Versions Compared

Version Old Version 19 New Version Current
Changes made by

Tracy Yang

Tracy Yang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

These notes summarizes PICOS 2.11.25 new features, new hardware, known bugs, and bug fixes. Best practices recommend that you read all the content before upgrading to this release. For more detailed feature information, refer to the configuration guides.

Table of Contents

New Software Features

Layer 2 and Layer 3

...

Bug IDReleaseDescription
115602.11.25

Include "#" in Shared Key of TACACS+ Session
Allow character "#" to be included in shared key of TACACS+ session.

117182.11.25.1 Crash Caused by DHCP/ICMP
Enable DHCP snooping/relay. If received an DHCP OFFER and then immediately an ICMP, it is possible the process pica_sif would crash.
117382.11.25.2 Port Hangs after dot1x CoA-terminate and CoA bounce-port for MAB Authenticated Phone
If the configured voice VLAN is equal to the dynamic VLAN for a specific port and connected client device, the port is somehow stuck when receive a CoA terminate message. 
120152.11.25.3DHCP Discovery Packets are Discarded When it Fails to Reach NAC Server
The client will fall back to server-fail-vlan when the NAC server is not reachable. In this case, it should allow the client to reach the DHCP server even if DHCP snooping is enabled.
119202.11.25.3Send out LLDP with Power-Via-MDI TLV for Power Negotiation if PoE is Enabled
It's not all PDs (Powered Device) that send out LLDP with power-Via-MDI TLV initially when they request extra power via power negotiation. So the PICOS switch will send out LLDP with power-Via-MDI TLV initially if PoE is enabled on the specific port.
122572.11.25.6Aruba AP-515 Fails to Receive Power
Somehow Aruba AP-515 can not receive power from N3048 UPoE ports (ge-1/1/1 to ge-1/1/12).
122482.11.25.7DACL Counter Should Be in Packets
To keep consistent with the locally configured ACL, the number of counter of downloadable/dynamic ACL should be in packets.
123292.11.25.7DOT1X Authentication Failed when Configure Two Reachable Servers
The client will fail to be authenticated if multiple configured RADIUS servers are reachable.
124362.11.25.7Switch still Do MAB Auth when Client Send EAP Packet
If enable MAB and 802.1x on a specific port, and EAP is reaceived from the client on this port, the client can only be authenticated by 802.1x which has higher priority than MAB.
125082.11.25.7Lower the Level of a LOG Message
Lower the level of the log message, such as "The mac address 00:24:14:b3:68:3a is NAC session, ignore it", to "TRACE".
146322.11.25.16

Duplicate Access-Request Messages

The switch may send out duplicate access-accept request messages even though the RADIUS service for NAC is available and the associate associated access-accept messages are returned. And the client cannot get authenticated until fallback to the backup NAC server. This issue is fixed in 2.11.25.16.