Advertisement
Known Issues in Previous Releases
Per port broadcast suppression has been implemented on the SecureStack, and is hardset to be globally
enabled. The global command ―set broadcast [enable | disable]‖ has been removed. If you would like to disable
broadcast suppression, you can get the same result by setting the threshold limit for each port to the maximum
number of packets which can be received per second:
Fast Ethernet:
Gigabyte:
10 gigabyte:
The default broadcast suppression threshold for all ports has been set to 14881 to allow the device to be
backward compatible with previous images.
Enterasys recommends administrators consider the following recommendations before configuring the
SecureStack-C2 for a PIM-SM environment.
1) A C2 cannot be configured as a Candidate-RP or a Candidate-BSR.
2) A C2 should not be the first hop router for a multicast stream. In other words, the multicast stream
should not originate on a C2.
3) A C2 should not be positioned in the core of PIM-SM topology, and should only be positioned at the
edge device in PIM-SM topology. In other words, the C2 should only be used to deliver multicast streams to end
clients.
The path cost of a LAG port will be displayed as zero when it is not an active link.
The VLAN-to-Policy mapping feature currently supported on SecureStack C2/B2 is a global setting which affects
all ports and cannot be configured on a single port.
If the singleportlag variable is set to disable and link failures reduce the number of ports which compose a
dynamic LAG to one, the member ports will revert back to normal port status.
If MSTP has maps that are associated with GVRP-generated VLANs and GVRP communication is lost, the MSTP
maps will be removed from the configuration. It is recommended that users only create MSTP maps on statically-
created VLANs.
Setting an extensive number of policy rules via the CLI can cause momentary loss of CLI and SNMP
management.
The Policy functionality can only assign ports to VLANs which have been statically created.
GVRP created VLANs are not persistent after a reboot.
Only statically created VLANs are supported with Dynamic Egress.
Static MAC locking list MAC address entries in the "show MAC" output as "other‖, and will not remove them on
link down.
C2G134-24P and the C2G124-48 may show link state incorrectly when using MGBICS if auto negotiation is
turned off on the MGBIC ports.
Authentication delays can occur under large volumes of unauthorized traffic.
If a VLAN classification rule (using the Ethertype field) is associated to a policy role, this classification rule has
higher precedence than all forward and drop classification rules in the policy role.
NetSight ASM currently does not make concessions for support of ―User + IP Phone‖ Authentication on the
SecureStack C2 and B2 platforms. Therefore, if either a PC or an IP phone is detected as sourcing a security
violation, NetSight ASM 2.1 will find the offending device's MAC address on the port of connection and apply the
Quarantine policy role to this port, quarantining the PC. As a result of the statically configured VLAN-to-policy
mapping being configured on the port, the SecureStack C2 and B2 will still assign the IP phone's tagged traffic to
the specified policy role, while the PC is quarantined. Therefore, it is important to understand that the PC may be
quarantined for security violations sourced by either the PC or the IP phone on a port, while the IP phone will
remain un-quarantined.
Furthermore, a problem exists if a new IP phone is connected to a quarantined port or an existing IP phone loses
its configuration. In either of these situations, the IP phone transmits its traffic as untagged and will not become
operational on the network if the Quarantine policy role is configured to deny access to network resources the IP
phone utilizes to obtain its configuration.
Users are able to reach PWA login screen in strict mode, but they will not be able to authenticate.
08/13/2008 P/N: 9038155-52
F0615-O
148810
1488100
14881000
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
Page: 32 of 41
Advertisement
