Resolved issues for 6200 Switches in AOS-CX 10.09.1040

Category	Bug ID	Description
Classifier	223756	Symptom: Logs are flooded with unnecessary errors about empty value DB writes. Scenario:这个问题发生在AOS-CX写空值s defined in the schema to the DB.
NAE Scripts	231637	Symptom: A rare intermittent error occurs in an NAE agent action callback where the container for executing the callback could not be created. Scenario: This issue can occur intermittently when running NAE agent action callbacks. Workaround: NAE and the agent will continue to function as expected without any intervention. This single action callback that the error occurred in will be lost, but all of the other ones will persist and be executed as expected.
RADIUS Port-Access	229739	Symptom: RADIUS disconnect requests failed with the error CONTEXT_NOT_REMOVABLE. Scenario: This issue is related to timing, Configure concurrent onboarding enabled and default priority enabled. Thisissue occurs if a user issues a disconnect request for a client after MACauth is successfull, but dot1x authentication is still in-progress. Workaround: Avoid issuing a disconnect request until the highest priority authentication method is completed. Check theoutpt of theshow aaa authentication port-access interface all client-statuscommand to verify the both the auth-methods are complete. Disconnect the request once higher priority methods are complete.
L3 addressing	225356	Symptom: In some rare cases the switch will reboot or crash when a user issues theclear arp vrf ipcommand. Scenario: When theclear arp vrf ipcommand is issued memory can be accessed incorrectly.
IGMP	220620 228024 230762	Symptom: An IPTV channel change causes momentary freeze or pixelization. Scenario: This issue occurs when two IPTVs watch the same channel. If one IPTV changes the channel, other IPTV experience pixelization issue.
PVST	225336	Symptom: Spanning-Tree fails to block a loop and the network experiences congestion when access ports are connected to a Cisco switch. Scenario: When A Cisco switch running PVST+ is mistakenly looped to an Aruba switch running RPVST, the Aruba switch will fail to recognize the proprietary PVST+ BPDUs and will not put the port in a blocked state. This allows the loop to persist which spikes switch CPU and reduces performance of the network. This is due to Aruba switch expecting IEEE standard BPDUs rather than the Cisco proprietary ones. Workaround: Apply an ACL to block looped traffic.
OSPFv2	225988	Symptom: A mismatch occurs between the uptime shown in the output ofshow ospfcommands and the BGP state reflected the event log. Scenario: This issue occurs if no OSPF show commands are executed for 49 days or more Workaround: Run any OSPF show command once every 48 days or fewer.
BGP	226220	Symptom: A mismatch between uptime shown byshow bgpcommands and the BGP state is reflected in the event log. Scenario: This issue occurs if no BGP show commands were run for 49 days Workaround: Run any BGP show command once every 48 days or fewer.
User Based Tunnel	228372	Symptom: Customers will see EAP packets (dot1x control plane packets) from a UBT client in controller. This will generate authentication error log in controller. There is no functionality impact. Scenario: Enable both MAC and dot1x authentication on the AOS-CX switch secure port where the UBT client is connected. The UBT client first should be MAC authenticated. Later, the UBT client should trigger dot1x authentication. Workaround: Use either dot1x or MAC authentication for a UBT client, but not both.
Counters	227780	Symptom: Dropped counters increase without oversubscription or bursty traffic, when showing extended counters per interface. The TX Drop counter doesn't increase when showing queue counters. Scenario: There is no particular configuration on topology that causes this issue, it can be triggered by the type of traffic on the network.
Config Mgmt	229562	Symptom: Performing any copy operations for configurations/checkpoints including issuing the commandcopy running-config startup-configorwrite memory, takes a long time and then fails due to a timeout. Scenario: This issue is caused by a race condition, and although it is not trigged by any specific configuration, it has been known to occur on VSX deployments more frequently . Workaround: Perform a reload of the hpe-config servicesystemctl restart hpe-config.
SNMP	229583	Symptom: For SNMP v3 users configured in AOS-CX 10.8 (or before) if the switch migrates to AOS-CX 10.9 (or later), network administrators won’t be able to use the configured SNMP v3 for WR operations. Scenario: This issue occurs in a deployment with SNMP v3 users configured in AOS-CX 10.8 (or before) after the switch migrates to AOS-CX 10.9 (or later) Workaround: To resolve this issue: Use SNMP v2 for any SNMP WR operations needed in 10.9 (or after). Add a config line to enable RW for the given SNMP v3 user(s). Execute the CMF scriptsnmp_access_level.pywhich will migrate the SNMP V3 user with the prior permission. The FT to validate the CMF script migration istest_ft_CMF_snmp_access_level.py.
DHCP Snooping	230480	Symptom: VxLan隧道,DHCP客户端是一个我没有得到P address when DHCP-Snooping is enabled on the access switch. Scenario:This issue occurs when the access switch is connected to the core switch via a VXLAN tunnel and the DHCP-Relay is configured on CORE (VSX). IF DHCP Snooping is disabled on the access platform, the client is getting an IP address. if DHCP Snooping is enabled on the ACCESS platform, the client client is not getting an IP address.This happens only when a DHCP packet lands on the VSX secondary (core). Workaround: Configure the topology such that all DHCP packets from the access switch will land only onthe VSX primary (core).
Credential Manager	231199	Symptom: A password is not applied after after a json config import if the user config contains a user password and an authorized key. Scenario: This issue occurs when a configuration containing a user account with both a password and an authorized key is applied and the running-config contains a different password for the same user.

Classifier

223756

Symptom: Logs are flooded with unnecessary errors about empty value DB writes.

Scenario:这个问题发生在AOS-CX写空值s defined in the schema to the DB.

NAE Scripts

231637

Symptom: A rare intermittent error occurs in an NAE agent action callback where the container for executing the callback could not be created.

Scenario: This issue can occur intermittently when running NAE agent action callbacks.

Workaround: NAE and the agent will continue to function as expected without any intervention. This single action callback that the error occurred in will be lost, but all of the other ones will persist and be executed as expected.

RADIUS Port-Access

229739

Symptom: RADIUS disconnect requests failed with the error CONTEXT_NOT_REMOVABLE.

Scenario: This issue is related to timing, Configure concurrent onboarding enabled and default priority enabled. Thisissue occurs if a user issues a disconnect request for a client after MACauth is successfull, but dot1x authentication is still in-progress.

Workaround: Avoid issuing a disconnect request until the highest priority authentication method is completed. Check theoutpt of theshow aaa authentication port-access interface all client-statuscommand to verify the both the auth-methods are complete. Disconnect the request once higher priority methods are complete.

L3 addressing

225356

Symptom: In some rare cases the switch will reboot or crash when a user issues theclear arp vrf ipcommand.

Scenario: When theclear arp vrf ipcommand is issued memory can be accessed incorrectly.

IGMP

220620

228024

230762

Symptom: An IPTV channel change causes momentary freeze or pixelization.

Scenario: This issue occurs when two IPTVs watch the same channel. If one IPTV changes the channel, other IPTV experience pixelization issue.

PVST

225336

Symptom: Spanning-Tree fails to block a loop and the network experiences congestion when access ports are connected to a Cisco switch.

Scenario: When A Cisco switch running PVST+ is mistakenly looped to an Aruba switch running RPVST, the Aruba switch will fail to recognize the proprietary PVST+ BPDUs and will not put the port in a blocked state. This allows the loop to persist which spikes switch CPU and reduces performance of the network. This is due to Aruba switch expecting IEEE standard BPDUs rather than the Cisco proprietary ones.

Workaround: Apply an ACL to block looped traffic.

OSPFv2

225988

Symptom: A mismatch occurs between the uptime shown in the output ofshow ospfcommands and the BGP state reflected the event log.

Scenario: This issue occurs if no OSPF show commands are executed for 49 days or more

Workaround: Run any OSPF show command once every 48 days or fewer.

BGP

226220

Symptom: A mismatch between uptime shown byshow bgpcommands and the BGP state is reflected in the event log.

Scenario: This issue occurs if no BGP show commands were run for 49 days

Workaround: Run any BGP show command once every 48 days or fewer.

User Based Tunnel

228372

Symptom: Customers will see EAP packets (dot1x control plane packets) from a UBT client in controller. This will generate authentication error log in controller. There is no functionality impact.

Scenario: Enable both MAC and dot1x authentication on the AOS-CX switch secure port where the UBT client is connected. The UBT client first should be MAC authenticated. Later, the UBT client should trigger dot1x authentication.

Workaround: Use either dot1x or MAC authentication for a UBT client, but not both.

Counters

227780

Symptom: Dropped counters increase without oversubscription or bursty traffic, when showing extended counters per interface. The TX Drop counter doesn't increase when showing queue counters.

Scenario: There is no particular configuration on topology that causes this issue, it can be triggered by the type of traffic on the network.

Config Mgmt

229562

Symptom: Performing any copy operations for configurations/checkpoints including issuing the commandcopy running-config startup-configorwrite memory, takes a long time and then fails due to a timeout.

Scenario: This issue is caused by a race condition, and although it is not trigged by any specific configuration, it has been known to occur on VSX deployments more frequently .

Workaround: Perform a reload of the hpe-config servicesystemctl restart hpe-config.

SNMP

229583

Symptom: For SNMP v3 users configured in AOS-CX 10.8 (or before) if the switch migrates to AOS-CX 10.9 (or later), network administrators won’t be able to use the configured SNMP v3 for WR operations.

Scenario: This issue occurs in a deployment with SNMP v3 users configured in AOS-CX 10.8 (or before) after the switch migrates to AOS-CX 10.9 (or later)

Workaround: To resolve this issue:

Use SNMP v2 for any SNMP WR operations needed in 10.9 (or after).
Add a config line to enable RW for the given SNMP v3 user(s).
Execute the CMF scriptsnmp_access_level.pywhich will migrate the SNMP V3 user with the prior permission. The FT to validate the CMF script migration istest_ft_CMF_snmp_access_level.py.

DHCP Snooping

230480

Symptom: VxLan隧道,DHCP客户端是一个我没有得到P address when DHCP-Snooping is enabled on the access switch.

Scenario:This issue occurs when the access switch is connected to the core switch via a VXLAN tunnel and the DHCP-Relay is configured on CORE (VSX). IF DHCP Snooping is disabled on the access platform, the client is getting an IP address. if DHCP Snooping is enabled on the ACCESS platform, the client client is not getting an IP address.This happens only when a DHCP packet lands on the VSX secondary (core).

Workaround: Configure the topology such that all DHCP packets from the access switch will land only onthe VSX primary (core).

Credential Manager

231199

Symptom: A password is not applied after after a json config import if the user config contains a user password and an authorized key.

Scenario: This issue occurs when a configuration containing a user account with both a password and an authorized key is applied and the running-config contains a different password for the same user.

Resolved issuesfor 6200 Switchesin AOS-CX 10.09.1040