Resolved issuesfor 8400 Switchesin AOS-CX 10.09.1040

Symptom: Logs are flooded with unnecessary errors about empty value DB writes.

Scenario:这个问题发生在AOS-CX写空值s defined in the schema to the DB.

Symptom: Event logs are flooded withPFC TLV status inactive on interfacemessages.

Scenario: When a peer device continuously sends DCBX packets and LLDP is enabled on the local switch, the messagePFC TLV status inactive on interfaceis flooded in the event logs.

Workaround: Either disable the DCBX on the peer device or enable the DCBX on the local device to match the configuration with the peer device.

Symptom: An unexpected loop is detected by the loop protect feature resulting in ports getting improperly blocked. A similar problem has been experienced in a square topology, while VSX members are still coming up and It has also been experienced when the ISL link between VSX members is toggled.

Scenario: In a square topology, reboot the primary/secondary VSX peers. or toggle the ISL link and observe that the loop protect feature has blocked ports even though the network topology itself has not changed.

Workaround: Disable loop-protect temporarily, ensure all VSX peers are in a stableestablishedstate. and then enable loop-protect. Running two protocols (RPVST and loop-protect) for the same purpose (l2 loop detection) is not recomended. Loop detection via RPVST is the recommended choice as it detects and mitigates loops per VLAN. Note, however, if loop-protect detects any loop even for one VLAN it will bring down the full link. This will block traffic for all VLANs.

Symptom: A rare intermittent error occurs in an NAE agent action callback where the container for executing the callback could not be created.

Scenario: This issue can occur intermittently when running NAE agent action callbacks.

Workaround: NAE and the agent will continue to function as expected without any intervention. This single action callback that the error occurred in will be lost, but all of the other ones will persist and be executed as expected.

Symptom: RADIUS disconnect requests failed with the error CONTEXT_NOT_REMOVABLE.

Scenario: This issue is related to timing, Configure concurrent onboarding enabled and default priority enabled. Thisissue occurs if a user issues a disconnect request for a client after MACauth is successfull, but dot1x authentication is still in-progress.

Workaround: Avoid issuing a disconnect request until the highest priority authentication method is completed. Check theoutpt of theshow aaa authentication port-access interface all client-statuscommand to verify the both the auth-methods are complete. Disconnect the request once higher priority methods are complete.

Symptom:在某些罕见的情况下,开关将重启或crash when a user issues theclear arp vrf ipcommand.

Scenario: When theclear arp vrf ipcommand is issued memory can be accessed incorrectly.

Symptom:A ping from VTEP to a remote host (dhcp-client) does not work after a NIC reboot of the host. Ping is working from the VTEP to a directly connected host.

Scenario:IThis issue occurs in a VxLAN setup with 2 VTEPs (vtep1 and vtep2) and dhcp-client behind esxi hypervisor directly connected to vtep1. The issue is seen with a VM NIC reboot of the dhcp-client, the neighbor state changes to FAILED in kernel in vtep1 and vtep2. The neighbor entry is still present in the output of theshow arpcommand and in the ASIC of both the VTEPs. A ping from vtep1 to the VM is successful while the ping from vtep2 always fails.

Workaround: Clear ARP on the local VTEP (vtep1).

Symptom: An IPTV channel change causes momentary freeze or pixelization.

Scenario: This issue occurs when two IPTVs watch the same channel. If one IPTV changes the channel, other IPTV experience pixelization issue.

Symptom: Spanning-Tree fails to block a loop and the network experiences congestion when access ports are connected to a Cisco switch.

Scenario: When A Cisco switch running PVST+ is mistakenly looped to an Aruba switch running RPVST, the Aruba switch will fail to recognize the proprietary PVST+ BPDUs and will not put the port in a blocked state. This allows the loop to persist which spikes switch CPU and reduces performance of the network. This is due to Aruba switch expecting IEEE standard BPDUs rather than the Cisco proprietary ones.

Workaround: Apply an ACL to block looped traffic.

Symptom: A mismatch occurs between the uptime shown in the output ofshow ospfcommands and the BGP state reflected the event log.

Scenario: This issue occurs if no OSPF show commands are executed for 49 days or more

Workaround: Run any OSPF show command once every 48 days or fewer.

Symptom: A mismatch between uptime shown byshow bgpcommands and the BGP state is reflected in the event log.

Scenario: This issue occurs if no BGP show commands were run for 49 days

Workaround: Run any BGP show command once every 48 days or fewer.

Symptom: The switch may unexpectedly reboot, when configured with more than 128 LAG interfaces.

Scenario: When configuring more than 128 LAG interfaces in a multicast topology, if a line card (LC) is rebooted or interfaces are toggled betweenshutdownandno shutdown, the switch will unexpectedly reboot and a coredump file is generated for theswitchddaemon.

Workaround: Reduce the number of LAG interfaces to ewer than 128.

Symptom: Performing any copy operations for configurations/checkpoints including issuing the commandcopy running-config startup-configorwrite memory, takes a long time and then fails due to a timeout.

Scenario: This issue is caused by a race condition, and although it is not trigged by any specific configuration, it has been known to occur on VSX deployments more frequently .

Workaround: Perform a reload of the hpe-config servicesystemctl restart hpe-config.

Symptom: For SNMP v3 users configured in AOS-CX 10.8 (or before) if the switch migrates to AOS-CX 10.9 (or later), network administrators won’t be able to use the configured SNMP v3 for WR operations.

Scenario: This issue occurs in a deployment with SNMP v3 users configured in AOS-CX 10.8 (or before) after the switch migrates to AOS-CX 10.9 (or later)

Workaround: To resolve this issue:

1. Use SNMP v2 for any SNMP WR operations needed in 10.9 (or after).
2. Add a config line to enable RW for the given SNMP v3 user(s).
3. Execute the CMF scriptsnmp_access_level.pywhich will migrate the SNMP V3 user with the prior permission. The FT to validate the CMF script migration istest_ft_CMF_snmp_access_level.py.

Symptom: Log messages are flooded by the OBSDB server.

Scenario: This issue occurs due to empty values written into the BFD Session table by BFD daemon.

Symptom: A VxLan Tunnel,a DHCP Client is not getting an IP address when DHCP-Snooping is enabled on the access switch.

Scenario:This issue occurs when the access switch is connected to the core switch via a VXLAN tunnel and the DHCP-Relay is configured on CORE (VSX). IF DHCP Snooping is disabled on the access platform, the client is getting an IP address. if DHCP Snooping is enabled on the ACCESS platform, the client client is not getting an IP address.This happens only when a DHCP packet lands on the VSX secondary (core).

Workaround: Configure the topology such that all DHCP packets from the access switch will land only onthe VSX primary (core).