® Extreme Management Center Release Notes Version 8.5.1 9/2020 9036781-01 Rev.
Table of Contents Extreme Management Center® Release Notes Version 8.5.1 1 Table of Contents 2 Extreme Management Center Version 8.5 Release Notes 5 1. Enhancements in Version 8.5.1 5 1.1 Customer Feature Requests Addressed in 8.5.1 6 1.1.2 Customer Feature Requests Addressed in 8.5.0 12 1.2 Engines 13 1.3 Extreme Management Center 13 1.4 ExtremeAnalytics 18 1.5 ExtremeCompliance 19 1.6 ExtremeControl 19 2. Deprecated Features 21 3. Known Issues and Vulnerabilities Addressed 22 3.
4.2.3 Free Space Consideration 34 4.2.4 Site Discover Consideration 34 4.3 ExtremeAnalytics Upgrade Information 34 4.4 ExtremeControl Upgrade Information 35 4.4.1 General Upgrade Information 35 4.4.2 ExtremeControl Version 8.0 and later 35 4.4.3 Other Upgrade Information 36 4.5 Fabric Configuration Information 36 4.5.1 Certificate 36 4.5.2 Authentication Key 36 4.5.3 Service Configuration Change 36 4.5.4 CLIP Addresses 37 4.5.5 Gateway Address Configuration Change 37 4.5.
5.1 Extreme Management Center Server and Client OS Requirements 41 5.1.1 Extreme Management Center Server Requirements 41 5.1.2 Extreme Management Center Client Requirements 42 5.2 Extreme Management Center Server and Client Hardware Requirements 42 5.2.1 Extreme Management Center Server Requirements 42 5.2.2 Extreme Management Center Client Requirements 43 5.3 Virtual Engine Requirements 43 5.3.1 Extreme Management Center Virtual Engine Requirements 43 5.3.
Extreme Management Center Version 8.5 Release Notes 8.5.1 September 2020 The Extreme Management Center Release Notes provide information on the new features and enhancements included in version 8.5.1, as well as issues that have been resolved and configuration changes for this release. IMPORTANT: For upgrade and installation requirements, as well as configuration considerations, please see Extreme Management Center Configuration and Requirements. IMPORTANT: Upgrading to Extreme Management Center version 8.
1. Enhancements in Version 8.5.1 l ExtremeCompliance l ExtremeControl For additional information about each of the features listed in this guide, refer to the documentation posted online at ExtremeNetworks.com or the Help system included with the software. 1.1 Customer Feature Requests Addressed in 8.5.
1. Enhancements in Version 8.5.1 Remove From Device Group Available When Multiple Devices Selected The Remove From Device Group menu action was available only when a single device listed under a User Device Group was selected. It is now available when one or more devices listed within the Devices table are selected.
1. Enhancements in Version 8.5.1 New Capability to Launch WebView Added The capability for executing a "WebView" of a device has been moved from the NetSight OneView > Access OneView Administration capability to a new capability: NetSight Suite > Devices > Launch WebView. 02177860 NOTE: If you are upgrading to Extreme Management Center Version 8.5.1 (and future versions), the "Launch WebView" capability is enabled by default for new Authorization Groups. For Extreme Management Center Versions 8.5.
1. Enhancements in Version 8.5.1 Warning Message for Port Settings Added A warning message has been added that alerts you if an HTTP/HTTPS port was set to a value less than 1024, and Extreme Management Center was installed as non-root user, the setting is ignored and not saved. 01910126 Ability to Access Scheduled Tasks Improved If the (legacy) Access OneView Administration option was disabled, the Access Scheduled Tasks option was also being improperly disabled.
1. Enhancements in Version 8.5.1 New Titles and Data Added to ExtremeAnalytics Reports Additional data has been added for several ExtremeAnalytics reports, which are accessible on the Analytics > Reports and Reports > Reports > Application Analytics tabs.
1. Enhancements in Version 8.5.1 False Data From Exports No Longer Seen ExtremeAnalytics was showing incorrect data when processing records exported from FortiGate firewalls. The issue has been corrected and false data is no longer seen. 02000756 Flow Collection Process Corrected to Discontinue Continual Issuing of SNMP Requests The ExtremeAnalytics engine was constantly issuing SNMP requests for switch port data.
1. Enhancements in Version 8.5.1 GIM Sponsor Retrieval Advanced Configuration Feature Added A new feature in Extreme Management Center and GIM (Guest and IoT Manager) enables you to choose how you configure the method of retrieving sponsors in the GIM Domain. 01978498 01898456 01816454 1.1.2 Customer Feature Requests Addressed in 8.5.
1. Enhancements in Version 8.5.1 ExtremeCloud Appliance Versions 4.56.02 and 5.06 Now Supported Extreme Management Center 8.5.0 now supports ExtremeCloud Appliance versions 4.56.02 and 5.06. ----- ExtremeControl CFRs Addressed ID Functions Added to LDAP Mappings The Add, Edit, and Delete functions, as well as Import and Export functions, for LDAP Mappings have been added to the Configuration > AAA tab and Configuration > Access Control > Profiles tab.
1. Enhancements in Version 8.5.1 l Failed to Join Domain Alarm Added l REST API Added to GIM l Fabric Authentication Type Enhancement l Fabric Attach and Switched UNI Enhancement l Enhancements to VPEX l Improvements to Server Certificates l 11ax Radio for AP5xx Models Supported l Enhancements to Network Status Summary l New Wireless FloorPlans Summary Added l Enhancements to ExtremeConnect Ability to Export Filtered Events Added The ability to export filtered events to a .
1. Enhancements in Version 8.5.1 l AP310i-FCC l AP310i-CAN l AP310i-IL l AP310e-FCC l AP310e-WR l AP310e-CAN l Ap310e-IL l AP360i-WR l AP360i-CAN l AP360i-IL l AP360e-FCC l AP360e-WR l AP360e-CAN l AP360e-IL l AP360i-FCC l AP310i-WR l SLX 9740 l SLX-9740-40C l SLX-9740-80C l VSP-4900-24XE l VSP-4900-12MXU l VSP-4900-24S Discover Now Allowed for Sites Based on Add Device Capability Discover is now allowed for valid sites based on Add Device capability.
1. Enhancements in Version 8.5.1 Enhancement to Extreme Management Center Backups A new checkbox on the Administration > Backup/Restore tab allows you to select whether alarm, end-system event, and reporting are included in Extreme Management Center backups. Failed to Join Domain Alarm Added A “Failed to Join Domain” alarm is now automatically generated in Extreme Management Center when an engine is unable to join a domain and an event is generated.
1. Enhancements in Version 8.5.1 l l l PKCS#12/PFX keystores without a keystore password can be imported Unencrypted RSA private keys containing a "BEGIN RSA PRIVATE KEY" header can be imported Error messages are more descriptive 11ax Radio for AP5xx Models Supported Extreme Management Center now supports 11ax Radio for AP5xx models.
1. Enhancements in Version 8.5.1 l FiberlinkMaaS360 l FntCommand l Intune l McAfee Dxl l McAfee EPO l MobileIron l MSLync SDN l OpenStack l Sophos Mdm l Xen Desktop l Xen Server l Xen Mobile l Domain Portal (cross-XMC search – has no UI anymore) l Eset Security l Nutanix l VWClever RDC If you have enabled one or more of these modules, it should not be hidden in your network; however, ExtremeConnect may hide the module if it is disabled at any time.
1. Enhancements in Version 8.5.1 Improvements to Response Time Dashboard The ExtremeAnalytics Response Time dashboard, when grouping by interface, displays only the device IP address for received Application Telemetry flow data when it is lacking sampled packet information. Additional Devices Support Application Telemetry Application Telemetry is supported on the following device types: l SLX9740 l ERS4900 l ERS5900 l ERS devices running firmware versions later than 7.7.
1. Enhancements in Version 8.5.1 l Ability to Create Helpdesk Provisioners in Guest & IoT Manager l Preview with RADIUS Attributes Added l Enhancement to Variables in RADIUS Attribute Configurations l Enhanced Enforce Preview Functionality for ExtremeControl Enhancements to DCHP Fingerprint Functionality Several enhancements to the Detection and Profiling table on the Administration > Device Types tab have been made to improve DCHP fingerprint functionality.
2. Deprecated Features Advanced Location-Based Registration and Web Access Configuration Available Advanced location-based registration and web access enables you to configure different access features for end users based on the location of a connecting endsystem. Using the Rules tab, you can define a location-based access configuration, which specifies the access method and portal used by the end user to register or log in, and the access levels assigned to the end user following registration or login.
3. Known Issues and Vulnerabilities Addressed 3. Known Issues and Vulnerabilities Addressed 3.1 Known Issues Addressed in 8.5.1 Extreme Management Center Issues Addressed ID The Add Device to Access Control Engine Group option on the Site > Actions panel and the Add/Configure Device > Actions panel was not completing for ExtremeControl engines during ZTP+ process.
3. Known Issues and Vulnerabilities Addressed An improperly implemented base collector class support was creating a memory leak in the Trap Receiver. ----- Enforce/Verify failures were occasionally occurring after changing the VLAN or NSI mapping of Policy Roles or Rules and enforcing to a Wireless Controller. ----- ExtremeAnalytics Issues Addressed ID IPFIX parsing was potentially ignoring flow set data, resulting in some flow sets not being processed.
3. Known Issues and Vulnerabilities Addressed The watchdog.log and appmonitor.log files could not be configured to remove the oldest files. Now the cleanLogs script is included with Extreme Management Center so that only the latest 10 files are saved. 01981039 Devices with a Poll Type of Maintenance no longer periodically issue SNMP requests in order to check for component changes. ----- SNMP timeouts were occurring when Extreme Management Center was communicating with third-party devices.
3. Known Issues and Vulnerabilities Addressed Extreme Management Center was indicating that devices had exceeded device memory usage on EXOS and was generating alarms, although the devices appeared to have plenty of memory available. The Mgmt [4095] VLAN for ExtremeXOS devices was incorrectly able to be added to the Tagged list for a port in Extreme Management Center. Now, the Mgmt [4095] VLAN is no longer selectable in the Tagged list for a port.
3. Known Issues and Vulnerabilities Addressed The MLAG Summary report, generated from the Network > Devices tab, was displaying unnecessary MLAG information. 1946635 End-system groups that were deleted or renamed in Extreme Management Center were being deleted from GIM Onboarding Templates. Now, when end system groups are deleted in Extreme Management Center, a warning message is shown in GIM when the Onboarding Template is opened for editing.
3. Known Issues and Vulnerabilities Addressed The value of sysObjectID was being incorrectly set for ExtremeControl engines. 01983768 Resetting End-System diagnostics by MAC or IP address was not completely disabling diagnostics. 01522146 01982359 The AAA Rule Configuration> Supported RADIUS Type incorrectly included PAP and EAP-TTLS with tunneled PAP as options for NTLM authentication. Those options have been removed to clarify this field.
3. Known Issues and Vulnerabilities Addressed 3.2 Vulnerabilities Addressed This section presents the vulnerabilities addressed in Extreme Management Center 8.5.
3.
3.
4.
4. Installation, Upgrade, and Configuration Changes IMPORTANT: The Compliance tab is available and supported by Extreme on an Extreme Management Center engine running the Linux operating system supplied by Extreme. Other Linux operating systems can support ExtremeCompliance functionality, but python version 2.7 or higher must be installed.
4. Installation, Upgrade, and Configuration Changes If you are deploying device images (pictures) via the Extreme Management Center server, they are saved in the appdata\VendorProfiles\Stage\MyVendorProfile\Images\ folder. 4.2 Important Upgrade Considerations Extreme Management Center 8.5.x supports upgrades from Extreme Management Center version 8.3.x or 8.4.x. If you are upgrading from version 8.1 or earlier of NetSight/Extreme Management Center, you must perform an intermediate upgrade.
4. Installation, Upgrade, and Configuration Changes 4.2.1 License Renewal Upgrading to Extreme Management Center version 8.5 requires you to renew your NMS license if generated prior to July 31, 2020. Licenses generated prior to July 31, 2020 expire 90 days after upgrading to Extreme Management Center version 8.5. 4.2.2 Upgrading Hardware When attempting to upgrade the Extreme Management Center server, the ExtremeAnalytics engine, or the ExtremeControl engine to version 8.
4. Installation, Upgrade, and Configuration Changes When you delete an ExtremeXOS device that is configured as a flow source via the Flow Sources table of the Analytics > Configuration > Engines > Configuration tab from the Devices list on the Network > Devices tab, an error message is generated in the server.log. The message does not warn you that the device is in use as a flow source.
4. Installation, Upgrade, and Configuration Changes l Read and write account restrictions l Read and write DNS host name attributes l Write servicePrincipalName 4.4.3 Other Upgrade Information Immediately after you install version 8.5 on the ExtremeControl engine, the date and time does not properly synchronize and the following error message displays: WARNING: Unable to synchronize to a NTP server. The time might not be correctly set on this device.
4. Installation, Upgrade, and Configuration Changes device might change unexpectedly: l MLT l SMLT l Port-specific settings to a port belonging to an MLT or SMLT To prevent this merge, change rows in the Enforce Preview window where MLT or SMLT are in use from Current to Desired. To correct the issue after enforcement, modify the service on the device via the CLI. 4.5.4 CLIP Addresses Using the CLIP Addresses table in the Configure Device window, you can enter addresses in both IPv4 and IPv6 formats.
4. Installation, Upgrade, and Configuration Changes Manager > SCP tab contains a password that includes an ampersand (&) in Extreme Management Center, the Fabric Manager firmware does not download successfully. Ensure you use a password without an ampersand (&) character. 4.5.9 VRF Configuration VSP SNMP performance is adversely affected as the number of VRF configurations increases. This issue can be resolved by upgrading to VSP release 8.1.1 or later or VSP8600 series version 6.3.3 or later. 4.
4. Installation, Upgrade, and Configuration Changes (config)# autotopology (config)# sys force-topology-ip-flag enable (config)# default sys clipId-topology-ip The Status of LAG links in maps will start working after the next polling following an upgrade to Extreme Management Center version 8.4. You can initiate the polling of a device by performing a refresh/rediscovery of the device. 4.6.
4. Installation, Upgrade, and Configuration Changes 1. Create a new Device Profile with the CLI Credential set to < No Access >. NOTE: The SLX ZTP+ Connector does NOT support configuring CLI credentials on the device. 2. Create the ZTP+ Configuration and select the new Device Profile you created in Step 1 as the Administration Profile. 3.
5. System Requirements l l scp root@:/root/firmware/images Where: l l = IP Address to Extreme Management Center Server = fully qualified path to a firmware image on the client machine 4.8 Wireless Manager Upgrade Information A High Availability pair cannot be added as a flow source if the WLAN(s) selected are not in common with both wireless controllers.
5. System Requirements 5.1.2 Extreme Management Center Client Requirements These are the operating system requirements for remote Extreme Management Center client machines. Manufacturer Operating System Windows (qualified on the English version of the operating systems) Windows® 10 Linux Red Hat Enterprise Linux WS and ES v6 and v7 Ubuntu 18.04 Mac OS X® El Capitan Sierra 5.
5. System Requirements IMPORTANT: For optimal performance the CPU and Memory needs to reserved in the ESX Client and the virtual machine needs to be deployed using Thick Disk provisioning. 5.2.2 Extreme Management Center Client Requirements Specifications Requirements CPU Speed 3.
5.
5. System Requirements Specifications Small Medium Enterprise Memory 12 GB 32 GB 64 GB Disk Size 40 GB 480 GB 960 GB IOPS 200 10,000 10,000 Flows Per Minute 250,000 500,000 750,000 End-Systems 10,000 20,000 30,000 Recommended scale based on server configuration: IMPORTANT: The ESXi free license supports a maximum of 8 CPU cores, and the medium and enterprise ExtremeAnalytics virtual engine installations require 16 CPU cores.
5. System Requirements Manufacturer Operating System Operating System Disk Space Available/Real Memory Mac OS X Catalina Tiger Snow Leopard Lion Mountain Lion Mavericks Yosemite El Capitan Sierra 10 MB 120 MB 1Certain assessment tests require the Windows Action Center (previously known as Windows Security Center), which is supported on Windows XP SP2+, Windows Vista, and Windows 7, Windows 8, and Windows 8.1 operating systems.
5. System Requirements NOTES: A native browser indicates the default, system-installed browser. Although this might be Chrome (Android), this also includes the default, system-controlled browser used for a device’s Captive Network Detection for a device. Typically, this is a non-configurable option for Wi-Fi Captive Network Detection, but default Android, Microsoft and iOS devices are tested for compatibility with the Mobile Captive Portal.
5. System Requirements l Supported Functionality: Authentication Juniper SA (requires an S-Series Stand Alone (SSA) system in order to provide access control) NOTE: For all ExtremeControl VPN Deployment scenarios, an S-Series Stand Alone (SSA) system is required to change authorization levels beyond the initial authorization, such as when using assessment. 5.
5. System Requirements 5.12 Guest and IoT Manager Requirements 5.12.1 Guest and IoT Manager Server OS Requirements These are the operating system requirements for Guest and IoT Manager server: Manufacturer Operating System VMware® VMware ESXi™ 5.5 server VMware ESXi™ 6.0 server VMware ESXi™ 6.5 server vSphere (client only)™ (Extreme Management Center Virtual Engine) 5.12.
6. Getting Help Medium Browser Version Desktop Microsoft Internet Explorer Mozilla Firefox Google Chrome Microsoft Edge Safari 11 and later 63 and later 65 and later 42 and later 12 and later Mobile1 iOS Native Android Chrome US Browser Opera Firefox 9 and later 65 and later 11.5 and later 40 and later 63 and later 1Mobile Browsers are supported only for the Guest Self-Service Provisioning flow.
6. Getting Help GTAC For immediate support, call 1-800-998-2408 (toll-free in U.S. and Canada) or 1603-952-5000.
