These notes summarizes PICOS 3.7 new features, new hardware, known bugs, and bug fixes. Best practices recommend that you read all the content before upgrading to this release. For more detailed feature information, refer to the configuration guides.
New Software Features
Layer 2 and Layer 3
Bug ID | Release | Description |
---|---|---|
12333 | 3.7.0 | NTP config commands are changed |
11815 | 3.7.0 | Refine DHCP Relay and Snooping
|
12264 | 3.7.0 | MSTP over MLAG MSTP cannot work over MLAG in 3.6.x by new implementation of MLAG. In 3.7.0 we get it back. |
12361 | 3.7.0 | Priority of Multiple NAC Servers Allow user to configure the priority of multiple NAC servers. The reachable NAC server with highest priority will be used for NAC authentication. |
- | 3.7.0 | Upgrade to 3.7.0
|
12402 | 3.7.0 | PoE Redundancy/Aggressive Mode on Dell Hardware Models Add back PoE redundancy/aggressive mode for Dell hardware models. With 2 PSUs power good, PoE maximum power under redundancy mode will be different from aggressive mode. |
12467 | 3.7.0 | Enhancements on Server-Fail Recovery Methods Three methods, namely auto, manual and timer, can be configured for the client to get out from the RADIUS server failure. By default, manual comes into effective. Please have details at NAC Configuration Commands. |
12311 | 3.7.0 | Enable Duplex Negotiation on SFP+ Port Enable the auto negotiation for duplex on the SFP+ port at the 1G speed on AS5812_54X. |
12394 | 3.7.0 | Manage license key from PICOS CLI Allow to add/delete/show license key from operational mode of PICOS Cli. 1. license install <license-path-name> 2. license show 3. license remove |
12606 | 3.7.1 | Dynamic ARP Inspection Dynamic ARP inspection (DAI) is a security mechanism that is used to reject invalid and malicious ARP packets. ARP packets of which the MAC or IP is not detected by DHCP snooping will be dropped. |
12590 | 3.7.1 | Port Security Extend the functionalities of port security to all support platforms. |
12154 | 3.7.1 | Handle EAP-logoff in NAC If receive an EAP-Logoff on a specific port, the session of the associate supplicant will be terminated. |
12700 | 3.7.1.3 | SNMP ACLs Applied as per Community or Security User Name The snmp-acl can be configured as per SNMP community or security user. Namely, it will allow a community or security user to have its own white IP list which will overwrite the global snmp-acl configuration. Please refer to the document Configuring SNMP ACL to have more details. |
- | 3.7.2 | Management VRF Management VRF is designed to seperate management traffic and dataplane traffic completely for sake of security. The key points are as following: |
10807 | 3.7.2 | OSPF over VRF OSPF can be enabled on a specific VRF. Policy statements can be applied to the OSPF instance as per VRF. Please have detailed information by referring to the document at OSPF (Open Shortest Path First). |
12741 | 3.7.2 | Issue a Warning rsyslog Message if MLAG Associate Configuration Not Consistent If configuration on the 2 MLAG spines is not consistent, will issue a warning rsyslog message. |
10822 | 3.7.2 | Return to Default Configuration PICOS can go back to the default configuration much easier with the new added CLI command "rollback default". |
7650 | 3.7.2 | Provide Bash Command History CLI "bash" commands can be displayed by up arrow function to enable to rollback to previous commands in history. |
7873 | 3.7.2 | Display Warning Message when if Closing Quotation Mark Missing It is an enhancement of CLI syntax check. CLI will prompt an error message if the closing or begining quotation mark is missing. |
Open vSwitch and OpenFlow
Bug ID | Release | Description |
---|---|---|
12476 | 3.7.1 | Configure a Port to Different Bonds A port can be added to multiple bonds. Will issue a warning log message if add a pop_vxlan/pop_l2gre flow with input matching a bond which shares member ports with other bond(s). |
Linux
Bug ID | Release | Description |
---|---|---|
11846 | 3.7.0 | Package X86 Platforms into One Single Image All X86 platforms are packaged into one ONIE image file. So we will only release this one single package for all support X86 platforms. Please have the detailed list of X86 platforms at Installing PICOS on Bare Metal Switches. |
12499 | 3.7.0 | Boot into OVS or L2/L3 after ONIE Installation Add a menu to ONIE installation process with 2 options which can make PICOS to boot into L2/L3 or OVS as following: [1] PICOS L2/L3 (default) [2] PICOS Open vSwitch/OpenFlow Enter your choice (1,2): By default, PICOS boots into L2/L3. |
Hardware
Bug ID | Release | Description |
---|---|---|
11773 | 3.7.0 | Porting N3248X-ON Dell N3248X-ON is a 1G/2.5G/5G/10G Multi-Gig switch model which has 48x10G Cu ports and 4x25G SFP28 and 2x100G QSFG28 stacking ports in the rear. |
11448 | 3.7.0 | Support AS4630-54PE AS4630-54PE has 48x1G PoE Ethernet ports and 4x25GSFP28 ports and 2x100G stacking ports. |
11806 | 3.7.1 | Support N3208PX-ON N3208PX-ON suppurts 4x1G Cu ports and 4x5G Cu ports whth 802.3bt Type-4 99W PoE capability and 2x10G SFP+ ports. |
12533 | 3.7.2 | Support N3224P-ON N3224P-ON supports 24x10G Cu ports with 802.3bt Type-4 99W PoE and 4x25G SFP28 ports and 2x100G QSFG28 ports in the rear. |
12586 | 3.7.2 | Support N3248TE-ON N3248TE-ON supports 48x1G Cu ports and 4x10G SFP+ ports and 2x100G QSFG28 ports in the rear. |
Fixed Issues
Layer 2 and Layer 3 Features
Bug ID | Release | Description |
---|---|---|
12401 | 3.7.0 | Disable NTP by default |
12329 | 3.7.0 | DOT1X Authentication Failed When Configure Two Reachable Servers The client will fail to be authenticated if multiple configured RADIUS servers are reachable. |
12257 | 3.7.0 | Aruba AP-515 Fails to Receive Power Somehow Aruba AP-515 can not receive power from N3048 UPoE ports (ge-1/1/1 to ge-1/1/12). |
12508 | 3.7.0 | Lower the Level of a LOG Message Lower the level of the log message, such as "The mac address 00:24:14:b3:68:3a is NAC session,ignore it", to "TRACE". |
12614 | 3.7.1 | Login Announcement (Banner) not Showing Up If activate TACACS+, the configured announcement (banner) can not show up when login to the switch. Fixed in 3.7.1. |
12635 | 3.7.1 | Fail to Add a Term of Policy Statement Configure a term of policy statement "set policy policy-statement statement term t1" and exit Cli such as reboot the switch. And then if configure another term of the same policy statement, will fail and print error message "Command failed: create_term failed: ... Term already present in position ..." . |
9245 | 3.7.1 | LLDP Statistics Error If disable LLDP, the LLDP counters should be cleaned up. |
12171 | 3.7.1 | Delete loopback IP Address with VXLAN Configuration Allow to delete the IP address configured on the loopback interface if it is not applied to a VXLAN instance. |
12699 | 3.7.1.3 | Multicasting Traffic flooded within the VLAN Even Enabled IGMP Snooping |
12722 | 3.7.2 | Check VLAN when Apply a Synced MAC to L2 Table on a MLAG Spine The virtual MAC address on a switch with VRRP enabled is created based on configured VRID. Under active-active mode of VRRP, if a virtual MAC address is learned on a MLAG spine (device A), it will be synced to the peering spine (device B). In case that on device B the same virtual MAC address of a different VLAN with the same VRID is synced from device A, this virtual MAC address will not be applied to the hardware L2 table because PICOS doesn't check the VLAN when install the synced MAC address to the hardware L2 table. This issue is fixed in 3.7.2. |
Open vSwitch and OpenFlow
Bug ID | Release | Description |
---|---|---|
12235 | 3.7.0 | SNMP Port Statistics Error. |
12431 | 3.7.0 | Remove Remote Options from OVSDB_OPTS It is not necessary to start OVSDB with these remote options, "--remote=ptcp:${ovs_switch_tcp_port}:127.0.0.1 --remote=ptcp:${ovs_switch_tcp_port}:[::1]", because, the most popular listening port (6640) is used by default settings user config "ovs-vsctl set-manager ptcp:6640" will not come up to effective because that will be overwriten by OVSDB_OPTS. If we remove them, user can configure the remote parameters flexibly by ovs-vsctl set-manager ptcp:6640 |
Hardware
Bug ID | Release | Description |
---|---|---|
12611 | 3.7.1 | Fan Speed on N3132 and N3048 The fan speed on N3048 can not be lower than 7000RPM. On N3132 the fan speed is presented as 0 when execute "run show system fan". Fixed in 3.7.1. |
12498 | 3.7.1 | Wrong CPLD Version Number Invalid number 0x0 is shown in the output of system diagnosis on S5200 and N3132. Fixed in 3.7.1. |
12489 | 3.7.1 | ONIE Crash When Install PicOS on S5200 If upgdate ONIE from 3.40.1.1-4 or 3.40.1.1-5 to 3.40.1.1-6, after PICOS installation, ONIE boot in grub menu is damaged. And cann't go into ONIE. Fixed in 3.7.1. |
12514 | 3.7.1 | ONIE Installation Fails with ECC Error After install PICOS on N3048 under ONIE, PICOS cannot boot up by prompting ECC error. Fixed in 3.7.1. |
Linux Platform
Bug ID | Release | Description |
---|---|---|
12839 | 3.7.2.2 | I/O Error Messages During PICOS Installation and Upgrade on Dell Platforms |
AmpCon
Bug ID | Release | Description |
---|---|---|
12569 | 3.7.1 | Roll Back Config if Upgrade Fails |
CLI Changes
Type of the Change | Command | Version | Descriptions | Feature | Link of the Config Guide |
---|---|---|---|---|---|
Hidden | set interface gigabit-ethernet xxxx port-security mac-address xxxx vlan xxxx sticky true/false | 3.7.1 | Sticky can not be configured on a specific MAC address. | Port Security | Port Security Configuration: /display/PicOS37sp/Port+Security+Configuration Port Security Commands:/display/PicOS37sp/Port+Security+Commands |
Hidden | set interface aggregate-ethernet xxx port-security xxx | 3.7.1 | Port security can not be configured on a LAG port. | Port Security | |
Hidden | set protocol arp interfae xxxx inspection xxx | 3.7.1 | DAI cannot be configured on vlan-interface. | ARP Inspection | Configuring ARP Inspection: /display/PicOS37sp/Dynamic+ARP+Inspection ARP Inspection Commands: /display/PicOS37sp/Protocol+Configuration+Commands |
New | set protocols arp inspection access-list <acl-name> ip <ipv4-addr> mac-address <mac-addr> set protocols arp inspection vlan <vlan-id> access-list <acl-name> | 3.7.1 | DAI supports ARP access lists for non-DHCP environments. | ARP Inspection | |
Removed | clear port-security address xxx vlan xxx clear port-security interface all/gigabit-ethernet xxx clear port-security port-error all | 3.7.1 | N/A | Port Security | Port Security Configuration: /display/PicOS37sp/Port+Security+Configuration Port Security Commands:/display/PicOS37sp/Port+Security+Commands |
New | clear port-security dynamic address xxx vlan xxx clear port-security sticky address xxx vlan xxx clear port-security dynamic interface all all/gigabit-ethernet xxx clear port-security sticky interface all all/gigabit-ethernet xxx clear port-security port-error interface all/gigabit-ethernet xxx | 3.7.1 | N/A | Port Security | |
New | show arp inspection | 3.7.1 | N/A | ARP Inspection | Configuring ARP Inspection: /display/PicOS37sp/Dynamic+ARP+Inspection ARP Inspection Commands: /display/PicOS37sp/Protocol+Configuration+Commands |