Manualshelf

Datasheet

ManualsBrandsEnterasys ManualsNetworking10GB-C03-SFPP
12345678910
CUSTOMER RELEASE NOTES
6/03/2010 P/N: 9038247-01 Subject to Change Without Notice Page: 8 of 13
F0615-O
Known Issues in 6.41.03.0018
Policy / Authentication
13770 When running multiple authentication mechanisms dot1x and macauth, dot1x should have
higher precedence. If the order is reversed, dot1x authenticated traffic is diverted to the host until
macauth is performed.
13998 When setting the multiauth mode from multi to strict, some previously authenticated users may
be unable to re-authenticate. The work around is to disable PWA and MAC Authentication prior to
switching modes.
TACACS+ using single connect is configurable through the CLI but it is not supported in this release.
The C5 supports CoS-based Inbound Rate Limits for Policy Roles (profiles). Rule-based Inbound Rate
Limits (IRLs) are not supported and will be ignored if configured.
Setting an extensive number of policy rules via the CLI can cause momentary loss of CLI and SNMP
management.
Policies can only be assigned to ports on VLANs which have been statically created.
Policy roles and rules cannot be applied to ports that are members of a link aggregation group (LAG).
3904 If a policy profile has CoS-status enabled, only 249 rules can be supported per policy profile.
2175 ARP packets are not classified based on policy IP source/destination rules.
MAC Locking
Static MAC locking a user on multiple ports is not supported.
A violating MAC lock user can authenticate on the port using dot1x, but all other traffic from that user
will be dropped.
Statically MAC locked addresses in the Filtering Database show as “other” in the “show mac”
response.
The MAC lock table may show multiple entries for the same user depending upon the VLAN
assignment.
RADIUS
By design, the switch does not allow the Primary and Secondary RADIUS servers to use the same IP
address.
MAC Authentication
10893 There is a potential for the MAC address of a user who fails to authenticate to remain unlearned
for a period of time.
In some rare cases, the command “set macauthentication portinitialize <port-string>” does not
terminate mac-authenticated user sessions.
PWA
13849 When PWA enhanced mode is enabled and a user authenticates with a lower precedence
method, that user‟s port 80 traffic will continue to be intercepted, until PWA authenticates the user.
The work around to this is to ensure PWA has a lesser precedence.
On switches that support multiauth, only one PWA authenticated user is supported per port
Spanning Tree
The “show spantree stats active” command may erroneously display some ports as active. If a port
was once active and later goes down, the system will still show the port on the “active” list.
VLAN marking of mirrored traffic Edge only
MAC addresses will be learned for packets tagged with the mirror VLAN ID. This will prevent the ability
to snoop traffic across multiple hops.