
•
Condition: This symptom occurs if the following conditions exist:

The OpenFlow instance is configured to operate in global mode.

The OpenFlow instance receives Layer 2 traffic.
201510090358
•
Symptom: The CLI does not respond when the display ospf peer command is executed.
•
Condition: This symptom occurs if the placement program default command and then the
affinity location-type paired default command are repeatedly executed.
201508180376
•
Symptom: VTY login to a multichassis IRF fabric fails.
•
Condition: This symptom might occur if master/subordinate switchovers occur frequently.
201508210176
•
Symptom: The display interface M-GigabitEthernet0/0/0 command does not display the IP
address of the management Ethernet interface on an IRF member switch.
•
Condition: This symptom might occur if the following operations have been performed:
a. Use the ip address irf-member command to assign an IP address to the management
Ethernet interface of an IRF member switch.
b. Execute the display interface M-GigabitEthernet0/0/0 command to view management
Ethernet interface configuration.
201506260237
•
Symptom: A Comware 5 switch and a Comware 7 switch cannot set up a TCP connection for
BGP.
•
Condition: This symptom might occur if the following conditions exist:

SYN Cookie is enabled on the Comware 7 switch.

BGP MD5 authentication is enabled on both switches.

The Comware 7 switch acts as a TCP server, and the Comware 5 switch acts as a TCP
client to set up a TCP connection.
201508210119
•
Symptom: The ACL for a Layer 3 aggregate subinterface is not deleted when the subinterface is
deleted.
•
Condition: This symptom might occur if the following operations have been performed:
97
a. Create a Layer 3 aggregate subinterface.
b. Use the undo interface route-aggregation command to delete the Layer 3 aggregate
subinterface.
c. Execute the debug qacl show acl-resc slot slot-number chip chip-number command.
201507170082
•
Symptom: ACL resource leaks occur.
•
Condition: This symptom might occur if the following operations have been performed:
a. Bind a VFC interface to an S-channel interface, and repeatedly shut down and bring up the
VFC interface.
b. Execute the debug qacl show acl-resc slot slot-number chip chip-number command.
201507280350
•
Symptom: The switch generates additional log messages after the zoneset activate name
command is executed in VSAN view.
•
Condition: This symptom might occur if the switch is the only device in an FC network, and the
zoneset activate name command is executed in VSAN view.
201509300450
•
Symptom: In a VPLS network, packet loss occurs on an aggregation group member port.
•
Condition: This symptom occurs if the following operations are performed:
a. Configure the link type of the aggregation group member port as access.
b. Remove the port from the aggregation group.
c. Create a service instance on the port, and execute the encapsulation default command for
the service instance.
d. Remove the port from the service instance.
e. Assign the port to the aggregation group again.
201509250298
•
Symptom: A server connected to the switch reads data from the storage device slowly.
•
Condition: This symptom occurs if the switch operates in FCF mode and the storage device
continuously sends PLOGI requests to the switch.
201510130106
•
Symptom: When an interface of an switch is connected to an interface of a Cisco 2811 device,
the interface of the switch goes down.
•
Condition: This symptom occurs if the local interface and the peer interface are both configured
to operate at 100 Mbps in full duplex mode.
201511020440
•
Symptom: DHCP clients cannot obtain IP addresses if the 5920 switch acts as the DHCP
server.
•
Condition: This symptom might occur if many-to-one VLAN mapping and DHCP snooping are
enabled on the switch.
201504130020/201504130191
•
Symptom: CVE-2015-0209
•
Condition: A malformed EC private key file consumed via the d2i_ECPrivateKey function could
cause a use after free condition. This could lead to a DoS attack or memory corruption for
applications that receive EC private keys from untrusted sources.
•
Symptom: CVE-2015-0286
98
•
Condition: DoS vulnerability in certificate verification operation. Any application which
performs certificate verification is vulnerable including OpenSSL clients and servers which
enable client authentication.
•
Symptom: CVE-2015-0287
•
Condition: Reusing a structure in ASN.1 parsing may allow an attacker to cause memory
corruption via an invalid write. Applications that parse structures containing CHOICE or ANY
DEFINED BY components may be affected.
•
Symptom: CVE-2015-0288
•
Condition: The function X509_to_X509_REQ will crash with a NULL pointer dereference if the
certificate key is invalid.
•
Symptoms: CVE-2015-0289
•
Condition: The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An
attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a
NULL pointer dereference on parsing.
TB201504140268
•
Symptom: CVE-2015-1799
•
Condition: Authentication doesn’t protect symmetric associations against DoS attacks.
201506030144(CVE-2015-5434)
•
Symptoms: When an interface without MPLS enabled receives MPLS-labeled packets, the
interface incorrectly forwards the MPLS-labeled packets to the next LSR by LFIB entry.
•
Condition: This symptom occurs when the interface does not have MPLS enabled and the
interface receives MPLS-labeled packet that match the FIB entries.
201507310040
•
Symptom: CVE-2015-3143
•
Condition: cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections,
which allows remote attackers to connect as other users via an unauthenticated request.
•
Symptom: CVE-2015-3148
•
Condition: cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated
Negotiate connections, which allows remote attackers to connect as other users via a request.
201507160287
•
Symptom: CVE-2014-8176
•
Condition: If a DTLS peer receives application data between the ChangeCipherSpec and
Finished messages. May result in a segmentation fault or potentially, memory corruption.
•
Symptom:CVE-2015-1788
•
Condition: When processing an ECParameters structure OpenSSL enters an infinite loop. This
can be used to perform denial of service against any system which processes public keys,
certificate requests or certificates.
•
Symptom: CVE-2015-1789
•
Condition: X509_cmp_time does not properly check the length of the ASN1_TIME string and/or
accepts an arbitrary number of fractional seconds in the time string. An attacker can use this to
craft malformed certificates and CRLs of various sizes and potentially cause a segmentation
fault, resulting in a DoS on applications that verify certificates or CRLs.
•
Symptom: CVE-2015-1790
•
Condition: The PKCS#7 parsing code does not handle missing inner EncryptedContent
correctly. An attacker can craft malformed PKCS#7 blobs with missing content and trigger a
NULL pointer dereference on parsing.
99
•
Symptom: CVE-2015-1791
•
Condition: If a NewSessionTicket is received by a multi-threaded client when attempting to
reuse a previous ticket then a race condition can occur potentially leading to a double free of the
ticket data.
•
Symptom: CVE-2015-1792
•
Condition: When verifying a signedData message the CMS code can enter an infinite loop. This
can be used to perform denial of service against any system which verifies signedData
Resolved problems in F2421
201508120257
•
Symptom: The display qos policy control-plane management pre-defined command
displays nothing.
•
Condition: This symptom might occur if the display qos policy control-plane management
pre-defined command is executed in user view.
201508180448
•
Symptom: Users cannot access the network through the switch enabled with ARP attack
detection.
•
Condition: This symptom might occur if the following conditions exist:

ARP attack detection is enabled, and trusted interfaces are excluded from ARP attack
detection.

A trusted interface receives ARP packets sent at a rate higher than 100 pps.
201506020169
•
Symptom: An interface on an IRF member switch does not forward voice packets in the
interface's voice VLAN. As a result, the priority of the voice packets is not modified according to
the priority settings for the voice VLAN.
•
Condition: This symptom might occur if the interface is assigned to the voice VLAN and
receives untagged packets that use an OUI address as the source MAC address.
201505200264
•
Symptom: One VPN instance can receive and forward packets destined for another VPN
instance.
•
Condition: This symptom might occur if two MPLS L3VPN instances are configured on the
switch.
201508060056
•
Symptom: The OpenFlow process restarts unexpectedly after the switch receives flow entries
from the controller.
•
Condition: This symptom might occur if the flow entries contain the experimenter field.
201505040217
•
Symptom: The display lldp local-information command displays the model of the original IRF
master switch after an IRF master/subordinate switchover.
•
Condition: This symptom might occur if the display lldp local-information command is
executed after an IRF master/subordinate switchover.
201508030032
•
Symptom: The switch sends the controller the ARP packets received in inband management
VLANs.
100
•
Condition: This symptom might occur if inband management VLANs are configured on the
switch.
201508170165
•
Symptom: In a single-ring RRPP network, the secondary port on the master node is up.
•
Condition: This symptom might occur if the secondary port is a Layer 2 aggregate interface, and
a member port of the aggregation group is replaced.
201505150213
•
Symptom: Unexpected memory leaks cause all interfaces on the switch to go down and
interrupt services.
•
Condition: This symptom might occur if the switch processes packets that need to be sent to the
CPU.
201507220169
•
Symptom: The switch displays The service BGP status failed : abnormal exit! after certain
operations are performed.
•
Condition: This symptom might occur if the following operations have been performed:
a. Enable OSPF and BGP on the switch and its peer, and configure routing policies on the
switch.
b. Delete the routing policies, and reconfigure the routing policies after OSPF processes are
re-optimized.
c. Configure the same routing policy on the outbound and inbound directions of the peer.
201507170310
•
Symptom: When the switch works with a Comware V5 device, IPsec authentication fails and
packet loss occurs on the switch.
•
Condition: This symptom might occur if the following operations have been performed on the
switch:

Enable IKE negotiation for IPsec.

Enable PFS.

Use the ipsec sa global-duration traffic-based command to set a small traffic-based SA
lifetime.
201508100310
•
Symptom: The switch cannot establish OSPFv3 neighbor relationship with a peer.
•
Condition: This symptom might occur if the following operations have been performed:
a. Set the authentication mode to keychain on the interface connected to the peer.
b. Add the switch to an IRF fabric.
201507220244
•
Symptom: It takes a long time period to clear the packet statistics on interfaces through
NETCONF.
•
Condition: This symptom might occur if packet statistics on interfaces are cleared through
NETCONF.
201506110236
•
Symptom: NTP cannot synchronize the clock of the switch in an MPLS L3VPN network.
•
Condition: This symptom might occur if the switch is in a VPN, and the ntp-service peer acl
acl-number command is executed on the switch.
101
201507030050/TB201507170231
•
Symptom: BGP flapping occurs on the switch.
•
Condition: This symptom occurs if the following conditions exist:

The switch runs an sFlow agent.

sFlow is enabled on an interface.

The outgoing interface for sFlow packets is a Layer 3 aggregate interface or subinterface.
201507160185
•
Symptom: The match rule configured for a DHCP user class cannot be successfully deleted.
•
Condition: This symptom occurs if the if-match rule rule-number command and then the undo
if-match rule rule-number command are executed in DHCP user class view.
201507290223
•
Symptom: In a TRILL network, the ping trill command, which is used to identity whether an RB
is reachable, outputs information after a delay.
•
Condition: This symptom occurs if the ping trill command is executed in any view.
201505140078
•
Symptom: When devices are connected through aggregate interfaces, the state of an interface
cannot automatically recover after it changes.
•
Condition: This symptom occurs if the following operations have been performed:
a. Cross-connect the optical fibers.
b. Swap the Tx and Rx fibers.
c. Restore the swap.
201505200478
•
Symptom: A valid user fails to pass MAC authentication.
•
Condition: This symptom occurs if the MAC authentication server is configured to bind the user
IPv6 addresses for authentication.
201505250285
•
Symptom: On an IRF fabric, some ARP entries and route entries still exist after Layer 3 flow
entries are successfully deleted in batch.
•
Condition: This symptom occurs if a master/subordinate switchover is performed for the IRF
fabric.
201506030153
•
Symptom: Traffic cannot be forwarded between transit nodes in an RRPP network.
•
Condition: This symptom occurs if the following conditions exist:

Transit nodes are connected through aggregate interfaces.

The aggregation group member ports are shut down and brought up.
201506100433
•
Symptom: Continuous loops appear in the network.
•
Condition: This symptom occurs if the following conditions exist:

Devices are connected through aggregate interfaces.

The spanning tree protocol is enabled on the devices.

Some member ports are removed from the aggregation group.
102
201506150158
•
Symptom: When switches are connected through aggregate interfaces, the spanning tree
protocol packets cannot be correctly exchanged.
•
Condition: This symptom occurs if RSTP is enabled and VRRP is configured to operate in
non-preemptive mode on the devices.
201506260038
•
Symptom: A user fails to be logged out.
•
Condition: This symptom occurs if the following operations have been performed:
a. The user passes 802.1X authentication and logs in.
b. The FreeRADIUS server issues a command carrying the NAS-IP-Address attribute to
forcibly log out the user.
201506290052
•
Symptom: ARP packets cannot be forwarded between the switch and the controller.
•
Condition: This symptom occurs if the switch sends ARP packets to the controller in an SDN
network.
201506290068
•
Symptom: A user cannot connect to the public network through Portal authentication.
•
Condition: This symptom occurs if a large number of log in and log out and continuously access
the external network.
201506290195
•
Symptom: A user fails to remotely log in to the switch through a VTY line.
•
Condition: This symptom occurs if the following operations have been performed:
a. Configure the authentication-mode none command in VTY line view, and save the
configuration.
b. Reboot the switch.
201508180154
•
Symptom: A transceiver module is started correctly. However, the QSFP+ interface state might
frequently switch between up and down.
•
Condition: This symptom occurs if the switch has a QSFP-40G-LR4-WDM1300 transceiver
module (the model is H4C1QE1C-H3C) installed.
201507220065/201508050136/201507170127
•
Symptom: The switch authorizes a user that uses an incorrect password to initiate
authentication.
•
Condition: This symptom might occur if the user uses NETCONF and HWTACACS
authentication when it logs in to the switch.
201507160037
•
Symptom: The switch drops a gratuitous ARP packet and does not update the ARP table if the
target IP address of the packet is 0.0.0.0, 255.255.255.255, or a directed broadcast address.
•
Condition: This symptom might occur if the switch receives a gratuitous ARP packet with the
target IP address as 0.0.0.0, 255.255.255.255, or a directed broadcast address.
201508170121
•
Symptom: A VPLS VSI cannot forward traffic if another VPLS VSI is up.
•
Condition: This symptom might occur if the VSIs generate the same label.
103
201507270359
•
Symptom: The ARP blackhole route for an interface is deleted 25 seconds after the interface
goes down. As a result, the FIB table is not updated within this period.
•
Condition: This symptom might occur if an IP packet matches a network route for the interface
after the corresponding ARP entry is already deleted. The switch will send an ARP request and
issue an ARP blackhole route.
201509230110
•
Symptom: The management interface of an IRF subordinate switch cannot be pinged after the
switch becomes the master.
•
Condition: This symptom might occur if an IRF master/subordinate switchover occurs.
201509230128
•
Symptom: The serial interfaces of an IRF fabric do not respond if configuration of the
management interface is displayed or the interface is shut down.
•
Condition: This symptom might occur if the following operations have been performed:
a. Execute the ping trill or tracert trill command.
b. Reboot an IRF member switch.
Resolved problems in F2420
201504100150
•
Symptom: The DBM memory leaks when the display this command is executed in VSI view.
•
Condition: This symptom occurs if selective flood is enabled for a MAC address on the VSI.
201504100143
•
Symptom: The DBM memory is not released.
•
Condition: This symptom occurs if the switch is rebooted after the ip address ip-address
vpn-instance vpn-instance-name command is configured.
201505150298
•
Symptom: BFD MAD takes a long time to detect an IRF fabric split.
•
Condition: This symptom occurs if the following conditions exist:

In the IRF fabric, a management Ethernet interface is used to perform BFD MAD.

The IRF fabric splits.
201506180198
•
Symptom: The memory of the switch is occupied.
•
Condition: This symptom occurs if the following conditions exist:

Static routes are redistributed on two devices configured with OSPF. These static routes
have the same destination address. The outgoing interfaces of the static routes are enabled
with OSPF and their network type is broadcast.

The network flaps.
201412050511
•
Symptom: After DHCP Snooping is enabled, the terminals in a secondary VLAN of the private
VLAN cannot obtain IP addresses through DHCP.
•
Condition: This symptom occurs if DHCP snooping is enabled and secondary VLANs of the
private VLAN are configured.
104
201502160178
•
Symptom: OpenFlow packets cannot be forwarded by using a MAC-IP flow table after a
master/subordinate switchover on an IRF fabric.
•
Condition: This symptom occurs if the ARP table is modified during the master/subordinate
switchover.
201505090053
•
Symptom: In an OpenFlow network, the CPU usage of the syslogd process is high when a large
number of ARP packets match flow entries and are sent to the controller.
•
Condition: This symptom occurs if a large number of ARP packets match flow entries in the
OpenFlow network.
201504200089
•
Symptom: In a basic MPLS L3VPN, the switch prints the COPP stack information.
•
Condition: This symptom occurs if the basic MPLS L3VPN functions are configured and traffic is
forwarded correctly.
201503060016
•
Symptom: During the flow entry deployment process, the switch is disconnected from the
OpenFlow controller and reconnects to the OpenFlow controller.
•
Condition: This symptom occurs if a large number of flow entries are deployed.
201504090145
•
Symptom: The switch is disconnected from the OpenFlow controller and reconnects to the
OpenFlow controller.
•
Condition: This symptom occurs if the switch is in an IRF fabric and the master member switch
of the IRF fabric is rebooted.
201504150070
•
Symptom: The duration of the flow entry in the Flow-Removed message that the switch sends
to the OpenFlow controller is 1 second longer than the hard_timeout value in the flow entry
when the flow entry is deployed.
•
Condition: This symptom occurs if the switch is connected to an OpenFlow controller.
201412080352
•
Symptom: After the ipv6 address dhcp-alloc and ipv6 dhcp client duid mac commands are
executed on the management interface, the interface successfully obtains an IPv6 address
prefix and a default route. The switch cannot obtain an IPv6 address after the switch is rebooted
even if the configuration has been saved.
•
Condition: This symptom might occur if the following operations have been performed:
a. Execute the ipv6 address dhcp-alloc and ipv6 dhcp client duid mac commands on the
management interface.
b. Save the configuration and reboot the switch.
201502060453
•
Symptom: An interface cannot forward traffic if the trill evb-support and evb enable
commands are executed on the interface.
•
Condition: This symptom might occur if the trill evb-support and evb enable commands are
executed on the interface.
201503300339
•
Symptom: The switch does not prompt for incorrect operations when non-existent VLANs are
replaced through NETCONF.
105
•
Condition: This symptom might occur if non-existent VLANs are replaced through NETCONF.
201504230156
•
Symptom: Residual BFD session information exists if the tunnel bfd enable destination-mac
and undo tunnel bfd enable commands are repeatedly executed.
•
Condition: This symptom might occur if the tunnel bfd enable destination-mac and undo
tunnel bfd enable commands are repeatedly executed.
201505180103
•
Symptom: An NMS retrieves an incorrect hh3cEntityExtErrorStatus value for a copper
transceiver module installed on the switch.
•
Condition: This symptom might occur if the NMS retrieves the hh3cEntityExtErrorStatus value
for a copper transceiver module installed on the switch.
201506050167
•
Symptom: NQA operations fail if they are performed frequently.
•
Condition: This symptom might occur if NQA operations are performed frequently.
201504140260
•
Symptom: Information for the display mac-address mac-move command is not included in
the output from the display diagnostic-information command.
•
Condition: This symptom might occur if the display diagnostic-information command is
executed.
201507140337
•
Symptom: Tracert operation fails if the route to the destination host is unknown.
•
Condition: This symptom might occur if the route to the destination host is unknown.
201506040169
•
Symptom: In an FC SAN, a node fails to register with the FC switch.
•
Condition: This symptom might occur if the interval is short for the node to send a PLOGI packet
after a FLOGI packet.
201501060627
•
Symptom: The driver of an IRF subordinate switch does not support portal rule assignment.
•
Condition: This symptom might occur if the following conditions exist.
a. A large number of portal users come online through an interface on the IRF master switch.
b. A master/subordinate switchover is performed.
201501260549
•
Symptom: AAA memory leak occurs if LDAP authentication is repeatedly performed.
•
Condition: This symptom might occur if LDAP authentication is repeatedly performed.
201504080051/201504080056/201504080046/201501260561
•
Symptom: Read and write permissions for some files do not meet the requirements of the
system.
•
Condition: This symptom might occur if the switch starts properly, and read and write
permissions for some files do not meet the requirements of the system.
201502030659
•
Symptom: Handle leak occurs if the display ipv6 netstream cache command is repeatedly
executed.
106
•
Condition: This symptom might occur if the display ipv6 netstream cache command is
repeatedly executed.
201502030665
•
Symptom: Handle leak occurs if the display ip netstream cache command is repeatedly
executed
•
Condition: This symptom might occur if the display ip netstream cache command is
repeatedly executed.
201504150067
•
Symptom: The switch does not return an error message when the Groupmod message for a
group entry contains invalid weight values and the group type of the group entry is not select.
•
Condition: This symptom occurs when the following conditions exist:

The Groupmod message for a group entry contains invalid weight values.

The group type of the group entry is not select.
201505070194
•
Symptom: An IRF fabric does not update the ARP entry for a MAC address when the MAC
address moves between member switches in an IRF fabric.
•
Condition: This symptom occurs if the MAC address learned on one member switch moves to
another member switch in the IRF fabric.
201410100191
•
Symptom: The iMC BIMS component does not delete user logs and configuration file when
restoring the factory default configuration for the switch.
•
Condition: This symptom occurs if the factory default configuration is restored through the iMC
BIMS component.
201503240442
•
Symptom: The Permission denied message is displayed when a user issues the undo
interface Bridge-Aggregation1 command without entering a space between the interface
type and the interface number.
•
Condition: This symptom occurs if the user role is permitted to use all read, write, and execute
commands of the LACP feature.
201409230444
•
Symptom: An switch continuously sends pause frames to the uplink switch.
•
Condition: This symptom occurs if the server attached to the switch continuously sends pause
frames to the switch.
201506250315
•
Symptom: An S-channel interface receives packets with the VLAN ID as 0.
•
Condition: This symptom occurs if the following operations are performed:
a. Enable EVB on the Layer 2 Ethernet interface where the S-channel interface is created.
b. Send untagged packets to the S-channel interface.
201506050282
•
Symptom: An LSU containing an LSA with a length of 264 fails to be sent out.
•
Condition: This symptom occurs if the OSPF NSR is enabled.
201412190247
•
Symptom: The time zones for MAC address move time are incorrect.
107
•
Condition: This symptom occurs if the clock timezone command is used to set the local time
zone.
201507090470
•
Symptom: The VCF controller fails to authenticate to its connected switch through TACACS.
•
Condition: This symptom occurs if the TACACS authentication is configured on the switch
through NETCONF.
201503030448
•
Symptom: A card on the EVB switch reboots because of memory leaks.
•
Condition: This symptom occurs if the EVB switch communicates with an EVB server on that
card.
201503300341/201503300336
•
Symptom: An interface still operates in Layer 3 mode after NETCONF is used to roll back the
configuration.
•
Condition: This symptom occurs if the interface operates in Layer 2 mode before the rollback
point.
201504150066
•
Symptom: When the OpenFlow switch receives a SET_CONFIG message with an invalid flag
value, the OpenFlow switch does not report an error to the controller.
•
Condition: This symptom occurs if the controller sends messages with invalid flag values in an
OpenFlow network.
201504160118
•
Symptom: When the bridge MAC address is added as a blackhole MAC address entry for the
first time, the system displays that the entry already exists.
•
Condition: This symptom might occur if the mac-address blackhole mac-address vlan vlan-id
command is executed to add the bridge MAC address as a blackhole MAC address entry.
201503180401
•
Symptom: The switch fails to output information for the display ip load-sharing path
command.
•
Condition: This symptom might occur if the following operations have been performed:
a. Execute the ip load-sharing mode per-flow dest-ip src-ip dest-port src-port command.
b. Execute the display ip load-sharing path command.
201505190278
•
Symptom: In a TRILL network, an egress RB cannot forward TRILL broadcast traffics out of the
outgoing interface.
•
Condition: This symptom might occur if TRILL is globally enabled on the RB, and the outgoing
interface is assigned to a VLAN.
201506030299
•
Symptom: A DHCP server cannot ping DHCP clients if many-to-one VLAN mappings are
configured on the intermediate device between them.
•
Condition: This symptom might occur if the following conditions exist:

The DHCP server is connected to the DHCP clients through the intermediate device.

The DHCP server and clients are in different VLANs. Many-to-one VLAN mappings are
configured on the intermediate device's interface connected to the DHCP clients.
108

The dhcp snooping trust, arp detection enable, and vlan-mapping nni commands are
executed on the intermediate device's interface connected to the DHCP server.
201503300139
•
Symptom: Though 32 Selected ports exist in an aggregation group, only 16 of them forward
traffic.
•
Condition: This symptom might occur if unicast traffic is sent to the aggregation group
201506030342
•
Symptom: The forwarding path in the output from the display link-aggregation load-sharing
path command is not the actual forwarding path.
•
Condition: This symptom might occur if an aggregation group receives unicast traffic.
201505110081
•
Symptom: Packets forwarded out of S-channel interfaces have only one VLAN tag.
•
Condition: This symptom might occur if the switch is operating in FCoE mode and receives
traffic.
201507020134
•
Symptom: The switch does not remove the customer VLAN tag from FCoE packets when it
forwards the packets out of an S-channel interface.
•
Condition: This symptom might occur if the PVID of the S-channel interface matches the
customer VLAN tag of the FCoE packets.
201507030086
•
Symptom: After the encapsulation default command is executed on an Ethernet service
instance, frame match criteria on other Ethernet service instances no longer take effect.
•
Condition: This symptom might occur if the encapsulation default command is executed on
one of the Ethernet service instances on the switch.
201506120267
•
Symptom: Execution of the mac-address static source-check enable command fails on a
Layer 3 aggregate interface.
•
Condition: This symptom might occur if the mac-address static source-check enable
command is executed on the Layer 3 aggregate interface.
201504200062
•
Symptom: In an 5900 IRF fabric, when some members are rebooted, traffic forwarding is
interrupted on their peers.
•
Condition: This symptom might occur if the following conditions exist:

Link aggregation is enabled for the IRF fabric.

The rebooted members use interfaces installed with a copper transceiver module for IRF
links to the peers. The remote ends of the IRF links on the peers go up in advance.
Resolved problems in R2418P06
201407220584
•
Symptom: On an IRF fabric, if a Layer 3 interface is assigned multiple IP addresses and a
master/subordinate switchover occurs, OSPF neighbor relationships are interrupted.
•
Condition: This symptom might occur if a Layer 3 interface is assigned multiple IP addresses
and a master/subordinate switchover occurs.
109
201507140229
•
Symptom: Known multicast packets with TTL 1 are dropped.
•
Condition: This symptom occurs if the following conditions exist:

IGMP snooping is enabled on the switch.

The multicast packets with TTL 1 are forwarded within a VLAN.
201508050368
•
Symptom: The controller cannot cancel the Ethernet service instance-to-VSI binding.
•
Condition: This symptom occurs if the controller issues configuration through NETCONF to
cancel the Ethernet service instance-to-VSI binding.
201508050374
•
Symptom: The interfaces at both ends of a link bounce up and down.
•
Condition: This symptom occurs if a local interface is split into four breakout interfaces and
these interfaces are connected to the peer device.
201508130060
•
Symptom: The PCIE access might fail.
•
Condition: This symptom occurs if the CPU usage is high and the switching chip is frequently
accessed.
201508100138
•
Symptom: When the next_hop_index0 of a traffic forwarding entry is modified to an invalid
value, the recovery mechanism is not triggered. As a result, traffic forwarding cannot be
restored.
•
Condition: This symptom occurs if the following operations are performed:
a. In probe view, execute the bcm slot slot-number chip 0
mod/l3_defip/-3073/1/NEXT_HOP_INDEX0=4 command.
b. In probe view, execute the bcm slot slot-number chip 0 d/l3_defip/3073/1/ command.
201508190136
•
Symptom: Only 10 characters of the patch version number are displayed.
•
Condition: This symptom occurs if the switch has a patch version installed and the display
version or display device command is executed.
201508050375
•
Symptom: In an IRF fabric formed by 5900 switches, the 5900 switches cannot communicate
with a 3PAR storage device.
•
Condition: This symptom occurs if the IRF master member switch is rebooted or ISSU is
performed.
201508050369
•
Symptom: After you access the switch through the Console port, the CLI does not respond.
•
Condition: This symptom occurs if a VLAN interface is created at the CLI.
201508300024
•
Symptom: In a spanning tree, the state of an aggregate interface is Forwarding. However, the
member ports of the aggregate interface on IRF subordinate member switches are in
Discarding state and do not forward traffic.
•
Condition: This symptom might occur if the following conditions exist:

In an IRF fabric, subordinate switches or all member switches are rebooted.
110

During the reboot process, the aggregate interface goes down and then comes up, and the
member ports on the subordinate member switches are down.
201505140415
•
Symptom: The LACP MAD state might frequently flap.
•
Condition: This symptom might occur if LACP MAD is configured for a large number of
aggregation groups.
Resolved problems in R2418P01
201502120368
•
Symptom: CVE-2014-9295
•
Condition: Stack-based buffer overflows in ntpd in NTP before 4.2.8 allows remote attackers to
execute arbitrary code via a crafted packet.
•
Symptom: CVE-2014-3571
•
Condition: A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
to a NULL pointer dereference. This could lead to a Denial Of Service attack.
•
Symptom: CVE-2015-0206
•
Condition: A memory leak can occur in the dtls1_buffer_record function under certain
conditions. In particular this could occur if an attacker sent repeated DTLS records with the
same sequence number but for the next epoch. The memory leak could be exploited by an
attacker in a Denial of Service attack through memory exhaustion.
•
Symptom: CVE-2015-0205
•
Condition: An OpenSSL server will accept a DH certificate for client authentication without the
certificate verify message. This effectively allows a client to authenticate without the use of a
private key. This only affects servers which trust a client certificate authority which issues
certificates containing DH keys.
•
Symptom: CVE-2014-3570
•
Condition: Bignum squaring (BN_sqr) may produce incorrect results on some platforms,
including x86_64. This bug occurs at random with a very low probability, and is not known to be
exploitable in any way.
•
Symptom: CVE-2015-0204
•
Condition: An OpenSSL client will accept the use of an RSA temporary key in a non-export
RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade
the security of the session.
•
Symptom: CVE-2014-3572
•
Condition: An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite
using an ECDSA certificate if the server key exchange message is omitted. This effectively
removes forward secrecy from the ciphersuite.
•
Symptom: CVE-2014-8275
•
Condition: By modifying the contents of the signature algorithm or the encoding of the
signature, it is possible to change the certificate's fingerprint. Only custom applications that rely
on the uniqueness of the fingerprint may be affected.
•
Symptom: CVE-2014-3569
•
Condition: The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and
1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote
attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an
unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with
certain error handling.
111
201505180272
•
Symptom: A port broadcasts its incoming unicast packets because the destination MAC
address lookup fails.
•
Condition: This symptom occurs if the port and its peer port continuously send unicast packets
to each other.
201412300447
•
Symptom: A device cannot be pinged when it is directly connected to an aggregate interface.
•
Condition: This symptom occurs if TRILL is enabled (trill enable) and then disabled (undo trill
enable) on the aggregate interface.
201504250083
•
Symptom: Some IRF member switches print the message "OVERLAYMACD ha upgrade failed"
and these switches enter kdb.
•
Condition: This symptom occurs when the following conditions exist:

A large number of known unicast packets with changing source MAC addresses are sent to
the IRF fabric.

Master/subordinate switchover occurs in the IRF fabric.
201504160288
•
Symptom: The console port displays garbled characters. This problem is solved after you log
out and then log in through the console port again.
•
Condition: This symptom occurs when the VLANs to which a port belongs are modified.
201504090111
•
Symptom: Serious packet loss occurs to Layer 3 packets forwarded by the switch,
•
Condition: This symptom occurs when the following conditions exist:

The number of route entries exceed 8K.

uRPF is enabled and then disabled.
201502050608
•
Symptom: A QoS policy fails to be applied to some VLANs because of insufficient ACL
resources when ACL resources are sufficient.
•
Condition: This symptom occurs if the following conditions exist:

A traffic class in the QoS policy includes both IPv4 and IPv6 ACLs as match criteria.

IPv4 ACLs are removed from the traffic class after the system displays a message that
indicates insufficient ACL resources.
201503130390
• Symptom: An aggregate interface forwards packets received on a member port out of another
member port in the aggregation group.
• Condition: This symptom occurs if the following operations are performed:
a. Configure an aggregation group on an IRF fabric with its member ports on different IRF
member devices.
b. Configure two Ethernet service instances on the aggregate interface, and map them to one
VSI.
201503260342
•
Symptom: A member port of an aggregation group cannot establish a micro BFD session with
the peer port.
112
•
Condition: This symptom occurs if the member port establishes a micro BFD session for
multihop detection.
201504150256
•
Symptom: An interface prints MAC address change information repeatedly for a previously
learned MAC address when no MAC address is added.
•
Condition: This symptom occurs if the following operations are performed:

The mac-address information mode syslog command is configured.

The mac-address information enable command is configured in system view.

The mac-address information enable added command is configured on an interface after
the interface learns a MAC address.
201502160178
•
Symptom: OpenFlow packets cannot be forwarded by using a MAC-IP flow table after a
master/subordinate switchover on an IRF fabric.
•
Condition: This symptom occurs if the ARP table is modified during the master/subordinate
switchover.
201409180122
•
Symptom: Layer 3 traffic is broadcast on an access switch.
•
Condition: This symptom occurs if the following conditions exist:

The access switch does not support TRILL.

TRILL VRs are configured on the distribution switches.
201502160108
•
Symptom: iMC cannot connect to a managed switch and generates an ICMP no response
alarm for the switch.
•
Condition: This symptom occurs if the switch suffers from attacks on the ipForwarding and
ipDefaultTTL nodes.
201412190247
•
Symptom: The time zones for MAC address move time are incorrect.
•
Condition: This symptom occurs if the display mac-address mac-move command is
executed.
201503020059
•
Symptom: Modifying or deleting an OpenFlow MAC-IP flow entry results in a memory leak.
•
Condition: This symptom occurs if the output port of a MAC-IP flow entry is modified or a
MAC-IP flow entry with an output port is deleted.
201502070165
•
Symptom: An IS-IS primary route cannot be installed into the routing table.
•
Condition: This symptom occurs if the following conditions exist:

The primary route is learned from a neighbor.

IS-IS FRR is enabled, but the backup next hop is unavailable.
201502040503
•
Symptom: The state of the BFD session in an IRF fabric toggles between down and init for 10
minutes after the IRF fabric splits.
•
Condition: This symptom occurs if BFD MAD and uRPF are configured on the IRF fabric.
113
201412200068
•
Symptom: The jumboframe enable 1536 or undo jumboframe enable command does not
take effect.
•
Condition: This symptom occurs if the undo jumboframe enable or jumboframe enable 1536
command has been configured.
201501280247
•
Symptom: The switch forwards some IP traffic to incorrect VPNs.
•
Condition: This symptom occurs if two ARP entries exist for one IP address because the output
interface of an ARP entry changes.
201502160110
•
Symptom: The switch acting as an access device in a portal system logs out a portal client after
the client reboots.
•
Condition: This symptom occurs if the following conditions exist:

Portal roaming is enabled.

DHCP server or DHCP relay agent is enabled on the interface connected to the portal client.

The interface connected to the portal client changes during the reboot of the portal client.
201503100015
•
Symptom: The member ports in an aggregation group on the master switch in an IRF fabric
cannot be selected.
•
Condition: This symptom might occur after the entire IRF fabric is rebooted.
201501270115
•
Symptom: A walk on the hh3cVsiStatistics node times out.
•
Condition: This symptom occurs if the following operations are performed:
a. Configure 4095 VSIs (the upper limit).
b. Perform a walk on the hh3cVsiStatistics node by using a MIB tool.
201502090577
•
Symptom: Tunnels established by using ENDP in an IRF fabric have tunnel interface views.
•
Condition: This symptom occurs if master election occurs multiple times.
201503130204
•
Symptom: In a non-default MSTI, all the four 10 GE breakout interfaces split from a 40 GE
interface are in incorrect port states and cannot forward packets.
•
Condition: This symptom occurs when the following conditions exist:

MSTP is disabled globally.

VLAN 1 is mapped to the non-default MSTI.
201501130302
•
Symptom: The class-based accounting action does not take effect on a Layer 3 aggregate
subinterface.
•
Condition: This symptom occurs if a QoS policy containing the class-based accounting action is
applied to a Layer 3 aggregate subinterface.
201502120452
•
Symptom: The minimum guaranteed bandwidth setting does not take effect.
•
Condition: This symptom occurs if you assign a queue to the WRR group and set the minimum
guaranteed bandwidth for the queue in a queue scheduling profile.
114
201502120422
•
Symptom: The display qos qmprofile configuration command displays the value previously
set for the minimum guaranteed bandwidth after the undo bandwidth queue command is
executed.
•
Condition: This symptom occurs if the following operations are performed:
a. Set the minimum guaranteed bandwidth in a queue scheduling profile.
b. Execute the undo bandwidth queue command to delete the minimum guaranteed
bandwidth setting.
201503120210
•
Symptom: An interface enabled with the DHCP relay agent drops DHCP packets.
•
Condition: This symptom occurs if the interface is configured with secondary VLANs.
201501130340
•
Symptom: The information format of the display trill interface command output is incorrect.
•
Condition: This symptom occurs when the display trill interface command is executed.
201502090087
•
Symptom: A Layer 3 Ethernet interface with subinterfaces leaves its interface range.
•
Condition: This symptom occurs when the Layer 3 Ethernet interface is configured as a Layer 2
Ethernet interface.
201501290469
•
Symptom: A 10 GE copper port cannot communicate with the connected 100 Mbps NIC on a
PC.
•
Condition: This symptom occurs if the 10 GE copper port is configured to negotiate a speed with
its peer.
201501120063
•
Symptom: An 5900-24S switch drops packets received on all aggregate interfaces.
•
Condition: This symptom occurs if the burst-mode enable command is configured on the
switch.
201501280230
•
Symptom: An aggregate interface is in an incorrect STP port state.
•
Condition: This symptom occurs if the following operations are performed:
a. Create a large number of S-channels on the aggregate interface.
b. Shut down and bring up each member port in the aggregation group repeatedly.
201501130051
•
Symptom: An aggregate interface is not in the same VLAN as its member ports and cannot
forward packets.
•
Condition: This symptom occurs if the following operations are performed:
a. Create an aggregation group and assign interfaces with continuous numbers to the
aggregation group.
b. Create an interface range and assign all member ports in the aggregation group to the
interface range.
c. Copy the configuration in interface range view.
d. Delete the configuration in interface range view by using the default command and quickly
apply the copied configuration to the interface range.
115
201503110180
•
Symptom: An 8 Gbps FC module negotiates its transmission speed as 4 Gbps.
•
Condition: None.
Resolved problems in R2416
201507270156
•
Symptom: The switch reboots unexpectedly if it has been running for a long period of time.
•
Condition: This symptom might occur if the switch has been running for a long period of time.
201504270026
•
Symptom: Loops occur after two directly connected aggregate interfaces are assigned to the
same VLANs as trunk ports.
•
Condition: This symptom occurs if the following conditions exist:

TRILL is enabled on the two aggregate interfaces.

The link type of each aggregate interface is set to access.
201410160581
•
Symptom: In an OpenFlow network, the switch is repeatedly connected to and disconnected
from the controller.
•
Condition: This symptom occurs when the following conditions exist:

The controller deploys a flow table to the switch.

The default action for the table-miss flow entry is changed to send packets to the controller.

The flag is set to send_flow_rem for the table-miss flow entry.
201410150850
•
Symptom: Two TRILL access switches become AVFs at the same time, and loops occur.
•
Condition: This symptom occurs when a network segment connects to the TRILL network
through two RBs and the Hello interval is set to 255 seconds.
201411280112
•
Symptom: In the output from the display version command, WarmReboot might be displayed
for the Reboot Cause field, which should be UserReboot.
•
Condition: This symptom occurs when you use the reboot command to reboot the switch and
then execute the display version command.
201412090131
•
Symptom: Some ports specified in a group table cannot forward traffic.
•
Condition: This symptom occurs when the following conditions exist:

A controller deploys flow tables and group tables.

Master/subordinate switchover is performed in an IRF fabric.
201410230307
•
Symptom: When you delete the specified flow entry, another flow entry is deleted by mistake.
•
Condition: This symptom occurs when the following conditions exist:

The controller deploys two flow entries with the same destination MAC address but different
VNIs.

Delete a flow entry specified by its address ID.
116
201412300447
•
Symptom: A device cannot be pinged when it is directly connected to an aggregate interface.
•
Condition: This symptom occurs if TRILL is enabled (trill enable) and then disabled (undo trill
enable) on the aggregate interface.
201410200547
•
Symptom: In an OpenFlow network, the switch might lose connectivity to the controller.
•
Condition: This symptom might occur if the Layer 3 interface connected to the controller is
repeatedly shut down and brought up.
201411280017
•
Symptom: The State field displays Absent in the output from the display device usb
command.
•
Condition: This symptom might occur when the following conditions exist:

Multiple switches form an IRF fabric.

A USB flash drive is inserted into an IRF member switch.

The display device usb command is executed after the IRF fabric is rebooted.
201410230145
•
Symptom: The BFD session stays in down state on a GRE tunnel interface.
•
Condition: This symptom occurs when the following conditions exist:

The switch runs OSPF and establishes connections to other devices through the active
GRE tunnel.

BFD is enabled for OSPF on the GRE tunnel interface.
201411010063
•
Symptom: The Port and protocol VLAN supported field displays No in the output from the
display lldp local-information interface command.
•
Condition: This symptom occurs if the lldp tlv-enable dot1-tlv protocol-vlan-id command has
been configured on the specified Layer 2 Ethernet interface.
201410290156
•
Symptom: The output from the display qos-acl resource command shows that the remaining
VFP resources are oversized.
•
Condition: This symptom occurs when the following procedure is performed:
a. Create plenty of Layer 3 Ethernet subinterfaces, so that VFP resources are 100% used.
b. Create a VLAN instance, and bind it to Layer 3 Ethernet interfaces.
201411060336
•
Symptom: The CLI is stuck.
•
Condition: This symptom occurs when the following conditions exist:

Based on the 10-GE interface numbers starting from 1, each four interfaces are assigned to
a group.

Some interfaces in a group are bound to IRF ports, and the other interfaces in the group are
assigned to a service loopback group.
201411050312
•
Symptom: MPLS-TE RSVP tunnels cannot come up correctly.
•
Condition: This symptom occurs after MPLS-TE RSVP Tunnels are established.
117
201411100339
•
Symptom: The global BGP timer does not take effect.
•
Condition: This symptom occurs when the following procedure is performed:
a. Configure the timer for a specific BGP peer and configure the global timer.
b. Use the undo peer timer command to restore the default timer for the peer.
c. Execute the reset bgp all command.
201410210032
•
Symptom: BGP learns routes very slowly.
•
Condition: This symptom occurs after MPLS-TE RSVP tunnels are established.
201412300431
•
Symptom: An IRF fabric splits.
•
Condition: This symptom occurs if SPBM is disabled when the IRF fabric is receiving traffic from
the SPBM network.
201412050332
•
Symptom: The OperMau field displays Speed(0)/Duplex(Unknown) in the local or neighbor
LLDP information of a 10-GE copper interface.
•
Condition: This symptom occurs if the local or neighbor LLDP information is displayed for the
interface.
201411280049
•
Symptom: A 40-G interface cannot be configured to operate in half duplex mode through CLI,
but it can be configured to operate in half duplex mode through netconf.
•
Condition: This symptom occurs when netconf is used to configure the 40-G interface to
operate in half duplex mode.
201410140435
•
Symptom: The zone default-zone permit command configuration might fail to be deployed to
some VSANs.
•
Condition: This symptom occurs when the following conditions exist:

Multiple switches form a network.

Reboot all switches in the network.
201410200148
•
Symptom: After the screen disable command is executed, if the display copyright command
is executed for multiple Telnet clients at the same time, the remaining CPU decreases and the
switch reboots.
•
Condition: This symptom occurs when the following procedure is performed:
a. Start the Telnet server, and connect 20 Telnet clients to the server.
b. Execute the screen disable command for each client, and then execute the display
copyright command.
201411130022
•
Symptom: The switch is in an SPBM network, and untagged frames are not correctly matched
on an interface.
•
Condition: This symptom occurs if the switch is restarting or the frame match criterion of the
Ethernet service instance is modified on the interface.
118
201411040342
•
Symptom: The output from the display this command displays the default state (off) of an FC
interface, which should not be displayed.
•
Condition: This symptom occurs when the following procedure is performed:
a. Configure the FCoE mode of the switch as NPV.
b. Enter FC interface view, and execute the undo port trunk mode command.
c. Execute the display this command.
Resolved problems in E2415
201408120338
•
Symptom: No traps appear when an unsupported power supply is installed in a switch.
•
Condition: This symptom occurs when an LSVM1AC300 or LSVM1DC300 power supply is
installed into a 5920AF-24XG or 5900AF-48G-4XG-2QSFP+ switch which do not support 300V
power supplies.
Resolved problems in R2311P06
CVE-2014-9295
•
Symptom: CVE-2014-9295
•
Condition: Stack-based buffer overflows in ntpd in NTP before 4.2.8 allows remote attackers to
execute arbitrary code via a crafted packet.
CVE-2014-3571
•
Symptom: CVE-2014-3571
•
Condition: A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
to a NULL pointer dereference. This could lead to a Denial Of Service attack.
CVE-2015-0206
•
Symptom: CVE-2015-0206
•
Condition: A memory leak can occur in the dtls1_buffer_record function under certain
conditions. In particular this could occur if an attacker sent repeated DTLS records with the
same sequence number but for the next epoch. The memory leak could be exploited by an
attacker in a Denial of Service attack through memory exhaustion.
CVE-2015-0205
•
Symptom: CVE-2015-0205
•
Condition: An OpenSSL server will accept a DH certificate for client authentication without the
certificate verify message. This effectively allows a client to authenticate without the use of a
private key. This only affects servers which trust a client certificate authority which issues
certificates containing DH keys.
CVE-2014-3570
•
Symptom: CVE-2014-3570
•
Condition: Bignum squaring (BN_sqr) may produce incorrect results on some platforms,
including x86_64. This bug occurs at random with a very low probability, and is not known to be
exploitable in any way.
119
CVE-2015-0204
•
Symptom: CVE-2015-0204
•
Condition: An OpenSSL client will accept the use of an RSA temporary key in a non-export
RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade
the security of the session.
CVE-2014-3572
•
Symptom: CVE-2014-3572
•
Condition: An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite
using an ECDSA certificate if the server key exchange message is omitted. This effectively
removes forward secrecy from the ciphersuite.
CVE-2014-8275
•
Symptom: CVE-2014-8275
•
Condition: By modifying the contents of the signature algorithm or the encoding of the
signature, it is possible to change the certificate's fingerprint. Only custom applications that rely
on the uniqueness of the fingerprint may be affected.
CVE-2014-3569
•
Symptom: CVE-2014-3569
•
Condition: The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and
1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote
attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an
unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with
certain error handling.
201412190232
•
Symptom: SSH users fail to log in to the switch.
•
Condition: This symptom occurs if the password-control enable command is configured on
the switch.
201503180292
•
Symptom: iMC cannot connect to a managed switch and generates an ICMP no response
alarm for the switch.
•
Condition: This symptom occurs if the switch suffers from attacks on the ipForwarding and
ipDefaultTTL nodes.
201412310072
•
Symptom: The traffic accounting action does not take effect.
•
Condition: This symptom occurs when you apply a QoS policy containing the traffic accounting
action to a Layer 3 aggregate subinterface.
201503050396
•
Symptom: A walk on the hh3cTransceiverChannelTable node times out.
•
Condition: This symptom occurs if the following operations are performed:
a. Install a QSFP+ transceiver modules on the switch.
b. Perform a walk on the hh3cTransceiverChannelTable node by using a MIB browser.
201503120214
•
Symptom: An interface enabled with the DHCP relay agent drops DHCP packets.
•
Condition: This symptom occurs if the interface is configured with secondary VLANs.
120
201501160425
•
Symptom: The bpdu-drop any command configuration is missing on a subordinate switch.
•
Condition: This symptom occurs if the following operations are performed:
a. Configure the bpdu-drop any command on the subordinate switch.
b. Save the configuration.
c. Reboot the switch.
201411170127
•
Symptom: The switch cannot obtain LLDP neighbor information through an aggregate
interface.
•
Condition: This symptom occurs after the shutdown and undo shutdown command sequence
is executed on an aggregate interface in up state.
201412250321
•
Symptom: An RR-capable S-channel aggregate interface cannot forward packets received on
one member port out of another member port.
•
Condition: This symptom occurs if you enable the RR mode for the S-channel.
201501300447
•
Symptom: The switch does not transparently transmit BPDUs after the spanning tree feature is
disabled globally.
•
Condition: This symptom occurs when the spanning tree feature is disabled globally.
201409260428
•
Symptom: The switch fails to save printed logs to the log file after a reboot.
•
Condition: This symptom occurs if the switch reboots unexpectedly.
201501260391
•
Symptom: 10 GE breakout interfaces split from a QSFP+ port go down and up intermittently.
•
Condition: This symptom occurs if the QSFP+ port also has 10 GE breakout interfaces in down
state.
201501080322
•
Symptom: The Type field in the display transceiver interface command output displays
Unknown for an interface.
•
Condition: This symptom occurs if a 1000_BASE_T_AN_SFP transceiver module is installed in
the interface.
201503030447
•
Symptom: Memory leaks of 32 bytes and 40 bytes occur.
•
Condition: This symptom occurs if the following conditions exist:

EVB is enabled on an interface.

S-channels are established with VMs.
201503130399
•
Symptom: An aggregate interface in an IRF fabric forwards packets received on one member
port out of the another member port.
•
Condition: This symptom occurs if the following conditions exist:

Member ports in the aggregation group are on different IRF member switches.

The two service instances on the aggregate interface are bound to the same VSI.
121
201503110575
•
Symptom: A member port in an aggregation group is brought down when other member ports
go down and up.
•
Condition: This symptom occurs if the member port is enabled with MAC address move
suppression.
201406230071
•
Symptom: The log information printed after a reboot indicates that the link layer protocol of
member ports in an aggregation group goes up and down.
•
Condition: This symptom occurs if the following conditions exist:

Some member ports are on a subordinate switch.

The subordinate switch is rebooted.
201503030478
•
Symptom: The switch learns incorrect ARP entries.
•
Condition: This symptom occurs if the switch receives ARP packets with an invalid IP address
0.0.0.0 as the source IP address.
201501100065
•
Symptom: Secure MAC addresses cannot be deleted through iMC or MIB.
•
Condition: This symptom occurs if you delete secure MAC addresses through iMC or MIB.
201502270188
•
•
Symptom: An interface on one of the following switches drops packets from the peer device
because the interface comes up during a reboot before it can forward packets.

HP 5900AF-48XG-4QSFP+ Switch JC772A.

HP 5900AF-48XG-4QSFP+ TAA-compliant Switch JG554A.

HP 5920AF-24XG Switch JG296A.

HP 5920AF-24XG TAA-compliant Switch JG555A.
Condition: This symptom occurs if the following operations are performed:

Install a fiber-to-copper module into the interface and connect the switch to the peer device
through the module.

Reboot the switch.
201501120055
•
Symptom: The 5920AF-24XG JG296A/5920AF-24XG TAA switch and peer device cannot ping
each other.
•
Condition: This symptom occurs if the following conditions exist:

The burst-mode enable command is configured on the 5920AF-24XG
JG296A/5920AF-24XG TAA switch.

The 5920AF-24XG JG296A/5920AF-24XG TAA switch is directly connected to the peer
device through aggregate interfaces.
201501160161
•
Symptom: The bindings between VFC interfaces and physical interfaces do not take effect.
•
Condition: This symptom occurs if the following conditions exist:

The physical interfaces are member ports in an aggregation group.

A VFC interface is bound to each physical interface.
122
201410240564
•
Symptom: The switch cannot mirror incoming FC or FCoE packets to the monitor port.
•
Condition: This symptom occurs if remote port mirroring is configured on the switch acting as a
source device.
201503110192
•
Symptom: The negotiated speed for an FC interface is 4 Gbps when the FC interface has a 8
Gbps transceiver module installed.
•
Condition: This symptom might occur if the following operations are performed:
a. Change a Layer 2 Ethernet interface to an FC interface.
b. Install an HP 8 Gbps FC transceiver module into the FC interface.
201503310158
•
Symptom: Tracert might fail if the ip icmp error-interval command is not configured or
specifies a non-zero value.
•
Condition: This symptom might occur if the ip icmp error-interval command is not configured
or specifies a non-zero value.
Resolved problems in R2311P05
CVE-2014-3567
•
Symptom: CVE-2014-3567.
•
Condition: When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of
that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail
to free memory causing a memory leak. By sending a large number of invalid session tickets an
attacker could exploit this issue in a Denial of Service attack.
SSL 3.0 Fallback protection
•
Symptom: SSL 3.0 Fallback protection.
•
Condition: OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to
block the ability for a MITM attacker to force a protocol downgrade. Some client applications
(such as browsers) will reconnect using a downgraded protocol to work around interoperability
bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade
connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0
contains a number of weaknesses including POODLE (CVE-2014-3566).
CVE-2014-3568
•
Symptom: CVE-2014-3568.
•
Condition: When OpenSSL is configured with "no-ssl3" as a build option, servers could accept
and complete a SSL 3.0 handshake, and clients could be configured to send them.
201411040312
•
Symptom: In the output from the display device manuinfo slot slot-number power power-id
command, the MANU SERIAL NUMBER field is blank.
•
Condition: This symptom occurs when the switch has an LSVM1AC300, LSVM1DC300, or
LSVM1AC650 power supply installed and the display device manuinfo slot slot-number
power power-id command is used to display the electronic label information about the power
supply.
201411280162
•
Symptom: The switch cannot respond to a multi reply message, and it is disconnected from the
controller.
123
•
Condition: This symptom occurs when the following conditions exist:

The controller deploys two flow entries. The table-miss flow entry is not the default (by
default, a table-miss flow entry drops packets).

The controller queries information about flow entries.
201409030138
•
Symptom: During ISSU upgrade to a compatible version, the switches in an IRF fabric are
reconnected to controllers.
•
Condition: This symptom occurs when the following conditions exist:

The switches form an IRF fabric and are connected to controllers.

ISSU upgrade to a compatible version is performed.
201410130397
•
Symptom: BGP routes are learned very slowly.
•
Condition: This symptom occurs when a large number of routes with changed AS path
attributes are injected to the switch.
201412090206
•
Symptom: When you Telnet to a switch and view the memory usage for the Telnet process, no
information is displayed.
•
Condition: This symptom occurs when the following procedure is performed:
a. Telnet to the switch.
b. Use the display process memory heap command to view the memory usage for the
Telnet process.
201411280348
•
Symptom: After mirroring packets to a CPU is configured, the packets mirrored to the CPU are
incorrectly encapsulated.
•
Condition: This symptom occurs when the following conditions exist:

Configure mirroring packets to a CPU.

View the contents of packets mirrored to the CPU.
201411110152
•
Symptom: LLDP information for a 40-GE interface is incorrectly displayed.
•
Condition: This symptom occurs when the following conditions exist:

LLDP is enabled globally and on the 40-GE interface.

The display lldp neighbor-information verbose command is used to display the detailed
LLDP information for the 40-GE interface.
201410150732
•
Symptom: When Layer 3 traffic passes through a network management interface, the network
management interface operates incorrectly.
•
Condition: This symptom occurs when the following conditions exist:

The network management interface operates at 100 Mbps and at half duplex mode through
autonegotiation.

Incoming packets and outgoing packets appear on the network management interface at
the same time.
2014111070472
•
Symptom: When a link-down event occurs to an aggregation group member port, the linkdown
SNMP traps are not sent as expected.
124
•
Condition: This symptom occurs when the following conditions exist:

The 5900 switches form an IRF fabric. One interface on the master member switch and one
interface on the subordinate member switch are assigned to Layer 2 aggregate interface
BAGG1.

When the member port XGE 2/0/1 on the master member switch is shut down, the member
port XGE 1/0/1 on the subordinate member switch does not send linkdown SNMP traps
carrying ifAdminstatus and IfOperStatus. When the member port XGE 1/0/1 on the
subordinate member switch is shut down, the linkdown traps can be sent.
201411130364
•
Symptom: Static routes fail to be issued.
•
Condition: This symptom occurs when the following conditions exist:

NETCONF is used to issue static routes.

The value of <NexthopVrfIndex></NexthopVrfIndex> is different from the value of
<DestVrfIndex></DestVrfIndex>.
201410240289
•
Symptom: Flow mirroring cannot obtain the destination MAC address for an ARP entry, and the
destination MAC address is displays as all-Fs.
•
Condition: This symptom occurs when the following conditions exist:

Configure the destination IP address of remote flow mirroring as a directly-connected IP
address.

Shut down and then bring up the VLAN interface identified by the destination IP address.
201410150536
•
Symptom: The switch displays errors in logs showing that "The driver does not support rule
assignment."
•
Condition: This symptom occurs when the following conditions exist:

Cross-subnet portal authentication is enabled in an IRF fabric.

A user logs in successfully and traffic can be transmitted.
201410220398
•
Symptom: A special configuration file name causes the configuration file comparison feature to
fail.
•
Condition: This symptom occurs when a configuration file with a name containing "%s" is
specified as the startup configuration file.
201412130015
•
Symptom: In an IRF fabric, the system fails to allocate memory for sending packets on the
subordinate card.
•
Condition: This symptom occurs when the interfaces on the subordinate card are repeatedly
brought up and shut down.
201412120208
•
Symptom: After a packet is forwarded through MPLS, the DSCP precedence information in the
original IP packet is lost.
•
Condition: This symptom occurs when the following conditions exist:

The switch is configured with an MPLS L3VPN.

The switch receives an MPLS packet. The original IP packet of the MPLS packet contains
the DSCP precedence information.
125
201410140570
•
Symptom: A downlink aggregation group member port of a monitor link group is down.
•
Condition: This symptom occurs when the uplink ports of the monitor link group are shut down.
201410110066
•
Symptom: The ipv6 dhcp client duid mac command might still exist on a VLAN interface.
•
Condition: This symptom occurs when the following procedure is performed:
a. Configure the ipv6 dhcp client duid mac command in VLAN interface view.
b. Delete the VLAN interface.
c. Create the VLAN interface.
201412090054
•
Symptom: The BFD session on a tunnel interface is always down.
•
Condition: This symptom occurs when the following procedure is performed:
a. Create a tunnel interface, and configure the tunnel mode of the interface as GRE over IPv4.
b. Configure OSPF BFD on the tunnel interface.
201411270333
•
Symptom: When the table-miss flow entry is restored to the default, it does not support
collecting packet statistics.
•
Condition: This symptom occurs when the following conditions exist:

The ACL table-miss flow entry configured for the OpenFlow instance is activated.

The ACL table-miss entry is deleted manually or aged.
201411170127
•
Symptom: An aggregation group member port cannot get the LLDP neighbor information.
•
Condition: This symptom occurs when the following procedure is performed:
a. Shut down the aggregate interface.
b. Bring up the aggregate interface when the member port is physically up.
201411280337
•
Symptom: An SSH client fails to log in to the switch.
•
Condition: This symptom occurs when the following conditions exist:

The switch acts as the SSH server and is configured with RSA and DSA key pairs.

The SSH client uses the RSA public key algorithm.
201411070457
•
Symptom: The display mac-address command does not display any MAC address entries.
•
Condition: This symptom occurs when private VLAN is configured on the switch and traffic
arrives at the switch.
201411060615
•
Symptom: The system displays an error message showing that "The service OFP status failed:
abnormal exit!"
•
Condition: This symptom occurs when OFP instances are activated in an IRF fabric.
201411280366
•
Symptom: When a QoS policy is configured to mirror packets to a CPU on the JG296A/JG555A
switch, the switch and its directly connected device cannot ping each other.
126
•
Condition: This symptom occurs when a QoS policy is configured to mirror packets to a CPU on
the JG296A/JG555A switch.
201409110503
•
Symptom: When software is being upgraded for the JG838A/JH036A/E7W29A switch, the
console port of the switch does not respond.
•
Condition: This symptom occurs when the software of version R2307 is loaded and then
upgraded to the version R2311P04 for the switch.
Resolved problems in R2311P04
201409110503
•
Symptom: After the burst-mode enable command is set on a 5920-24XG switch, the switch
and a directly connected device cannot ping each other and the 5920-24XG switch cannot be
logged in through Telnet or SSH.
•
Condition: This symptom can be seen if the burst-mode enable command is set on a
5920-24XG switch.
201409120119
•
Symptom: On a 5920-24XG switch, the flow-control function fails to suppress traffic on two
ingress ports, resulting in traffic congestion and packet loss on the egress port.
•
Condition: This symptom can be seen if the following conditions exist:

Two ports enabled with the flow-control function receive traffic at line rate and forward the
traffic to the egress port.

The burst-mode enable command is configured.
201409100557
•
Symptom: The output from the display stp brief command executed on an IRF fabric shows
information about ports that are not enabled with STP.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Enable global STP on an IRF fabric and enable STP on ports of the master and subordinate.
b. Save the configuration and reboot the IRF fabric.
c. Execute the display stp brief command.
201409090165
•
Symptom: The switch reboots unexpectedly.
•
Condition: This symptom occurs when about 4K DHCP users come online or renew leases.
201409050316
•
Symptom: The NTP process exits unexpectedly on the switch.
•
Condition: This symptom occurs when the following procedure is performed:
a. The switch is configured with NTP.
b. The configuration is saved and then the switch is restarted.
c. The switch receives private packets in NTP mode 7 after it is started.
201408220191
•
Symptom: After the switch is patched or the aggregation process is restarted, the member ports
in Individual state in an aggregation group leave the aggregation group and cannot be assigned
to the aggregation group.
127
•
Condition: This symptom occurs when aggregation group member ports in Individual state exist
on subordinate member switches of an IRF fabric.
201409260401
•
Symptom: When the actions in an OpenFlow flow entry include sending packets to the
controller and directing packets to a meter, the packets matching the flow entry cannot be sent
to the controller.
•
Condition: This symptom occurs when the actions in an OpenFlow flow entry include sending
packets to the controller and directing packets to a meter.
201409260353
•
Symptom: The system displays a message showing "The service OFP status failed :
abnormal exit!".
•
Condition: This symptom occurs when the following conditions exist:

OpenFlow deploys a meter associated with the table-miss flow entry and then deletes the
meter.

Traffic to be processed by the table-miss flow entry arrives at the switch.
201410090209
•
Symptom: A subordinate IRF member switch might reboot twice.
•
Condition: This symptom occurs when the following procedure is performed:
a. Use 40-G transceiver modules and fibers to connect switches to form an IRF fabric.
b. Reboot the IRF fabric.
201409050328
•
•
Symptom: When a command is used on the peer end to display the neighbor's LLDP
information, the output shows that the rate and duplex mode of the local interface connected to
the peer is as follows:

The speed is 0.

The duplex mode is unknown.
Condition: This symptom occurs when the following conditions exist:

LLDP is enabled globally and on all ports on the local switch.

The local switch is connected to the peer end through 40G QSFP+ transceiver modules of
the CSR4 type.
201404140063
•
Symptom: When the display transceiver manuinfo command is used to display electronic
label information about a transceiver module, the system displays a message showing that
"The transceiver does not support this function."
•
Condition: This symptom occurs when a DWDM SFP+ transceiver module for which the
electronic label information has been written is installed.
201408130322
•
Symptom: After a 40-GE interface is split into four 10-GE breakout interfaces and a QSFP+
transceiver module with the code of 0231A2E4 produced by INNOLIGHT is installed in the
40-GE interface, the interface cannot recognize the transceiver module, and it repeatedly goes
up and down.
•
Condition: This symptom occurs when the following procedure is performed:
a. Use the using tengige command to split the 40-GE interface into four 10-GE breakout
interfaces.
b. Install a 40-GE QSFP+ transceiver module with the code of 0231A2E4 produced by
INNOLIGHT in the 40-GE interface.
128
201406130208
•
Symptom: The duration_sec value (which indicates the lifetime of a flow entry) in the flow
removed message that the OpenFlow switch sends to the controller might be one second
longer than the hard_timeout value set in the flow entry that the controller deploys.
•
Condition: This symptom occurs when the following procedure is performed:
a. Deploy a flow entry configured with only hard_timeout.
b. View the duration_sec value in the flow removed message sent to the controller after the
flow entry times out.
201409160439
•
Symptom: When the software image is downloaded, chassis appears in the message that
appears.
•
Condition: This symptom occurs when the IRF software auto-update feature is used to
download the software image.
201408260460
•
Symptom: The entPhysicalVendorType value for an LR4 transceiver module obtained in MIB is
incorrect.
•
Condition: This symptom occurs when the following procedure is performed:
a. Install an LR4 transceiver module in a port of the switch.
b. Use the MIB browser tool to read the entPhysicalVendorType value for the port.
201409010368
•
Symptom: When the switch receives a Hello message of an unknown Hello element type, the
switch does not ignore the message as defined in the standard, and the switch returns an error
message.
•
Condition: This symptom occurs when the switch receives a Hello message of an unknown
Hello element type in an OpenFlow network.
201311180209
•
Symptom: The memory usage reaches the alarm threshold. The flow entries do not age out
when traffic does exist in the network.
•
Condition: This symptom occurs when plenty of flow entries configured with idle time are
deployed.
201408250565
•
Symptom: The system displays a message showing that "System is busy or this command
can't be executed because of no such privilege!"
•
Condition: This symptom occurs when you log in to the switch through SSH and issue
commands in batches.
201407040500
•
Symptom: The switch reboots unexpectedly or operates abnormally.
•
Condition: This symptom occurs when the following conditions exist:

Portal authentication is enabled on interfaces of the switch.

Plenty of users access the external network through the switch.
201408060484
•
Symptom: When two users sharing an account log in after passing Layer 3 portal authentication
in the Web interface, the user that first logs in is logged out 12 minutes after the login.
129
•
Condition: This symptom occurs when portal authentication is enabled and the two users are
configured to use the same account on the IMC authentication server.
201407250412
•
Symptom: The switch directly returns a hello packet received from a client, and then returns the
hello packet of the server.
•
Condition: This symptom occurs when NETCONF operations are performed for the switch
through NETCONF over SSH and the client immediately sends a hello packet after the SSH
connection is established.
201408220480
•
Symptom: CVE-2014-3508
•
Condition: A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack.
Applications may be affected if they echo pretty printing output to the attacker.
201409240323
•
Symptom: Long delay is detected when Vmotion is carried out, and mac-address mac-move
fast-update does not help the problem.
•
Condition: Vmotion is carried out on bridge aggregation.
Resolved problems in R2311P03
201409190364
•
Symptom: The state field cannot change with the power module install/uninstall and the power
module powered on/off.
•
Condition: Install/uninstall the power module or power on/off the power module then execute
the display power command on 5920-24XG device.
201407210092
•
Symptom: A Telnet or SSH user fails to log in to the switch without any prompt information when
the upper limit for Telnet or SSH users has been reached.
•
Condition: This symptom can be seen if a Telnet or SSH user logs in to the switch when the
upper limit for Telnet or SSH users has been reached.
201406230420
•
Symptom: After an IRF fabric and a controller complete TCP handshake, the controller sends
an OFP hello packet, but the IRF fabric returns a RST packet, resetting the TCP connection.
•
Condition: This symptom can be seen if the following conditions exist:

The controller connects to an IRF subordinate switch.

Repeated shutdown and undo shutdown operations are performed on the port that
connects to the controller.
201408010271
•
Symptom: The output from the display clock command does not show the local zone time
although the local time zone has been configured.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Configure the local time zone.
b. Perform an ISSU reboot.
130
201407150514
•
Symptom: When dynamic link aggregation uses LACP to negotiate Selected ports, it is not the
device with the smallest device ID (containing the system LACP priority and the system MAC
address) that determines the Selected ports.
•
Condition: This symptom occurs when the following conditions exist:

The peer end of an aggregate link contains two devices. One of the two devices has a
smaller device ID, which means a higher priority.

On the local end, the interface connecting to the higher-priority peer device has a greater
index than the interface connecting to the lower-priority peer device.
201404250257
•
Symptom: Some packets forwarded through an SPBM network get lost.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Configure graceful-restart on the SPBM network.
b. Execute the reset spbm database graceful-restart command or perform an SPBM
active/standby switchover.
201407040601
•
Symptom: An aggregate interface fails to forward TRILL traffic.
•
Condition: This symptom can be seen if the following conditions exist:

Two RBs connected through Layer 2 Ethernet ports establish a neighbor relationship.

The ports between the two RBs are added to an aggregation group.
201408260578
•
Symptom: CRC error packet statistics exist on the local 40GE port or the peer port.
•
Condition: This symptom can be seen if the local 40GE port is installed with a QSFP+
transceiver module that supports a maximum transmit distance of 300 meters.
201407180277
•
Symptom: An IRF fabric on a TRILL network splits.
•
Condition: This symptom can be seen if the following conditions exist:

Rapidly enable and disable TRILL on a port.

A loop exists on the TRILL network, resulting TRILL loop storm.
201408140216
•
Symptom: TRILL traffic is interrupted for up to 40 seconds.
•
Condition: This symptom can be seen if the following conditions exist:

An RB with the highest DRB priority joins a broadcast network.

The new RB has the lowest MAC address among non-DRBs.

Two DRBs (the new RB and the original DRB) appoint AVFs for VLANs on the broadcast
network.
201408220191
•
Symptom: After the peer ports of aggregation group member ports on an IRF subordinate
device send LACPDUs, the local member ports are still in Individual state.
•
Condition: This symptom occurs if the link aggregation-related patches are installed, or ISSU is
used to upgrade the software.
201409010235
•
Symptom: A switch takes a long time to start up.
131
•
Condition: This symptom can be seen if the following procedure is performed:
a. Enable global STP or enable STP on a port.
b. Delete a dbm file.
c. Reboot the switch.
201407290032
•
Symptom: A shutdown FC interface performs link negotiation and has link state changes.
•
Condition: This symptom can be seen if the FC interface has a speed configured.
201408130356
•
Symptom: The port link-aggregation group settings get lost on some member ports in an
aggregation group after an IRF master/subordinate switchover.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Configure a multi-chassis link aggregation group on an IRF fabric.
b. Perform an IRF master/subordinate switchover.
201408080140
•
Symptom: When NETCONF use <get-config> operation retrieves a data type namespace, the
system prompts “Unexpected element” information, which is not clear.
•
Condition: This symptom can be seen when NETCONF use <get-config> operation retrieves a
data type namespace.
201407040588
•
Symptom: The portal redirect function fails to direct the user to the portal authentication page.
•
Condition: This symptom can be seen when a portal user accesses the network by using a
browser.
201408060485
•
Symptom: A portal user that first comes online is logged off after it has been online for 12
minutes.
•
Condition: This symptom can be seen if the following conditions exist:

A user account configured on the IMC authentication server is used by two portal users.

The two portal users come online using the same user account.
201408200531/201408190278/201408190284
•
Symptom: Some up 10GE ports split from a 40GE port might go down and up.
•
Condition: This symptom can be seen if the 40GE port split into four 10GE ports is installed with
a QSFP+ transceiver module and some 10GE ports are up.
201408190271
•
Symptom: A 10GE or 40GE port installed with a transceiver module that is not connected to any
fiber goes up and down, or is always up.
•
Condition: This symptom can be seen if a 10GE or 40GE port is installed with a transceiver
module that is not connected to any fiber.
201408130187
•
Symptom: When the switch is configured with system LACP priority 0, a dynamic aggregation
group on the switch chooses member ports with greater port IDs as Selected ports.
•
Condition: This symptom might occur when the system LACP priority of the switch is set to 0.
132
201409010110
•
Symptom: After an FC interface is changed to an Ethernet interface, it cannot forward traffic.
•
Condition: This symptom can be seen if the following procedure is performed:
•
Disable STP on the FC switch.
•
Change an FC interface to an Ethernet interface.
201408190237
•
Symptom: Using a MIB tool to get the manufacture date of a transceiver module on a port fails.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Install a transceiver module whose electric label contains manufacture date to a port.
b. Use a MIB tool to get the value of entPhysicalMfgDate on the port.
201408050062
•
Symptom: When the shutdown and undo shutdown commands are executed on an interface
of an FC switch, the FC switch might respond slowly.
•
Condition: This symptom might occurs if the following procedure is performed:
a. Remove the FC switch from an IRF fabric.
b. Execute the shutdown and undo shutdown commands on an interface of the FC switch.
Resolved problems in R2311P02
201407180522
•
Symptom: The output from the display current-configuration command does not show
information about a VPLS PW configured using the peer command in VSI view. In addition,
using the save command fails to save the VPLS PW configuration.
•
Condition: This symptom can be seen after a VPLS PW is configured using the peer command
in VSI view.
201406180312
•
Symptom: When the cable is removed from the outgoing interface of a packet, the peer
interface of the incoming interface of the packet can still receive PFC pause frames.
•
Condition: This symptom can be seen when the following procedure is performed:
a. Enable PFC on those Ethernet interfaces.
Congestion then occurs on the outgoing interface and triggers PFC to send pause frames.
b. Change the outgoing interface to an FC interface, and then change the FC interface to an
Ethernet interface.
c. Configure PFC on the Ethernet interface again.
d. Remove the cable from the outgoing interface when the peer interface of the incoming
interface can receive PFC pause frames.
201406240010
•
Symptom: The switch fails to perform local authentication for an administrator user (as
configured) after remote HWTACACS authentication fails.
•
Condition: This symptom can be seen if the switch cannot exchange packets with the remote
HWTACACS server after they establish a TCP connection.
201407020210
•
Symptom: If an STP edge port goes down and up, all MAC entries on the switch are deleted.
133
•
Condition: This symptom can be seen if the following conditions exist:

STP is globally enabled.

An STP edge port goes down and up.
201407030282
•
Symptom: An FC network card cannot register itself with a switch. The FC interface connecting
the switch to the FC network card repeatedly goes up and down.
•
Condition: This symptom can be seen when the FC network card sends FLOGI packets of the
FC CLASS 2 type to the switch.
201407040601
•
Symptom: If a TRILL port is added to an aggregation group, the switch fails to forward traffic
due to miscalculation of multicast distribution trees.
•
Condition: This symptom can be seen if the following conditions exist:

A TRILL port is in an aggregation group.

The TRILL neighbor of the port is the peer of the port's aggregation group.
201407080486
•
Symptom: The info-center loghost command is configured on a switch to specify two or more
log hosts by IP address. However, the specified log hosts cannot receive logs from the switch.
•
Condition: This symptom can be seen if the following conditions exist:

The switch runs on Release 2310, Release 2311 or Release 2311P01 and is restarted or a
master/subordinate switchover is performed after the log host configuration is saved.

The switch runs on Release 2308P01 or earlier and is upgraded to Release 2310, Release
2311 or Release 2311P01 after the log host configuration is saved.
201407160380
•
Symptom: An HPE FF 5900CP-48XG-4QSFP+/5900CP-48XG-4QSFP+ 8Gb FC B-F switch
prompts a " Transceiver absent " message when the port-type fc or port-type ethernet
command is executed on an interface that is not inserted with a transceiver.
•
Condition: This symptom can be seen when the port-type fc or port-type ethernet command
is executed on an interface that is not inserted with a transceiver.
201403290139
•
Symptom: The system prompts insufficient ACL resources when the default command is
executed on a port.
•
Condition: This symptom can be seen if a VLAN interface is configured with packet-filter that
contains large numbers of ACLs, some of which are not assigned due to shortage of ACL
resources.
201405130409
•
Symptom: The output from the ls or dir command shows incorrect file time.
•
Condition: This symptom can be seen if SFTP or FTP is used to log in to the switch.
201404290451
•
Symptom: The master in an IRF fabric fails to work during an ISSU.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Create an IRF fabric that comprises more than five switches in ring topology.
b. Assign more than 200 static MAC entries through OpenFlow.
c. Perform an ISSU.
134
201406090639
•
Symptom: IMC considers the deployment of a configuration file to a switch fails if the switch
takes a long time to execute the configuration file.
•
Condition: This symptom can be seen if a switch takes a long time to execute a configuration file
assigned from IMC.
201406110412
•
Symptom: The display transceiver interface command shows transceiver type exception
information for a port.
•
Condition: This symptom might be seen if the port is inserted with a 40GE QSFP+ transceiver
module.
201405190047
•
Symptom: The speed auto command fails to be executed on an HPE FF
5900CP-48XG-4QSFP+/5900CP-48XG-4QSFP+ 8Gb FC B-F switch.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Perform an ISSU reboot.
b. Configure speed 1000.
c. Configure speed auto.
201407100333
•
Symptom: The output from the debug qacl show acl-resc command shows incomplete
information.
•
Condition: This symptom can be seen if ACLs are configured on a Layer 3 Ethernet
subinterface.
201406240602
•
Symptom: The SSH server can use DSA to authenticate clients when the switch is in FIPS
mode.
•
Condition: This symptom can be seen if the SSH server uses RSA and then DSA to
authenticate clients.
201407180193
•
Symptom: After the system default settings are restored using the restore factory-default
command, the fan speed is high and cannot be lowered.
•
Condition: This symptom can be seen after the system default settings are restored using the
restore factory-default command.
201407170071
•
Symptom: An IRF fabric sends RSCN packets to the connected servers.
•
Condition: This symptom can be seen if the following conditions exist:

Only the subordinate switch is configured with FCoE/FC.

A master/subordinate switchover is performed.
201406070113
•
Symptom: An SNMP walk on hh3cifMulSuppression MIB of an interface returns a value of 1
when the multicast-suppression pps 0 command has been configured on the interface.
•
Condition: This symptom can be seen after an SNMP walk on hh3cifMulSuppression MIB of an
interface where the multicast-suppression pps 0 command has been configured.
135
201407030128
•
Symptom: An IRF member switch unexpectedly reboots due to handshake timeout.
•
Condition: This symptom can be seen if the following conditions exist:

There is a layer 2 loop that comprises two or more IRF member switches.

Enable and disable TRILL on a port that has been configured with qos trust dot1p.
201407110459
•
Symptom: After an IRF member switch is rebooted, it stays in loading state and cannot be
rebooted at the CLI.
•
Condition: This symptom can be seen if the IRF auto-update function is disabled on IRF
member switches.
201407230474
•
Symptom: The switch might unexpectedly reboot during a compatible ISSU.
•
Condition: This symptom might be seen during a compatible ISSU.
201407040545
•
Symptom: The switch stops working when the software version is loaded during an ISSU.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Delete a valid license file.
b. Perform an ISSU to load the software version.
201407080145
•
Symptom: Memory usage continually increases when users repeatedly log in to the switch
through an AUX or VTY user line.
•
Condition: This symptom can be seen if the following procedure is performed:

The idle-timeout 0 command is configured on the user line.

Telnet, SSH, and FTP users repeatedly log in to the switch through the user line.
201407090176
•
Symptom: After a switch completes software upgrade by using a python POAP script obtained
through auto-configuration, it does not release the temporary IP address assigned by DHCP.
•
Condition: This symptom can be seen if the reboot time in the python POAP script is earlier than
the address release time.
Resolved problems in R2311P01
201406090268
•
Symptom: Flow control does not take effect when an Ethernet interface or FC interface receives
pause frames.
•
Condition: This symptom can be seen when the following procedure is performed:
a. Restore a physical IRF port to a common Ethernet interface.
b. Enable flow control on the Ethernet interface by using the flow-control command, or
change the Ethernet interface to an FC interface (flow control is enabled by default on an FC
interface).
201406160440
•
Symptom: After a switch is rebooted, a VPN instance might fail to establish sessions to its BGP
peers.
136
•
Condition: This symptom might be seen if the following conditions exist:

BGP settings include IP addresses for the VPN instance but does not include any public IP
addresses.

The global router ID is not configured and no router ID is configured for the VPN instance.

The configuration is saved and the switch is rebooted.
201406090115
•
Symptom: After an IRF fabric is rebooted, the ports in a VLAN are up, but the corresponding
VLAN interface cannot come up.
•
Condition: This symptom might be seen if the following conditions exist:

The IRF fabric is connected to downstream devices through a multi-chassis Layer 2
aggregate interface.

The Layer 2 aggregate interface is a trunk port that permits more than 512 VLANs whose
VLAN interfaces are created.
201403200509
•
Symptom: A user who is authorized access permission to the interface feature cannot execute
the mdix-mode and undo mdix-mode commands in interface view.
•
Condition: This symptom occurs when the user executes the commands in the following
conditions:

The user has user role rules that can access the interface feature.

The user does not have user role rules configured for the commands individually.
201404010200
•
Symptom: RBAC fails to control a user's access to specific interfaces when the interface
numbers specified in the user role resource access policies contain leading digits.
•
Condition: This symptom occurs when the interface numbers specified in the user's user role
resource access policies contain leading digits. For example, Ten-GigabitEthernet 02/0/1,
Ten-GigabitEthernet 2/00/1, and Ten-GigabitEthernet 2/0/01 contain leading digit 0.
201406190088
•
Symptom: CVE-2014-0224.
•
Condition: This symptom can be seen when Open SSL Server is used.
201403200475
•
Symptom: A user who has access permission to the device feature cannot execute the
password-recovery enable or undo password-recovery enable command.
•
Condition: This symptom occurs when the user executes the password-recovery enable and
undo password-recovery enable commands in the following conditions:

The user has access permission to the device feature.

No permit command rule is configured for the commands.
201406040553
•
Symptom: The output from the display transceiver alarm command sometimes does not
show alarm information for a 40GE transceiver module. After the 40GE interface is split into four
10GE interfaces, the output shows RX signal loss, which should be RX loss of signal.
•
Condition: This symptom can be seen when a 40GE fiber port is inserted with a 40GE
transceiver module.
201406160009
•
Symptom: When ARP packets are sent to the ingress port of an OpenFlow instance, twice as
many ARP packets are received on the output port.
137
•
Condition: This symptom can be seen if the following procedure is performed:
a. Create an OpenFlow instance that contains one ingress port and one output port.
b. Create a flow entry with the output port as All. Then the ingress port receives ARP packets.
201405260353
•
Symptom: After a reboot, the system enables SNMP v3, which is not enabled in the
configuration file.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Configure the SNMP version as v1 or v2c by using the snmp-agent sys-info version
command.
b. Save the configuration.
c. Delete the .mdb file.
d. Reboot the switch.
201405120458
•
Symptom: After a Layer 3 aggregate interface is deleted using the undo interface
route-aggregation command, corresponding ACL resources might not be deleted.
•
Condition: This symptom might be seen if the following procedure is performed:
a. A configuration rollback is performed to load a configuration file in which at least one Layer
3 aggregate interface has Layer 3 aggregate sub interfaces that reach the maximum
number.
b. Use the undo interface route-aggregation command to delete such a Layer 3 aggregate
interface.
201406090159
•
Symptom: The switch cannot correctly identify a transceiver module.
•
Condition: This symptom can be seen if the transceiver module is HPE 16Gb FC/10GbE 100m
SFP+ XCVR (PN#: H6Z42A) , specifically:

Vendor PN# 5697-2671.

Part labeled Made in CHINA.
201406110376
•
Symptom: The system cannot display electronic label information for some SFP-GE modules.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Insert one of the following modules: JD113A, JD114A, JD115A, JD116A, JD109A, JD110A,
JD111A, JD112A, JF829A, JF830A, and JF831A. The output from the display transceiver
interface command does not display J# for these modules.
b. Execute the display transceiver manuinfo command to display transceiver manufacture
information.
TB201404250053
•
Symptom: When the uplink interface that connects an NPV switch to an FCF switch becomes
operational, the network card connected to the NPV switch might not register itself with the FCF
switch.
•
Condition: This symptom can be seen if the following procedure is performed:
a. An FC network card is connected to an NPV switch. The NPV switch is connected to an FCF
switch.
b. The FC interface that connects the NPV switch to the FC network card is assigned to a
VSAN as an access port.
138
c. The FC network card sends FLOGI packets to register itself with the FCF switch. The FC
network card fails to register after several attempts, so the FC network stops registering
itself with the FCF switch.
d. The uplink interface that connects the NPV switch to the FCF switch becomes unavailable
(down at the physical layer or data link layer).
e. The uplink interface becomes operational after a period of time.
201406030245
•
Symptom: Multicast data is cleared from hh3cIgmpSnoopingClearStats MIB.
•
Condition: This symptom can be seen if the hh3cIgmpSnoopingClearStats is set to 1 when
hh3cIgmpSnoopingStatsObjects has multicast data.
201405120011
•
Symptom: An OpenFlow instance cannot forward incoming VRRP packets to the controller.
•
Condition: This symptom can be seen if the following conditions exist:

Interfaces 1 and 2 are connected through a cable.

Interface 1 belongs to VLAN 1 where VRRP is enabled.

Interface 2 belongs to VLAN 2 that is configured as an OpenFlow VLAN.
201404300077
•
Symptom: When an OpenFlow instance contains VLAN 1, tunneled traffic on the member ports
of a service loopback group is discarded.
•
Condition: This symptom can be seen when an OpenFlow instance contains VLAN 1.
TB201311040149
•
Symptom: Using the port-type ethernet command to change an FC port to a Layer 2 Ethernet
port might fail after the display dhcp snooping binding command is executed. The output
from the display dhcp snooping binding command is displayed slowly.
•
Condition: This symptom can be seen if more than 300 IPv4 DHCP users and more than 300
IPv6 DHCP users are going online and offline.
Resolved problems in R2311
201406170025
•
Symptom: After the undo shutdown command is executed on a fiber port, the port takes a
certain time to come up. Or displaying diagnostics/alarm information on the fiber port responds
slowly.
•
Condition: This symptom can be seen if the following conditions exist:

The fiber port connects to another device's fiber port.

The shutdown and undo shutdown commands are executed on the fiber port. Or the
diagnostics/alarm information is displayed for the fiber port.
201406200497
•
Symptom: The switch has an exception or a watchdog reboot occurs upon receiving packets
that match IRF packet type from a user port.
•
Condition: This symptom can be seen when the switch receives packets that match IRF packet
type from a user port.
139
201404300315/201404300303/201405150530/201405090318
•
Symptom: After an ISSU, the VSI connected to the CAS server goes offline and cannot come
online again. The switch displays that the VSI comes online but the CAS server displays that
the VSI has been offline.
•
Condition: This symptom occurs after an ISSU.
201404300194
•
Symptom: After an IRF master/subordinate switchover, MPLS TE settings in tunnel-policy fail to
be restored.
•
Condition: This symptom can be seen after an IRF master/subordinate switchover.
201405080449
•
Symptom: An exception occurs to portal authentication, resulting in a system reboot.
•
Condition: This symptom can be seen if one of the following conditions exists:

Users frequently come online and go offline.

Portal packets have multiple attributes.

Portal packets that have illegal attributes exist.

Press CTRL+C when the display portal user command is executed.
201406040842
•
Symptom: The system prompts that a transceiver module is removed during an ISSU.
•
Condition: This symptom can be seen if the ISSU method is ISSU Reboot.
201405230102
•
Symptom: The display power command does not output any information.
•
Condition: This symptom can be seen after the switch is started up.
201403200271
•
Symptom: Identical MAC entries exist on an IRF fabric.
•
Condition: This symptom can be seen if the following conditions exist:

Multiple switches form the IRF fabric.

An aggregate S channel is created through EVB. MAC and VLAN are used to identify traffic.

An IRF master/subordinate switchover is performed.
201405230295
•
Symptom: An IRF fabric continually reboots.
•
Condition: This symptom can be seen if the following conditions exist:

The IRF fabric comprises a 5900AF-48XG-4QSFP+ or FF 5900CP-48XG-4QSFP+ switch
that uses an SR4 module to connect another IRF member switch.

The 5900AF-48XG-4QSFP+ or FF 5900CP-48XG-4QSFP+ switch's startup mode is full
startup mode, which is set in 8. Set switch startup mode in BootROM.

The IRF fabric is rebooted.
201405160142
•
Symptom: The CLI responds slowly on an 5900AF-48G-4XG-2QSFP+ or
5900AF-48XGT-4QSFP+ switch.
•
Condition: This symptom can be seen if the following conditions exist:

The switch has a transceiver module inserted in a 40G port.

Traffic is delivered to the CPU.
140
201405090318
•
Symptom: After an ISSU, VSIs lose the connectivity to the CAS server.
•
Condition: This symptom can be seen if the following conditions exist:

EVB is configured on the switch to connect the CAS server.

An ISSU is performed at the CLI to upgrade the software.
201404250050
•
Symptom: An FCoE switch fails to communicate with the connected server's NIC.
•
Condition: This symptom can be seen if the NIC continuously sends two FDISC packets.
201405290447
•
Symptom: A percent sign is absent in the last-300s average send/receive rates in the output
from the display interface fc command.
•
Condition: This symptom can be seen in the output from the display interface fc command.
201404010478
•
Symptom: The output from the debug qacl show verbose command in probe view shows that
the ACL entries for IP source guard are not deleted after IP source guard is disabled.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Configure MFF and IP source guard.
b. Perform an ISSU to upgrade the software.
c. Disable IP source guard.
201405090467
•
Symptom: After an ISSU reboot, a port enabled with storm-constrain prints traffic alarm
information.
•
Condition: This symptom can be seen after an ISSU reboot.
201404140465
•
Symptom: After a reboot, the four 10GE ports split from a 40GE QSFP+ port might fail to
identify the transceiver module.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Insert a transceiver module into a 40GE QSFP+ port.
b. Split the 40GE QSFP+ port into four 10GE ports.
c. Reboot the switch.
201405120151
•
Symptom: The sequence number of a transceiver module obtained from IMC is incorrect.
•
Condition: This symptom can be seen when you use IMC to view the sequence number of a
transceiver module.
201405140359/201405120461
•
Symptom: After a member port is added to an aggregation interface, the member port might fail
to forward multicast traffic.
•
Condition: This symptom might be seen after a member port is added to an aggregation
interface that acts as an egress port for multicast forwarding.
201405140076
•
Symptom: The output from the display diagnostic-information command is incomplete.
141
•
Condition: This symptom can be seen in the output from the display diagnostic-information
command.
201405060082
•
Symptom: A walk on hh3cevtPortSw-SFP-8GFC-SW or hh3cevtPortSw-SFP-8GFC-LW MIB
returns incorrect information.
•
Condition: This symptom can be seen during a walk on hh3cevtPortSw-SFP-8GFC-SW or
hh3cevtPortSw-SFP-8GFC-LW MIB.
201404090038
•
Symptom: A walk on a 10G copper port's LswportType MIB returns incorrect information.
•
Condition: This symptom can be seen during a walk on a 10G copper port's LswportType MIB.
201405080391
•
Symptom: The CPU usage of an IRF fabric increases, delaying access from other devices to
the IRF fabric.
•
Condition: This symptom can be seen if the following conditions exist:

Multiple IRF member switches send packets that have the same 5-tuple at the same time.

The sent packets match ECMP routing, and all egress ports are Layer 3 ports.

Each slot has at least one egress port.
201405150545
•
Symptom: The switch might fail to forward TRILL broadcast traffic.
•
Condition: This symptom might be seen if the following conditions exist:

A TRILL access port's link type is set to trunk and it permits multiple VLANs.

Repeated shutdown and undo shutdown operations are performed on another TRILL
trunk port.
201405140297
•
Symptom: IGMP snooping entries cannot be established for TRILL, resulting in multicast
forwarding failure.
•
Condition: This symptom can be seen if the following procedure is performed:

A port enabled with TRILL is added to a multicast entry.

The VLAN enabled with IGMP snooping is configured with igmp-snooping
drop-unknown.

The reset trill command is repeatedly executed.
201405120392
•
Symptom: After the broadcast-suppression, multicast-suppression, or
unicast-suppression command (that sets a non-zero percent or kbps value) is executed, the
system prompts that the command does not take effect.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Use the broadcast-suppression, multicast-suppression, or unicast-suppression
command to set a pps value of 0, and then restore the default.
b. Use the broadcast-suppression, multicast-suppression, or unicast-suppression
command to set a percent or kbps value of 0.
c. Use a different command to set a non-zero percent or kbps value. For example, if the
previous step uses broadcast-suppression, this step uses multicast-suppression or
unicast-suppression.
142
201404280244
•
Symptom: The switch fails to forward OpenFlow traffic.
•
Condition: This symptom can be seen during batch assignment of flow entries.
201405140158
•
Symptom: The dis evb summary command displays incorrect information.
•
Condition: This symptom can be seen if the dis evb summary command is executed when the
S channel of a VSI (not the last one) is being deleted.
201406050920
•
Symptom: A walk on snmpIfInDiscards MIB returns statistics for pause frames.
•
Condition: This symptom can be seen if the port is configured with flow-control or flow-control
receive enable, and received pause frames.
201406050946
•
Symptom: TCP/UDP traffic can be forwarded through only one link in an aggregation group.
•
Condition: This symptom can be seen when TCP/UDP traffic passes through an aggregate
interface that is not configured with load sharing.
201405150545
•
Symptom: The switch fails to forward TRILL traffic, or when TRILL debug information is
displayed, the switch unexpectedly reboots.
•
Condition: This symptom can be seen if the following conditions exist:

Multiple links are enabled with TRILL or an aggregate interface is enabled with TRILL.

The trill enable/undo trill enable operations, or the trill cost enable/undo trill cost
enable operations are performed on a TRILL port.
Resolved problems in R2310
201404040242
•
Symptom: A DHCP client takes a long time to request an IP address.
•
Condition: This symptom occurs when the VLAN interface enabled with the DHCP server is not
on the same subnet as the IP address requested by the DHCP client. The DHCP server does
not respond with a NAK packet, so the client sends the request multiple times before sending a
Discovery packet.
201312310451
•
Symptom: The OSPF neighbor relationship between two IRF fabrics goes down.
•
Condition: This symptom can be seen if the following conditions exist:

The two IRF fabrics are connected through an aggregate link.

An MSTP instance-to-VLAN mapping is configured on both ends of the aggregate link.
201401220221
•
Symptom: The MAC address moving suppression function does not take effect in an IRF fabric.
•
Condition: This symptom occurs when the two member devices of the IRF fabric successively
receive broadcast traffic with the same source MAC address.
201402250548
•
Symptom: The VLAN interface of a primary VLAN cannot forward traffic at Layer 3.
•
Condition: This symptom occurs when the following procedure is performed:
143
a. Configure a private VLAN.
b. Bind the VLAN interface of the primary VLAN to a VPN instance.
c. Remove the binding.
201403120408
•
Symptom: When all nodes are logged out, the output from the display fip-snooping rules
enode command shows that no ENode FIP snooping rules exist. However, the output from the
display qos-acl resource command shows that the number of ACL rules used is more than
that in the initial state.
•
Condition: This symptom occurs when the following conditions exist:

The switch is operating in Transit mode.

A large number of nodes are logged in and logged out repeatedly.

The following tasks are repeatedly performed on the switch:
−
Shutting down and bringing up ports.
−
Adding and deleting VLANs.
−
Assigning ports to and removing ports from VLANs.
201403190173
•
Symptom: In the output from the display qos-acl resource command, the VFP ACL or IFP
ACL usage might exceed 100%.
•
Condition: This symptom might occur when the following procedure is performed:
a. Use the system-working-mode command to configure the system working mode as
advanced.
b. Configure the private VLAN feature.
c. Configure local QoS ID marking actions or flow-based VLAN marking actions in QoS
policies to occupy all VFP resources, or configure QoS policies or packet filtering to occupy
all IFP resources.
201404280257
•
Symptom: Some OpenFlow flow tables might fail to forward traffic.
•
Condition: This symptom might occur when a large number of OpenFlow flow tables are
deployed in batch.
201403240344
•
Symptom: The switch fails to forward traffic for multiple multicast groups.
•
Condition: This symptom occurs when the switch has large numbers of multicast forwarding
entries.
201403270410
•
Symptom: After a VLAN interface is shutdown, the multicast forwarding entries that use the
VLAN interface are not deleted.
•
Condition: This symptom occurs if the VLAN of the shutdown VLAN interface contains a
multicast member port that is also a member port of an aggregation group.
201403240159
•
Symptom: The MAC addresses learned by UNI ports involved in many-to-one VLAN mapping
cannot be displayed on a per-port basis.
•
Condition: This symptom occurs when the display mac-address interface command is used
to display the MAC addresses learned by an UNI port involved in many-to-one VLAN mapping.
144
201403250492
•
Symptom: If static bindings are configured by using the ip source bind or ipv6 source bind
command in Layer 2 Ethernet port view when ACL resources are insufficient, the system does
not provide prompt information. The output from the display current-configuration command
in system view or the display this command in port view shows the configured static bindings.
•
Condition: This symptom occurs if static bindings are configured by using the ip source bind or
ipv6 source bind command in Layer 2 Ethernet port view when ACL resources are insufficient.
201403130262
•
Symptom: A host fails to ping its gateway, although the MAC address of the gateway can be
obtained through ARP.
•
Condition: This symptom occurs if the following procedure is performed:
a. Configure a private VLAN and its secondary VLAN.
b. Bind a VPN instance to the VLAN interface of the private VLAN, and configure private
VLAN-secondary VLAN mapping.
201403140223
•
Symptom: After an IRF fabric formed by 5900 switches is restarted and the configuration file is
loaded, the BB_Credit values are not restored to the values before the restart for the FC
interfaces on the subordinate member switches.
•
Condition: This symptom might occur when the following procedure is performed:
a. Delete the .mdb files of the master and subordinate member devices of the IRF fabric.
b. Restart the IRF fabric.
201403190115
•
Symptom: When a new FC ID is assigned to a node, the destination MAC address in the FIP
snooping rule for the node is incorrect.
•
Condition: This symptom might occur when the following procedure is performed:
a. Perform a master/subordinate switchover for an IRF fabric.
b. Reregister the node.
201402270049
•
Symptom: An IRF member switch stops running during startup.
•
Condition: This symptom occurs if continual IRF master/subordinate switchovers and reboots
are performed.
201403200085
•
Symptom: After the switch has run a scheduled task, the system log shows that the IRF port
fails to receive IRF packets from the neighbor. A system reboot might occur.
•
Condition: This symptom might occur when the following conditions exist:

IRF continually processes traffic.

The scheduled task executes the display diagnostic-information command.
201402170013
•
Symptom: IMC cannot Telnet to a 5900 switch directly connected to a disk device.
•
Condition: This symptom might occur when the following conditions exist:

IMC continuously Telnet to the 5900 switch.

Zones are distributed multiple times on the 5900/12900 switches in the FC fabric.
145
201401170243
•
Symptom: When the link mode is changed in interface range view, the link mode configuration
fails, and the system exits the interface range view.
•
Condition: This symptom occurs when the following procedure is performed:
a. Use the interface range interface-list command to enter interface range view.
b. Change the link mode in interface range view.
201401170113
•
Symptom: After a master/subordinate switchover occurs to an IRF fabric, packets that match
the static IPv6 routes deployed by an OpenFlow controller cannot be correctly forwarded.
•
Condition: This symptom might occur when the following procedure is performed:
a. Configure OpenFlow, and deploy IPv6 static routes and the corresponding ND entries.
b. Perform a master/subordinate switchover for the IRF fabric.
201404080286
•
Symptom: The display ospfv3 peer command fails to be executed in FIPS mode.
•
Condition: This symptom occurs if the display ospfv3 peer command is executed in FIPS
mode.
201403010153
•
Symptom: The effective value of the port status detection timer is 5 seconds greater than the
configured value.
•
Condition: This symptom might occur when the following conditions exist:

The port status detection timer is configured.

Ports are shut down by STP or DLDP.
201403050301
•
Symptom: During an incompatible ISSU on an IRF fabric that comprises more than two
switches, executing the run switchover command fails to reboot the switch.
•
Condition: This symptom can be seen after the run switchover command is executed during
an incompatible ISSU on an IRF fabric that comprises more than two switches.
201312270486
•
Symptom: In an IRF fabric, the dynamic flow table ages out after 60 seconds, and then traffic
cannot be forwarded.
•
Condition: This symptom might occur when the following conditions exist:

In an IRF fabric, an OpenFlow port is a multichassis aggregate interface.

The packet count is -- (which means that the packet count is not collected) in the flow table
deployed.

Some of the aggregation group member ports receive traffic.
201403130400
•
Symptom: If a process unexpectedly quits and a core file is generated, the switch unexpectedly
reboots.
•
Condition: This symptom occurs if a process unexpectedly quits and a core file is generated.
201404220352
•
Symptom: On a 5920-24S switch, the LEDs for ports 13 through 24 are steady on rather than
flashing when traffic is present on these ports.
146
•
Condition: This symptom occurs when traffic is present on ports 13 through 24 of the 5920-24S
switch.
201403120423
•
Symptom: The CPU usage of the FCSD process is higher than expected.
•
Condition: This symptom occurs after the switch is started.
201401020051
•
Symptom: The type of a port is displayed as Unknown.
•
Condition: This symptom might occur when the following procedure is performed:
a. Assign an FC interface in up state to a VSAN.
b. Use the display fcs port command to display port information of the FC interface in any
other VSAN.
201403120229
•
Symptom: The ports on an disk device are down.
•
Condition: This symptom occurs when an disk device is connected to an FCoE-capable 5900
switch through a Nexus 5000 switch.
201403120101
•
Symptom: The output from the display port-security mac-address security command shows
that the remaining lifetime of some secure MAC addresses is 2 minutes when the aging timer
for secure MAC addresses is set to 2 minutes by using the port-security timer autolearn
aging command.
•
Condition: This symptom occurs when the aging timer for secure MAC addresses is set to 2
minutes in autolearn mode by using the port-security timer autolearn aging command.
201403240356
•
Symptom: The PTP interface information displayed on an IRF fabric that comprises two
switches shows that time is not synchronized.
•
Condition: This symptom can be seen when PTP is configured on an IRF fabric that comprises
two switches.
201311140447
•
Symptom: EVB fails to establish S channels on an IRF fabric.
•
Condition: This symptom occurs if the following procedure is performed:
a. Configure EVB on the IRF fabric.
b. Perform an ISSU and an IRF master/subordinate switchover.
c. Save the configuration and reboot the IRF fabric.
201401020078
•
Symptom: A 5900 switch sends a corrupted HTTP packet to IMC. IMC fails to detect that a VSI
went offline.
•
Condition: This symptom occurs when the following procedure is performed:
a. Bind the NIC of a VM to a dvportgroup on VMware vCenter. The VSI for the VM comes
online.
b. Configure the VM to log off the VSI.
c. Configure the debugging evb event command on the switch.
147
201404010472
•
Symptom: A switch in a PBB network fails to forward traffic that matches
encapsulation-default over the downstream port. The shutdown and undo shutdown
command must be executed on the port to bring it up.
•
Condition: This symptom occurs if TRILL is enabled and then disabled on the downstream port.
201403310220
•
Symptom: When VFC interface A is bound to a Layer 2 aggregate interface, VFC interface A
goes down. Then, when VFC interface B is bound to the Layer 2 aggregate interface, VFC
interface B goes up, but VFC interface A is still down.
•
Condition: This symptom might occur when the following procedure is performed:
a. Bind VFC interfaces A and B to an Ethernet interface Port 1.
b. Create a Layer 2 aggregate interface, and assign Port 1 to the Layer 2 aggregate interface.
201403200111
•
Symptom: Aggregation group member ports in Individual state might not learn MAC addresses,
even after they leave the aggregation group.
•
Condition: This symptom might occur when the following procedure is performed:
a. Configure the aggregate interface as an edge aggregate interface.
b. Configure the edge aggregate interface to operate in dynamic mode, and then configure it to
operate in static mode.
201311050110
•
Symptom: SPBM cannot perform optimal path selection based on link costs because the costs
calculated by SPBM for all interfaces (including 1G, 10G, and aggregate interfaces) are 1.
•
Condition: This symptom occurs when SPBM automatically calculates link costs.
201403180423
•
Symptom: The TRILL link cost for an aggregate interface is the automatically calculated link
cost when automatic link cost calculation is disabled for TRILL ports.
•
Condition: This symptom might occur when the following procedure is performed:
a. Use the auto-cost enable command to enable automatic link cost calculation for TRILL
ports. In this example, the automatically calculated link cost is 666.
b. Use the undo auto-cost enable command to disable automatic link cost calculation for
TRILL ports. Then, the link cost is restored to 2000 for TRILL ports.
c. Use the shutdown command and then the undo shutdown command to re-enable the
aggregate interface. Unexpectedly, the link cost for the aggregate interface becomes 666.
201404040543
•
Symptom: On switches of some models, the 10-GE fiber ports can stay up only after they go
down and come up multiple times, or the 10-GE fiber ports cannot go up.
•
Condition: This symptom occurs when 1000-Mbps copper transceiver modules are installed in
10-GE fiber ports.
201404250221
•
Symptom: The CPU usage seriously increases when an aggregation group member port is
repeatedly shut down and brought up.
•
Condition: This symptom occurs when an aggregation group member port is repeatedly shut
down and brought up and its state changes between Selected and Unselected.
201208210014
•
Symptom: A 40-GE interface without an external PHY might fail to go up.
148
•
Condition: This symptom might occur when the following procedure is performed:
a. Connect a cable to a 40-GE interface without an external PHY.
b. Reboot the switch or use the shutdown command and then the undo shutdown command
on the interface.
201404110133
•
Symptom: A grammatical error exists in the following error message: "Do you want to change
the system working mode? [Y/N]:y
Failed to set the system working mode, please tocheck hard resource. ”
•
Condition: This symptom occurs when the following procedure is performed:
a. When the system working mode is standard, configure ACLs to reach the maximum number
of ACLs allowed.
b. Use the system-working-mode advance command to configure the system working mode
as advanced.
201404150009
•
Symptom: An incompatible ISSU on an IRF fabric fails.
•
Condition: This symptom occurs when the following conditions exist:

The IRF fabric is in ring topology and comprises more than four switches that have different
startup times, such as A---B---A---B, in which B has the shortest startup time.

Execute the issu load command on A, and then execute the issu run switchover
command to upgrade other switches.
201403140267
•
Symptom: After a rule that denies ICMP and TCP packets is applied to a 5920 switch through a
QoS policy, ICMP and TCP packets can still pass through.
•
Condition: This symptom occurs when a rule that denies ICMP and TCP packets is applied to
the incoming traffic of a port through a QoS policy.
201403290036
•
Symptom: After ISSU is used to upgrade software for a switch, the blackhole MAC address
entries configured before the ISSU cannot be displayed, and you will fail to configure these
blackhole MAC address entries.
•
Condition: This symptom occurs when the following procedure is performed:
a. Configure blackhole MAC address entries on the switch.
b. Use ISSU to upgrade software for the switch.
201403130349
•
Symptom: The CLI might fail to respond or the switch might reboot if continual ISSU operations
are performed.
•
Condition: This symptom might occur if continual ISSU operations are performed.
201403120389
•
Symptom: When the display fcs database command to display the FCS database information,
the Attached port wwns displayed for a VFC interface are incorrect.
•
Condition: This symptom might occur when the following procedure is performed:
a. Assign the VFC interface to multiple VSANs as trunk ports.
b. Log in one node to the VFC interface in each VSAN. Log in multiple nodes to the VFC
interfaces simultaneously.
149
201403120360
•
Symptom: When the members in the default zone are denied from accessing each other,
displaying the active zone set information will cause a memory leakage.
•
Condition: This symptom might occur when the following procedure is performed:
a. Configure and activate a zone set in a VSAN.
b. Use the undo zone default-zone permit command to deny members in the default zone
from accessing each other in the VSAN when logged-in nodes exist in the default zone.
c. User the display zoneset active command to display information about the active zone
set.
201403270198
•
Symptom: The buffer configuration in the output from the display buffer command is incorrect.
•
Condition: This symptom occurs when the following procedure is performed:
a. Enable the burst mode.
b. Perform an ISSU reboot upgrade.
201405040350
•
Symptom: The switch reboots unexpectedly.
•
Condition: This symptom occurs when the QoS configurations are frequently, dynamically
modified for the QoS policies applied to the switch.
201403200140/201403260432/201403010096
•
Symptom: After an ISSU reboot or a master/subordinate switchover, RIP and static routing
entries do not take effect for a long time, resulting in traffic interruption.
•
Condition: This symptom occurs after an ISSU reboot or a master/subordinate switchover.
201405050041
•
Symptom: RIP packet loss occurs during the issu run switchover operation.
•
Condition: This symptom occurs during the issu run switchover operation.
201403260176
•
Symptom: When an aggregate interface is in down state, the output from the display interface
command still shows packet statistics for that interface.
•
Condition: This symptom can be seen when the following conditions exist:

Physical connections exist between the aggregate interface and a terminal.

The member ports of the aggregate interface are in Individual state.
201403290121
•
Symptom: Downloading a large file through FTP fails.
•
Condition: This symptom occurs if the FTP download operation is performed in Python shell
view by executing the transfer command.
201403060184
•
Symptom: When the loop detection feature detects a loop on a port, the port cannot
automatically go up after the port status detection interval configured by using the
shutdown-interval command.
•
Condition: This symptom might occur when the following procedure is performed:
a.
Use the loopback-detection action shutdown command to configure the loop protection
action as shutdown.
b. Use the shutdown-interval command to configure the port status detection interval.
150
LSV7D007841
•
Symptom: After an unexpectedly reboot, the system does not record anomaly information for
the reboot. The output from the display version command shows "Watchdog timeout reboot."
•
Condition: This symptom can be seen after an unexpectedly reboot.
201312230206
•
Symptom: After a master/subordinate switchover for an IRF fabric, the .cfg file contains
configurations, but the port access vsan configurations made in FC interface view are lost in
the .cfg file.
•
Condition: This symptom might occur when the following procedure is performed:
a. Delete the .mdb configuration files of all IRF member devices.
b. Reboot the master device to perform a master/subordinate switchover for the IRF fabric.
201312180312
•
Symptom: The disk device that connects to a subordinate device cannot be registered.
•
Condition: This symptom occurs when the following conditions exist:

An IRF fabric acts as an FCF switch.

The domain ID is modified for the IRF fabric.
201405120151
•
Symptom: The serial number that IMC reads from a transceiver module is incorrect.
•
Condition: This symptom occurs when IMC reads the serial number of a transceiver module.
201403210223
•
Symptom: The stp global enable or undo stp global enable command takes effect several
minutes after the command is executed.
•
Condition: This symptom occurs when the spanning tree protocol mode is PVST.
201403240117
•
Symptom: VFC interfaces go down unexpectedly.
•
Condition: This symptom occurs when MST regions are deleted and then MSTIs are configured
in an FCoE network.
201403150067
•
Symptom: After a compatible ISSU on an IRF fabric, OSPFv3 and IPv6 IS-IS fail to work,
resulting in traffic interruption.
•
Condition: This symptom occurs after a compatible ISSU on an IRF fabric.
201403270570
•
Symptom: The system prompts "unsuccessfully" when MAC entries are added or deleted on an
EVB S-channel aggregate interface.
•
Condition: This symptom occurs when MAC entries are added or deleted on an EVB S-channel
aggregate interface.
201403260407
•
Symptom: Disabling MAC address learning for B-VLAN fails.
•
Condition: This symptom occurs if the following procedure is performed:
a. Enable SPBM and configure B-VLAN.
b. Disable MAC address learning for B-VLAN.
c. Disable SPBM.
151
201403190420
•
Symptom: After an ISSU, the MAC address entries deployed by OpenFlow are lost.
•
Condition: This symptom might occur when the following procedure is performed:
a. Configure OpenFlow to deploy MAC address entries.
b. Perform an ISSU for the switch.
c. Display the MAC address entries.
201402210125
•
Symptom: ACLs can be successfully deployed to a switch when the ACL resource usage is
100%.
•
Condition: This symptom might occur when the following procedure is performed:
a. Deploy ACLs to a port of the switch to make the ACL usage reach 100%.
b. Deploy ACLs to another port of the switch.
201405050496
•
Symptom: The display transceiver interface command might fail to display the information
about an FC transceiver module.
•
Condition: This symptom might occur when the following procedure is performed:
a. Install an FC transceiver module in an interface.
b. Execute the display transceiver interface command on the switch.
201403120404
•
Symptom: Soft zoning stays enabled, and hard zoning is not enabled even when the hardware
resources are sufficient.
•
Condition: This symptom might occur when the following procedure is performed:
a. After FCoE links are successfully configured, configure ACLs to occupy all ACL resources.
b. Use the undo zone default-zone permit command to deny members in the default zone
from accessing each other for effective VLANs. In this case, soft zoning is enabled.
c. Release ACL resources.
201403140249
•
Symptom: In an FC fabric, when the NP ports of an NPV switch are down, the NPV switch might
respond with FLOGI Reject to nodes.
•
Condition: This symptom might occur when the following procedure is performed:
a. In the FC fabric, connect N ports to the NP ports of the NPV switch.
b. Reboot the switch.
201403120385
•
Symptom: The downlink interfaces of an NPV switch take a long time to detect the physical
state changes (up or down) of the uplink interface.
•
Condition: This symptom might occur when the following procedure is performed:
a. Configure a large number of VSANs and VFC interfaces in the FCoE fabric.
b. Shut down an uplink interface of the NPV switch.
c. Bring up the uplink interface.
201404170112
•
Symptom: The console port stops responding and the switch reboots during a walk on ARP
MIB.
•
Condition: This symptom occurs when the following conditions exist:
152

More than 5000 ARP entries exist.

A walk on 1.3.6.1.2.1.3.1.1.3 ARP MIB is performed, and at the same time, the reset arp all
command is executed.
201403190452
•
Symptom: After a VRID is deleted, the configuration is saved, and the switch is rebooted, the
output from the display vrrp command shows the VRID still exists.
•
Condition: This symptom can be seen after the following procedure is performed:
a. Execute the undo vrrp vrid virtual-router-id [ virtual-ip [ virtual-address ] ] or undo vrrp
vrid virtual-router-id track [ track-entry-number ] command.
b. Save the configuration and reboot the switch.
201405150314
•
Symptom: When you log in to the switch through a console port, the CLI might be stuck when
you enter commands at the CLI.
•
Condition: This symptom might occur when a custom transceiver module is installed in an
interface that can be split into four breakout interfaces and does not have an external PHY.
201403210219
•
Symptom: When the function of discarding unknown multicast packets is enabled for a VLAN in
a TRILL+IGMP snooping scenario, unknown multicast packets in the VLAN are not discarded.
•
Condition: This symptom occurs when the function of discarding unknown multicast packets is
enabled for a VLAN in a TRILL+IGMP snooping scenario.
201403240370
•
Symptom: Layer 2 traffic in a TRILL network fails to be forwarded between two RBs.
•
Condition: This symptom occurs when the following conditions exist:

One RB acts as the AVF, and the other RB acts as a non-AVF. The two RBs connect through
TRILL access ports.

The access ports on the AVF and the non-AVF are configured as TRILL trunk ports.
201404010465
•
Symptom: The SFTP client on Switch B fails to download a file from Switch A after the SFTP
client on Switch A downloads that file from a Linux server.
•
Condition: This symptom can be seen when the SFTP client on Switch B downloads a file from
Switch A after the SFTP client on Switch A downloads that file from a Linux server.
201403260454
•
Symptom: The keyword STRING appears after the save command.
•
Condition: This symptom can be seen if TAB is pressed multiple times after the save command
is input.
201403180283
•
Symptom: OpenFlow fails to deploy MAC address entries to overwrite existing multiport unicast
MAC address entries.
•
Condition: This symptom occurs when the following procedure is performed:
a. Configure multiport unicast MAC address entries.
b. Configure OpenFlow to deploy MAC address entries to overwrite these multiport unicast
MAC address entries.
153
201403240270
•
Symptom: A non-administrator user can bypass RBAC check and use unauthorized functions
and resources.
•
Condition: This symptom occurs if the user performs the following procedure:
a. Upload a new configuration file that contains the rights for managing the functions and
resources.
b. Set the configuration file as the next startup configuration file.
c. Reboot the switch.
201404040471
•
Symptom: Device will tear down TCP connection in established state when receives wrong
TCP packet.
•
Condition: Only for those TCP connections in established state. When they receive TCP SYN
packet which is carrying a sequence number falling into the connection receiving window, a
RST packet will be sent and the connection will be dropped immediately.
201403210195
•
Symptom: After the configurations occupying ACL resources are canceled, the output from the
display qos-acl resource command shows that some ACL resources are not retrieved.
•
Condition: This symptom occurs when the following procedure is performed:
a. Configure private VLAN and IGMP snooping on the switch.
b. Configure private VLAN to occupy all ACL resources.
c. Repeatedly configure and cancel the private VLAN configuration.
d. Cancel the private VLAN and IGMP snooping configuration on the switch.
201404010188
•
Symptom: EVB fails to be enabled on a port.
•
Condition: This symptom occurs if the following procedure is performed:
a. Enable and then disable TRILL on a port.
b. Enable EVB on the port.
201404150058
•
Symptom: When the zone default-zone permit command is not configured on a switch, the
attached nodes in the default zone can access each other.
•
Condition: This symptom occurs when the following procedure is performed:
a. Enable FCoE on the switch.
b. Attach ENode 1 and ENode 2 in the same VSAN to the switch.
201404080316
•
Symptom: When an attached node that has not been logged in sends an FKA packet to a
switch, the switch does not respond with an FIP Clear Virtual Links packet.
•
Condition: This symptom occurs when the following procedure is performed:
a. Enable FCoE on the switch.
b. An attached node that has not been logged in sends an FKA packet to the switch.
201401270147
•
Symptom: Zone distribution cannot be completed.
•
Condition: This symptom occurs when a large number of zones and zones sets are configured
and zone distribution is triggered.
154
201403210200
•
Symptom: The switch ignores the cases of VRF names.
•
Condition: This symptom occurs when the controller address command is used to specify a
controller by its IP address and specify a VRF by its name for the controller.
201311190312
•
Symptom: The broadcast storm suppression threshold and the multicast storm suppression
threshold are configured as 0 in an IRF fabric. After the IRF fabric is rebooted, these storm
suppression configurations do not take effect.
•
Condition: This symptom occurs when the following procedure is performed:
a. In an IRF fabric, use the broadcast-suppression and multicast-suppression command
in Ethernet interface view to configure the broadcast storm suppression threshold and the
multicast storm suppression threshold as 0.
b. Reboot the IRF fabric.
201404220072
•
Symptom: The rate-limit parameter deployed by OpenFlow is different from that displayed on
the switch.
•
Condition: This symptom occurs when the following procedure is performed:
a. On the controller, configure the rate-limit parameter burst size.
b. Use the display openflow instance command on the switch to display the OpenFlow
configuration.
201312120164
•
Symptom: After a user goes offline from a port and then comes online through another port, the
output from the display ip source binding command still shows the IP source guard binding
created for the user at the first time.
•
Condition: This symptom occurs if the following procedure is performed:
a. The user comes online through a port, and obtains an IP address from the DHCP server.
b. The switch creates an IP source guard binding for the user.
c. The user abnormally goes offline and then comes online through another port.
d. The user normally goes offline.
201311290366
•
Symptom: The auto-configuration result information shows that the switch successfully
obtained a configuration file, although the switch actually failed to obtain that configuration file.
•
Condition: This symptom can be seen if the following conditions exist:

The switch connects to a DHCP server on another switch. The configuration file path
specified on the DHCP server is valid but it does not contain any configuration file.

The switch starts up without loading any configuration file.
201312040262
•
Symptom: A Layer 3 interface on an IRF subordinate switch does not learn ARP entries and
IPCIM entries get lost on the switch.
•
Condition: This symptom occurs when the following conditions exist:

The Layer 3 interface on the IRF subordinate switch connects to a DHCP server.

The IRF subordinate switch is rebooted.
155
201312170465
•
Symptom: When the SCP client on the switch uploads a file that does not exist to a remote SCP
server, the system shows that the upload operation is successful.
•
Condition: This symptom can be seen when the SCP client on the switch uploads a file that
does not exist to a remote SCP server.
201312060432
•
Symptom: The many-to-one VLAN mapping configuration does not take effect.
•
Condition: This symptom occurs when the following procedure is performed:
a. Use two switches to form an IRF fabric.
b. Configure the dhcp snooping binding record command and configure many-to-one
VLAN mapping on a port of IRF member switch 1.
c. Reboot IRF member switch 2.
201403070417
•
Symptom: A switch running Comware v5 can get a file from a switch running Comware v7 by
executing an SCP command. The switch running Comware v7 cannot put a file to the switch
running Comware v5 through an SCP command.
•
Condition: This symptom can be seen between a switch running Comware v5 and a switch
running Comware v7.
201311180452
•
Symptom: After a node logs out, the switch does not release corresponding resources.
•
Condition: This symptom can be seen if a node performs the following operations:
a. Log in to the switch in Transit mode.
b. Perform an ISSU.
c. Log out the switch.
201312260147
•
Symptom: A DHCP client takes a very long time to complete address acquisition from the DHCP
server on the switch.
•
Condition: This symptom occurs if the DHCP request from the DHCP client contains an IP
address that is not on the same network as the IP address of the DHCP server's receiving
interface.
201310220394
•
Symptom: After FCoE mode is changed to none, FIP snooping driver entries still exist, and
FCoE mode is still FCF mode.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Create 100 VFC interfaces and bind them to the same Layer 2 aggregate interface on an
FCF switch.
b. 100 nodes log in through the 100 VFC interfaces.
c. Create static routes that reach the software specification. Some static routes are in inactive
state because of exceeding the driver specification.
d. Bind another VFC interface to a member port of the Layer 2 aggregate interface.
e. Change FCoE mode to none.
201401060010
•
Symptom: After more than 10 non-contiguous VSANs are configured using the port trunk vsan
command on a VFC interface, the output from the display current-configuration command
shows that the VSANs configurations failed.
156
•
Condition: This symptom be seen after more than 10 non-contiguous VSANs are configured
using the port trunk vsan command on a VFC interface.
201403060232
•
Symptom: Assigning QoS policies in batches to virtual nodes from IMC fails.
•
Condition: This symptom can be seen when you use IMC to batch assign QoS policies to virtual
nodes.
201311050393
•
Symptom: The output from the display spbm multicast-fib command has a redundant space.
•
Condition: This symptom can be seen in the output from the display spbm multicast-fib
command.
201403120396
•
Symptom: When resources are insufficient for an FC zone, the output from the display zone
status command shows that the FC zone is still in enabled state.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Configure an FC zone.
b. Keep the FC zone change between enabled state and disabled state by continually
performing the following operations:
Add zone members to reach the zone ACL specification so the zone changes to disabled
state. Then delete zone members to enable the zone.
c. Execute the display zone status command when resources are insufficient.
201403070232
•
Symptom: A port in MDIX mode can go up when it connects to a peer port in MDIX mode. A port
in MDI mode cannot go up when it connects to a peer port in MDIX mode. The mode of a port
that is up cannot be changed using the mdix-mode command.
•
Condition: This symptom can be seen when you use the mdix-mode command to switch the
mode of an Ethernet port between MDIX and MDI.
201402250494
•
Symptom: A Layer 2 ACL for matching outbound LSAP packets on an interface actually
matches all packets.
•
Condition: This symptom can be seen when a Layer 2 ACL for matching outbound LSAP
packets is applied to an interface.
201403030079
•
Symptom: When a QoS policy fails to be assigned using the qos policy command, the prompt
information is incorrect.
•
Condition: This symptom can be seen when a QoS policy fails to be assigned using the qos
policy command.
201405190183
•
Symptom: An IRF fabric that comprises an
5900AF-48XGT-4QSFP+/5900AF-48G-4XG-2QSFP+ switch, and an
5900AF-48XG-4QSFP+/HPE FF 5900CP-48XG-4QSFP+ switch fails to be created.
•
Condition: This symptom occurs if the two switches are connected through a 40G cable, and
then the 40G cable is replaced with QSFP+ modules and a fiber cable.
157
Resolved problems in R2308P01
201401150494
•
Symptom: The output from the display buffer usage command is incorrect.
•
Condition: This symptom occurs when you use the display buffer usage command after
configuring the burst-mode by using the burst-mode enable or undo burst-mode enable
command.
201401200303
•
Symptom: The device returns an error message with the OFPET_FLOW_MOD_FAILED type
and the OFPFMFC_UNKNOWN code.
•
Condition: This symptom occurs when the following conditions exist:

The switch is enabled with OpenFlow.

The controller sends a FlowMod(ADD/goto Group) entry after sending a
GroupMod(MODIFY) entry to the switch.
201401150404
•
Symptom: Device fails to re-authenticate with the Windows 2003 RADIUS Server.
•
Condition: This symptom occurs when the following conditions exist:

Device connects to the Windows 2003 RADIUS Server for authentication.

Device initiates an authentication again after the re-auth period.
201401060125
•
Symptom: After the switch is rebooted, an F-mode FC interface might be in EIsolate state.
•
Condition: This symptom might occur after the switch is rebooted.
201311270254
•
Symptom: The display interface vfc command shows that the bandwidth of the VFC interface
is 0.
•
Condition: This symptom can be seen when you use the display interface vfc command to
view information about a VFC interface.
201312240354
•
Symptom: Packet loss occurs on FC interfaces or Ethernet interfaces of a switch.
•
Condition: This symptom occurs on FC interfaces or Ethernet interfaces except the FC or
Ethernet interface mentioned below in any of the following conditions:

An Ethernet interface is changed to an FC interface, or vice versa.

The flow-control or priority-flow-control no-drop dot1p command is configured on an
Ethernet interface.
201312310036
•
Symptom: The switch might unexpectedly reboot.
•
Condition: This symptom might occur when the following conditions exist:

ISSU is used to upgrade the software on a switch in standalone mode or IRF mode.

The reboot method is ISSU reboot.
201402070107
•
Symptom: When an NPV switch that supports FC interfaces is rebooted and a downlink
interface of the switch receives a FLOGI packet from a server, the downlink interface responds
158
with a REJECT packet because it fails to find an available uplink interface. As a result, the
server fails to log in to the switch.
•
Condition: This symptom occurs when the following conditions exist:

The downlink interfaces go up.

The uplink interfaces do not go up.
201312250142
•
Symptom: When EVB is configured in an IRF fabric, a VSI aggregate interface goes down and
then goes up.
•
Condition: This symptom occurs if a master/subordinate switchover occurs when the VSI
aggregate interface is up.
201312300276
•
Symptom: A legal transceiver module is identified as an illegal one.
•
Condition: This symptom occurs when you insert a legal SFP transceiver module into the
switch.
201312250010
•
Symptom: The MTU of a VFC interface is incorrectly restored.
•
Condition: This symptom occurs when the following procedure is performed:
a. Shut down a VFC interface operating in F mode, and save the configuration.
b. Reboot the switch, and execute the undo shutdown command on the VFC interface.
201401140101
•
Symptom: When you use the undo ip address dhcp-alloc command to release the IP address
of a switch acting as a DHCP client, the switch might fail to send a DHCP-RELEASE packet.
•
Condition: This symptom occurs when the following conditions exist:

The switch acts as a DHCP client, and obtains dynamically assigned IP addresses.

After the switch obtains an IP address, the undo ip address dhcp-alloc command is used
to release the obtained IP address on the interface where the DHCP client resides.
201401220208
•
Symptom: An error prompt appears when you configure an IPv4 portal authentication source
subnet.
•
Condition: This symptom occurs when you use the portal layer3 source command to
configure the IPv4 portal authentication source subnet as 0.0.0.0 255.255.255.0.
201401220382
•
Symptom: The switch might fail to upload or download files.
•
Condition: This symptom might occur when the following procedure is performed:
a. Configure the switch as an FTP client.
b. Use the get or put command to download or upload files multiple times.
201402140288
•
Symptom: The NPV switch connects to a fabric through multiple links. The principle switch
WWNs might be different for these links.
•
Condition: This symptom might occur when the following conditions exist:

Multiple FCF switches form a fabric. An NPV switch is attached to the fabric through multiple
links.

An FCF switch is rebooted in the fabric.
159
201312300294
•
Symptom: The FTP service is unexpectedly disabled on a switch.
•
Condition: The symptom occurs when you use FTP to exchange files between the switch and
another switch multiple times.
201312170314
•
Symptom: When you use the display link-aggregation verbose bridge-aggregation
interface-number command to display aggregate interface information, the state of an
aggregation group member port is incorrectly displayed.
•
Condition: This symptom occurs when the following conditions exist:

Layer 2 aggregate interfaces are created at both ends of a link.

The number of member ports at each end exceeds the maximum number of Selected ports
allowed.
201401270240
•
Symptom: When you upgrade the software through the Boot ROM menu, the software image
file might fail to be loaded.
•
Condition: This symptom might occur when you upgrade the software through the Boot ROM
menu.
201401150527
•
Symptom: When the VM of a VSI interface is migrated from an aggregate interface to another
aggregate interface of a switch, the VSI interface frequently goes up and down, and the VM
cannot successfully log in.
•
Condition: This symptom occurs when the following procedure is performed:
a. Enable EVB on the target aggregate interface.
b. Migrate the VM of the VSI interface from an aggregate interface to the target aggregate
interface.
c. Disable and then enable EVB on the target aggregate interface.
201402170152
•
Symptom: The switch does not reboot as configured in the scheduler reboot at or scheduler
reboot delay command.
•
Condition: This symptom occurs when you use the scheduler reboot at or scheduler reboot
delay command in user view.
201312250029
•
Symptom: When you display the VLANs to which VSANs are mapped, the IDs of these VSANs
are not displayed.
•
Condition: This symptom occurs when you enable FCoE for multiple VLANs and map the
VLANs to the same VSAN.
201401100305
•
Symptom: When the switch is an OpenFlow switch, it cannot communicate with an IXIA
controller running the IXIA ANVL test suite.
•
Condition: This symptom occurs when the following conditions exist:

The switch acts an OpenFlow switch.

The IXIA test device acts as a controller.

The IXIA test device runs the IXIA ANVL test suite.
160
201402140221
•
Symptom: An HPE NPV switch is connected to a Cisco FCF switch. When the Cisco FCF
switch prompts FCID errors, an FC storage device cannot log in to the HPE switch.
•
Condition: This symptom occurs when an FC interface of the HPE NPV switch is connected to
an FC storage device.
201402170350
•
Symptom: The number of VLANs supported for PVST on a switch is less than that defined in
specifications.
•
Condition: This symptom occurs when the following procedure is performed:
a. Enable the spanning tree protocol globally.
b. Configure the spanning tree protocol to operate in MSTP mode.
c. Disable the spanning tree protocol globally.
d. Configure the spanning tree protocol to operate in PVST mode.
e. Enable the spanning tree protocol globally.
201402170013
•
Symptom: The console port of a switch might fail to respond to Telnet operations.
•
Condition: This symptom might occur when you frequently operate the switch through Telnet
and the console port.
201401200069
•
Symptom: An FC node fails to log in to the switch.
•
Condition: This symptom occurs when the following procedure is performed:
a. Connect the switch to multiple nodes through FC interfaces, and save the configuration.
b. Reboot the switch.
201312170125
•
Symptom: The Broadcom converged network adapter (CAN) might fail to log in to an FC switch.
•
Condition: This symptom might occur when the FC switch connects to a Broadcom CNA.
201402080060
•
Symptom: On a switch with both MAC-IP flow entries and extensibility flow entries, after a
packet is matched against MAC-IP flow entries, the packet matches the table-miss flow entry
and is sent to the controller, rather than matched against an extensibility flow entry with the
metadata configured.
•
Condition: This symptom occurs when the following conditions exist:

Configure MAC-IP flow tables and extensibility flow tables.

Use a controller to deploy a flow entry to an extensibility flow table on the switch. The match
fields of the flow entry contain metadata 0x01.
201401260259
•
Symptom: On a switch, packets that do not match the highest-priority flow entry temporarily
match the flow entry.
•
Condition: This symptom occurs when you use an OpenFlow controller to deploy multiple flow
entries to the switch.
201402250152
•
Symptom: The server traffic is temporarily interrupted.
•
Condition: This symptom occurs when the following conditions exist:
161

Multiple nodes log in to a fabric.

A zone that contains these nodes is configured. A zone set that contains the zone is created
and activated. Because the hardware resources are insufficient for so many zone members,
hard zoning is disabled, and only soft zoning takes effect.

A zone with few nodes (make sure hardware resources are sufficient for these nodes) is
configured. A zone that contains the zone is created and activated.
201311260144
•
Symptom: The iNode authentication failure reasons are not prompted.
•
Condition: This symptom occurs when the following procedure is performed:
a. Enable 802.1X globally and in port view.
b. Enter an incorrect password when logging in through the iNode client.
201312300323
•
Symptom: Multichassis PFC does not take effect.
•
Condition: This symptom occurs when the following conditions exist:

Two switches form an IRF fabric through 10-GE SFP+ fiber ports. Interfaces A and B are
located on different IRF member switches.

Traffic enters the IRF fabric through interface A and leaves through interface B. The same
PFC configuration is used on all interfaces that the traffic passes through.
201401160406
•
Symptom: The speed of an FC interface cannot be negotiated to 8 Gbps.
•
Condition: This symptom occurs when an 8 Gbps FC SFP transceiver module is inserted into a
switch that supports FC interfaces after the switch is powered on or rebooted.
201312170023
•
Symptom: A VM exchanges login packets with the aggregation group member ports on the
subordinate member switch of an IRF fabric. The VM cannot successfully log in.
•
Condition: This symptom occurs when the following conditions exist:

In an IRF fabric, enable EVB and create S-channels on a multichassis Layer 2 aggregate
interface.

Aggregation group member ports on the subordinate member switch receive the login
packets from the VM.
201312230472
•
Symptom: After a master/subordinate switchover occurs to an IRF fabric, the previous master
switch cannot correctly start for a long time, and it prompts that the EVB process fails to start.
•
Condition: This symptom occurs when the following conditions exist:

In an IRF fabric, enable EVB and create S-channels on a Layer 2 aggregate interface.

Master/subordinate switchover occurs to the IRF fabric.

The aggregation group member ports on the subordinate member switch receive a large
amount of EVB protocol packets and data packets.
201401160397
•
Symptom: When you configure a NPV switch to operate in FCF mode, the FCoE process might
fail and a core file might be generated.
•
Condition: This symptom occurs when the following conditions exist:

Two FCoE switches are connected through VFC interfaces. One of the two FCoE switches
operates in NPV mode.
162

In the view of the VFC interface connecting the NPV switch to the other FCoE switch, the
shutdown and undo shutdown commands are executed multiple times.

The NPV switch is configured to operate in FCF mode.
201401240231
•
Symptom: Traffic statistics are collected for traffic in only one direction.
•
Condition: This symptom occurs when you use a controller to deploy bidirectional extensibility
flow entries to the switch and the switch receives and sends traffic.
201402100406
•
Symptom: A switch does not display the MAC addresses learned by the UNI and NNI ports
involved in many-to-one VLAN mapping.
•
Condition: This symptom occurs when you configure many-to-one VLAN mapping on the
switch.
Resolved problems in R2307
201312030126
•
Symptom: Addressed SSRT101324. A security bulletin for SSRT101324 should be published
in January 2014. Please see the security bulletin for additional details.
•
Condition: Addressed SSRT101324. A security bulletin for SSRT101324 should be published
in January 2014. Please see the security bulletin for additional details.
201311040225
•
Symptom: When an ISSU is performed on the IRF master switch, intra-sub VLAN traffic and
inter-sub VLAN traffic are interrupted for about 30 seconds.
•
Condition: This symptom occurs when an ISSU is performed on the IRF master switch.
201311040104
•
Symptom: IRF fails to forward Bidir PIM traffic between slots.
•
Condition: This symptom occurs when IRF performs inter-slot Bidir PIM traffic forwarding.
201311040132
•
Symptom: When TC Snooping is enabled using the stp tc-snooping command, the switch
continually deletes MAC entries, affecting MAC update and aging.
•
Condition: This symptom can be seen when TC Snooping is enabled using the stp
tc-snooping command.
201311040138
•
Symptom: When STP is disabled on a port, traffic is blocked on the port due to STP block.
•
Condition: This symptom occurs if the following procedure is performed:
a. Disable TRILL on a port.
b. Configure the port as an IRF port.
c. Change the IRF port to a common port.
d. Enable TRILL on the port.
201311060199
•
Symptom: The display mac-address command cannot display MAC address table information
for a specified nickname.
•
Condition: This symptom can be seen when the display mac-address command is executed
to display MAC address table information for a specified nickname.
163
201311040237
•
Symptom: Broadcast traffic is flooded through the first 16 selected ports (in ascending order of
port numbers) in an aggregation group that has 32 selected ports.
•
Condition: This symptom can be seen when broadcast traffic passes an aggregation group that
has 32 selected ports.
201311190518
•
Symptom: Type 3 LSAs for servers in different NSSA areas still exist after the servers become
unreachable.
•
Condition: This symptom can be seen when the following conditions exist:

The NSSA areas have a common ABR, which provides equal-cost routes to the servers.

The ABR advertises Type 3 LSAs for the servers in different NSSA areas.

The servers become unreachable.
201311090008
•
Symptom: An SNMP walk on ifOutDiscards MIB returns a value of 0.
•
Condition: This symptom can be seen during an SNMP walk on ifOutDiscards MIB.
201311040432
•
Symptom: After an ISSU reboot, an FC switch cannot establish FSPF routes, and the
configurations on FC interfaces fail.
•
Condition: This symptom occurs after an ISSU reboot is performed on an FC switch.
201311040393
•
Symptom: The 10-GE breakout interface information displayed in IMC is disordered.
•
Condition: This symptom occurs after the first 40-GE interface of the switch is split into four
10-GE breakout interfaces.
201311040144
•
Symptom: After an FC switch has its IRF member ID modified and then is rebooted, the
configured static FC routes still exist and cannot be deleted.
•
Condition: This symptom occurs when the following procedure is performed:
a. Configure static FC routes on an FC switch.
b. Modify the IRF member device ID for the FC switch and restart the FC switch.
201311120044
•
Symptom: When the zone alias configured is of 61 to 64 bytes, the zone distribution fails.
•
Condition: This symptom occurs when the zone alias name configured on an FC switch is of 61
to 64 characters.
201311290364
•
Symptom: On a ring-topology IRF fabric, an IRF port is blocked after its physical ports are
removed, and then bound to the IRF port again.
•
Condition: This symptom occurs if the following procedure is performed:
a. Shut down all the physical ports of the IRF port.
b. Use the undo irf-port command to remove the physical ports from the IRF port.
c. Bind the physical ports to the IRF port again.
201311220152
•
Symptom: After a port is bound to an IRF port and then is removed from the IRF port, the port is
blocked by STP, and it cannot forward any traffic, although STP is globally disabled.
164
•
Condition: This symptom occurs if the following procedure is performed when STP is globally
disabled:
a. Configure an IRF port, and use the port group interface Ten-GigabitEthernet command
to bind the IRF port to a port that is shut down.
b. Use the undo irf-port command to remove all port bindings on the IRF port.
201312060311
•
Symptom: The state of a BFD session to an OSPF neighbor continually goes up and down.
•
Condition: This symptom occur when the following conditions exist:

The OSPF neighbor is an IRF fabric.

FRR is enabled using the fast-reroute lfa command.

BFD is used for FRR.
201311040163
•
Symptom: When a member port in a Layer 3 aggregation group is changed to a Layer 2
Ethernet interface and then assigned to a VLAN, the VLAN interface for that VLAN cannot ping
the directly connected device.
•
Condition: The symptom occurs when the following procedure is performed:
a. Configure a Layer 3 aggregate interface, and assign member ports to the Layer 3
aggregation group.
b. Use the port link-mode bridge command to change a member port in the Layer 3
aggregation group to a Layer 2 Ethernet interface, and assign the port to a VLAN.
201311200449
•
Symptom: BFD MAD does not take effect when it is configured on a VLAN interface of an IRF
fabric.
•
Condition: This symptom occurs when BFD MAD is configured on a VLAN interface of an IRF
fabric.
201311140447
•
Symptom: The switch fails to download a file from a TFTP server after tftp x.x.x.x get xxx.xxx
is executed.
•
Condition: This symptom can be seen if the TFTP server is TFTPD32.
201310210384
•
Symptom: An IRF fabric detects an STP topology change on an interface 30 seconds after an
ISSU reboot and performs a MAC refresh, although the actual STP topology is not changed.
•
Condition: This symptom can be seen 30 seconds after an ISSU reboot is performed on an IRF
fabric.
201310220122
•
Symptom: After an IRF master/subordinate switchover, the system prompts that ARP rate-limit
fails to be assigned.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Configure ARP rate-limit on an IRF fabric.
b. Reboot the master to perform a master/subordinate switchover.
201312010016
•
Symptom: When a switch starts up with factory defaults and the configuration is rolled back, all
OpenFlow instances are inactive. To activate these OpenFlow instances, activate them one by
one or reboot the switch.
165
•
Condition: This symptom occurs when the following procedure is performed:
a. Configure OpenFlow instances and save the configuration.
b. Start the switch with factory defaults, and roll back the configuration.
201311280415
•
Symptom: The format and fixdisk commands do not take effect.
•
Condition: This symptom can be seen when you use the format or fixdisk command to format
or fix the flash.
201311040427
•
Symptom: After multiple PW switchovers between PEs, the PEs have inconsistent PW entries,
resulting in forwarding failures.
•
Condition: This symptom occurs if the following conditions exist:

The two PEs establish both local and remote LDP peer relationships.

Multiple PW switchovers are performed between PEs
201311140085
•
Symptom: FCoE packet loss occurs after an IRF master/subordinate switchover.
•
Condition: This symptom can be seen when the following conditions exist:

Unequal-cost static routes exist.

An IRF master/subordinate switchover is performed.
201311190528
•
Symptom: After a license is registered for the virtual forwarding engine (VFE) of a host, the VSI
negotiation with the HPE 5900v virtual switch fails.
•
Condition: This symptom occurs when the following conditions exist:

The switch is used together with an HPE 5900v virtual switch.

The VM network is migrated when no license is registered for the VFE of the host.
201312170146
•
Symptom: After an Ethernet interface is changed to an FC interface, the maximum frame length
allowed changes from 10000 to 16356.
•
Condition: This symptom occurs when an Ethernet interface is changed to an FC interface.
201312060429
•
Symptom: When the maximum number of Selected ports allowed in an aggregation group is
reached, the newly assigned member ports are in the Unselected state. However, they can
forward traffic.
•
Condition: This symptom occurs when the number of member ports in an aggregation group
exceeds the maximum number of Selected ports allowed in the aggregation group.
201311040129
•
Symptom: After an ISSU reboot is performed and IRF master/switchover is completed, an
interface where a cable is inserted and then removed is still up and its LED flashes.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Perform an ISSU reboot on an IRF fabric.
b. Insert and then remove a cable on an interface.
201312030470
•
Symptom: On a two-chassis IRF fabric, the peer IRF port of the subordinate device is up.
However, the port cannot receive packets while the subordinate device is rebooting.
166
•
Condition: This symptom occurs when you reboot the subordinate device of a two-chassis IRF
fabric.
201312110432
•
Symptom: FC interfaces at the two ends of a link cannot negotiate successfully, and they
cannot go up.
•
Condition: This symptom occurs when the following conditions exist:
a. 8- or 16-G transceiver modules are inserted into the FC interfaces.
b. An FC interface is forcibly configured with a non-8G speed (for example, 2G or 4G), and the
other FC interface is configured to autonegotiate the speed.
201312110442
•
Symptom: The undo speed command fails to be executed on an FC interface of an FC switch.
•
Condition: This symptom occurs if the following conditions exist:

The FC switch and a 5900 switch form an IRF fabric.

After an ISSU reboot is performed on the IRF fabric, execute the speed command and then
the undo speed on an FC interface of the FC switch.
201311040443
•
Symptom: When the display interface command is used to display information about an FC
interface, the output shows that the speed of the FC interface is autonegotiated.
•
Condition: This symptom occurs when an FC interface is forcibly configured with a speed.
201311140161
•
Symptom: BFD flapping occurs.
•
Condition: This symptom can be seen when the following conditions exist:

The bfd min-transmit-interval and bfd min-receive-interval are both set to 250 ms.

The bfd detect-multiplier is set to 3.

The CPU is attacked by TTL=1 IP packets or other packets.
201311040504
•
Symptom: No trap message is output after the configuration file is saved.
•
Condition: This symptom can be seen after the configuration file is saved.
201311040423
•
Symptom: The switch might fail to forward traffic over a PW.
•
Condition: This symptom might be seen after the IP address of the public interface is changed.
201311040308
•
Symptom: STP state error occurs on an IRF fabric, resulting in a loop.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Enable STP on the IRF fabric and configure multi-chassis link aggregation.
b. Reboot the IRF fabric.
201311040137
•
Symptom: The RTM policy quits when an RTM action is executing a python script.
•
Condition: This symptom can be seen if the python script contains multiple Binary Right Shift
Operators ">>".
201311040128
•
Symptom: The SPBM process abnormally exits.
167
•
Condition: This symptom occurs when the following procedure is performed:
a. Enable SPBM.
b. Configure an MST region as follows:
stp region-configuration
region-name spbm
instance 4092 vlan 1001 to 2023
active region-configuration
c. Continuously configure and cancel the mapping between MSTI 2 and VLANs.
201311040155
•
Symptom: A TRILL port configured as an access port with the alone attribute can still process
LSPs. As a result, an invalid bridge might be elected as a TRILL distribution tree root, and
TRILL cannot forward broadcast traffic.
•
Condition: This symptom occurs when you configure a hybrid TRILL port as an access TRILL
port with the alone attribute.
201311040164
•
Symptom: After an RB reboots, the configured nickname does not take effect. Instead, a
nickname is randomly generated for the RB.
•
Condition: This symptom occurs when the following procedure is performed:
a. Configure the nickname for an RB and save the configuration.
b. Disable TRILL globally, and reboot the RB without saving the configurations.
201311060490
•
Symptom: When packets are dropped due to Fast Filter Processor (FFP) or STP
non-forwarding state exist, the dropped packet count is always 0 in the output from the display
packet-drop summary or display packet-drop interface command.
•
Condition: This symptom occurs when packets are dropped due to the existing of Fast Filter
Process or (FFP) or STP non-forwarding state.
201311280471
•
Symptom: The buffer settings in the output from the display buffer queue command are
different from the actual buffer settings.
•
Condition: This symptom occurs when the following procedure is performed:
a. Use the buffer egress cell queue command to configure the fixed area space or shared
area space of cell resources in the egress buffer.
b. Use the buffer apply command to apply the manually configured data buffer settings.
201311260519
•
Symptom: A routed subinterface on the IRF fabric cannot be pinged from its directly connected
device after a master/subordinate switchover occurs on the IRF fabric.
•
Condition: This symptom occurs when a master/subordinate switchover occurs.
201312060432
•
Symptom: Many-to-one VLAN mapping fails to replace the SVLAN tag with CVLAN tags for the
downlink traffic.
•
Condition: This symptom occurs when the following procedure is performed:
a. Configure many-to-one VLAN mapping on an IRF fabric. Many-to-one VLAN mapping
should replace the SVLAN tag with the CVLAN tags for the downlink traffic according to the
DHCP snooping entries.
168
b. Reboot an IRF member device which does not host the incoming interface of the traffic, and
shut down the incoming interface, so that the traffic enters the IRF fabric through the
rebooted IRF member device.
201312010009
•
Symptom: BGP/OSPF neighbor flapping occurs after ip redirects enable and then undo ip
redirects enable are executed.
•
Condition: This symptom occurs after ip redirects enable and then undo ip redirects enable
are executed.
201311040117
•
Symptom: EVE does not work after an IRF fabric is manually rebooted.
•
Condition: This symptom can be seen if the IRF fabric has large numbers of EVB VSIs.
201311190051
•
Symptom: After shutdown and then undo shutdown are performed on an EVB-enabled
aggregate interface, the VMs (in keepalive state) connected to the aggregate interface cannot
get online.
•
Condition: This symptom occurs after shutdown and then undo shutdown are performed on
an EVB-enabled aggregate interface.
201311040118
•
Symptom: The lock command can be successfully executed if you press Enter at the prompt
"Please input password<1 to 16> to lock current line:" without inputting a password.
•
Condition: This symptom can be seen if you press Enter at the prompt "Please input
password<1 to 16> to lock current line:" without inputting a password.
201311040093/201312040162
•
Symptom: When a port joins or leaves a link aggregation group, the device hosting the port
reboots abnormally. If you continue injecting CDCP packets and VSI packets during the
operation, the standby member device of the IRF fabric keeps rebooting.
•
Condition: This symptom occurs when the following procedure is performed:
a. Plenty of EVB configurations exist on the aggregate interface of an IRF fabric.
b. Assign ports to or remove member ports from the aggregation group.
201311040101
•
Symptom: The L2VPN process unexpectedly quits during an IRF master/subordinate
switchover.
•
Condition: This symptom might be seen if the IRF fabric has large number of L2VPN peers.
201311040139
•
Symptom: If the egress interface of a CCC connection that is configured with the nexthop
keyword is changed, L2VPN updates the LSP, and the MPLS entry becomes incorrect.
•
Condition: This symptom can be seen if the egress interface of a CCC connection that is
configured with the nexthop keyword is changed.
201312030399
•
Symptom: The CLI does not respond.
•
Condition: This symptom occurs if the following procedure is performed:
a. Divide a 40 GE interface into four 10 GE interfaces.
b. Configure the 10 GE interfaces as IRF physical interfaces.
169
201311040141
•
Symptom: The display vrrp or display vrrp ipv6 command continually outputs VRRP group
information.
•
Condition: This symptom can be seen if more than seven VRRPv2 or VRRPv3 groups are
configured on a VLAN interface.
201311090080
•
Symptom: The speed capability and current speed of an FC interface in the output from the
display fcs port command are incorrect.
•
Condition: Use the display fcs port command to display the speed information for FC
interfaces.
201311040166
•
Symptom: In a TRILL network, a non-AVF port forwards IGMP packets.
•
Condition: This symptom occurs when the following procedure is performed:
a. Set up a TRILL network, and a Layer 2 switch is elected as an AVF.
b. Transmit IGMP packets in the TRILL network.
201311040121
•
Symptom: The outputs from the display version and display device commands have
inconsistent CPLD version information on an IRF fabric.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Perform an ISSU reboot on the subordinate switch.
b. Execute the issu run switchover command to perform IRF master/subordinate switchover.
c. Perform an ISSU reboot on the original master switch.
201312060353
•
Symptom: After an ISSU to the ESS 2306 version, the flow entries whose destination MAC
addresses were modified by the controller before the ISSU does not take effect.
•
Condition: This symptom can be seen if the following procedure is performed:
a. Configure OpenFLow.
b. Use the controller to modify the destination MAC addresses of flow entries.
c. Perform an ISSU to the ESS 2306 version.
201312030396
•
Symptom: On an IRF fabric, IP and FCoE packet loss occurs during an ISSU reboot that is
performed to upgrade the software to the R2307 version.
•
Condition: This symptom occurs if an ISSU reboot is performed to upgrade the software to the
R2307 version on an IRF fabric enabled with FCoE.
201311210395
•
Symptom: If the display interface vfc command is executed in VFC interface view multiple
times, the outputs from the commands show that the MTU of the VFC interface continuously
decreases.
•
Condition: This symptom can be seen if the ENode connected to the VFC interface continually
gets online and offline.
201311260189
•
Symptom: A port cannot be assigned to a static VLAN.
•
Condition: This symptom occurs when the following procedure is performed:
170
a. Enable MVRP globally and on a port. The port learns a VLAN dynamically.
b. Use the undo port trunk permit vlan command to remove the port from the dynamic
VLAN.
c. Manually create the same VLAN. Use the port trunk permit vlan command to assign the
port to the VLAN.
201312060371
•
Symptom: On two IRF fabrics that are connected through a Layer 2 aggregate interface, DLDP
flapping might occur when the CPU usage is high.
•
Condition: This symptom might occur when the following conditions exist:

Two IRF fabrics are connected through a Layer 2 aggregate interface.

The member interfaces of the aggregate interface are enabled with DLDP.
201311180003
•
Symptom: An SSH user fails to log in to the switch.
•
Condition: This symptom can be seen when the following conditions exist:

The ACS server is configured.

The login-service is set to Telnet.
201311040317
•
Symptom: After online users reach the limit configured using the access-limit command, are
set to blocked state by using the state block command, and then log out, the output from the
display local-user command shows that the number of online users is not reduced, and the
logged-out users cannot log in to the switch.
•
Condition: This symptom can be seen after online users reach the limit configured using the
access-limit command and then are logged out using the state block command.
201311040112
•
Symptom: After an IRF member switch is rebooted, the routes over a tunnel interface might
become invalid.
•
Condition: This symptom might occur after an IRF member switch is rebooted.
201311060287
•
Symptom: Memory leaks occur after VSANs are deleted.
•
Condition: This symptom occurs when the following procedure is performed:
a. Use the vsan command to create a VSAN. The VSAN is not mapped to a VLAN.
b. Delete the VSAN after configuring the zone default-zone permit command.
c. Repeat steps a and b multiple times.
201311120050
•
Symptom: After an FCoE switch receives a VLAN request, the FCoE process reboots
abnormally.
•
Condition: This symptom occurs when the following conditions exist:
a. The VLAN is not mapped to a VSAN.
b. An ENode sends a VLAN request with the NAME_ID.
201311140071
•
Symptom: The FSPF and FCLINK processes reboot. After the data synchronization with the
FCRM process, use the display fc fib command to display the FC FIB entries when FC routes
exist. The output shows that the FC FIB entries are lost.
171
•
Condition: This symptom occurs when the FSPF and FCLINK processes reboot after the FC
routing process is correctly started.
201311140070
•
Symptom: Memory leaks occur after a VFC interface is created and removed in NPV mode.
•
Condition: This symptom can be seen after a VFC interface is created and removed in NPV
mode.
201312250142
•
Symptom: After an IRF master/subordinate switchover, the VSIs on an S-channel aggregate
interface of the original subordinate switch get offline and then online.
•
Condition: This symptom occurs when the following conditions exist:

An S-channel aggregate interface is created on the subordinate switch.

An IRF master/subordinate switchover is performed.
201401090199
•
Symptom: When a port of a VLAN receives a packet destined for the MAC address of the VLAN
interface of another VLAN, the port discards the packet.
•
Condition: This symptom can be seen when a port of a VLAN receives a packet destined for the
MAC address of the VLAN interface of another VLAN.
201311040158
•
Symptom: Switches directly connected through a Layer 3 aggregate interface cannot ping each
other.
•
Condition: This symptom occurs if a VPN instance is bound to the member interfaces of the
Layer 3 aggregate interface but is not bound to the Layer 3 aggregate interface.
Resolved problems in E2306
201308100174
•
Symptom: The system shows that a set operation to MIBs succeeds, but the set values do not
take effect.
•
Condition: This symptom can be seen when a set operation is performed to
hh3cRdPrimUdpPort, hh3cRdSecAccUdpPort, hh3cRdPrimAccState, hh3cRdSecAccState,
and hh3cRdPrimAccUdpPort MIBs.
201308100171
•
Symptom: When a set operation is performed to hh3cRdAccRowStatus in
hh3cRdAccInfoTable, the system prompts that notInService(2), notReady(3), and
createAndWait(5) failed to be set; createAndGo(4) is set but the set value is not applied;
destroy(6) disappears.
•
Condition: This symptom can be seen when a set operation is performed to
hh3cRdAccRowStatus in hh3cRdAccInfoTable.
201307090235
•
Symptom: The link-delay command does not take effect. When the link-delay mode up
command is configured on a 1 G port, the system immediately reports the port status without a
delay. When a port goes down for the first time, the LED of the port immediately lights off without
a delay.
•
Condition: This symptom can be seen when the link-delay mode up command is configured
on a 1 G port and when a port goes down for the first time.
172
201308120061
•
Symptom: After an IRF fabric is rebooted, the reboot speed of the subordinate switch is slow.
•
Condition: This symptom occurs when the following conditions exist:

OpenFlow is enabled on the IRF fabric.

Large numbers of VLANs are associated with the OpenFlow instance.
201308200391
•
Symptom: An advanced IPv6 ACL rule that denies IPv6 packets with Hop-by-Hop Options
headers does not take effect. The display this command shows that the ACL has been applied
to inbound traffic on a port. The display packet-filter statistics command shows that the ACL
has denied IPv6 packets with Hop-by-Hop Options headers but such packets can still be
forwarded.
•
Condition: This symptom can be seen when an advanced IPv6 ACL configured with rule deny
ipv6 counting hop-by-hop is applied to inbound traffic on a port.
201308070239
•
Symptom: After an IRF subordinate switch is rebooted, packet loss occurs on a Layer 2
aggregate interface.
•
Condition: This symptom occurs if link-aggregation traffic redirection has been enabled for the
Layer 2 aggregate interface by using the link-aggregation lacp traffic-redirect-notification
enable command.
201307160194
•
Symptom: The output from the debugging local-server all command does not provide error
information when a local 802.1X user accesses a port that is not bound with the user account.
•
Condition: This symptom occurs when a local 802.1X user accesses a port that is not bound
with the user account.
201308190396
•
Symptom: After a switch is rebooted, a Layer 3 aggregate interface cannot establish an OSPF
neighbor relationship.
•
Condition: This symptom occurs if the Layer 3 aggregate interface has been associated with a
VPN instance by using the ip binding vpn-instance command, and has been enabled with
OSPF by using the ospf process-id area area-id command.
201308130522
•
Symptom: After an ISSU reboot, FCoE occupies the low-priority ACL resources. If the
low-priority ACL resources are not enough, the system ACLs that use these resources might be
lost.
•
Condition: This symptom might occur when the following conditions exist:

The switch is configured to operate in FCF mode by using the fcoe-mode command.

An ISSU reboot is performed.
201308060277
•
Symptom: The result of the QoS queue (local precedence) marking action is incorrect.
•
Condition: This symptom might occur when the remark local-precedence command is
configured in traffic behavior view to mark local precedence for packets.
201308220469
•
Symptom: After the port up-mode command is executed on a 10 G SFP+ port, the system
prompts that the configuration failed but the 10 G port is still in UP state.
•
Condition: This symptom occurs if the following conditions exist:
173

The 10 G port connects to the peer 10 G port through 1 G fiber modules and fibers.

One of the two fibers connected to the local 1 G fiber module is plugged out and then the
port up-mode command is executed on the 10 G port.
201308280104
•
Symptom: In a TRILL network, packet loss occurs on a GR-enabled RB device during an ISSU.
•
Condition: This symptom might occur when an ISSU reboot is performed for a RB in a TRILL
network.
201308230201
•
Symptom: The entPhysicalVendorType MIB shows power information error.
•
Condition: This symptom occurs if two power supplies are installed and the power supply in the
PWR2 slot is not powered on.
201308210438
•
Symptom: An ACL rule in an IPv6 PBR policy does not take effect when one of the two next
hops specified in the PBR policy fails.
•
Condition: This symptom occurs when the following conditions exist:

The IPv6 PBR policy is applied to a port by using the ipv6 policy-based-route command to
implement ECMP routing over two next hops.

One of the two next hops specified in the PBR policy fails.
201310110287
•
Symptom: An FCoE node drops the received FKA packets because the FKA packets are not
recognized correctly. As a result, the connection to the FCoE node is broken.
•
Condition: This symptom might occur when the following conditions exist:

FCoE is enabled on the switch.

The switch is connected to a node.

The node receives FKA packets.
201308090191
•
Symptom: The master in a VRRP group cannot perform load balancing.
•
Condition: This symptom occurs if the following procedure is performed:

Shut down the upstream link of the master to make it become a backup.

Recover the master at a time before the timeout timer expires but after the redirect timer
expires.
201308280038
•
Symptom: After a compatible ISSU, NQA UDP echo and TCP operations fail.
•
Condition: This symptom occurs if NQA UDP echo and TCP operations are performed after a
compatible ISSU.
201309290136
•
Symptom: The NQA, RMON, IP, port, serial port configurations are lost.
•
Condition: This symptom occurs if the following procedure is performed:
a. Delete the .mdb file.
b. Reboot the switch.
c. Restore the configuration by using the .cfg file.
201308230292
•
Symptom: The device reports the insufficiency of FC route resources and might restart.
174
•
Condition: This symptom might occur when you enable FCoE on the switch and log in to VN
interfaces more than the maximum number defined in the specifications.
201309120360
•
Symptom: The IGMP snooping forwarding entries for some multicast groups on the device are
unexpectedly aged out.
•
Condition: This symptom occurs when the following conditions exist:

IGMP snooping is enabled on the device.

There are more than 2000 IGMP snooping forwarding entries on the device.

The receiver hosts continually send report messages.
201309120357
•
Symptom: Multicast forwarding is interrupted or multicast packets are lost during a compatible
ISSU.
•
Condition: This symptom occurs when the following conditions exist:

IGMP snooping is enabled on the switch.

IGMP snooping forwarding entries are generated to guide multicast forwarding.

A compatible ISSU is performed.
201309120268
•
Symptom: During and after a compatible ISSU, the igmp-snooping group-limit command on
a port does not take effect, and the group limit is set to the maximum number.
•
Condition: This symptom occurs during and after a compatible ISSU.
201307290204
•
Symptom: During the startup process of an IRF fabric, the system displays an error message
about the failure to assign an S-channel interface to the default VLAN. For example,
"VLAN/4/VLAN_FAILED: -Slot=1; Failed to add interface S-Channel3/0/29:5 to the default
VLAN."
•
Condition: This symptom might occur if the IRF fabric has EVB settings.
201308150202
•
Symptom: TRILL multicast traffic switchover occurs due to recalculation of TRILL multicast
forwarding entries.
•
Condition: This symptom occurs if the port trunk permit vlan command or its undo form is
executed to permit or deny irrelevant VLANs.
201309120362
•
Symptom: A memory usage alarm and a system operation error occur after an ACL is applied to
outbound traffic. Operation errors include device reboot, BGP interruption, services termination,
and aggregate link down.
•
Condition: This symptom can be seen if the ACL has a large number of rules with the source
and destination port range criteria specified by gt, lt, neq, or range.
201308100034
•
Symptom: Service loopback group member ports cannot come up after they are removed from
the group.
•
Condition: This symptom might occur after a port is removed from a service loopback group by
using the undo port service-loopback group command.
175
201309170240
•
Symptom: A FIP Clear Virtual Link packet from an FCF switch to a specific node is broadcast by
a transit switch that connects to that specific node.
•
Condition: This symptom occurs if the specific node that connects to the transit switch fails.
201309120347
•
Symptom: An FCF switch discards FLOGI packets during startup.
•
Condition: This symptom occurs if the FCF switch is rebooted.
201309270230
•
Symptom: The switch discards RLS and RPS packets from the connected disk device.
•
Condition: This symptom can be seen when the switch connects to a disk device in an FCoE
network.
201309180419
•
Symptom: An unselected port in an aggregation group cannot send LLDP packets.
•
Condition: This symptom can be seen on a port that is enabled with LLDP and is unselected in
an aggregation group.
201309110407
•
Symptom: The archive configuration settings are lost.
•
Condition: This symptom occurs when the following procedure is performed:
a. Use the archive configuration location command to configure the directory and file name
prefix for archiving the running configuration. The directory contains a space.
b. Save the configuration to the a.cfg file.
c. Change the device configuration and use the configuration replace file a.cfg command to
perform configuration rollback, or upload the a.cfg file to a TFTP server, and reboot the
switch to automatically obtain the configuration file from the TFTP server.
201307190288
•
•
Symptom: The configuration of the NQA ICMP echo, DHCP, and DNS operations can be
displayed by the display current-configuration configuration nqa command, but cannot be
displayed by the following commands:

display current-configuration configuration nqa-icmp-echo

display current-configuration configuration nqa-dhcp

display current-configuration configuration nqa-dns
Condition: This symptom occurs when the listed display current-configuration commands
are issued to view the related NQA operations.
201310100130
•
Symptom: The switch fails to execute the dhcp snooping binding database update now
command due to insufficient disk space, but the system does not display any prompt.
•
Condition: This symptom occurs if the dhcp snooping binding database update now
command is executed when the disk space is insufficient.
201307120227
•
Symptom: The Vendor Name field in the output from the display transceiver interface
command might display a wrong value.
•
Condition: This symptom might occur when you use the display transceiver interface
command to display the key parameters of a transceiver module.
176
201310120237
•
Symptom: A port configured with storm-constrain control { block | shutdown }is blocked or
shut down although the traffic on the port does not exceeds the upper storm control threshold
configured using the storm-constrain command.
•
Condition: This symptom occurs when the storm-constrain and storm-constrain control
commands are configured on the port.
201307120269
•
Symptom: A node connected to a downlink port of an NPV switch continuously sends register
packets and cannot complete registration.
•
Condition: This symptom occurs if the uplink port of the NPV switch goes up and down
repeatedly.
201308200420
•
Symptom: In a ring-topology IRF fabric, broadcast storms occur after a master/subordinate
switchover.
•
Conditions: This symptom might occur when Smart Link is enabled on all IRF member devices.
201308190304
•
Symptom: After an ISSU, a Layer 3 aggregate interface loses its MAC address, and cannot
communicate with the connected device.
•
Condition: This symptom might occur after an ISSU.
201308230412
•
Symptom: The error message that appears when an IPv6 ACL rule with one of the keywords
hop-by-hop, fragment, routing, and destination is applied to outbound traffic by using MQC
is incorrect. The outbound MQC application does not support these keywords.
•
Condition: This symptom can be seen when an IPv6 ACL rule with one of the keywords
hop-by-hop, fragment, routing, and destination is applied to outbound traffic by using MQC.
201307160219
•
Symptom: The Router ID differs when the switch starts up with a .cfg startup configuration file or
its corresponding .mdb binary file.
•
Condition: This symptom occurs when both a loopback interface and a VLAN interface are
assigned an IP address.
201308200529
•
Symptom: The task scheduling function is not available. An error message appears during the
configuration of a job.
•
Condition: This problem might occur when you use the scheduler job command to enter job
view and configure a job.
201310120172
•
Symptom: A server connected to a transit switch cannot be logged in.
•
Condition: This symptom occurs after the transit switch's port that connects to the server goes
down and up.
201309290023
•
Symptom: HTTPS might fail to be enabled by using the ip https enable command on an IRF
fabric.
•
Condition: This symptom might occur if you access the CLI from the console port on an IRF
subordinate device.
177
201307160209
•
Symptom: After a shutdown and undo shutdown operations are performed on a Layer 3
Ethernet interface that is bound to a VPN instance, some static ARP entries in the VPN instance
do not take effect.
•
Condition: This symptom occurs if the following conditions exist:

A VPN instance is bound to the interface by using the ip binding vpn-instance command
in interface view.

Static ARP entries are added to the VPN instance by using the arp static command.

A shutdown and undo shutdown operations are performed on the interface.
201308140175
•
Symptom: After a master/subordinate switchover is performed on a TRILL-enabled IRF fabric,
the IRF fabric fails to forward multicast traffic.
•
Condition: This symptom occurs after a master/subordinate switchover is performed on a
TRILL-enabled IRF fabric.
201310110143
•
Symptom: The switch (Transit switch) retains the old bridge MAC address of an FCF switch for
a long time after the bridge MAC address of the FCF switch is changed.
•
Condition: This symptom occurs if the connected FCF switch is an IRF fabric and a
master/subordinate switchover has occurred on the FCF switch.
201308280360
•
Symptom: The output from the display this command executed on a 10 GE interface shows
that the configured forced rate or duplex mode is not applied.
•
Condition: This symptom occurs if you configure a forced rate or duplex mode on a 10 GE
interface that is one of the four 10 GE interfaces created from a 40 GE interface.
201308200068
•
Symptom: When you execute the using tengige command in interface range view to divide the
bound 40 GE interfaces into 10 GE interfaces, the system prompts you to confirm each division
operation.
•
Condition: This symptom can be seen when you execute the using tengige command in
interface range view to divide the bound 40 GE interfaces into 10 GE interfaces.
201308230249
•
Symptom: The switch might unexpectedly reboot if a patch is installed and uninstalled
repeatedly.
•
Condition: This symptom can be seen if a patch is installed and uninstalled repeatedly.
201307270028
•
Symptom: The loopback { external | internal } command executed on an Ethernet interface is
not directly executed but assigned as a setting.
•
Condition: This symptom occurs if the Ethernet interface has been set to operate in Layer 3
mode by using the port link-mode command.
201307110304
•
Symptom: When the primary next hop fails, PBR does not switch traffic to the backup next hop.
•
Condition: This symptom occurs if the PBR policy has two next hops (one primary, one backup)
configured for each node.
178
Resolved problems in E2305
LSV7D007532
•
Symptom: The values of the Speed and Duplex fields are incorrect in the output from the
display lldp local-information command.
•
Condition: This symptom can be seen when LLDP is enabled globally on the switch.
LSV7D004742
•
Symptom: After an FCF switch is rebooted in an FC network with continuous traffic, the FCF
switch fails to discover connected nodes.
•
Condition: This symptom occurs after an FCF switch is rebooted in an FC network with
continuous traffic.
Resolved problems in F2210
201306250401
•
Symptom: After BFD MAD is enabled and then disabled on a Layer 3 virtual interface, the
interface cannot forward Layer 3 traffic.
•
Condition: This symptom occurs after BFD MAD is enabled and then disabled on a Layer 3
virtual interface.
201306280264
•
Symptom: After you configure the slot ID of the IRF master switch as the service slot ID of a
tunnel interface and then perform a master/subordinate switchover, the tunnel interface fails to
establish an OSPF neighbor relationship.
•
Condition: This symptom occurs after you configure the slot ID of the master switch as the
service slot ID of a tunnel interface and then perform a master/subordinate switchover.
201307190300
•
Symptom: In the output from the display qos queue-statistics interface outbound
command, the traffic statistics of packets with 802.1p priority 0, 1, and 2 are displayed in
incorrect queues.
•
Condition This symptom occurs on the 5900AF-48G-4XG-2QSFP+ switch when the following
conditions exist:

The default dot1p-lp priority mapping table is used.

Packets with 802.1p priority 0, 1, and 2 passed through the switch.
201307040271
•
Symptom: The ifSpeed and ifPhysAddress fields of an EVB interface are both 0 in IMC.
•
Condition: This symptom can be seen if you use IMC to view the ifSpeed and ifPhysAddress
fields of an EVB interface.
201307040307
•
Symptom: An S-channel interface that has been shut down cannot be brought up in IMC.
•
Condition: This symptom occurs if you use IMC to shut down an S-channel interface and then
bring it up.
LSV7D004590
•
Symptom: If a switch's port enabled with flow control is connected to a network adapter of a
server, serious packet loss occurs on the server when its network adapter is congested.
179
•
Condition: This symptom occurs because of flow control capability negotiation problem, which
disables the server from sending pause frames when its network adapter is congested.
201307080183
•
Symptom: The memory usage (displayed with display memory) keeps rising.
•
Condition: This symptom occurs when the following conditions exist:

The ntp-service enable command is not configured globally on the switch.

Use the ntp-service unicast-peer command to specify a symmetric passive peer for the
switch.
201306260347
•
Symptom: VLAN-interface A cannot forward the IP packets with the destination IP address as
its subnet broadcast address.
•
Condition: This symptom might occur when the following conditions exist:

UDP helper is enabled on the switch.

The ip forward-broadcast command and the udp-helper server x.x.x.x command are
configured on VLAN-interface A, where x.x.x.x is the subnet broadcast address of
VLAN-interface A.

The ip forward-broadcast command and the udp-helper server x.x.x.x command are
configured on VLAN-interface B, where x.x.x.x is the subnet broadcast address of
VLAN-interface A.

VLAN-interface B sends out packets with the destination IP address as the subnet
broadcast address of VLAN-interface A.
201306190356
•
Symptom: The SCP client on the switch always stays in waiting state after the link to the SCP
server has been disconnected.
•
Condition: This symptom can be seen after the link between the SCP client and SCP server is
disconnected during file transfer.
201306270300
•
Symptom: After a switch obtains a configuration file through DHCP auto-configuration, the IP
address or the ip address dhcp-alloc command, if configured for the management port or a
VLAN interface, gets lost from the configuration file.
•
Condition: This symptom occurs if the switch uses DHCP auto-configuration and an IP address
or the ip address dhcp-alloc command is configured for the management port or a VLAN
interface in the obtained configuration file.
LSV7D008022
•
Symptom: When an NTP status change occurs, the hh3cNTPSysState MIB node does not
synchronize the NTP status change.
•
Condition: This symptom can be seen when an NTP status change occurs.
201304260249
•
Symptom: After a switch unexpectedly reboots, the output from the display version command
displays Exception reboot for the Last reboot reason field.
•
Condition: This symptom occurs when route flapping occurs.
201306250361\lsv7d004759
•
Symptom: Packet loss occurs to FCoE applications.
•
Condition: This symptom occurs when you perform any of the following operations when
continuous traffic exists.
180

Use the zoneset activate command to activate a zone set.

Use the zoneset distribute command to distribute both the active zone set and zone
database on the local switch.

Add new member devices to an IRF fabric in the FC network.
201307060098\LSV7D009283
•
•
Symptom: After you add an unsupported rule "rule 0 permit ipv6 flow-label" to the ACL that has
been used for packet filter in both the inbound and outbound directions of an interface, and
reboot the device, the following symptoms are seen:

The ACL is applied successfully to the inbound direction, but the system displays the error
message "Failed to apply or refresh IPv6 ACL 3000 rule 0 to the inbound direction of
interface Ten-GigabitEthernet10/0/2. The ACL is not supported."

The display packet-filter interface command does not display the outbound ACL
application.

The display current-configuration interface command does not display the inbound ACL
application.
Condition: The symptoms occur when you add an unsupported rule "rule 0 permit ipv6
flow-label" to the ACL that has been used for packet filtering in both the inbound and outbound
directions of an interface, and reboot the device.
201306080347\LSV7D007273
•
Symptom: The message "IPv6-AH in the IPv6 ACL is not supported" appears if an ACL rule
without the ipv6-ah keyword is applied to the outbound direction of an interface.
•
Condition: This symptom occurs if an ACL rule with any of the following keywords has been
applied to the outbound direction of the interface:

ipv6 hop-by-hop

ipv6 fragment

ipv6 routing

ipv6 destination
201307020293\LSV7D008891
•
Symptom: The message "Non-standard uts for running kernel:release (none)=0.0.0 gives
version code 0" appears when the memory usage reaches the alarm threshold.
•
Condition: This symptom occurs when the memory usage reaches the specified alarm
threshold.
201307010357\LSV7D008873
•
Symptom: The IMC or Web interface does not provide trap information for memory usage
threshold alarms.
•
Condition: This symptom can be seen when the memory usage reaches the alarm threshold.
TB201306270331\LSV7D009831
•
Symptom: The password control policy does not take effect for SCP and SFTP users.
•
Condition: This symptom occurs if the following procedure is performed:

Use the undo password-control enable command to disable pass control.

Configure passwords that do not comply with the password control policy for the SCP and
SFTP users.

Enable password control.
LSV7D008656
•
Symptom: Users fail to pass authentication on the secondary RADIUS server after the primary
RADIUS server fails.
181
•
Condition: This symptom can be seen when the primary RADIUS server fails and the secondary
RADIUS server is used to authenticate users.
201306260302\LSV7D008475
•
Symptom: All users can access the seclog.log file, which should be accessible only to the
security administrator.
•
Condition: This symptom can be seen if a third-party SSH client logs into the switch and
modifies the access right for the seclog.log file to allow all users to access the file.
201306200313\LSV7D008011
•
Symptom: The user levels for logged-in SSH users with different roles are all level 15.
•
Condition: This symptom occurs when multiple SSH users with different roles log in to the
switch.
LSV7D008453
•
Symptom: The connection to the switch is not torn down when the connection idle timer expires.
•
Condition: This symptom occurs when the following conditions exist:

The idle-timeout timer is not 0.

Use a display command to display any information (which cannot be displayed completely
on one screen), and do not press any key when the prompt "----more----" appears.
LSV7D007995
•
Symptom: When you use the sysanme command to set a name for the switch, the setting does
not take effect but the system does not display any error prompt.
•
Condition: This symptom occurs when you set a device name with the defined maximum
number of characters plus a space.
TCD003254
•
Symptom: When a 5900/5920 switch is connected to an HPE 12900 switch in a TRILL network,
the 5900/5920 switch cannot forward traffic correctly.
•
Condition: This symptom occurs if the HPE 12900 switch is configured with the maximum LSP
length.
LSV7D009091
•
Symptom: The switch displays the message "logout."
•
Condition: This symptom occurs when the following conditions exist:

Enter a wrong account.

When the system displays the message "failed in authentication," enter the quit command.
201305090446
•
Symptom: When the switch is running correctly, 40-GE ports might fail to receive packets.
•
Condition: This symptom might occur when the switch is running correctly.
201307060076
•
Symptom: An IRF fabric splits after a QoS policy redirects packets with priority 6 or 7 to the
CPU.
•
Condition: This symptom occurs on if a QoS policy redirects packets with priority 6 or 7 to the
CPU on an IRF fabric.
201306170310
•
Symptom: The message "Failed password for log" appears when an SSH user fails to log in for
any reason.
182
•
Condition: This symptom occurs when the default password authentication is used and an SSH
user fails to log in to the switch.
201306270325
•
Symptom: When a card is plugged, the ports on the card might automatically go up and down.
•
Condition: This symptom might occur on a card.
201307010326
•
Symptom: The description for the server field is incorrect in the help information displayed by
using the display debugging ssh ? command.
•
Condition: This symptom occurs when you use the display debugging ssh ? command to
display help information for SSH commands.
201307030386
•
Symptom: When you configure VRRP-related commands repeatedly in interface range view,
the configuration fails.
•
Condition: This symptom occurs when you use the interface range command to add multiple
VLAN interfaces to an interface range, and then configure VRRP-related commands repeatedly
in interface range view.
201307010310
•
Symptom: The lock command can be successfully executed without a password.
•
Condition: This symptom occurs if the following procedure is performed:
a. Execute the lock command to lock the current user line.
b. Press Enter when the system requires a password and password confirmation.
201306260348
•
Symptom: After an IRF master/subordinate switchover, using FTP to access the IRF fabric fails.
•
Condition: This symptom occurs if the authorization-attribute work-directory command that
permits FTP users to access the flash of the subordinate switch is executed before the IRF
master/subordinate switchover.
201306240342
•
Symptom: The info-center logfile overwrite-protection command is executed although "n" is
entered at the confirmation prompt [Y/N].
•
Condition: This symptom occurs after "n" is entered at the confirmation prompt [Y/N] for the
info-center logfile overwrite-protection command.
201306200324
•
Symptom: A switch fails to add a downstream device to a TRILL forwarding entry.
•
Condition: This symptom occurs if the switch receives from the downstream device an LSP that
does not include Trees Sub-TLV, Tree Identifiers Sub-TLV, and Trees Used Identifiers Sub-TLV.
201306200346
•
Symptom: The root bridge of the TRILL distribution tree is incorrect after the TRILL process is
reset with the reset trill command.
•
Condition: This symptom occurs if you reset the TRILL process with the reset trill command
when TRILL traffic exists.
201306260340
•
Symptom: After a switch receives TRILL packets that do not include Compute trees number, the
switch fails to forward multicast and broadcast TRILL traffic because the TRILL distribution tree
is incorrect.
183
•
Condition: This symptom occurs after a switch receives TRILL packets that do not include
Compute trees number.
Resolved problems in R2209
LSV7D003378
•
Symptom: A memory leak occurs and then the switch unexpectedly reboots.
•
Condition: This symptom might be seen if the state of an aggregation group member port is
changed from "selected" to "unselected".
LSV7D002299
•
Symptom: A switch discards IPv6 RADIUS packets from the RADIUS server.
•
Condition: This symptom occurs when the following conditions exist:

IPv6 RADIUS authentication is enabled on the switch.

The IPv6 address of the RADIUS server is configured on the switch

The switch is connected to the RADIUS server.
LSV7D002322
•
Symptom: Re-applying an ACL to a port fails and the port prompts "Not enough resources are
available to complete the operation."
•
Condition: This symptom occurs when the following conditions exist:

The permit tcp source-port range rules in the ACL have reached the maximum number.

Apply the ACL to a port, delete the ACL application, and then re-apply the ACL to the port.
LSV7D002698
•
Symptom: A ping operation fails if an IPv4 domain name that has more than 20 characters or an
IPv6 domain name that has more than 46 characters is specified in the ping command.
•
Condition: This symptom occurs when the following conditions exist:

An IPv4 domain name that has more than 20 characters and an IPv6 domain name that has
more than 46 characters are configured with the ip host command.

Use the ping command to ping the IPv4 domain name or use the ping ipv6 command to
ping the IPv6 domain name.
LSV7D000636
•
Symptom: Some layer 3 multicast packets get lost during an ISSU.
•
Condition: This symptom occurs when the following conditions exist:

Layer 3 multicasting is enabled.

The VLAN of the layer 3 egress interface is enabled with IGMP snooping.

Use the issu command to perform an ISSU.
LSV7D003354
•
Symptom: An aggregate interface fails to receive layer-2 protocol packets such as STP, LACP,
and LLDP during an ISSU.
•
Condition: This symptom occurs when the following conditions exist:

An aggregate interface is configured and is enabled with layer-2 protocols such as STP,
LACP, and LLDP.

Use the issu command to perform an ISSU.
184
LSV7D002862
•
Symptom: An interface that is not connected with a cable might go up, and after the interface is
connected with a cable, the interface fails to forward traffic.
•
Condition: This symptom might occur if the interface is not connected with a cable for a long
time.
LSV7D004788
•
Symptom: VFC interfaces cannot go up for a long time and traffic is interrupted when plenty of
VFC interfaces are configured and the aggregate interfaces bound to the VFC interfaces go
down and then go up.
•
Condition: This symptom occurs when more than 512 VFC interfaces are configured and the
aggregate interfaces bound to the VFC interfaces go down and then go up.
LSV7D004787
•
Symptom: All VSANs except VSAN 1 are deleted on an IRF fabric.
•
Condition: This symptom occurs when the following operations are performed:
a. Set up an IRF fabric and configure VSANs excluding VSAN 1.
b. Delete the .mdb files of all IRF member switches and save the configuration.
c. Perform a master/subordinate switchover.
LSV7D004784
•
Symptom: A 5900/5920 switch fails to access disk devices after the FC-MAP value is modified
for all switches in an FC network.
•
Condition: This symptom occurs when the fcoe fcmap command is used to modify the FC-MAP
value for all switches in an FC network where the disk devices can be accessed.
LSV7D001546
•
Symptom: The VFC interfaces of a 5900/5920 switch cannot go up when the switch connects to
a specific type of Emulex network adapter.
•
Condition: This symptom occurs when a switch with the VFC interfaces correctly configured
connects to an Emulex network adapter which sends Discovery Solicitations larger than 2158
bytes.
LSV7D004740
•
Symptom: A P9500 disk array cannot be successfully registered with a 5900/5920 switch.
•
Condition: This symptom occurs when a 5900/5920 switch is connected to a P9500 disk array
in an FCoE network.
LSV7D004237
•
Symptom: a 5900/5920 switch fails to connect to an Emulex OCe11100 network adapter.
•
Condition: This symptom occurs when the switch connects to an Emulex OCe11100 network
adapter in an FCoE network.
LSV7D004121
•
Symptom: When a 5900/5920 switch connects to a Cisco Nexus 3048 switch through a
dynamic aggregate link, the ports in the dynamic aggregation group on the 5900/5920 switch
cannot become Selected and do not forward traffic.
•
Condition: This symptom occurs when a 5900/5920 switch connects to a Cisco Nexus 3048
switch through a dynamic aggregate link.
LSV7D000786
•
Symptom: The VTY window does not display log information.
185
•
Condition: This symptom occurs if a VTY user logs in to the switch and clicks the VTY window to
disable it from displaying log information.
LSV7D005705
•
Symptom: The user mode processes related to a software patch cannot start up.
•
Condition: This symptom occurs if you repeatedly load and unload the software patch with the
install active and install deactive commands.
LSV7D006670
•
Symptom: After a server is rebooted in an FCoE network, some network adapters of the server
are not successfully registered on the connected 5900/5920 switch.
•
Condition: This symptom occurs if the network adapters of the server are connected to the
5900/5920 switch through an aggregate interface.
LSV7D005163
•
Symptom: Some specific operations on an IRF fabric cause the console port to display
information with a delay of 1 hour.
•
Condition: This symptom occurs if the display diagnostic-information command is executed
on a console and some other commands are executed on another console.
LSV7D006241
•
Symptom: BFD flaps when the configured BFD sessions reach the upper limit of 32.
•
Condition: This symptom occurs when the configured BFD sessions reach the upper limit of 32.
LSV7D006314
•
Symptom: A switch fails to download a file through TFTP.
•
Condition: This symptom occurs when the switch acts as the TFTP client and the tftp get
command is executed to download a file from the TFTP server on a PC.
LSV7D000673
•
Symptom: If an IRF fabric where the value specified by max-ecmp-num is not eight is
rebooted, the IRF fabric might fail to be re-created, and the system prompts "The
system-working-mode and max-ecmp-num configurations should be the same on devices in
one IRF. Please check them on the neighbor device connected to IRF-port 2."
•
Condition: This symptom might occur if an IRF fabric where the value specified by
max-ecmp-num is not eight is rebooted.
LSV7D00837
•
Symptom: The switch fails to forward TRILL multicast and broadcast packets during an ISSU.
•
Condition: This symptom occurs if an ISSU is performed when TRILL is enabled.
LSV7D001858
•
Symptom: When the undo port-security enable command is executed on non-contiguous
interfaces, the switch fails to execute the command on the first non-contiguous interface and
the subsequent interfaces.
•
Condition: This symptom occurs if the undo port-security enable command is executed on
non-contiguous interfaces where the port-security command has been configured.
LSV7D004127
•
Symptom: When an SSH user logs in to the switch by using the password-publickey
authentication mode, the system does not display any notification of the pending password
expiration as it should do.
186
•
Condition: This symptom occurs when the notification period is set with the password-control
alert-before-expire command, and the SSH user logs in to the device within this period.
LSV7D004123
•
Symptom: After a reboot, the settings for a BGP-VPN instance get lost.
•
Condition: This symptom occurs if the following conditions exist:

The settings for the BGP-VPN instance are configured in a configuration file that is specified
as the startup configuration file with the startup saved-configuration command.

The switch is rebooted.
LSV7D003403
•
Symptom: After a master/subordinate switchover on an IRF fabric, the automatically learned
secure MAC addresses get lost.
•
Condition: This symptom occurs if the following conditions exist:

The port-security port-mode autolearn command is configured on interfaces to
automatically learn secure MAC addresses.

The interfaces have learned secure MAC addresses.

A master/subordinate switchover is performed on the IRF fabric.
LSV7D005236
•
Symptom: The switch discards ARP requests from the same source although the number of
ARP requests from the source does not reach the threshold specified with the arp source-mac
threshold command.
•
Condition: This symptom occurs if you first use the arp source-mac threshold command to set
a threshold that is smaller than the number of ARP requests from the source within 5 seconds
so the switch discards ARP requests from the source, and then you use the arp source-mac
threshold command to set a threshold that is bigger than the number of ARP requests from the
source within 5 seconds.
LSV7D004597
•
Symptom: A local SSH user can use the SCP client to upload and download files when no
RBAC user role is configured for this user.
•
Condition: This symptom occurs when no RBAC user role is configured for the SSH local user.
LSV7D004133
•
Symptom: An FTP user fails to log in to the switch.
•
Condition: This symptom occurs if the following procedure is performed:
a. Create an FTP user when password-control is not enabled.
b. Enable password-control.
c. Use the FTP user account to log in to the switch.
LSV7D002501
•
Symptom: The MANU SERIAL NUMBER field in the output of the display device manuinfo
command displays garbled characters.
•
Condition: This symptom can be seen when you execute the display device manuinfo
command.
LSV7D002502
•
Symptom: The debugging information is displayed even if the display of debug information on
the current terminal is disabled.
•
Condition: This symptom can be seen after the undo terminal debugging command is
executed.
187
LPD047965
•
Symptom: A ping operation from a PC to the connected VLAN interface of a switch has packet
loss.
•
Condition: This symptom occurs if the ping operation is performed when an ISSU is performed
on the switch.
LSV7D003823
•
Symptom: Both UP/DOWN and up/down exist in the port UP/DOWN syslog information. In this
release, all of the up/down information use lowercase letters.
•
Condition: This symptom can be seen when port up/down events occur.
LSV7D004004
•
Symptom: The switch might reboot upon receiving packets that have the Ethernet type 0xFCFB
and are smaller than 80 bytes.
•
Condition: This symptom might occur when the switch receives packets that have the Ethernet
type 0xFCFB and are smaller than 80 bytes.
LSV7D004743
•
Symptom: During an SNMP walk on 1.3.6.1.2.1.144 MIB, the FCROUTED process reboots and
the system prompts "The service FCROUTED status failed :abnormal exit!"
•
Condition: This symptom occurs during an SNMP walk on 1.3.6.1.2.1.144 MIB.
LSV7D004147
•
Symptom: After an ISSU on an IRF fabric, the display arp command and the display arp
count command display different numbers of ARP entries.
•
Condition: This symptom occurs if the IRF fabric processes ARP packets during the ISSU.
LSV7D004838
•
Symptom: An SNMP walk on entPhysicalVendorType MIB returns an error value for a power
module that is powered off.
•
Condition: This symptom occurs when two power modules are installed on the switch and one
power module is powered off.
LSV7D004854
•
Symptom: During an ISSU, a ping operation to a directly connected OSPF neighbor might fail
and the OSPF neighbor flaps.
•
Condition: This symptom might occur when you upgrade the software from R2207 to a later
version through ISSU.
LSV7D002898
•
Symptom: The message "DID associated with the license does not belong to this device or
card" is displayed during software upgrade.
•
Condition: This symptom might occur when you upgrade software for the HPE-brand switches.
LSV7D0040027
•
Symptom: A remote authenticated user can switch to a high privilege level that is not authorized
to the user.
•
Condition: This symptom occurs if the following procedure is performed:
a. Configure the user level to 0 on the authentication server.
b. Configure remote AAA authentication by using the super authentication-mode scheme
command for user role switching.
c. Switch the user level to 15 by using the super level-15 command.
188
LPD062939
•
Symptom: The managerid in the deassociation response that the switch sends to the CAS is
incorrect, and the VMs cannot go offline.
•
Condition: This symptom occurs if you modify the network policy for online VMs on the CAS.
TCD003182
•
Symptom: The switch fails to use a new network policy to make VMs go online.
•
Condition: This symptom occurs after you modify the network policy for VMs on the CAS.
TCD003199
•
Symptom: The online VMs on a switch get offline due to expiration.
•
Condition: This symptom occurs if you use a script to simulate a VM that goes online and offline
on the CAS until the IMC resources are used up and IMC cannot respond to any requests.
LSV7D004808
•
Symptom: If a switch where the configured VFC interfaces reach the maximum number is
rebooted, the switch takes more time to complete the reboot.
•
Condition: This symptom occurs if a switch where the configured VFC interfaces reach the
maximum number is rebooted.
LSV7D04790
•
Symptom: The network adapter cannot log in after logging out because an FCF switch cannot
reply with Clear packets carrying the VN information.
•
Condition: This symptom occurs when the following conditions exist:

The FCF switch does not have the login information of the network adapter.

The state of the network adapter is login. In this case, the network adapter sends keepalive
packets to the switch.
LSV7D004786
•
Symptom: When the switch sends Reject packets to a downstream node, the corresponding
proxy node and uplink-to-downlink interface mapping are not deleted.
•
Condition: This symptom occurs when the switch is operating in NPV mode and any of the
following conditions exists:

The fdisc packet on the proxy node times out because no response is received.

The proxy node receives Reject packets for the fdisc packets.

The switch receives Reject packets from the uplink interface.
LSV7D004785
•
Symptom: The FC4-type field of the display fc name-service database command is empty for
the ENode.
•
Condition: This symptom can be seen if a master/subordinate switchover occurs when the
ENode uses FLOGI to register with the IRF fabric operating as an FC switch.
LSV7D004739
•
Symptom: When two FCF switches are merged, the information is not correctly synchronized
on the name server.
•
Condition: This symptom occurs when two FCF switches are merged.
LSV7D004737/ LSV7D002424/ LSV7D004856/ LSV7D004001/ LSV7D004697/ LSV7D004693
•
Symptom: ACLs generated to protect against a protocol packet attack cannot be deleted from
the hardware after the protocol packet attack stops.
189
•
Condition: This symptom can be seen after a protocol packet attack stops.
LSV7D002735
•
Symptom: The ip forward-broadcast command takes effect on the master in an IRF fabric, but
it does not take effect on subordinate switches.
•
Condition: This symptom occurs if you do not save the configuration and reboot the IRF fabric
after you configure the command.
LSV7D004124
•
Symptom: The downstream RB cannot figure out the peer port through calculation.
•
Condition: This symptom occurs when the following conditions exist:

The upstream RB sends out multicast queries and multicast requests.

The downstream RB sends out multicast request packets.

When the LSPs generated on the upstream RB (the multicast source) carry plenty of
multicast receivers, the VLANs to which the port connecting to the multicast source belongs
are changed, and the Interested VLANs field in the LSPs generated on the upstream RB
does not carry the new VLANs.
LSV7D002989
•
Symptom: IGMP snooping requests are discarded on a port if the source MAC of the requests is
the MAC address of the MAC authenticated device.
•
Condition: This symptom occurs when port security, 802.1X authentication, and MAC
authentication are enabled on the port.
LSV7D003701
•
Symptom: Attack protection does not process UDP attacks destined to ports 1812, 1645, and
1646, or process the TCP attacks destined to port 49.
•
Condition: This symptom can be seen when the switch is attacked by UDP attack packets
destined to ports 1812, 1645, and 1646, or TCP attack packets destined to port 49.
LSV7D004129
•
Symptom: When fc? is entered at the CLI, the CLI does not display the keywords starting with
fc.
•
Condition: This symptom occurs when fc? is entered at the CLI on an FCoE switch operating in
NPV mode.
LSV7D004599
•
Symptom: A console user is logged out.
•
Condition: This symptom occurs when a console user uses the super command to switch to a
non-existent user role and enters a password.
LSV7D004143
•
Symptom: The VRRP group state information shows a backup router that has an IP address of
0.0.0.0.
•
Condition: This symptom can be seen when the following conditions exist:

The BOOTP client and a VRRP group are configured on a Layer 3 interface.

The Layer 3 interface fails to obtain an IP address, and uses the default IP address.
LSV7D003241/LSV7D003239
•
Symptom: The LACP process might fail to start up, or the LACP state of a port might change.
•
Condition: This symptom might occur if the LACP process is continually restarted through the
process restart command or loading patches.
190
LSV7D003428
•
Symptom: Unexpected reboot occurs occasionally.
•
Condition: This symptom might occur when patches are installed and uninstalled repeatedly in
kernel mode.
LSV7D008576
•
Symptom: A security log administrator has the highest privilege level because it can modify the
configuration file through FTP.
•
Condition: This symptom can be seen after a security log administrator created using the
authorization-attribute user-role security-audit command logs in to the switch through
SFTP and then modifies the configuration file to get the privilege level.
LSV7D008455
•
Symptom: The mad enable command cannot be executed.
•
Condition: This symptom occurs if the user specified domain ID includes a space.
LSV7D007747
•
Symptom: When the alarm threshold for security log file usage set by the info-center
security-logfile alarm-threshold command is exceeded, security logs are printed so fast that
the security log administrator cannot operate the switch.
•
Condition: This symptom occurs when the alarm threshold for security log file usage set by the
info-center security-logfile alarm-threshold command is exceeded and the user is a security
log administrator.
LSV7D007746
•
Symptom: A common user can delete log files with the delete /unreserved command.
•
Condition: This symptom can be seen when a common user deletes log files with the delete
/unreserved command.
LSV7D007672
•
Symptom: When a user enters the correct password to log in to the switch through SSH, the
switch displays "Failed password for log from x.x.x.x port x ssh".
•
Condition: This symptom occurs when the following conditions exist if the user is not authorized
to use SSH.
LSV7D007670
•
Symptom: Using the scp command to transmit a file to an SCP server fails and the switch does
not prompt for a username and password.
•
Condition: This symptom occurs if the name of the file comprises 255 characters.
LSV7D008447
•
Symptom: Even though TRILL GR is enabled, TRILL traffic is lost during a compatible ISSU on
a standalone switch.
•
Condition: This symptom might occur when a compatible ISSU is performed on a standalone
switch.
LSV7D007995
•
Symptom: Using the sysname command to change the system name to a string of 30
characters fails.
•
Condition: This symptom occurs when the sysname command is used to change the system
name to a string of 30 characters.
191
LSV7D007991
•
Symptom: After the SCP client on a switch loses the connection to an SCP server, the SCP
client does not stop file transfer.
•
Condition: This symptom can be seen after the SCP client on a switch loses the connection to
an SCP server.
LSV7D007911
•
Symptom: The Current usage field in the output from the display security-logfile summary
command displays an incorrect value.
•
Condition: This symptom can be seen when the security log file exceeds 256 bytes.
LSV7D006937
•
Symptom: The state of IRF physical ports continually flaps between up and down.
•
Condition: This symptom might occur when the 10-GE ports that are split from a 40-GE
interface are used for IRF connection.
LSV7D004963
•
Symptom: When an incoming packet larger than 3K bytes is delivered to the CPU, some
content of the packet becomes incorrect.
•
Condition: This symptom can be seen when an incoming packet larger than 3K bytes is
delivered to the CPU.
LSV7D008558
•
Symptom: After the switch reboots due to watchdog expiration, the displayed anomaly
information is incorrect.
•
Condition: This symptom occurs after the switch reboots due to watchdog expiration.
LSV7D007713
•
Symptom: After OSPFv3 BFD is enabled, the OSPFv3 neighbor state changes between Full
and Exstart repeatedly.
•
Condition: This symptom occurs if the switch receives a Type-9 LSA requesting Ref1 during
OSPFv3 DD packet exchange.
LSV7D007548
•
Symptom: The switch generates an insufficient resources message when an ACL rule that is
not supported by the device is inserted before a supported rule.
•
Condition: This symptom occurs when an ACL rule that is not supported by the device is
inserted before a supported rule.
Resolved problems in R2208P01
LSV7D000674
•
Symptom: After the run switchover command is executed on an IRF master during an ISSU
from E2206P02 to R2207, the global router ID is changed, and the system prompts "Please
restart OSPF if you want to make the new Router ID take effect." If you reboot the OSPF
process as prompted, traffic interruption occurs.
•
Condition: This symptom occurs if you reboot the OSPF process as prompted after the run
switchover command is executed on an IRF master during an ISSU from E2206P02 to R2207.
LSV7D000772
•
Symptom: After MAD detects an IRF split, it places all split IRF fabrics in Recovery state.
192
•
Condition: This symptom might occur if the split is caused by removing the IRF connection
cables of the master or shutting down IRF physical ports on the master.
LSV7D001937
•
Symptom: After CPLD software upgrade reboot, the display version command output shows
"Cryptographic module self-tests failed" in the "Last reboot reason" field.
•
Condition: This symptom can be seen if you execute the display version command after CPLD
software upgrade reboot.
LSV7D002614
•
Symptom: When two 5900_5920 switches are connected through 10 GE transceivers, if one of
the two fibers is plugged out, only the port at the receiving fiber side repeatedly goes up and
down.
•
Condition: This symptom occurs if one of the two fibers between two 5900_5920 switches
connected through 10 GB transceivers is plugged out.
LSV7D000834
•
Symptom: After an IRF fabric that comprises 5900_5920 switches is rebooted, the display trill
mfib transit output shows that some TRILL multicast forwarding entries do not have port
information.
•
Condition: This symptom might occur after an IRF fabric that comprises 5900_5920 switches is
rebooted.
LSV7D001163
•
Symptom: During the reboot of an IRF subordinate switch, some processes might fail to start
up, and the following information appears:
System is starting...
Service VLAN was skipped because it failed to start within 30 minutes.
Service LPDT was skipped because it failed to start within 30 minutes.
Service LLDP was skipped because it failed to start within 30 minutes.
Service EVB was skipped because it failed to start within 30 minutes.
User interface aux8 is available.
•
Condition: This symptom might occur if an IRF subordinate switch is rebooted multiple times.
LSV7D001521
•
Symptom: When an aggregate interface uses the default load sharing method, load sharing
performed on the aggregate interface is uneven.
•
Condition: This symptom occurs when the aggregate interface uses the default load sharing
method.
Resolved problems in R2208
LSV7D001891
•
Symptom: A switch in an IRF fabric that might abnormally reboot during an ISSU from R2207 to
R2208.
•
Condition: This symptom might occur during an ISSU from R2207 to R2208 on an IRF fabric.
LSV7D000579
•
Symptom: The display this command executed on a VFC interface does not show the
interface that is bound to the VFC interface.
•
Condition: This symptom can be seen if the following procedure is performed:
193
a. Bind a VFC interface to a 40G interface.
b. Divide the 40G interface into four 10G interfaces.
c. Execute the display this command on the VFC interface.
LSV7D001664
•
Symptom: If you select "3. Display all files in flash" or "4. Delete file from flash" on the BootROM
menu when a file that has a name longer than 128 bytes exists, the CLI fails to respond.
•
Condition: This symptom occurs if you select "3. Display all files in flash" or "4. Delete file from
flash" on the BootROM menu when a file that has a name longer than 128 bytes exists.
LSV7D001941
•
Symptom: Some ports in an aggregation group cannot forward traffic although the display
interface information is right.
•
Condition: This symptom might occur when the following conditions exist.

The IRF fabric comprises two or more 5900/5920 switches.

The LACP protocol is enabled on the IRF fabric.

An aggregation group comprises ports on the IRF member switches and all the ports are in
selected state.

The others ports connecting to 5900/5920 turn UP and DOWN, which cause the ports in
aggregation group to turn UP and DOWN by turns.
Resolved problems in R2207
LPD046453
•
Symptom: Static MAC addresses configured in EVB s-channel view are not counted in MAC
address statistics displayed by the display mac-address vlan vlan-id count command.
•
Condition: This symptom can be seen if you execute the display mac-address vlan vlan-id
count command after configuring static MAC addresses in EVB s-channel view.
LPD047760
•
Symptom: After an incompatible ISSU, the service loop group configuration on a port gets lost,
and the corresponding tunnel interface is down.
•
Condition: This symptom can be seen after an incompatible ISSU, for example, an ISSU from
E2206 to E2206P02.
LPD044554
•
Symptom: BFD flapping occurs when large numbers of packets are delivered to the CPU.
•
Condition: This symptom might occur when the following conditions exist:

The minimum interval for receiving and sending single-hop BFD control messages is small
(such as 100 ms).

The single-hop BFD multiplier is small (such as the default multiplier 3).

Many BFD sessions exist.

Large numbers of packets are delivered to the CPU.
LPD044442
•
Symptom: When multiple VTY users operate a switch, one or more VTY users might get no
responses.
•
Condition: This symptom might occur if multiple VTY users log in to the switch and execute the
display diagnostic-information or more command.
194
LPD048933
•
Symptom: When burst-mode is enabled on an IRF fabric, traffic might affect receiving and
forwarding of protocol packets, resulting in VRRP and OSPF flapping.
•
Condition:
•
This symptom might occur if the following conditions exist:

The IRF fabric comprises both 5900 and 5920 switches with burst-mode is enabled.

Traffic enters the fabric from other switch in the IRF fabric at a rate higher than 100 Mbps
and leaves the fabric from the 5920 switch.
LPD047664
•
Symptom: The reset packet-drop interface command executed on a port clears all statistics
on the port.
•
Condition: This symptom occurs if the reset packet-drop interface command is executed on a
port.
LPD047880
•
Symptom: After an IRF master/subordinate switchover, LLDP flapping might occur.
•
Condition: This symptom might occur after an IRF master/subordinate switchover.
LPD048844
•
Symptom: A specific ACL cannot be assigned on a port.
•
Condition: This symptom might occur when the following conditions exist:

The ACL comprises three rules and the second rule contains the counting keyword.

The ACL is assigned to two ports in turn.

The second port deletes the ACL and gets the ACL reassigned, but the second and third
rules cannot be assigned.
LPD049107
•
Symptom: When the irf link-delay is configured as 10 seconds, if the IRF cable is removed and
inserted within 10 seconds, the IRF fabric splits.
•
Condition: This symptom occurs if the IRF cable is removed and inserted within 10 seconds
when the irf link-delay is configured as 10 seconds.
LPD049536
•
Symptom: Packet loss occurs during an ISSU on an IRF fabric in an FCoE network.
•
Condition: This symptom occurs during an ISSU from E2206P02 to this release.
LPD049647
•
Symptom: After a port configured with flow-control goes down and up, it cannot send pause
frames during congestion.
•
Condition: This symptom can be seen if a port configured with flow-control goes down and up
and congestion occurs on the port.
LPD049851
•
Symptom: The 5900_5920 and A5800_5820X switches cannot operate in an IPv6 VRRP group
because they use incompatible IPv6 VRRP versions.
•
Condition: This symptom occurs because 5900_5920 and A5800_5820X switches use
incompatible IPv6 VRRP versions.
195
LPD049883
•
Symptom: An SNMP walk on MOR_MIB_FLASHCOPYREMOTEUSERPASSWORD returns a
plaintext password.
•
Condition: This symptom can be seen after an SNMP walk on
MOR_MIB_FLASHCOPYREMOTEUSERPASSWORD.
LPD050020
•
Symptom: After an OSPFv3 virtual link is removed and an interface is added to the OSPFv3
area, the interface cannot establish a neighbor relationship.
•
Condition: This symptom can be seen if you remove an OSPFv3 virtual link with the undo
vlink-peer command and then add an interface to the OSPFv3 area with the ospfv3 area
command.
LPD050478
•
Symptom: A multicast ingress port configured with mld-snooping source-deny can still
forward multicast traffic.
•
Condition: This symptom can be seen on a multicast ingress port configured with
mld-snooping source-deny.
LPD050835
•
Symptom: The output of the display packet-drop command does not show packet loss
information for a 1000 Base-T port of 5900AF-48G-4XG-2QSFP+ which acts as an egress port
to forward known unicast traffic.
•
Condition: This symptom can be seen in the output of the display packet-drop command
when congestion occurs on a 1000 Base-T port of 5900AF-48G-4XG-2QSFP+ which acts as an
egress port to forward known unicast traffic.
LPD051899
•
Symptom: A flow-control enabled port on a burst-mode enabled 5920 cannot send pause
frames when congestion occurs.
•
Condition: This symptom occurs if the following operations are performed:
a. Enable burst-mode globally on the 5920.
b. Enable flow-control on a port, save the configuration, and reboot the switch.
After the switch reboots, the port enabled with flow-control cannot send pause frames when
congestion occurs.
LPD052173
•
Symptom: Packet loss occurs on a switch in a TRILL network, if a port of the switch is added to
the TRILL network or a TRILL port where no traffic passes is shut down when TRILL traffic
exists on the switch.
•
Condition: This symptom can be seen on a switch in a TRILL network if a port of the switch is
added to the TRILL network or a TRILL port where no traffic passes is shut down when TRILL
traffic exists on the switch.
LPD051005
•
Symptom: When an FCF switch formed by two concatenated switches is used to connect the
server to the storage, if the VFC port connected to the storage goes down and up and then the
VFC port connected to the server goes down and up, the server fails to access the storage.
•
Condition: This symptom can be seen if an FCF switch formed by two concatenated switches is
used to connect the server to the storage, the VFC port connected to the storage goes down
and up, and then the VFC port connected to the server goes down and up.
196
LPD051844
•
Symptom: When a switch acts as an FCF switch that connects the server to the storage, if one
of the two ports connected to the server/storage goes down and up, the server fails to access
the storage.
•
Condition: This symptom occurs if the switch uses two links to connect the storage and server,
and one link goes down and up.
LPD051865
•
Symptom: If a device in an FCoE network receives from an Emulex NIC an FLOGI register
packet that has a SID of 2E3131, the NIC fails to register on the device.
•
Condition: This symptom occurs if a device in an FCoE network receives from an Emulex NIC
an FLOGI register packet that has a SID of 2E3131
LSV7D000102
•
Symptom: Deleting an aggregate interface does not delete the multicast MAC addresses
configured on the aggregate interface.
•
Condition: This symptom can be seen if you delete an aggregate interface where multicast
MAC addresses are configured.
LSV7D000398
•
Symptom: When traffic redirect is enabled for a link aggregation group, if an IRF member switch
that has ports selected by the link aggregation group is rebooted, the member ports can forward
traffic before they are re-selected by the link aggregation group.
•
Condition: This symptom might occur when the following conditions exist:

The IRF fabric comprises two or more 5900/5920 switches.

The link-aggregation traffic redirect function is enabled by the link-aggregation lacp
traffic-redirect-notification enable command on the IRF fabric.

An aggregation group comprises ports on the IRF member switches and all the ports are in
selected state.

An IRF member switch is rebooted.
LSV7D000429
•
Symptom: The CPU usage stays at 17% when TCP port 53 is attacked by using echoserverte.
•
Condition: This symptom can be seen when TCP port 53 is attacked by using echoserverte.
LSV7D000437
•
Symptom: When a master/subordinate switchover is performed on an IRF fabric that is enabled
with FCoE, the user interface prints "The service FCZONE status failed : abnormal exit!"
•
Condition: This symptom occurs if a master/subordinate switchover is performed on an IRF
fabric that is enabled with FCoE.
LSV7D000467
•
Symptom: If the display diagnostic-information command is executed when command
accounting is enabled, the commands embedded in display diagnostic-information are also
recorded.
•
Condition: This symptom can be seen if the display diagnostic-information command is
executed when command accounting is enabled.
LSV7D000469
•
Symptom: An SNMP walk on dot1qTpFdbTable MIB cannot return static MAC entries.
•
Condition: This symptom occurs during an SNMP walk on dot1qTpFdbTable MIB.
197
LSV7D000489
•
Symptom: Command authorization for a logged-in Telnet user fails.
•
Condition: This symptom can be seen if the command authorization method is set to
hwtacacs-scheme and local and the service type for the user is set to ssh and telnet.
LSV7D000523
•
Symptom: After an IPv6 ACL is assigned, deleting the first rule of the ACL cannot release
corresponding hardware ACL resources, but adding a rule to the ACL occupies new hardware
ACL resources.
•
Condition: This symptom can be seen when you add or delete rules of an assigned IPv6 ACL.
ZDD05489
•
Symptom: A port in an aggregation group cannot be selected, resulting in forwarding failure.
•
Condition: This symptom might occur when the following procedure is performed:
a. Configure two dynamic aggregation groups A and B that each connect to a different device.
The aggregation group A comprises at least two ports, and one port (port 1) repeatedly goes up
and down.
b. Remove a port (port 2) from the aggregation group A and add it to the aggregation group B.
c. Add another port to the aggregation group A.
After the above configuration, port 2 changes to unselected state and cannot forward packets.
LPD048529
•
Symptom: After an aggregate interface is deleted, some static MAC addresses configured on
that aggregate interface are not deleted.
•
Condition: This symptom might be seen after an aggregate interface configured with many
static MAC addresses is deleted
LPD048530
•
Symptom: The queue scheduling commands qos sp, qos wrr, and qos wfq fail to be
configured on 5900AF-48G-4XG-2QSFP+ and the system prompts "The operation completed
unsuccessfully."
•
Condition: This symptom can be seen when you execute commands qos sp, qos wrr, and qos
wfq on 5900AF-48G-4XG-2QSFP+.
LPD048553
•
Symptom: When TRILL is enabled, multicast MAC entries generated for unknown multicast
traffic cannot be aged.
•
Condition: This symptom can be seen when the following conditions exist:

A port is enabled with TRILL.

The igmp-snooping drop-unknown command is configured in the VLAN to which the port
belongs.

Multicast MAC entries are generated for unknown multicast traffic passing the switch.
LPD049071
•
Symptom: When GTS is configured, the display qos queue-statistics interface outbound
command does not display any information in the Dropped field.
•
Condition: This symptom can be seen if you use the qos gts queue command to configure
queue-based GTS on an interface and then use the display qos queue-statistics interface
outbound command to display the outgoing traffic statistics of each queue on the interface
when the traffic exceeds the rate limit.
198
LPD 049094
•
Symptom: If an IRF member device is powered off when a QoS policy is applied to the IRF
fabric, the QoS policy cannot be applied to any member device. To apply the QoS policy, you
must restart the IRF fabric or configure and apply the QoS policy again.
•
Condition: This symptom might be seen if an IRF member device is powered off when a QoS
policy is applied to the IRF fabric.
LPD049218
•
Symptom: If an aggregate interface goes down and up, ARP packets passing through the
aggregate interface might return, resulting in incorrect ARP entries.
•
Condition: This symptom might occur if an aggregate interface goes down and up or an
interface card where member ports of the aggregate interface reside is rebooted.
LPD049373
•
Symptom: When a TPID value in SVLAN tags fails to be configured on a port because of
insufficient resources, configuring a TPID value in VLAN tags on an aggregate interface
succeeds. However, the TPID configuration cannot be applied to the member ports of the
aggregate interface. As a result, the member ports of the aggregate interface are down
because the aggregate interface configuration is different from the member port configuration.
•
Condition: This symptom might be seen if you use the qinq ethernet-type service-tag
command on two ports to configure different TPID values in SVLAN tags to reach hardware
specifications, and then configure a TPID value in VLAN tags on an aggregate interface.
LPD049375
•
Symptom: In TRILL multicast application, a change of VLAN settings on a port results in
incorrect Interested VLANs TLV in LSPs sent by the switch.
•
Condition:
LPD049717
•
Symptom: If command accounting is enabled and a user passes HWTACACS authentication
and logs in, the user's privilege level and NAS-Portname displayed on the ACS are 0 and port0
respectively, which are incorrect.
•
Condition: This symptom can be seen if a user logs in to the switch after passing HWTACACS
authentication when command accounting is enabled (by using the command accounting
command).
LPD049773
•
Symptom: After an IRF master/subordinate switchover, the global router ID is changed and the
system prompts "OSPF 1 New router ID elected, please restart OSPF if you want to make the
new Router ID take effect." If you reboot the OSPF process as prompted, traffic interruption
occurs.
•
Condition: This symptom can be seen if you reboot the OSPF process as prompted after an IRF
master/subordinate switchover.
LPD049826
•
Symptom: When DHCP snooping is enabled globally, users accessing through QinQ cannot
obtain IP addresses from the DHCP server.
•
Condition: This symptom can be seen if DHCP snooping is enabled globally and the uplink and
downlink ports are enabled with QinQ.
LPD049827
•
Symptom: When command accounting is enabled, the commands that users failed to execute
because a higher privilege level is needed are also accounted.
199
•
Condition: This symptom can be seen when command accounting is enabled and some users
execute commands that need a higher privilege level.
LPD049972
•
Symptom: If the TRILL-enabled multicast source and clients use different distribution trees,
multicast entries cannot be created.
•
Condition: This symptom can be seen if the TRILL-enabled multicast source and clients use
different distribution trees.
LPD050084
•
Symptom: If you create a zone and use the member fcid fffcxx command to assign a device to
the zone in FCoE application, the error message "The value of FCID should range from 010000
to EFFFFF" is displayed.
•
Condition: This symptom might occur if you create a zone and use the member fcid fffcxx
command to assign a device to the zone.
LPD050401
•
Symptom: When 1:1 VLAN mapping and the maximum number of MAC addresses are
configured on a port, the port learns incorrect MAC addresses, resulting in traffic interruption.
•
Condition: This symptom can be seen if you configure 1:1 VLAN mapping and the maximum
number of MAC addresses on a port without configuring the qinq enable command.
LPD051811
•
Symptom: Selected ports in a link aggregation group are blocked, resulting in traffic
interruption.
•
Condition: This symptom might occur if the following procedure is performed:
a. Add multiple ports to a link aggregation group.
b. Deselect some ports.
c. Use the link-aggregation port-priority command to increase the priorities of the
unselected ports to make them to replace the selected ports.
LPD049844
•
Symptom: When a remote TACACS server is used for priority-based privilege management,
users accessing through an A5800_5820X or Cisco device can obtain management privileges
from the TACACS server but users accessing through a 5900_5920 cannot.
•
Condition: This symptom can be seen when a remote TACACS server is used for priority-based
privilege management.
LSV7D001187
•
Symptom: Some operations might conduct the CLI display incomplete.
•
Condition: This symptom might occur if the following procedure is performed:
a. Connect the IRF device with other devices through aggregated links.
b. The selected ports in the link aggregation group go up and down for several times.
c. Multiple users log into the device for operation.
LPD034688
•
Symptom: When the PCIE link has strong interference, the Watchdog times out and reboots.
The display version command shows " Last reboot reason:Watchdog timeout reboot”.
•
Condition: This symptom might be seen when the PCIE link has strong interference.
200
Resolved problems in E2206P02
LPD045035
•
Symptom: Packet loss occurs on the 5920 switch where burst mode is enabled.
•
Condition: This symptom might occur when the following conditions exist:

The burst mode is globally enabled.

The ingress and egress ports are in the range of 1 to 8, 9 to 16, or 17 to 24.

Congestion occurs on one or multiple ports that work at 1G rate and reside in the same
range as the ingress and egress ports, and the outbound rate on other 10G ports in the
same range is higher than 1G.
LPD044957
•
Symptom: After login through SFTP, a user has the right to execute the pwd command, which is
wrong.
•
Condition: This symptom might occur when the following conditions exist:

The SFTP user logs in to the switch through password/public key authentication.

The network operator is authorized by RBAC.
LPD046857
•
Symptom: When MAC authentication failures occurred, the display mac-authentication
interface command does not show MAC authentication failure times in the Authentication
attempts field.
•
Condition: This symptom exists in the output from the display mac-authentication interfaces
command when MAC authentication failures have occurred.
LPD046393
•
Symptom: Specific FTP operations might cause the switch to reboot.
•
Condition: This symptom might occur if the following procedure is performed:
a. FTP to a PC from an IRF fabric comprising 5900/5920 switches in ring topology.
b. Execute the dir command.
c. Shut down the management interface.
d. Perform get operations multiple times.
LPD046976
•
Symptom: A level-9 user that telnets to the switch can execute the password-control
command.
•
Condition: This symptom can be seen if a level-9 user telnets to the switch.
LPD047834
•
Symptom: After a system reboot, a TRILL-enabled aggregate interface is involved in STP
calculation. TRILL-enabled interfaces should not participate in STP calculation.
•
Condition: This symptom might occur after you configure TRILL and STP and then reboot the
switch.
LPD046159
•
Symptom: Executing the display interface command on one of the four 10G ports divided from
a 40G port shows "Media type is optical fiber."
•
Condition: This symptom might occur if the following procedure is performed:
a. Use the using tengige command in 40G port view to create four 10G ports.
201
b. Reboot the switch.
c. Insert a QSFP+ to SFP+ cable into the 40G port to make the port up.
d. Execute the display interface command on a 10G port divided from the 40G port.
LPD047784
•
Symptom: Executing the boot-loader command to specify the startup ipe image on a
subordinate switch in an IRF fabric does not take effect.
•
Condition: This symptom occurs if you execute the boot-loader command on a subordinate
switch before executing this command on the master switch.
Resolved problems in E2206
None
Resolved problems in R2108P03
LPD26673
•
Symptom: The CLI of an IRF fabric is suspended when the configuration file is saved.
•
Condition: This symptom might occur if the configuration file is saved on an IRF fabric that
comprises multiple 5900 and 5920 switches.
LPD037817
•
Symptom: A 5900/5920 switch in an IRF fabric works abnormally after a reboot during an
automatic software upgrade.
•
Condition: This symptom might occur if a 5900 switch in an IRF fabric reboot during an
automatic software upgrade and the IRF fabric comprises both 5900 and 5920 switches.
LPD036160
•
Symptom: When an anomaly occurs, the switch cannot recover by reboot itself automatically.
•
Condition: This symptom occurs when an anomaly occurs on a switch.
LPD37801
•
Symptom: A switch that acts as NQA server reboots.
•
Condition: This symptom might occur on a switch acting as the NQA server if deleting and
adding secondary IP addresses for the VLAN interface enabled with the NQA server
repeatedly.
LPD039133
•
Symptom: Some PCs connected to the backup switch in a VRRP group cannot learn the ARP of
VRRP virtual gateway.
•
Condition: This symptom might occur if the following conditions exist:

The VRRP master and backup switches work in load balancing mode.

The two switches exchange heartbeat packets through a directly connected cable.

Multiple PCs connected to the backup switch.
LPD35326
•
Symptom: A 5920 switch in an IRF fabric has an anomaly during a reboot of the IRF fabric.
•
Condition: This symptom might occur if the IRF fabric comprises both 5920 and 5900 switches
and is repeatedly rebooted.
202
LPD37306
•
Symptom: The transceiver MIB node information obtained by the MIB browser is incorrect.
•
Condition: This symptom occurs when the MIB browser is used to read the transceiver related
MIB node.
ZDD05295
•
Symptom: The IP address of a Null interface can be assigned through SNMP but cannot be
deleted through SNMP or CLI.
•
Condition: This symptom occurs if the IP address of the Null interface is assigned by the MIB
browser.
LPD042522
•
Symptom: The service SYSMAN reboot repeatedly and such information repeatedly
appears(log time and device name is different on different devices):
%Jan 1 00:06:33:905 2011 HPE SCMD/5/JOBINFO: The service SYSMAN status failed :
abnormal exit!
•
%Jan
1 00:06:33:911 2011 HPE SCMD/6/JOBINFO: The service SYSMAN is stopped...
%Jan
1 00:06:33:912 2011 HPE SCMD/6/JOBINFO: The service SYSMAN is starting...
%Jan
1 00:06:34:089 2011 HPE SCMD/6/JOBINFO: The service SYSMAN is running...
Condition: This symptom might occur if a bin or ipe file downloaded to flash has incorrect
header information.
LPD042436
•
Symptom: The certificate of a peer in a PKI domain on standby device cannot be deleted.
•
Condition: This symptom occurs on an IRF fabric when deleting the certificate of a peer in a PKI
domain.
LPD041110
•
Symptom: A switch work abnormally if multiple VTY users log in to the switch and execute the
display diagnostic-information command simultaneously.
•
Condition: This symptom might occur if multiple VTY users log in to the switch and execute the
display diagnostic-information command simultaneously.
Resolved problems in R2108P02
LPD34510
•
Symptom: The image specified by the boot-loader command cannot be loaded.
•
Condition: This symptom occurs if the boot-loader command is executed in the root directory
of a subordinate device in an IRF fabric.
LPD26824
•
Symptom: There is no suggestive information when the tftp ip filename ? command is
executed.
•
Condition: This symptom occurs when the tftp ip filename ? command is executed.
LPD26261
•
Symptom: The system prompts "Permission denied" if a user deletes a file with the root
attribute created by the system through the console port of the master device in an IRF fabric,
and the delete operation fails.
•
Condition: This symptom occurs if a user deletes a file with the root attribute created by the
system through the console port of the master device in an IRF fabric.
203
LPD29455
•
Symptom: The console port stops responding when a user logged in through the console port
deletes a file with a name that has more than 31 characters in the recycle bin from the
BootROM menu.
•
Condition: This symptom might occur when a user logged in through the console port deletes a
file with a name that has more than 31 characters in the recycle bin from the BootROM menu.
LPD30055
•
Symptom: The system assigns the vd-operator attribute to a user created by an SSH
management user that has a user level 15. The assigned attribute is incorrect because the
switch does not support VD.
•
Condition: This symptom occurs if an SSH management user with user level 15 creates a new
user.
LPD29574
•
Symptom: After a master/subordinate switchover, the previous master fails to start up.
•
Condition: This symptom might occur if a master/subordinate switchover is performed when the
following conditions exist on the IRF fabric:

The IRF fabric comprises multiple switches

MSTP is enabled.

BPDU tunnels are configured.

The IRF fabric is connected to another device through a cross-card aggregate link.
LPD032502
•
Symptom: After a master/subordinate switchover, ports in a link aggregation group on the
previous master cannot become selected ports although they have been up.
•
Condition: This symptom might occur if the following conditions exist:

The local IRF fabric is connected to another IRF fabric through the link aggregation group
(an aggregate link).

MSTP is enabled on the local IRF fabric.

On the connected IRF fabric, STP is enabled, the aggregate interface is configured as an
edge port. global BPDU protection is configured.

A master/subordinate switchover is performed on the local IRF fabric.
ZDD05103
•
Symptom: When many MAC addresses move to different ports, the system updates ARP
entries for only 32 MAC addresses among those MAC addresses.
•
Condition: This symptom occurs if many MAC addresses move to different ports
LPD031621
•
Symptom: A memory leak occurs.
•
Condition: This symptom occurs if two or more traffic behaviors are configured and then the
reset counters interface command is executed.
LPD30059
•
Symptom: A walk of the dot1dPortCapabilities MIB node through the MIB browser returns
empty data.
•
Condition: This symptom occurs if the MIB browser is used to walk the dot1dPortCapabilities
MIB node.
204
LPD30063
•
Symptom: The cd command executed in user view fails to display Flash information for
subordinate switches in an IRF fabric that comprises four switches.
•
Condition: This symptom might occur if repeated master/subordinate switchovers occur on the
IRF fabric.
LPD32451
•
Symptom: An anomaly occurs after the display stp history command is executed.
•
Condition: This symptom might occur if the display stp history command executed accesses
memory that has not been initialized.
LPD032399
•
Symptom: The output of the display clock command does not show the time information
according to the zone specified by the clock summer-time command.
•
Condition: This symptom exists in the output of the display clock command.
LPD32152
•
Symptom: The value of the dot1qTpFdbPort MIB node obtained through the MIB browser
contains the data length, which should not be returned.
•
Condition: This symptom occurs when the MIB browser walks the dot1qTpFdbPort MIB node.
LPD31252
•
Symptom: A message "500 Unknown command" appears when the dir command is executed
on the FTP server through a switch that acts as the FTP client.
•
Condition: This symptom occurs when the dir command is executed on the FTP server through
a switch that acts as the FTP client.
Resolved problems in R2108P01
LPD24186
•
Symptom: The actual broadcast forwarding rate on a port is 1000000 pps although the
broadcast suppression threshold configured for the port is 2000000, 4000000 or 8000000 pps.
•
Condition: This symptom occurs if the broadcast suppression threshold on a port is configured
as 2000000, 4000000 or 8000000 pps, and then the shutdown and undo shutdown
commands are executed on the port.
LPD24112
•
Symptom: The switch cannot forward broadcast packets with a size less than 80 bytes at line
rate.
•
Condition: Execute the burst-mode enable command and send broadcast traffic with packet
size less than 80 bytes at line rate to a port.
LPD28657
•
Symptom: A PC connected to a device cannot communicate for a while.
•
Condition: This symptom might occur if the following conditions exist:

The device connects to a device and the device connects to an IRF fabric through a
cross-card aggregate link

The master in the IRF fabric is rebooted.
205
LPD26305
•
Symptom: After an IRF master/subordinate switchover, an aggregate interface stays in STP
down state.
•
Condition: This symptom might occur if the following conditions exist:

The aggregate interface is an STP edge port.

The stp bpdu-protection and shutdown-interval 1 commands are configured.

A master/subordinate switchover is performed.
LPD24183
•
Symptom: If an IRF subordinate switch is rebooted, its aggregation member ports change to
inactive state and then to active state. After that, the switch reboots. The switch should reboot
when its aggregation member ports change to inactive state.
•
Condition: This symptom might occur when a subordinate switch in an IRF fabric is rebooted.
LPD35324
•
Symptom: An IRF fabric fails to upgrade software from R2108 to a later version.
•
Condition: This symptom occurs when an IRF fabric uses the automatic software update
function to upgrade software from R2108 to a later version.
Resolved problems in R2108
LPD21989
•
Symptom: Some VRRP virtual MAC addresses cannot be deleted after an IRF split.
•
Condition: This symptom might occur if the following conditions exist:

The IRF fabric comprises four switches in ring topology.

VRRP and MAD are configured.

The two IRF ports on a subordinate switch are shut down to split the IRF fabric.
LPD21097
•
Symptom: VRRP master/backup switchovers occur after a reboot.
•
Condition: This symptom might occur if a device configured with more than 200 standard VRRP
groups is rebooted.
LPD21873
•
Symptom: Traffic forwarding fails if the queue scheduling mode is repeatedly changed on the
egress port.
•
Condition: This symptom might occur if the egress port forwards Layer 3 traffic received from
other two ports and the queue scheduling mode is repeatedly changed on the egress port.
LPD22391
•
Symptom: After receiving line-rate packets with a size larger than 1600 bytes, the network
management port cannot ping the directly connected device.
•
Condition: This symptom might occur after the network management port receives line-rate
packets with a size larger than 1600 bytes.
LPD22364
•
Symptom: An aggregate interface connected to another switch cannot go up.
•
Condition: This symptom might occur if the aggregate interface on the peer switch is repeatedly
created and deleted.
206
LPD22318
•
Symptom: The output of the display interface command does not include the number of pause
frames that were generated when congestion occurred.
•
Condition: This symptom exists in the output of the display interface command.
LPD22583
•
Symptom: A port cannot deliver incoming LACP packets to the CPU.
•
Condition: This symptom might occur after the port is added to, removed from, and then
re-added to a link aggregation group.
LPD19088
•
Symptom: An IRF fabric splits and packet forwarding fails if PFC configuration on a port where
user traffic exists is modified or removed.
•
Condition: This symptom might occur if PFC configuration on a port where user traffic exists is
modified or removed.
LPD20867
•
Symptom: Some MAC addresses displayed by the display mac-address command are
incorrect.
•
Condition: This symptom might occur when the display mac-address command is used to
display a specified MAC address.
LPD21711
•
Symptom: After an IRF master/subordinate switchover, the network management port cannot
transmit packets and the IRF fabric cannot be managed through the port.
•
Condition: This symptom might occur after a master/subordinate switchover on an IRF fabric
that comprises four switches in ring topology.
LPD21950
•
Symptom: The time stamps for received and transmitted traffic statistics are inconsistent with
the system time configured by the clock timezone command. This problem also exists in the
saved configuration file.
•
Condition: This symptom occurs if configure system time by the clock timezone command.
LPD22554
•
Symptom: The output of the display telnet client or display ssh client command does not
shows the source interface configured by the telnet client source inter vlan or ssh client
source interface vlan command.
•
Condition: This symptom occurs if the specified source interface is removed.
LPD22445
•
Symptom: The help information for the telnet server acl ? command shows "Error".
•
Condition: This symptom occurs if a user role with Telnet only has writes right.
LPD23669
•
Symptom: The priority-flow-control enable and shutdown settings on the IRF interface of
the subordinate switch get lost after an IRF master/subordinate switchover.
•
Condition: This symptom might occur after an IRF master/subordinate switchover.
Resolved problems in E2107
First release.
207
Support and other resources
Accessing Hewlett Packard Enterprise Support
•
For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website:
www.hpe.com/assistance
•
To access documentation and support services, go to the Hewlett Packard Enterprise Support
Center website:
www.hpe.com/support/hpesc
Information to collect:
•
Technical support registration number (if applicable).
•
Product name, model or version, and serial number.
•
Operating system name and version.
•
Firmware version.
•
Error messages.
•
Product-specific reports and logs.
•
Add-on products or components.
•
Third-party products or components.
Documents
To find related documents, see the Hewlett Packard Enterprise Support Center website at
http://www.hpe.com/support/hpesc.
•
Enter your product name or number and click Go. If necessary, select your product from the
resulting list.
•
For a complete list of acronyms and their definitions, see HPE FlexNetwork technology
acronyms.
Related documents
•
HPE FlexFabric 5920 & 5900 Fundamentals Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 IRF Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 Layer 2—LAN Switching Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 Layer 3—IP Services Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 Layer 3—IP Routing Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 MPLS Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 ACL and QoS Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 Security Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 High Availability Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 Network Management and Monitoring Configuration
Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 IP Multicast Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 FCoE Configuration Guide-Release 2422P01
208
•
HPE FlexFabric 5920 & 5900 TRILL Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 EVB Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 SPB Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 OpenFlow Configuration Guide-Release 2422P01
•
HPE FlexFabric 5920 & 5900 Fundamentals Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 IRF Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 Layer 2—LAN Switching Command Reference-Release
2422P01
•
HPE FlexFabric 5920 & 5900 Layer 3—IP Services Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 Layer 3—IP Routing Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 MPLS Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 ACL and QoS Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 Security Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 High Availability Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 Network Management and Monitoring Command
Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 IP Multicast Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 FCoE Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 TRILLl Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 EVB Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 SPB Command Reference-Release 2422P01
•
HPE FlexFabric 5920 & 5900 OpenFlow Command Reference-Release 2422P01
•
HPE LSWM1FANSC and LSWM1FANSCB Installation Manual
•
HPE LSWM1HFANSC & LSWM1HFANSCB Fan Assemblies Installation
•
HPE LSVM1FANSC & LSVM1FANSCB Fan Assemblies Installation
•
HPE A58x0AF 650W AC (JC680A) & 650W DC (JC681A) Power Supplies User Guide
•
HPE FlexFabric 5920 & 5900 Installation Guide
Documentation feedback
Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help
us improve the documentation, send any errors, suggestions, or comments to Documentation
Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,
part number, edition, and publication date located on the front cover of the document. For online help
content, include the product name, product version, help edition, and publication date located on the
legal notices page.
209
Appendix A Feature list
Hardware features
Table 5 5900/5920 series hardware features
5900AF-48G-4
XG-2QSFP+
5900AF-48XG
T-4QSFP+
5900CP-48XG4QSFP+
5900CP-48XG4QSFP+ 8Gb
FC B-F
5920AF-24X
G
5900AF-48XG
-4QSFP+
5920AF-24X
G TAA
5900AF-48XG
-4QSFP+ TAA
5900AF-48G-4
XG-2QSFP+
TAA
5900AF-48XG
T-4QSFP+
TAA
Dimensio
ns (H × W
× D)
43.6 × 440 ×
700 mm (1.72
× 17.32 ×
27.56 in)
43.6 × 440 × 660
mm (1.72 ×
17.32 × 25.98 in)
43.6×440×
460mm(1.72×
17.32×18.11in)
43.6 × 440 × 660
mm (1.72 ×
17.32 × 25.98 in)
43.6 × 440 × 660
mm (1.72 × 17.32
× 25.98 in)
Weight
≤ 13.5 kg
(29.76 lb)
≤ 13 kg (28.66
lb)
≤10kg(22.05lb)
≤ 13 kg (28.66
lb)
≤ 13 kg (28.66 lb)
Console
ports
1
1
1
1
1
Manage
ment
Ethernet
ports
1
1
1
1
1
USB
ports
N/A
1
1
1
1
10/100/1
000BaseT
Ethernet
ports
N/A
N/A
48
N/A
N/A
10G
Base-T
Ethernet
ports
N/A
N/A
N/A
48
N/A
SFP+
ports
24
48
4
N/A
48 unified port
QSFP+
ports
N/A
4
2
4
4
LSVM1FANS
C
LSWM1FANSC
LSWM1FANSC
LSWM1HFANS
C
LSWM1FANSC
LSWM1FANSC
B
LSWM1FANSC
B
Item
Fan trays
LSVM1FANS
CB
210
LSWM1HFANS
CB
5900CP-48XG4QSFP+ TAA
LSWM1FANSCB
Item
Power
modules
5920AF-24X
G TAA
5900AF-48XG
-4QSFP+ TAA
5900AF-48G-4
XG-2QSFP+
TAA
5900AF-48XG
T-4QSFP+
TAA
A58x0AF
650W AC
Power
Supply(JC680
A)
A58x0AF 650W
AC Power
Supply(JC680A)
A58x0AF 650W
AC Power
Supply(JC680A)
A58x0AF 650W
AC Power
Supply(JC680A)
A58x0AF 650W
AC Power
Supply(JC680A)
A58x0AF 650W
DC Power
Supply(JC681A)
A58x0AF 650W
DC Power
Supply(JC681A)
A58x0AF 650W
DC Power
Supply(JC681A)
A58x0AF 650W
DC Power
Supply(JC681A)
Rated voltage:
Rated voltage:
Rated voltage:
Rated voltage:
100 VAC to 240
VAC @ 50 or 60
Hz
100 VAC to 240
VAC @ 50 or 60
Hz
100 VAC to 240
VAC @ 50 or 60
Hz
100 VAC to 240
VAC @ 50 or 60
Hz
Max voltage:
Max voltage:
Max voltage:
Max voltage:
90 VAC to 264
VAC @ 47 to 63
Hz
90 VAC to 264
VAC @ 47 to 63
Hz
90 VAC to 264
VAC @ 47 to 63
Hz
90 VAC to 264
VAC @ 47 to 63
Hz
Rated voltage: –
40 VDC to –60
VDC
Rated voltage: –
40 VDC to –60
VDC
Rated voltage: –
40 VDC to –60
VDC
Max voltage: –
40 VDC to –72
VDC
Max voltage: –
40 VDC to –72
VDC
Max voltage: –
40 VDC to –72
VDC
Single-AC:
183W
Single-AC: 98W
Single-AC:
124W
Dual-AC: 200W
Dual-AC: 115W
Dual-AC: 139W
AC inputs: 200 W
Single-DC:
333W
Single-DC:
182W
Single-DC: 95W
Single-DC:
121W
DC inputs: 197 W
Dual-DC:
339W
Dual-DC: 197W
A58x0AF
650W DC
Power
Supply(JC681
A)
100 VAC to
240 VAC @
50 or 60 Hz
Max voltage:
Rated
voltage: –40
VDC to –60
VDC
Max voltage:
–40 VDC to –
72 VDC
Single-AC:
334W
Minimum
power
consumpt
ion
Dual-AC:
343W
Single-AC:
357W
Maximum
power
consumpt
ion
Dual-AC:
366W
Single-DC:
360W
0°C to 45°C
(32°F to
113°F)
Dual-DC: 110W
5900CP-48XG4QSFP+ TAA
Rated voltage: –
40 VDC to –60
VDC
Max voltage: –40
VDC to –72 VDC
Dual-DC: 133W
Single-AC:
157W
Single-AC:
446W
AC: 257 W
Dual-AC: 175W
Dual-AC: 455W
AC: 257 W
DC: 250 W
Single-DC:
151W
Single-DC:
444W
DC: 250 W
Dual-DC: 169W
Dual-DC: 444W
0°C to 45°C
(32°F to 113°F)
0°C to 45°C
(32°F to 113°F)
Dual-DC:
366W
Operatin
g
temperat
ure
5900CP-48XG4QSFP+
5900CP-48XG4QSFP+ 8Gb
FC B-F
5900AF-48XG
-4QSFP+
90 VAC to 264
VAC @ 47 to
63 Hz
DC-input
voltage
5900AF-48XG
T-4QSFP+
5920AF-24X
G
Rated
voltage:
AC-input
voltage
5900AF-48G-4
XG-2QSFP+
0°C to 45°C
(32°F to 113°F)
211
0°C to 45°C (32°F
to 113°F)
Item
Operatin
g
humidity
5900AF-48G-4
XG-2QSFP+
5900AF-48XG
T-4QSFP+
5920AF-24X
G
5900AF-48XG
-4QSFP+
5920AF-24X
G TAA
5900AF-48XG
-4QSFP+ TAA
5900AF-48G-4
XG-2QSFP+
TAA
5900AF-48XG
T-4QSFP+
TAA
10% to 90%,
noncondensin
g
10% to 90%,
noncondensing
10% to 90%,
noncondensing
10% to 90%,
noncondensing
5900CP-48XG4QSFP+
5900CP-48XG4QSFP+ 8Gb
FC B-F
5900CP-48XG4QSFP+ TAA
10% to 90%,
noncondensing
Software features
Table 6 Software features of the 5900/5920 series
5900AF-48G-4
XG-2QSFP+
5900AF-48XG
T-4QSFP+
5900CP-48XG4QSFP+
5900CP-48XG4QSFP+ 8Gb
FC B-F
5920AF-24X
G
5900AF-48XG
-4QSFP+
5920AF-24X
G TAA
5900AF-48XG
-4QSFP+ TAA
5900AF-48G-4
XG-2QSFP+
TAA
5900AF-48XG
T-4QSFP+
TAA
Full
duplex
Wire
speed
L2
switchin
g
capacity
480 Gbps
1280 Gbps
336Gbps
1280Gbps
1280 Gbps
Whole
system
Wire
speed
L2
switchin
g
Packet
forwardi
ng rate
357.12
952.32
249.98
952.32
952.32
Forward
ing
mode
Store-forward and cut-through
IRF
•
•
•
•
•
•
•
•
Featur
e
Ring topology
Daisy chain topology
LACP MAD
ARP MAD
ND MAD
BFD MAD
ISSU
IRF comprised of different models
212
5900CP-48XG4QSFP+ TAA
Link
aggrega
tion
•
•
•
•
•
Aggregation of 10-GE ports
Aggregation of 40-GE ports
Static link aggregation
Dynamic link aggregation
When stacked, supports up to 1024 aggregation groups, each supporting up to 32 ports
Data
center
•
•
•
•
•
•
•
PFC
DCBX
FcoE(FCF/Transit/NPV)
TRILL
EVB
SPBM
PBB
OpenFl
ow
•
Supported
Flow
control
•
IEEE 802.3x flow control and back pressure
Jumbo
Frame
Supports maximum frame size of 10000
MAC
address
table
•
•
•
•
128K MAC addresses
1K static MAC addresses
Blackhole MAC addresses
MAC address learning limit on a port
VLAN
•
•
•
•
•
Port-based VLANs (4094 VLANs)
Private VLAN
Super VLAN
MVRP
QinQ and selective QinQ
VLAN
mappin
g
•
•
•
One-to-one VLAN mapping
Many-to-one VLAN mapping
Two-to-two VLAN mapping
•
•
•
•
•
•
•
•
•
•
•
16K entries
1K static entries
Gratuitous ARP
Standard proxy ARP and local proxy ARP
ARP source suppression
ARP black hole
ARP detection (based on DHCP snooping entries/802.1x security entries/static IP-to-MAC
bindings)
Multicast ARP
ARP logging
IRDP
ARP proxy
ND
•
•
•
8K entries
1K static entries
ND proxy
VLAN
virtual
interfac
e
•
1K
ARP
213
Router
port
•
•
Supported
Router port aggregation
DHCP
•
•
•
•
•
•
•
DHCP client
DHCP snooping
DHCP relay agent
DHCP server
DHCPv6 snooping
DHCPv6 rlay agent
DHCPv6 server
UDP
helper
•
Supported
DNS
•
•
•
Dynamic domain name resolution
Dynamic domain name resolution client
IPv4/IPv6 addresses
IPv4
routing
•
•
•
•
•
•
•
•
•
•
1K static routes
RIP (Routing Information Protocol) v1/v2; up to 2K IPv4 routes
OSPF (Open Shortest Path First) v1/v2; up to 16K IPv4 routes
BGP (Border Gateway Protocol); up to 16K IPv4 routes
IS-IS (Intermediate System-to-Intermediate System); up to 16K IPv4 routes
Configurable maximum number of equal-cost routes; up to 4K equal-cost routes
VRRP
PBR
GR
NSR
IPv6
routing
•
•
•
•
•
•
•
•
•
•
1K static routes
RIPng: Supports up to 2K IPv6 routes
OSPF v3: Supports up to 8K IPv6 routes
ISISv6: Supports up to 8K IPv6 routes
Up to 4K ECMP routes; each ECMP route supports up to 32 next hops
Routing policy
VRRP
PBR
GR
NSR
URPF
•
Reverse route check strict mode and loose mode
MCE
•
Supported
BFD
•
•
•
•
•
•
OSPF/OSPFv3
BGP/BGP4
IS-IS/IS-ISv6
PIM for IPv6
Static route
MAD
Tunnel
•
•
•
•
•
•
•
IPv4 over IPv4 tunnel
IPv4 over IPv6 tunnel
IPv6 over IPv4 manual tunnel
IPv6 over IPv4 6to4 tunnel
IPv6 over IPv4 ISATAP tunnel
IPv6 over IPv6 tunnel
GRE tunnel
214
MPLS
•
•
MPLS
VPLS
IPv4
multicas
t
•
•
•
•
•
•
•
•
•
•
•
IGMP snooping v1/v2/v3
IGMP report suppression
Multicast VLAN
IGMP v1/v2/v3
PIM-DM
PIM-SM
PIM-SSM
PIM-BIDIR
MSDP
PIM snooping
Multicast VPN
IPv6
multicas
t
•
•
•
•
•
•
•
•
MLD snooping v1/v2
MLD report suppression
IPv6 multicast VLAN
Ipv6 PIM snooping
MLD v1/v2
PIM-DM/SM for IPv6
IPv6 PIM-SSM
IPv6 BIDIR-PIM
Broadc
ast/mult
icast/uni
cast
storm
control
•
•
•
Storm control based on port rate percentage
PPS-based storm control
Bps-based storm control
MSTP
•
•
•
STP/RSTP/MSTP protocol
STP Root Guard
BPDU Guard
Smart
Link
•
•
Up to 26 groups
Multi-instance Smart Link
Monitor
Link
•
Supported
•
Restriction of the rates at which a port sends and receives packets, with a granularity of 8
kbps.
Packet redirect
Committed access rate (CAR), with a granularity of traffic limit 8 kbps.
Eight output queues for each port
Flexible queue scheduling algorithms based on port and queue, including strict priority (SP),
Weighted Deficit Round Robin (WDRR), Weighted Fair Queuing (WFQ), SP + WDRR, and
SP + WFQ.
Remarking of 802.1p and DSCP priorities
Packet filtering at L2 (Layer 2) through L4 (Layer 4); flow classification based on source
MAC address, destination MAC address, source IP (IPv4/IPv6) address, destination IP
(IPv4/IPv6) address, port, protocol, and VLAN.
Time range
Weighted Random Early Detection (WRED)
Queue shaping
User profile
COPP
Explicit Congestion Notification (ECN)
•
•
•
•
QoS/AC
L
•
•
•
•
•
•
•
•
215
Mirrorin
g
•
•
•
Flow mirroring
Port mirroring
Multiple mirror observing port
Remote
mirrorin
g
•
•
Port remote mirroring (RSPAN)
Layer 3 remote port mirroring(ERSPAM)
Security
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Hierarchical management and password protection of users
AAA authentication
RADIUS authentication
HWTACACS
SSH 2.0
Port isolation
Port security
IP-MAC-port binding
IP Source Guard
MFF
HTTPS
SSL
PKI
Portal
Boot ROM access control (password recovery)
802.1X
•
•
•
Up to 2,048 users
Port-based and MAC address-based authentication
Trunk port authentication
Traffic
Manage
ment
•
sFlow
Loading
and
upgradi
ng
•
•
•
Loading and upgrading through XModem protocol
Loading and upgrading through FTP
Loading and upgrading through the trivial file transfer protocol (TFTP)
Manage
ment
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Configuration at the command line interface
Remote configuration through Telnet
Configuration through Console port
Python
NETCONF
Simple network management protocol (SNMP)
IMC NMS
System log
Hierarchical alarms
NTP
PTP
EAA
RMON
Power supply alarm function
Fan and temperature alarms
216
Mainten
ance
•
•
•
•
•
•
•
•
•
Debugging information output
Ping and Tracert
NQA
Track
Remote maintenance through Telnet
802.1ag
802.3ah
DLDP
File download and upload through USB port
217
Appendix B Upgrading software
This chapter describes types of software used on the switch and how to upgrade software while the
switch is operating normally or when the switch cannot correctly start up.
System software file types
Software required for starting up the switch includes:
•
Boot ROM image—A .bin file that comprises a basic section and an extended section. The
basic section is the minimum code that bootstraps the system. The extended section enables
hardware initialization and provides system management menus. You can use these menus to
load software and the startup configuration file or manage files when the switch cannot correctly
start up.
•
Software images—Includes boot images and system images.

Boot image—A .bin file that contains the operating system kernel. It provides process
management, memory management, file system management, and the emergency shell.

System image—A .bin file that contains the minimum modules required for device
operation and some basic features, including device management, interface management,
configuration management, and routing management.
The software images that have been loaded are called “current software images.” The software
images specified to load at next startup are called “startup software images.”
These images might be released separately or as a whole in one .ipe package file. If an .ipe file is
used, the system automatically decompresses the file, loads the .bin boot and system images in the
file and sets them as startup software images. Typically, the Boot ROM and software images for this
switch series are released in an .ipe file named main.ipe.
In addition to these images, HPE irregularly releases patch images for you to fix bugs without
rebooting the switch. A patch image does not add new features or functions.
System startup process
Upon power-on, the Boot ROM image runs to initialize hardware and then the software images run to
start up the entire system, as shown in Figure 1.
218
Figure 1 System startup process
Start
Boot ROM runs
Press Ctrl+B
promptly?
Enter Boot menu to
upgrade Boot ROM or
startup software
images
Yes
No
Startup software
images run
System starts up
and CLI appears
Finish
Upgrade methods
You can upgrade system software by using one of the following methods:
Upgrading method
Software types
Remarks
•
Software images
•
You must reboot the switch to
complete the upgrade.
This method can interrupt ongoing
network services.
The upgrade does not interrupt ongoing
services.
Upgrading from the CLI
Patch packages
Make sure the patch images match the
current software images. A patch image
can fix bugs only for its matching
software image version.
Use this method when the switch cannot
correctly start up.
CAUTION:
Upgrading from the Boot menu
•
•
Boot ROM image
Software images
Upgrading an IRF fabric from the CLI
instead of the Boot menu.
The Boot menu method increases the
service downtime, because it requires
that you upgrade the member switches
one by one.
The output in this document is for illustration only and might vary with software releases. This
document uses boot.bin and system.bin to represent boot and system image names. The actual
software image name format is chassis-model_Comware-version_image-type_release, for example,
5900_5920-cmw710-boot-r2307.bin and 5900_5920-cmw710-system-r2307.bin.
219
Upgrading from the CLI
This section uses a two-member IRF fabric as an example to describe how to upgrade software from
the CLI. If you have more than two subordinate switches, repeat the steps for the subordinate switch
to upgrade their software. If you are upgrading a standalone switch, ignore the steps for upgrading
the subordinate switch. For more information about setting up and configuring an IRF fabric, see the
installation guide and IRF configuration guide for the HPE 5920 and 5900 switch series.
Preparing for the upgrade
Before you upgrade software, complete the following tasks:
1.
Log in to the IRF fabric through Telnet or the console port. (Details not shown.)
2.
Identify the number of IRF members, each member switch's role, and IRF member ID.
<Sysname> display irf
MemberID
*+1
Role
Priority
CPU-Mac
Description
5
0023-8927-afdc
---
Standby 1
0023-8927-af43
---
Master
2
-------------------------------------------------* indicates the device is the master.
+ indicates the device through which the user logs in.
The Bridge MAC of the IRF is: 0023-8927-afdb
3.
Auto upgrade
: no
Mac persistent
: 6 min
Domain ID
: 0
Verify that each IRF member switch has sufficient storage space for the upgrade images.
IMPORTANT:
Each IRF member switch must have free storage space that is at least two times the size of
the upgrade image file.
# Identify the free flash space of the master switch.
<Sysname> dir
Directory of flash:
0
-rw-
41424 Aug 23 2013 02:23:44
startup.mdb
1
-rw-
3792 Aug 23 2013 02:23:44
startup.cfg
2
-rw-
53555200 Aug 23 2013 09:53:48
3
drw-
- Aug 23 2013 00:00:07
seclog
system.bin
4
drw-
- Aug 23 2013 00:00:07
diagfile
5
drw-
- Aug 23 2013 00:00:07
logfile
6
-rw-
9959424 Aug 23 2013 09:53:48
boot.bin
7
-rw-
9012224 Aug 23 2013 09:53:48
backup.bin
524288 KB total (453416 KB free)
# Identify the free flash space of each subordinate switch, for example, switch 2.
<Sysname> dir slot2#flash:/
Directory of slot2#flash:/
0
-rw-
41424
Jan 01 2011 02:23:44
220
startup.mdb
1
-rw-
3792
Jan 01 2011 02:23:44
startup.cfg
2
-rw-
93871104
Aug 23 2013 16:00:08
system.bin
3
drw-
-
Jan 01 2011 00:00:07
seclog
4
drw-
-
Jan 01 2011 00:00:07
diagfile
5
drw-
-
Jan 02 2011 00:00:07
logfile
6
-rw-
13611008
7
-rw-
9012224
Aug 23 2013 15:59:00
Nov 25 2011 09:53:48
boot.bin
backup.bin
524288 KB total (453416 KB free)
4.
Compare the free flash space of each member switch with the size of the software file to load. If
the space is sufficient, start the upgrade process. If not, go to the next step.
5.
Delete unused files in the flash memory to free space:
CAUTION:
• To avoid data loss, do not delete the current configuration file. For information about the current
configuration file, use the display startup command.
• The delete /unreserved file-url command deletes a file permanently and the action cannot be undone.
• The delete file-url command moves a file to the recycle bin and the file still occupies storage space. To
free the storage space, first execute the undelete command to restore the file, and then execute the
delete /unreserved file-url command.
# Delete unused files from the flash memory of the master switch.
<Sysname> delete /unreserved flash:/backup.bin
The file cannot be restored. Delete flash:/backup.bin?[Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file flash:/backup.bin...Done.
# Delete unused files from the flash memory of the subordinate switch.
<Sysname> delete /unreserved slot2#flash:/backup.bin
The file cannot be restored. Delete slot2#flash:/backup.bin?[Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file slot2#flash:/backup.bin...Done.
Downloading software images to the master switch
Before you start upgrading software images or patch packages, make sure you have downloaded
the upgrading software files to the root directory in flash memory. This section describes
downloading an .ipe software file as an example.
The following are ways to download, upload, or copy files to the master switch:
•
FTP download from a server
•
FTP upload from a client
•
TFTP download from a server
•
Copying files from a USB flash drive
Prerequisites
If FTP or TFTP is used, the IRF fabric and the PC working as the FTP/TFTP server or FTP client can
reach each other.
Prepare the FTP server or TFTP server program yourself for the PC. The switch series does not
come with these software programs.
221
FTP download from a server
You can use the switch as an FTP client to download files from an FTP server.
To download a file from an FTP server, for example, the server at 10.10.110.1:
1.
Run an FTP server program on the server, configure an FTP username and password, specify
the working directory and copy the file, for example, newest.ipe, to the directory.
2.
Execute the ftp command in user view on the IRF fabric to access the FTP server.
<Sysname> ftp 10.10.110.1
Trying 10.10.110.1...
Press CTRL+K to abort
Connected to 10.10.110.1
220 FTP service ready.
User(10.10.110.1:(none)):username
331 Password required for username.
Password:
230 User logged in
3.
Enable the binary transfer mode.
ftp> binary
200 Type set to I.
4.
Execute the get command in FTP client view to download the file from the FTP server.
ftp> get newest.ipe
227 Entering Passive Mode (10,10,110,1,17,97).
125 BINARY mode data connection already open, transfer starting for /newest.ipe
226 Transfer complete.
32133120 bytes received in 35 seconds (896. 0 kbyte/s)
ftp> bye
221 Server closing.
FTP upload from a client
You can use the IRF fabric as an FTP server and upload files from a client to the IRF fabric.
To FTP upload a file from a client:
On the IRF fabric:
1.
Enable FTP server.
<Sysname> system-view
[Sysname] ftp server enable
2.
Configure a local FTP user account:
# Create the user account.
[Sysname] local-user abc
# Set its password and specify the FTP service.
[Sysname-luser-manage-abc] password simple pwd
[Sysname-luser-manage-abc] service-type ftp
# Assign the network-admin user role to the user account for uploading file to the working
directory of the server.
[Sysname-luser-manage-abc] authorization-attribute user-role network-admin
[Sysname-luser-manage-abc] quit
[Sysname] quit
On the PC:
3.
Log in to the IRF fabric (the FTP server) in FTP mode.
222
c:\> ftp 1.1.1.1
Connected to 1.1.1.1.
220 FTP service ready.
User(1.1.1.1:(none)):abc
331 Password required for abc.
Password:
230 User logged in.
4.
Enable the binary file transfer mode.
ftp> binary
200 TYPE is now 8-bit binary.
5.
Upload the file (for example, newest.ipe) to the root directory of the flash memory on the
master switch.
ftp> put newest.ipe
200 PORT command successful
150 Connecting to port 10002
226 File successfully transferred
ftp: 32133120 bytes sent in 64.58 secs (497.60 Kbytes/sec).
TFTP download from a server
To download a file from a TFTP server, for example, the server at 10.10.110.1:
1.
Run a TFTP server program on the server, specify the working directory, and copy the file, for
example, newest.ipe, to the directory.
2.
On the IRF fabric, execute the tftp command in user view to download the file to the root
directory of the flash memory on the master switch.
<Sysname> tftp 10.10.110.1 get newest.ipe
Press CTRL+C to abort.
% Total
100 30.6M
% Received % Xferd
0 30.6M
0
0
Average Speed
Time
Time
Time
Current
Dload
Total
Spent
Left
Speed
Upload
143k
0 --:--:--
0:03:38 --:--:--
142k
Copying files from a USB flash drive
The 5900 switch provides a USB port for you to copy files from a USB flash drive.
To copy a file from a USB flash drive to the flash memory of the master switch:
1.
2.
Plug the USB flash drive in the USB port of the switch.
Copy the file (for example, newest.ipe) to the flash memory of the switch.
<Sysname> cd usba:
<Sysname> copy usba:/newest.ipe newest.ipe
Copy usba:/newest.ipe to flash:/newest.ipe?[Y/N]:y
Start to copy usba:/newest.ipe to flash:/newest.ipe... Done.
Upgrading the software images
To upgrade the software images:
1.
Specify the upgrade image file (newest.ipe in this example) used at the next startup for the
master switch, and assign the M attribute to the boot and system images in the file.
<Sysname> boot-loader file flash:/newest.ipe slot 1 main
Verifying image file..........Done.
Images in IPE:
boot.bin
223
system.bin
This command will set the main startup software images. Continue? [Y/N]:y
Add images to target slot.
Decompressing file boot.bin to flash:/boot.bin....................Done.
Decompressing file system.bin to flash:/system.bin................Done.
The images that have passed all examinations will be used as the main startup so
ftware images at the next reboot on slot 1.
2.
Specify the upgrade image file as the main startup image file for each subordinate switch. This
example uses IRF member 2. (The subordinate switches will automatically copy the file to the
root directory of their flash memories.)
<Sysname> boot-loader file flash:/newest.ipe slot 2 main
Verifying image file..........Done.
Images in IPE:
boot.bin
system.bin
This command will set the main startup software images. Continue? [Y/N]:y
Add images to target slot.
Decompressing file boot.bin to flash:/boot.bin....................Done.
Decompressing file system.bin to flash:/system.bin................Done.
The images that have passed all examinations will be used as the main startup so
ftware images at the next reboot on slot 2.
3.
Enable the software auto-update function.
<Sysname> system-view
[Sysname] irf auto-update enable
[Sysname] quit
This function checks the software versions of member switches for inconsistency with the
master switch. If a subordinate switch is using a different software version than the master, the
function propagates the current software images of the master to the subordinate as main
startup images. The function prevents software version inconsistency from causing the IRF
setup failure.
4.
Save the current configuration in any view to prevent data loss.
<Sysname> save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait.................
Saved the current configuration to mainboard device successfully.
Slot 2:
Save next configuration file successfully.
5.
Reboot the IRF fabric to complete the upgrade.
<Sysname> reboot
Start to check configuration with next startup configuration file, please wait.
........DONE!
This command will reboot the device. Continue? [Y/N]:y
Now rebooting, please wait...
The system automatically loads the .bin boot and system images in the .ipe file and sets them
as the startup software images.
224
6.
Execute the display version command in any view to verify that the current main software
images have been updated (details not shown).
NOTE:
The system automatically checks the compatibility of the Boot ROM image and the boot and system
images during the reboot. If you are prompted that the Boot ROM image in the upgrade image file is
different than the current Boot ROM image, upgrade both the basic and extended sections of the
Boot ROM image for compatibility. If you choose to not upgrade the Boot ROM image, the system
will ask for an upgrade at the next reboot performed by powering on the switch or rebooting from the
CLI (promptly or as scheduled). If you fail to make any choice in the required time, the system
upgrades the entire Boot ROM image.
Installing a patch package
To install a patch package, for example, system-patch.bin:
1.
Activate the patch package on the master switch and the subordinate switch.
<Sysname> install activate patch flash:/system-patch.bin slot 1
<Sysname> install activate patch flash:/system-patch.bin slot 2
2.
Verify that the patch package has been activated.
<Sysname> display install active
Active packages on slot 1:
flash:/boot.bin
flash:/system.bin
flash:/system-patch.bin
Active packages on slot 2:
flash:/boot.bin
flash:/system.bin
flash:/system-patch.bin
3.
Commit the installation so the patch package continues to take effect after a reboot.
<Sysname> install commit
4.
Verify that the patch package installation has been committed.
<Sysname> display install committed
Committed packages on slot 1:
flash:/boot.bin
flash:/system.bin
flash:/system-patch.bin
Committed packages on slot 2:
flash:/boot.bin
flash:/system.bin
flash:/system-patch.bin
For more information about installing patch packages, see HPE 5920 & 5900 Switch Series
Fundamentals Configuration Guide.
Upgrading from the Boot menu
From the Boot menu, you can upgrade the Boot ROM and Comware images, but not patch images.
In this approach, you must access the Boot menu of each member switch to upgrade their software
one by one. If you are upgrading software images for an IRF fabric, using the CLI is a better choice.
225
TIP:
Upgrading through the management Ethernet port is faster than through the console port.
Prerequisites
Make sure the prerequisites are met before you start upgrading software from the Boot menu.
Setting up the upgrade environment
1.
Use a console cable to connect the console terminal (for example, a PC) to the console port on
the switch.
2.
Connect the management Ethernet port on the switch to the file server.
NOTE:
The file server and the configuration terminal can be co-located.
3.
Run a terminal emulator program on the console terminal and set the following terminal
settings:

Bits per second—9,600

Data bits—8

Parity—None

Stop bits—1

Flow control—None

Emulation—VT100
Preparing for the TFTP or FTP transfer
To use TFTP or FTP:
•
Run a TFTP or FTP server program on the file server or the console terminal.
•
Copy the upgrade file to the file server.
•
Correctly set the working directory on the TFTP or FTP server.
•
Make sure the file server and the switch can reach each other.
Verifying that sufficient storage space is available
IMPORTANT:
For the switch to start up correctly, do not delete the main startup software images when you free
storage space before upgrading Boot ROM. On the Boot menu, the main startup software images
are marked with an asterisk (*).
When you upgrade software, make sure each member switch has sufficient free storage space for
the upgrade file, as shown in Table 7.
Table 7 Minimum free storage space requirements
Upgraded images
Minimum free storage space requirements
Comware images
Two times the size of the Comware upgrade package file.
Boot ROM
Same size as the Boot ROM upgrade image file.
If no sufficient space is available, delete unused files as described in “Managing files from the Boot
menu.”
226
Scheduling the upgrade time
During the upgrade, the switch cannot provide any services. You must make sure the upgrade has a
minimal impact on the network services.
Accessing the Boot menu
Power on the switch (for example, an HPE 5900AF-48XG-4QSFP+ Switch), and you can see the
following information:
Starting......
Press Ctrl+D to access BASIC BOOT MENU
***************************************************************************
*
*
*
HPE 5900AF-48XG-4QSFP+ Switch BOOTROM, Version 127
*
*
*
***************************************************************************
Copyright (c) 2010-2017 Hewlett-Packard Development Company, L.P.
Creation Date
: Jan
6 2013, 14:25:58
CPU Clock Speed : 1000MHz
Memory Size
: 2048MB
Flash Size
: 512MB
CPLD Version
: 002/002
PCB Version
: Ver.A
Mac Address
: 00E0FC005800
Press Ctrl+B to access EXTENDED BOOT MENU...1
Press one of the shortcut key combinations at prompt.
Table 8 Shortcut keys
Shortcut
keys
Ctrl+B
Prompt message
Press Ctrl+B to enter
Extended Boot menu...
Function
Remarks
Accesses the extended Boot
menu.
Press the keys within 1
second (in fast startup mode)
or 5 seconds (in full startup
mode) after the message
appears.
You can upgrade and
manage system software and
Boot ROM from this menu.
Ctrl+D
Press Ctrl+D to access
BASIC BOOT MENU
Accesses the basic Boot
menu.
227
Press the keys within 1
seconds after the message
appears.
You can upgrade Boot ROM
or access the extended Boot
ROM segment from this
menu.
Accessing the basic Boot menu
If the extended Boot ROM segment has corrupted, you can repair or upgrade it from the basic Boot
menu.
Press Ctrl+D within 1 seconds after the "Press Ctrl+D to access BASIC BOOT MENU" prompt
message appears. If you fail to do this within the time limit, the system starts to run the extended
Boot ROM segment.
***********************************************************************
*
*
*
BASIC BOOTROM, Version 127
*
*
*
***********************************************************************
BASIC BOOT MENU
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
4. Boot extended BootRom
0. Reboot
Ctrl+U: Access BASIC ASSISTANT MENU
Enter your choice(0-4):
Table 9 Basic Boot ROM menu options
Option
Task
1. Update full BootRom
Update the entire Boot ROM, including the basic segment
and the extended segment. To do so, you must use
XMODEM and the console port. For more information, see
Using XMODEM to upgrade Boot ROM through the console
port.
2. Update extended BootRom
Update the extended Boot ROM segment. To do so, you
must use XMODEM and the console port. For more
information, see Using XMODEM to upgrade Boot ROM
through the console port.
3. Update basic BootRom
Update the basic Boot ROM segment. To do so, you must
use XMODEM and the console port. For more information,
see Using XMODEM to upgrade Boot ROM through the
console port.
Access the extended Boot ROM segment.
4. Boot extended BootRom
For more information, see Accessing the extended Boot
menu.
0. Reboot
Reboot the switch.
Ctrl+U: Access BASIC ASSISTANT MENU
Press Ctrl + U to access the BASIC ASSISTANT menu
(see Table 10).
Table 10 BASIC ASSISTANT menu options
Option
Task
1. RAM Test
Perform a RAM self-test.
228
Option
Task
0. Return to boot menu
Return to the basic Boot menu.
Accessing the extended Boot menu
Press Ctrl+B within 1 second (in fast startup mode) or 5 seconds (in full startup mode) after the
"Press Ctrl-B to enter Extended Boot menu..." prompt message appears. If you fail to do this, the
system starts decompressing the system software.
Alternatively, you can enter 4 in the basic Boot menu to access the extended Boot menu.
The "Password recovery capability is enabled." or "Password recovery capability is disabled."
message appears, followed by the extended Boot menu. Availability of some menu options depends
on the state of password recovery capability (see Table 11). For more information about password
recovery capability, see HPE 5920 & 5900 Switch Series Fundamentals Configuration Guide.
Password recovery capability is enabled.
EXTENDED BOOT MENU
1. Download image to flash
2. Select image to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Enter your choice(0-8):
Table 11 Extended Boot ROM menu options
Option
Tasks
Download a software image file to the flash.
1. Download image to flash
If password recovery capability is enabled, you can use any version of
the software image file for upgrade.
If password recovery capability is disabled, you can use only the
R2307 version (or higher) for upgrade.
229
Option
Tasks
•
Specify the main and backup software image file for the next
startup:
If password recovery capability is enabled, you can specify a software
image file of any version.
2. Select image to boot
If password recovery capability is disabled, the software image file
version must be R2307 or higher.
•
Specify the main and backup configuration files for the next
startup. This task can be performed only if password recovery
capability is enabled.
3. Display all files in flash
Display files on the flash.
4. Delete file from flash
Delete files to free storage space.
5. Restore to factory default
configuration
Delete the current next-startup configuration files and restore the
factory-default configuration.
This option is available only if password recovery capability is disabled.
Access the Boot ROM upgrade menu.
6. Enter BootRom upgrade menu
If password recovery capability is enabled, you can upgrade the Boot
ROM to any version.
If password recovery capability is disabled, you can upgrade the Boot
ROM only to version 123 or higher.
Start the switch without loading any configuration file.
7. Skip current system
configuration
This is a one-time operation and takes effect only for the first system
boot or reboot after you choose this option.
This option is available only if password recovery capability is enabled.
8. Set switch startup mode
Set the startup mode to fast startup mode or full startup mode.
0. Reboot
Reboot the switch.
Ctrl+F: Format file system
Format the current storage medium.
Skip the authentication for console login.
Ctrl+P: Change authentication for
console login
This is a one-time operation and takes effect only for the first system
boot or reboot after you choose this option.
This option is available only if password recovery capability is enabled.
Ctrl+R: Download image to
SDRAM and run
Ctrl+Z: Access EXTENDED
ASSISTANT MENU
Download a system software image and start the switch with the
image.
This option is available only if password recovery capability is enabled.
Access the EXTENDED ASSISTANT MENU.
For options in the menu, see Table 12.
Table 12 EXTENDED ASSISTANT menu options
Option
Task
1. Display Memory
Display data in the memory.
2. Search Memory
Search the memory for a specific data segment.
0. Return to boot menu
Return to the extended Boot ROM menu.
Upgrading Comware images from the Boot menu
You can use the following methods to upgrade Comware images:
230
•
Using TFTP to upgrade software images through the management Ethernet port
•
Using FTP to upgrade software through the management Ethernet port
•
Using XMODEM to upgrade software through the console port
Using TFTP to upgrade software images through the management Ethernet port
1.
Enter 1 in the Boot menu to access the file transfer protocol submenu.
1. Set TFTP protocol parameters
2. Set FTP protocol parameters
3. Set XMODEM protocol parameters
0. Return to boot menu
Enter your choice(0-3):
2.
Enter 1 to set the TFTP parameters.
Load File Name
:update.ipe
Server IP Address
:192.168.0.3
Local IP Address
:192.168.0.2
Subnet Mask
:255.255.255.0
Gateway IP Address
:0.0.0.0
Table 13 TFTP parameter description
Item
Description
Load File Name
Name of the file to download (for example, update.ipe).
Server IP Address
IP address of the TFTP server (for example, 192.168.0.3).
Local IP Address
IP address of the switch (for example, 192.168.0.2).
Subnet Mask
Subnet mask of the switch (for example, 255.255.255.0).
Gateway IP Address
IP address of the gateway (in this example, no gateway is required
because the server and the switch are on the same subnet).
NOTE:
• To use the default setting for a field, press Enter without entering any value.
• If the switch and the server are on different subnets, you must specify a gateway address for the switch.
3.
Enter all required parameters, and enter Y to confirm the settings. The following prompt
appears:
Are you sure to download file to flash? Yes or No (Y/N):Y
4.
Enter Y to start downloading the image file. To return to the Boot menu without downloading the
upgrade file, enter N.
Loading.........................................................................
................................................................................
................................................................................
................................................................Done!
5.
Enter the M (main), B (backup), or N (none) attribute for the images. In this example, assign the
main attribute to the images.
Please input the file attribute (Main/Backup/None) M
Image file boot.bin is self-decompressing...
Free space: 534980608 bytes
Writing flash...................................................................
................................................................................
231
...................................................................Done!
Image file system.bin is self-decompressing...
Free space: 525981696 bytes
Writing flash...................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
.......................................................................Done!
NOTE:
• The switch always attempts to boot with the main images first. If the attempt fails, for example,
because the main images are not available, the switch tries to boot with the backup images. An image
with the none attribute is only stored in flash memory for backup. To use it at reboot, you must change
its attribute to main or backup.
• If an image with the same attribute as the image you are loading is already in the flash memory, the
attribute of the old image changes to none after the new image becomes valid.
• If .bin files are used for upgrade, specify the .bin files in the order of the boot image, system image, and
feature images. If you specify a .bin file for a feature image before the .bin file for the system image or
the boot image, the upgrade might fail
6.
Enter 0 in the Boot menu to reboot the switch with the new software images.
EXTENDED BOOT MENU
1. Download image to flash
2. Select image to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Enter your choice(0-8): 0
Using FTP to upgrade software through the management Ethernet port
1.
Enter 1 in the Boot menu to access the file transfer protocol submenu.
1. Set TFTP protocol parameters
2. Set FTP protocol parameters
3. Set XMODEM protocol parameters
0. Return to boot menu
Enter your choice(0-3):
2.
Enter 2 to set the FTP parameters.
232
Load File Name
:update.ipe
Server IP Address
:192.168.0.3
Local IP Address
:192.168.0.2
Subnet Mask
:255.255.255.0
Gateway IP Address
:0.0.0.0
FTP User Name
:switch
FTP User Password
:***
Table 14 FTP parameter description
Item
Description
Load File Name
Name of the file to download (for example, update.ipe).
Server IP Address
IP address of the FTP server (for example, 192.168.0.3).
Local IP Address
IP address of the switch (for example, 192.168.0.2).
Subnet Mask
Subnet mask of the switch (for example, 255.255.255.0).
Gateway IP Address
IP address of the gateway (in this example, no gateway is required
because the server and the switch are on the same subnet).
FTP User Name
Username for accessing the FTP server, which must be the same as
configured on the FTP server.
FTP User Password
Password for accessing the FTP server, which must be the same as
configured on the FTP server.
NOTE:
• To use the default setting for a field, press Enter without entering any value.
• If the switch and the server are on different subnets, you must specify a gateway address for the
switch.
3.
Enter all required parameters, and enter Y to confirm the settings. The following prompt
appears:
Are you sure to download file to flash? Yes or No (Y/N):Y
4.
Enter Y to start downloading the image file. To return to the Boot menu without downloading the
upgrade file, enter N.
Loading.........................................................................
................................................................................
................................................................................
................................................................Done!
5.
Enter the M (main), B (backup), or N (none) attribute for the images. In this example, assign the
main attribute to the images.
Please input the file attribute (Main/Backup/None) M
Image file boot.bin is self-decompressing...
Free space: 534980608 bytes
Writing flash...................................................................
................................................................................
...................................................................Done!
Image file system.bin is self-decompressing...
Free space: 525981696 bytes
Writing flash...................................................................
................................................................................
................................................................................
233
................................................................................
................................................................................
................................................................................
.......................................................................Done!
EXTENDED BOOT MENU
1. Download image to flash
2. Select image to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Enter your choice(0-8):0
NOTE:
• The switch always attempts to boot with the main images first. If the attempt fails, for example,
because the main images not available, the switch tries to boot with the backup images. An image with
the none attribute is only stored in flash memory for backup. To use it at reboot, you must change its
attribute to main or backup.
• If an image with the same attribute as the image you are loading is already in the flash memory, the
attribute of the old image changes to none after the new image becomes valid.
• If .bin files are used for upgrade, specify the .bin files in the order of the boot image, system image, and
feature images. If you specify a .bin file for a feature image before the .bin file for the system image or
the boot image, the upgrade might fail
6.
Enter 0 in the Boot menu to reboot the switch with the new software images.
Using XMODEM to upgrade software through the console port
XMODEM download through the console port is slower than TFTP or FTP download through the
management Ethernet port. To save time, use the management Ethernet port as long as possible.
1.
Enter 1 in the Boot menu to access the file transfer protocol submenu.
1. Set TFTP protocol parameters
2. Set FTP protocol parameters
3. Set XMODEM protocol parameters
0. Return to boot menu
Enter your choice(0-3):
2.
Enter 3 to set the XMODEM download baud rate.
Please select your download baudrate:
1.* 9600
2.
19200
234
3.
38400
4.
57600
5.
115200
0.
Return to boot menu
Enter your choice(0-5):5
3.
Select an appropriate download rate, for example, enter 5 to select 115200 bps.
Download baudrate is 115200 bps
Please change the terminal's baudrate to 115200 bps and select XMODEM protocol
Press enter key when ready
4.
Set the serial port on the terminal to use the same baud rate and protocol as the console port. If
you select 9600 bps as the download rate for the console port, skip this task.
a. Select Call > Disconnect in the HyperTerminal window to disconnect the terminal from the
switch.
Figure 2 Disconnecting the terminal from the switch
b. Select File > Properties, and in the Properties dialog box, click Configure.
Figure 3 Properties dialog box
c. Select 115200 from the Bits per second list and click OK.
235
Figure 4 Modifying the baud rate
d. Select Call > Call to reestablish the connection.
Figure 5 Reestablishing the connection
5.
Press Enter. The following prompt appears:
Are you sure to download file to flash? Yes or No (Y/N):Y
6.
Enter Y to start downloading the file. (To return to the Boot menu, enter N.)
Now please start transfer file with XMODEM protocol
If you want to exit, Press <Ctrl+X>
Loading ...CCCCCCCCCCCCCCCCCCCCCCCCC
7.
Select Transfer > Send File in the HyperTerminal window.
Figure 6 Transfer menu
236
8.
In the dialog box that appears, click Browse to select the source file, and select Xmodem from
the Protocol list.
Figure 7 File transmission dialog box
9.
Click Send. The following dialog box appears:
Figure 8 File transfer progress
10. Enter the M (main), B (backup), or N (none) attribute for the images. In this example, assign the
main attribute to the images.
Please input the file attribute (Main/Backup/None) m
The boot.bin image is self-decompressing...
# At the Load File name prompt, enter a name for the boot image to be saved to flash memory.
Load File name
: default_file boot-update.bin
(At the prompt,
Free space: 470519808 bytes
Writing flash...................................................................
.............Done!
The system-update.bin image is self-decompressing...
# At the Load File name prompt, enter a name for the system image to be saved to flash
memory.
Load File name
: default_file system-update.bin
Free space: 461522944 bytes
Writing flash...................................................................
.............Done!
Your baudrate should be set to 9600 bps again!
Press enter key when ready
237
NOTE:
• The switch always attempts to boot with the main images first. If the attempt fails, for example, because the
main images not available, the switch tries to boot with the backup images. An image with the none attribute
is only stored in the flash memory for backup. To use it at reboot, you must change its attribute to main or
backup.
• If an image with the same attribute as the image you are loading is already in flash memory, the attribute of
the old image changes to none after the new image becomes valid.
11. If the baud rate of the HyperTerminal is not 9600 bps, restore it to 9600 bps as described in step
5.a. If the baud rate is 9600 bps, skip this step.
NOTE:
The console port rate reverts to 9600 bps at a reboot. If you have changed the baud rate, you
must perform this step so you can access the switch through the console port after a reboot.
EXTENDED BOOT MENU
1. Download image to flash
2. Select image to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Enter your choice(0-8): 0
12. Enter 0 in the Boot menu to reboot the system with the new software images.
Upgrading Boot ROM from the Boot menu
You can use the following methods to upgrade the Boot ROM image:
•
Using TFTP to upgrade Boot ROM through the management Ethernet port
•
Using FTP to upgrade Boot ROM through the management Ethernet port
•
Using XMODEM to upgrade Boot ROM through the console port
Using TFTP to upgrade Boot ROM through the management Ethernet port
1.
Enter 6 in the Boot menu to access the Boot ROM update menu.
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
2.
Enter 1 in the Boot ROM update menu to upgrade the full Boot ROM.
238
The file transfer protocol submenu appears:
1. Set TFTP protocol parameters
2. Set FTP protocol parameters
3. Set XMODEM protocol parameters
0. Return to boot menu
Enter your choice(0-3):
3.
Enter 1 to set the TFTP parameters.
Load File Name
:update.btm
Server IP Address
:192.168.0.3
Local IP Address
:192.168.0.2
Subnet Mask
:255.255.255.0
Gateway IP Address
:0.0.0.0
Table 15 TFTP parameter description
Item
Description
Load File Name
Name of the file to download (for example, update.btm).
Server IP Address
IP address of the TFTP server (for example, 192.168.0.3).
Local IP Address
IP address of the switch (for example, 192.168.0.2).
Subnet Mask
Subnet mask of the switch (for example, 255.255.255.0).
Gateway IP Address
IP address of the gateway (in this example, no gateway is required
because the server and the switch are on the same subnet).
NOTE:
• To use the default setting for a field, press Enter without entering any value.
• If the switch and the server are on different subnets, you must specify a gateway address for the
switch.
4.
Enter all required parameters and press Enter to start downloading the file.
Loading.................................................Done!
5.
Enter Y at the prompt to upgrade the basic Boot ROM section.
Will you Update Basic BootRom? (Y/N):Y
Updating Basic BootRom...........Done.
6.
Enter Y at the prompt to upgrade the extended Boot ROM section.
Updating extended BootRom? (Y/N):Y
Updating extended BootRom.........Done.
7.
Enter 0 in the Boot ROM update menu to return to the Boot menu.
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
8.
Enter 0 in the Boot menu to reboot the switch with the new Boot ROM image.
Using FTP to upgrade Boot ROM through the management Ethernet port
1.
Enter 6 in the Boot menu to access the Boot ROM update menu.
1. Update full BootRom
239
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
2.
Enter 1 in the Boot ROM update menu to upgrade the full Boot ROM.
The file transfer protocol submenu appears:
1. Set TFTP protocol parameters
2. Set FTP protocol parameters
3. Set XMODEM protocol parameters
0. Return to boot menu
Enter your choice(0-3):
3.
Enter 2 to set the FTP parameters.
Load File Name
:update.btm
Server IP Address
:192.168.0.3
Local IP Address
:192.168.0.2
Subnet Mask
:255.255.255.0
Gateway IP Address :0.0.0.0
FTP User Name
:switch
FTP User Password
:123
Table 16 FTP parameter description
Item
Description
Load File Name
Name of the file to download (for example, update.btm).
Server IP Address
IP address of the FTP server (for example, 192.168.0.3).
Local IP Address
IP address of the switch (for example, 192.168.0.2).
Subnet Mask
Subnet mask of the switch (for example, 255.255.255.0).
Gateway IP Address
IP address of the gateway (in this example, no gateway is required
because the server and the switch are on the same subnet).
FTP User Name
Username for accessing the FTP server, which must be the same as
configured on the FTP server.
FTP User Password
Password for accessing the FTP server, which must be the same as
configured on the FTP server.
NOTE:
• To use the default setting for a field, press Enter without entering any value.
• If the switch and the server are on different subnets, you must specify a gateway address for the
switch.
4.
Enter all required parameters and press Enter to start downloading the file.
Loading.................................................Done!
5.
Enter Y at the prompt to upgrade the basic Boot ROM section.
Will you Update Basic BootRom? (Y/N):Y
Updating Basic BootRom...........Done.
6.
Enter Y at the prompt to upgrade the extended Boot ROM section.
Updating extended BootRom? (Y/N):Y
240
Updating extended BootRom.........Done.
7.
Enter 0 in the Boot ROM update menu to return to the Boot menu.
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
8.
Enter 0 in the Boot menu to reboot the switch with the new Boot ROM image.
Using XMODEM to upgrade Boot ROM through the console port
XMODEM download through the console port is slower than TFTP or FTP download through the
management Ethernet port. To save time, use the management Ethernet port as long as possible.
1.
Enter 6 in the Boot menu to access the Boot ROM update menu.
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
2.
Enter 1 in the Boot ROM update menu to upgrade the full Boot ROM.
The file transfer protocol submenu appears:
1. Set TFTP protocol parameters
2. Set FTP protocol parameters
3. Set XMODEM protocol parameters
0. Return to boot menu
Enter your choice(0-3):
3.
Enter 3 to set the XMODEM download baud rate.
Please select your download baudrate:
1.* 9600
2.
19200
3.
38400
4.
57600
5.
115200
0.
Return to boot menu
Enter your choice(0-5):5
4.
Select an appropriate download rate, for example, enter 5 to select 115200 bps.
Download baudrate is 115200 bps
Please change the terminal's baudrate to 115200 bps and select XMODEM protocol
Press enter key when ready
5.
Set the serial port on the terminal to use the same baud rate and protocol as the console port. If
you select 9600 bps as the download rate for the console port, skip this task.
a. Select Call > Disconnect in the HyperTerminal window to disconnect the terminal from the
switch.
Figure 9 Disconnecting the terminal from the switch
241
b. Select File > Properties, and in the Properties dialog box, click Configure.
Figure 10 Properties dialog box
c. Select 115200 from the Bits per second list and click OK.
Figure 11 Modifying the baud rate
242
d. Select Call > Call to reestablish the connection.
Figure 12 Reestablishing the connection
6.
Press Enter to start downloading the file.
Now please start transfer file with XMODEM protocol
If you want to exit, Press <Ctrl+X>
Loading ...CCCCCCCCCCCCCCCCCCCCCCCCC
7.
Select Transfer > Send File in the HyperTerminal window.
Figure 13 Transfer menu
8.
In the dialog box that appears, click Browse to select the source file, and select Xmodem from
the Protocol list.
243
Figure 14 File transmission dialog box
9.
Click Send. The following dialog box appears:
Figure 15 File transfer progress
10. Enter Y at the prompt to upgrade the basic Boot ROM section.
Loading ...CCCCCCCCCCCCCC
...Done!
Will you Update Basic BootRom? (Y/N):Y
Updating Basic BootRom...........Done.
11. Enter Y at the prompt to upgrade the extended Boot ROM section.
Updating extended BootRom? (Y/N):Y
Updating extended BootRom.........Done.
12. If the baud rate of the HyperTerminal is not 9600 bps, restore it to 9600 bps at the prompt, as
described in step 4.a. If the baud rate is 9600 bps, skip this step.
Please change the terminal's baudrate to 9600 bps, press ENTER when ready.
NOTE:
The console port rate reverts to 9600 bps at a reboot. If you have changed the baud rate, you
must perform this step so you can access the switch through the console port after a reboot.
13. Press Enter to access the Boot ROM update menu.
14. Enter 0 in the Boot ROM update menu to return to the Boot menu.
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
244
0. Return to boot menu
Enter your choice(0-3):
15. Enter 0 in the Boot menu to reboot the switch with the new Boot ROM image.
Managing files from the Boot menu
From the Boot menu, you can display files in flash memory to check for obsolete files, incorrect files,
or space insufficiency, delete files to release storage space, or change the attributes of software
images.
Displaying all files
Enter 3 in the Boot menu to display all files in flash memory and identify the free space size.
EXTENDED BOOT MENU
1. Download image to flash
2. Select image to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Enter your choice(0-8): 3
The following is a sample output:
Display all file(s) in flash:
File Number
File Size(bytes)
File Name
================================================================================
1
8177
flash:/testbackup.cfg
2(*)
53555200
flash:/system.bin
3(*)
9959424
flash:/boot.bin
4
3678
flash:/startup.cfg_backup
5
30033
flash:/default.mdb
6
42424
flash:/startup.mdb
7
18
flash:/.pathfile
8
232311
flash:/logfile/logfile.log
9
5981
flash:/startup.cfg_back
10(*)
6098
flash:/startup.cfg
11
20
flash:/.snmpboots
Free space: 464298848 bytes
The current image is boot.bin
(*)-with main attribute
245
(b)-with backup attribute
(*b)-with both main and backup attribute
Deleting files
If storage space is insufficient, delete obsolete files to free up storage space.
To delete files:
1.
Enter 4 in the Boot menu:
Deleting the file in flash:
File Number
File Size(bytes)
File Name
================================================================================
1
8177
flash:/testbackup.cfg
2(*)
53555200
flash:/system.bin
3(*)
9959424
flash:/boot.bin
4
3678
flash:/startup.cfg_backup
5
30033
flash:/default.mdb
6
42424
flash:/startup.mdb
7
18
flash:/.pathfile
8
232311
flash:/logfile/logfile.log
9
5981
flash:/startup.cfg_back
10(*)
6098
flash:/startup.cfg
11
20
flash:/.snmpboots
Free space: 464298848 bytes
The current image is boot.bin
(*)-with main attribute
(b)-with backup attribute
(*b)-with both main and backup attribute
2.
Enter the number of the file to delete. For example, enter 1 to select the file testbackup.cfg.
Please input the file number to change: 1
3.
Enter Y at the confirmation prompt.
The file you selected is testbackup.cfg,Delete it? (Y/N):Y
Deleting....................................Done!
Changing the attribute of software images
Software image attributes include main (M), backup (B), and none (N). System software and boot
software can each have multiple none-attribute images but only one main image and one backup
image on the switch. You can assign both the M and B attributes to one image. If the M or B attribute
you are assigning has been assigned to another image, the assignment removes the attribute from
that image. If the removed attribute is the sole attribute of the image, its attribute changes to N.
For example, the system image system.bin has the M attribute and the system image
system-update.bin has the B attribute. After you assign the M attribute to system-update.bin, the
attribute of system-update.bin changes to M+B and the attribute of system.bin changes to N.
To change the attribute of a system or boot image:
1.
Enter 2 in the Boot menu.
EXTENDED BOOT MENU
1. Download image to flash
2. Select image to boot
3. Display all files in flash
246
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Enter your choice(0-8): 2
2.
1 or 2 at the prompt to set the attribute of a software image. (The following output is based on
the option 2. To set the attribute of a configuration file, enter 3.)
1. Set image file
2. Set bin file
3. Set configuration file
0. Return to boot menu
Enter your choice(0-3): 2
File Number
File Size(bytes)
File Name
================================================================================
1(*)
53555200
flash:/system.bin
2(*)
9959424
flash:/boot.bin
3
13105152
flash:/boot-update.bin
4
91273216
flash:/system-update.bin
Free space: 417177920 bytes
(*)-with main attribute
(b)-with backup attribute
(*b)-with both main and backup attribute
Note:Select .bin files. One but only one boot image and system image must be included.
3.
Enter the number of the file you are working with. For example, enter 3 to select the boot image
boot-update.bin. and enter 4 to select the system image system-update.bin.
Enter file No.(Allows multiple selection):3
Enter another file No.(0-Finish choice):4
4.
Enter 0 to finish the selection.
Enter another file No.(0-Finish choice):0
You have selected:
flash:/boot-update.bin
flash:/system-update.bin
5.
Enter M or B to change its attribute to main or backup. If you change its attribute to M, the
attribute of boot.bin changes to none.
Please input the file attribute (Main/Backup) M
This operation may take several minutes. Please wait....
Next time, boot-update.bin will become default boot file!
Next time, system-update.bin will become default boot file!
247
Set the file attribute success!
Handling software upgrade failures
If a software upgrade fails, the system runs the old software version.
To handle a software upgrade failure:
1.
Verify that the software release is compatible with the switch model and the correct file is used.
2.
Verify that the software release and the Boot ROM release are compatible. For software and
Boot ROM compatibility, see the hardware and software compatibility matrix in the correct
release notes.
3.
Check the physical ports for a loose or incorrect connection.
4.
If you are using the console port for file transfer, check the HyperTerminal settings (including
the baud rate and data bits) for any wrong setting.
5.
Check the file transfer settings:

If XMODEM is used, you must set the same baud rate for the terminal as for the console
port.

If TFTP is used, you must enter the same server IP addresses, file name, and working
directory as set on the TFTP server.

If FTP is used, you must enter the same FTP server IP address, source file name, working
directory, and FTP username and password as set on the FTP server.
6.
Check the FTP or TFTP server for any incorrect setting.
7.
Check that the storage device has sufficient space for the upgrade file.
248
HPE 5900_5920-CMW710-R2432P01-US
Release Notes
Software Feature Changes
The information in this document is subject to change without notice.
© Copyright 2017 Hewlett Packard Enterprise Development LP
Contents
Release 2432P01 & 2432P01-US ························································1
Release 2432 ··················································································2
New feature: Parity error alarming for entries on forwarding chips···············2
Configuring parity error alarming for entries on forwarding chips ··························································· 2
Command reference ····················································································································· 3
parity-error monitor log enable ································································································· 3
parity-error monitor period ······································································································· 3
parity-error monitor threshold ··································································································· 4
New feature: Excluding a subnet from load sharing on link aggregations ······5
Excluding a subnet from load sharing on link aggregations ·································································· 5
Command reference ····················································································································· 5
link-aggregation management-subnet ······················································································· 5
New feature: ISP domain for users assigned to nonexistent domains ··········6
Specifying an ISP domain for users assigned to nonexistent domains ···················································· 6
Command reference ····················································································································· 6
domain if-unknown ················································································································ 6
Modified feature: Software patching ·····················································7
Feature change description ············································································································ 7
Command changes ······················································································································ 8
Modified feature: User password configuration in RADIUS test profiles ········8
Feature change description ············································································································ 8
Command changes ······················································································································ 8
Modified command: radius-server test-profile ·············································································· 8
Modified feature: Configuring SSH client access control ···························8
Feature change description ············································································································ 8
Command changes ······················································································································ 9
Modified command: ssh server acl ···························································································· 9
Modified command: ssh server ipv6 acl ····················································································· 9
Modified feature: Predefined user roles of SSH client and FTP client
commands ······················································································9
Feature change description ············································································································ 9
Command changes ···················································································································· 10
Modified command: bye········································································································ 10
Modified command: exit ········································································································ 10
Modified command: help ······································································································· 10
Modified command: quit········································································································ 10
Modified feature: Username format modification for device login ·············· 11
Feature change description ·········································································································· 11
Command changes ···················································································································· 11
Modified feature: Specifying a PW data encapsulation type ····················· 11
Feature change description ·········································································································· 11
Command changes ···················································································································· 11
Modified command: pw-type ·································································································· 11
Modified feature: Device diagnostic information ···································· 12
Feature change description ·········································································································· 12
i
Command changes ···················································································································· 12
Modified command: display diagnostic-information ···································································· 12
Modified feature: Memory usage statistics ··········································· 12
Feature change description ·········································································································· 12
Command changes ···················································································································· 12
Modified command: display memory ······················································································· 12
Modified feature: Displaying group table statistics ································· 13
Feature change description ·········································································································· 13
Command changes ···················································································································· 13
Modified command: display openflow group ············································································· 13
Feature 2431················································································· 15
New feature: Specifying ignored packet fields for the default link-aggregation
load sharing ·················································································· 15
Specifying ignored packet fields for the default link-aggregation load sharing ········································ 15
Command reference ··················································································································· 15
link-aggregation load-sharing ignore ······················································································· 15
Modified feature: Defining QoS match criteria ······································· 16
Feature change description ·········································································································· 16
Command changes ···················································································································· 16
Modified command: if-match ·································································································· 16
Modified feature: NTP support for ACL················································ 16
Feature change description ·········································································································· 16
Command changes ···················································································································· 17
Modified command: undo ntp-service acl ················································································· 17
Modified command: undo ntp-service ipv6 acl ··········································································· 17
Modified command: ntp-service authentication-keyid ·································································· 17
Modified command: sntp authentication-keyid ··········································································· 18
Feature 2430················································································· 19
New feature: Ignoring the ingress ports of ARP packets during user validity
check··························································································· 19
Configuring ARP attack detection to ignore the ingress ports of ARP packets during user validity check ····· 19
Command reference ··················································································································· 19
arp detection port-match-ignore ····························································································· 19
Modified feature: ISSU command prompt information····························· 20
Feature change description ·········································································································· 20
Command changes ···················································································································· 20
Feature 2429················································································· 21
New feature: Displaying burst records for interfaces ······························ 21
Displaying burst records for interfaces···························································································· 21
Command reference ··················································································································· 21
display burst-detect interface ································································································· 21
New feature: Configuring FC port security ··········································· 22
Overview ·································································································································· 22
Port security database·········································································································· 23
Authorization checks ············································································································ 23
Port security configuration task list ································································································ 24
Enabling port security ················································································································· 25
Configuring binding entries ·········································································································· 25
Enabling auto learning ················································································································ 26
ii
Converting learned entries to static entries······················································································ 26
Enabling SNMP notifications for port security ·················································································· 26
Displaying and maintaining port security ························································································· 26
Port security configuration examples······························································································ 27
Port security configuration example by using FC interfaces ························································· 27
Port security configuration example by using VFC interfaces ······················································· 30
Command reference ··················································································································· 34
any-wwn ···························································································································· 34
display fc-port-security database ···························································································· 35
display fc-port-security statistics ····························································································· 36
display fc-port-security status ································································································ 37
display fc-port-security violation ····························································································· 38
fc-port-security auto-learn ····································································································· 39
fc-port-security database copy ······························································································· 40
fc-port-security enable ·········································································································· 40
nwwn ································································································································ 41
pwwn ································································································································ 42
reset fc-port-security database ······························································································· 43
reset fc-port-security statistics ································································································ 43
snmp-agent trap enable fc-port-security ··················································································· 44
swwn ································································································································ 45
New feature: Loop guard for an OpenFlow instance······························· 46
Enabling loop guard for an OpenFlow instance ················································································ 46
Command reference ··················································································································· 46
loop-protection enable ·········································································································· 46
New feature: Shutting down an interface by OpenFlow ··························· 47
Shutting down an interface by OpenFlow ························································································ 47
Command reference ··················································································································· 47
openflow shutdown ·············································································································· 47
Modified feature: Displaying operating information for diagnostics ············ 48
Feature change description ·········································································································· 48
Command changes ···················································································································· 48
Modified command: display diagnostic-information ···································································· 48
Modified feature: Displaying history about ports that are blocked by spanning
tree protection features ···································································· 48
Feature change description ·········································································································· 48
Command changes ···················································································································· 48
Modified command: display stp abnormal-port ·········································································· 48
Modified feature: Displaying BGP MDT peer or peer group information ······ 49
Feature change description ·········································································································· 49
Command changes ···················································································································· 49
Modified command: display bgp peer ······················································································ 49
Modified feature: Displaying BGP MDT routing information ····················· 50
Feature change description ·········································································································· 50
Command changes ···················································································································· 50
Modified command: display bgp routing-table ipv4 mdt ······························································· 50
Modified feature: Applying an ACL to an interface for packet filtering ········· 51
Feature change description ·········································································································· 51
Command changes ···················································································································· 51
Modified command: packet-filter ····························································································· 51
Modified feature: Applying a QoS policy to an interface ·························· 51
Feature change description ·········································································································· 51
Command changes ···················································································································· 51
iii
Modified command: qos apply policy ······················································································· 51
Modified feature: Configuring data buffer monitoring ······························ 52
Feature change description ·········································································································· 52
Command changes ···················································································································· 52
Modified command: buffer usage threshold ·············································································· 52
Feature 2428················································································· 53
New feature: RADIUS stop-accounting packet buffering ························· 53
Configuring RADIUS stop-accounting packet buffering ······································································ 53
Command reference ··················································································································· 54
display stop-accounting-buffer (for RADIUS) ············································································ 54
reset stop-accounting-buffer (for RADIUS) ··············································································· 55
retry stop-accounting (RADIUS scheme view) ··········································································· 56
stop-accounting-buffer enable (RADIUS scheme view) ······························································· 57
New feature: HWTACACS stop-accounting packet buffering ··················· 57
Configuring HWTACACS stop-accounting packet buffering ································································ 57
Command reference ··················································································································· 58
display stop-accounting-buffer (for HWTACACS)······································································· 58
reset stop-accounting-buffer (for HWTACACS) ········································································· 59
retry stop-accounting (HWTACACS scheme view) ····································································· 59
stop-accounting-buffer enable (HWTACACS scheme view) ························································· 60
New feature: 802.1X MAC address binding ·········································· 61
Configuring 802.1X MAC address binding······················································································· 61
Command reference ··················································································································· 62
dot1x mac-binding enable ····································································································· 62
dot1x mac-binding ··············································································································· 62
New feature: Support of 802.1X for redirect URL assignment ·················· 63
New feature: Support of MAC authentication for redirect URL assignment ·· 64
New feature: Support of port security for redirect URL assignment in specific
modes ························································································· 64
Modified feature: Displaying PBR configuration····································· 64
Feature change description ·········································································································· 64
Command changes ···················································································································· 64
Modified command: display ip policy-based-route setup······························································ 64
Modified feature: Displaying MAC address table information for VSIs ········ 65
Feature change description ·········································································································· 65
Command changes ···················································································································· 65
Modified command: display l2vpn mac-address ········································································ 65
Modified feature: Enabling the BFD echo packet mode··························· 66
Feature change description ·········································································································· 66
Command changes ···················································································································· 66
Modified command: bfd echo enable ······················································································· 66
Modified feature: NTP authentication ·················································· 66
Feature change description ·········································································································· 66
Command changes ···················································································································· 66
Modified command: ntp-service authentication-keyid ·································································· 66
Modified command: sntp authentication-keyid ··········································································· 67
Modified feature: Displaying MAC address move records························ 67
Feature change description ·········································································································· 67
iv
Command changes ···················································································································· 67
Modified feature: MAC address move notifications ································ 67
Feature change description ·········································································································· 67
Command changes ···················································································································· 68
Feature 2427················································································· 69
New feature: Specifying ITU channel numbers for transceiver modules ····· 69
Specifying ITU channel numbers for transceiver modules ·································································· 69
Command reference ··················································································································· 70
itu-channel ························································································································· 70
display transceiver itu-channel interface ·················································································· 70
New feature: Setting the MAC address for a Layer 3 Ethernet interface or Layer
3 aggregate interface ······································································ 72
Setting the MAC address for a Layer 3 Ethernet interface or Layer 3 aggregate interface ························ 72
Command reference ··················································································································· 72
mac-address ······················································································································ 72
New feature: Configuring the DHCP smart relay feature ························· 73
Configuring the DHCP smart relay feature ······················································································ 73
Command reference ··················································································································· 74
dhcp smart-relay enable ······································································································· 74
New feature: Configuring the RIB to flush route attribute information to the FIB
·································································································· 74
Configuring the RIB to flush route attribute information to the FIB ························································ 74
Command reference ··················································································································· 75
flush route-attribute ·············································································································· 75
New feature: Configuring a description for a network access user············· 75
Configuring a description for a network access user ········································································· 75
Command reference ··················································································································· 76
description ························································································································· 76
New feature: Configuring the validity period for a network access user ······ 76
Configuring the validity period for a network access user ··································································· 76
Command reference ··················································································································· 77
validity-datetime ·················································································································· 77
New feature: Enabling the auto-delete feature for expired local user accounts
·································································································· 78
Enabling the auto-delete feature for expired local user accounts ························································· 78
Command reference ··················································································································· 78
local-user auto-delete enable································································································· 78
New feature: Configuring periodic MAC reauthentication ························ 79
Configuring periodic MAC reauthentication ····················································································· 79
Command reference ··················································································································· 79
mac-authentication timer reauth-period (system view) ································································ 79
mac-authentication re-authenticate ························································································· 80
mac-authentication timer reauth-period (interface view) ······························································ 81
New feature: Enabling preprovisioning ················································ 82
Enabling preprovisioning ············································································································· 82
Configuration procedure ·············································································································· 82
Verifying the configuration ··········································································································· 82
v
New feature: Enabling SNMP notifications for RRPP ····························· 82
Enabling SNMP notifications for RRPP··························································································· 82
Command reference ··················································································································· 83
snmp-agent trap enable rrpp ································································································· 83
Modified feature: Displaying detailed information about UDP connections and
RawIP connections ········································································· 83
Feature change description ·········································································································· 83
Command changes ···················································································································· 84
Modified commands: display rawip verbose and display udp verbose ············································ 84
Modified feature: Displaying detailed information about IPv6 UDP connections
and IPv6 RawIP connections ···························································· 84
Feature change description ·········································································································· 84
Command changes ···················································································································· 84
Modified commands: display ipv6 rawip verbose and display ipv6 udp verbose ······························· 84
Modified feature: Default size of the TCP receive and send buffer ············ 85
Feature change description ·········································································································· 85
Command changes ···················································································································· 85
Modified command: tcp window ····························································································· 85
Modified feature: Displaying MPLS LSP statistics ·································· 85
Feature change description ·········································································································· 85
Command changes ···················································································································· 85
Modified command: display mpls lsp statistics ·········································································· 85
Modified feature: Configuring BGP route summarization ························· 86
Feature change description ·········································································································· 86
Command changes ···················································································································· 86
Modified command: aggregate ······························································································· 86
Modified feature: Displaying OSI connection information························· 86
Feature change description ·········································································································· 86
Command changes ···················································································································· 86
Modified command: display osi ······························································································ 86
Feature 2426················································································· 87
New feature: Transceiver module alarm suppression ····························· 87
Disabling alarm traps for transceiver modules·················································································· 87
Command reference ··················································································································· 87
transceiver phony-alarm-disable····························································································· 87
New feature: Enabling SNMP notifications for port security ····················· 88
Enabling SNMP notifications for port security ·················································································· 88
Command reference ··················································································································· 88
snmp-agent trap enable port-security ······················································································ 88
New feature: Setting the packet sending mode for IPv4 VRRPv3 ·············· 89
Setting the packet sending mode for IPv4 VRRPv3 ·········································································· 89
Command reference ··················································································································· 90
vrrp vrid vrrpv3-send-packet ·································································································· 90
New feature: Enabling periodic sending of gratuitous ARP packets for IPv4
VRRP ·························································································· 91
Enabling periodic sending of gratuitous ARP packets for IPv4 VRRP ··················································· 91
Command reference ··················································································································· 91
vrrp send-gratuitous-arp ······································································································· 91
vi
New feature: Enabling periodic sending of ND packets for IPv6 VRRP ······ 92
Enabling periodic sending of ND packets for IPv6 VRRP ··································································· 92
Command reference ··················································································································· 93
vrrp ipv6 send-nd ················································································································ 93
New feature: Configuring a subordinate IPv4 VRRP group to follow a master
IPv4 VRRP group ··········································································· 94
Configuring a subordinate IPv4 VRRP group to follow a master IPv4 VRRP group ································· 94
Configuration restrictions and guidelines ·················································································· 94
Command reference ··················································································································· 95
vrrp vrid name ···················································································································· 95
vrrp vrid follow ···················································································································· 96
New feature: Configuring a subordinate IPv6 VRRP group to follow a master
IPv6 VRRP group ··········································································· 96
Configuring a subordinate IPv6 VRRP group to follow a master IPv6 VRRP group ································· 96
Configuration restrictions and guidelines ·················································································· 97
Command reference ··················································································································· 97
vrrp ipv6 vrid name ·············································································································· 97
vrrp ipv6 vrid follow ·············································································································· 98
New feature: Displaying master-to-subordinate IPv4 VRRP group bindings 99
Displaying master-to-subordinate IPv4 VRRP group bindings ····························································· 99
Command reference ··················································································································· 99
display vrrp binding ·············································································································· 99
New feature: Displaying master-to-subordinate IPv6 VRRP group bindings
································································································ 101
Displaying master-to-subordinate IPv6 VRRP group bindings ··························································· 101
Command reference ················································································································· 101
display vrrp ipv6 binding ····································································································· 101
New feature: Configuring the threshold for triggering monitor link group state
switchover ·················································································· 103
Configuring the threshold for triggering monitor link group state switchover ········································· 103
Command reference ················································································································· 103
uplink up-port-threshold ······································································································ 103
New feature: ACL application to NETCONF over SOAP traffic ··············· 104
Applying an ACL to NETCONF over SOAP traffic ···········································································
Command reference ·················································································································
netconf soap http acl ··········································································································
netconf soap https acl ········································································································
104
104
104
105
New feature: Allowing link aggregation member ports to be in the deployed flow
tables ························································································ 106
Allowing link aggregation member ports to be in the deployed flow tables ··········································· 106
Command reference ················································································································· 106
permit-port-type member-port ······························································································ 106
New feature: Enabling OpenFlow connection backup ··························· 107
Enabling OpenFlow connection backup ························································································ 107
Command reference ················································································································· 107
tcp-connection backup ······································································································· 107
New feature: Preprovisioning ·························································· 108
Enabling preprovisioning ··········································································································· 108
Displaying and maintaining preprovisioned settings ········································································ 108
vii
Preprovisioning commands ········································································································
display provision failed-config ······························································································
provision ··························································································································
reset provision failed-config ·································································································
slot ·································································································································
109
109
110
111
111
New feature: Enabling BPDU transparent transmission on a port ············ 112
Enabling BPDU transparent transmission on a port ········································································ 112
Command reference ················································································································· 112
New command: stp transparent enable·················································································· 112
Modified feature: 802.1X guest VLAN assignment delay ······················· 113
Feature change description ········································································································ 113
Command changes ·················································································································· 113
Modified command: dot1x guest-vlan-delay ············································································ 113
Modified feature: Software image information display ··························· 113
Feature change description ········································································································ 113
Command changes ·················································································································· 114
Modified feature: Specifying ECDSA algorithms with different public key
lengths ······················································································· 114
Feature change description ········································································································
Command changes ··················································································································
Modified command: scp ······································································································
Modified command: scp ipv6 ·······························································································
Modified command: sftp······································································································
Modified command: sftp ipv6 ·······························································································
Modified command: ssh2 ····································································································
Modified command: ssh2 algorithm public-key ········································································
Modified command: ssh2 ipv6 ······························································································
114
114
114
115
116
117
119
120
120
Feature 2424··············································································· 122
New feature: LLDP neighbor validation and aging ······························· 122
Configuring LLDP neighbor validation and aging ············································································
Configuring LLDP neighbor validation on an interface ······························································
Configuring LLDP neighbor aging on an interface ····································································
Command references ···············································································································
New command: lldp neighbor-protection aging ········································································
New command: lldp neighbor-identity chassis-id ·····································································
New command: lldp neighbor-identity port-id ··········································································
New command: lldp neighbor-protection validation ··································································
Modified command: display lldp status ··················································································
122
122
122
123
123
124
125
126
126
New feature: Port-specific 802.1X periodic reauthentication timer ··········· 127
Setting the 802.1X periodic reauthentication timer on a port ····························································· 127
Command reference ················································································································· 127
dot1x timer reauth-period ···································································································· 127
New feature: Manual reauthentication for all online 802.1X users on a port128
Manually reauthenticating all online 802.1X users on a port ····························································· 128
Command reference ················································································································· 129
dot1x re-authenticate manual ······························································································ 129
New feature: CFD Port collaboration ················································ 129
Configuring port collaboration ····································································································· 129
Command reference ················································································································· 130
cfd port-trigger ·················································································································· 130
viii
New feature: DSCP value for OpenFlow packets ································ 131
Setting a DSCP value for OpenFlow packets ················································································· 131
Command reference ················································································································· 131
Modified feature: Configuring the CDP-compatible operating mode for LLDP
································································································ 132
Feature change description ········································································································ 132
Command changes ·················································································································· 132
Modified command: lldp compliance admin-status cdp ····························································· 132
Modified feature: Configuring a traffic policing action···························· 132
Feature change description ········································································································ 132
Command changes ·················································································································· 133
Modified command: car ······································································································ 133
Release 2423 ·············································································· 134
New feature: DHCP address pool application to a VPN instance ············ 134
Applying a DHCP address pool to a VPN instance ·········································································
Command reference ·················································································································
New command: vpn-instance ·······························································································
Modified commands: Commands for displaying the DHCP server ···············································
Modified command: dhcp server forbidden-ip ··········································································
Modified commands: Commands for maintaining the DHCP server ·············································
134
135
135
136
136
137
New feature: L2PT ······································································· 137
Overview ································································································································
Background ······················································································································
L2PT operating mechanism ·································································································
L2PT configuration task list ········································································································
Enabling L2PT ·························································································································
Setting the destination multicast MAC address for tunneled packets ··················································
Displaying and maintaining L2PT ································································································
L2PT configuration examples ·····································································································
Configuring L2PT for STP ···································································································
Configuring L2PT for LACP ·································································································
Command reference ·················································································································
display l2protocol statistics ··································································································
l2protocol tunnel dot1q ·······································································································
l2protocol tunnel-dmac ·······································································································
reset l2protocol statistics·····································································································
137
137
138
139
139
140
141
141
141
142
146
146
147
148
149
New feature: RADIUS server status detection ···································· 149
Configuring a test profile for RADIUS server status detection ··························································· 149
Command reference ················································································································· 150
radius-server test-profile ····································································································· 150
New feature: RADIUS server load sharing ········································· 151
Enabling the RADIUS server load sharing feature ·········································································· 151
Command reference ················································································································· 151
algorithm loading-share enable ···························································································· 151
New feature: IP address pool authorization by AAA ····························· 152
Configuring the IP address pool authorization attribute ····································································
Command reference ·················································································································
authorization-attribute (ISP domain view) ···············································································
authorization-attribute (local user view/user group view) ···························································
152
153
153
153
New feature: 802.1X guest VLAN assignment delay ···························· 154
Enabling 802.1X guest VLAN assignment delay ············································································· 154
ix
Command reference ················································································································· 155
dot1x guest-vlan-delay ······································································································· 155
New feature: Sending 802.1X protocol packets without VLAN tags ········· 155
Sending 802.1X protocol packets out of a port without VLAN tags ····················································· 155
Command reference ················································································································· 156
dot1x eapol untag ·············································································································· 156
New feature: 802.1X critical voice VLAN ··········································· 156
Enabling 802.1X critical voice VLAN ····························································································
Configuration prerequisites··································································································
Configuration procedure ·····································································································
Command reference ·················································································································
dot1x critical-voice-vlan ······································································································
156
157
157
157
157
New feature: MAC authentication critical voice VLAN ··························· 158
Enabling MAC authentication critical voice VLAN ···········································································
Configuration prerequisites··································································································
Configuration procedure ·····································································································
Command reference ·················································································································
mac-authentication critical-voice-vlan ····················································································
reset mac-authentication critical-voice-vlan ············································································
158
158
158
159
159
160
New feature: Parallel processing of MAC authentication and 802.1X
authentication ·············································································· 160
Enabling parallel processing of MAC authentication and 802.1X authentication···································· 160
Command reference ················································································································· 161
mac-authentication parallel-with-dot1x ··················································································· 161
New feature: IPsec support for Suite B·············································· 162
Overview ································································································································
IKEv2 negotiation process···································································································
New features in IKEv2 ········································································································
Protocols and standards ·····································································································
IKEv2 configuration task list ·······································································································
Configuring an IKEv2 profile ·······································································································
Configuring an IKEv2 policy ·······································································································
Configuring an IKEv2 proposal ····