Académique Documents
Professionnel Documents
Culture Documents
AOS-W 6.4.3.4
Copyright Information
2015 Alcatel-Lucent. All rights reserved.
Specifications in this manual are subject to change without notice.
Originated in the USA.
AOS-W, Alcatel 4302, Alcatel 4304, Alcatel 4306, Alcatel 4308, Alcatel 4324, Alcatel 4504, Alcatel 4604, Alcatel
4704, Alcatel 6000, OAW-AP41, OAW-AP68, OAW-AP60/61/65, OAW-AP70, OAW-AP80, OAW-AP92/93, OAWAP105, OAW-AP120/121, OAW-AP124/125, OAW-AP175, OAW-IAP92/93/105, OAW-RAP2, OAW-RAP5, and
Omnivista 3600 Air Manager are trademarks of Alcatel-Lucent in the United States and certain other countries.
Any other trademarks appearing in this manual are the property of their respective companies. Includes
software from Litech Systems Design. The IF-MAP client library copyright 2011 Infoblox, Inc. All rights
reserved. This product includes software developed by Lars Fenneberg et al.
Legal Notice
The use of Alcatel-Lucent switching platforms and software, by all individuals or corporations, to terminate
Cisco or Nortel VPN client devices constitutes complete acceptance of liability by that individual or corporation
for this action and indemnifies, in full, Alcatel- Lucent from any and all legal actions that might be taken against
it with respect to infringement of copyright on behalf of Cisco Systems or Nortel Networks.
Contents
Release Overview
Chapter Overview
Supported Browsers
Contacting Support
New Features
Regulatory Updates
11
Resolved Issues
13
23
Upgrade Procedure
27
Upgrade Caveats
27
28
28
Memory Requirements
28
29
30
31
34
Downgrading
34
36
| 3
4 |
Chapter 1
Release Overview
AOS-W 6.4.3.4 is a software patch release that includes new features and enhancements along with fixes to the
issues identified in previous releases.
See the Upgrade Procedure on page 27 for instructions on how to upgrade your switch to this release.
Chapter Overview
l
New Features on page 9 provides a description of features and enhancements introduced in this release of
AOS-W.
Regulatory Updates on page 11 lists the regulatory updates in this release of AOS-W.
Resolved Issues on page 13 lists and describes the issues resolved in this release of AOS-W.
Known Issues and Limitations on page 23 lists and describes the known and outstanding issues identified in
this release of AOS-W.
Upgrade Procedure on page 27 describes the procedures for upgrading a switch to this release of AOS-W.
For new features, resolved issues, and known issues and limitation prior to this release, refer to the corresponding
Release Notes on https://service.esd.alcatel-lucent.com/.
Release Overview | 5
Settings
l
l
l
l
l
l
l
l
l
l
l
Virtual AP Profile
l
l
l
SSID Profile
l
l
l
l
l
l
l
l
l
l
l
802.11r Profile
l
l
l
l
l
l
l
Channel
Enable Channel Switch Announcement (CSA)
CSA Count
High throughput enable (radio)
Very high throughput enable (radio)
TurboQAM enable
Maximum distance (outdoor mesh setting)
Transmit EIRP
Advertise 802.11h Capabilities
Beacon Period/Beacon Regulate
Advertise 802.11d Capabilities
Virtual AP enable
Forward Mode
Remote-AP operation
ESSID
Encryption
Enable Management Frame Protection
Require Management Frame Protection
Multiple Tx Replay Counters
Strict Spectralink Voice Protocol (SVP)
Wireless Multimedia (WMM) settings
n Wireless Multimedia (WMM)
n Wireless Multimedia U-APSD (WMM-UAPSD) Powersave
n WMM TSPEC Min Inactivity Interval
n Override DSCP mappings for WMM clients
n DSCP mapping for WMM voice AC
n DSCP mapping for WMM video AC
n DSCP mapping for WMM best-effort AC
n DSCP mapping for WMM background AC
High throughput enable (SSID)
40 MHz channel usage
Very High throughput enable (SSID)
80 MHz channel usage (VHT)
Advertise 802.11r Capability
802.11r Mobility Domain ID
802.11r R1 Key Duration
key-assignment (CLI only)
Advertise Hotspot 2.0 Capability
RADIUS Chargeable User Identity (RFC4372)
RADIUS Location Data (RFC5580)
Supported Browsers
The following browsers are officially supported for use with the AOS-W 6.4.3.4 WebUI:
l
6 | Release Overview
Contacting Support
Table 2: Contact Information
Contact Center Online
l
Main Site
http://www.alcatel-lucent.com/enterprise
Support Site
https://service.esd.alcatel-lucent.com
esd.support@alcatel-lucent.com
North America
1-800-995-2696
Latin America
1-877-919-9526
EMEA
Asia Pacific
Worldwide
1-818-878-4507
Release Overview | 7
8 | Release Overview
Chapter 2
New Features
This chapter describes the features or enhancements introduced in this release of AOS-W. For more
information about features introduced in AOS-W 6.4.x, refer to the AOS-W 6.4.x User Guide.
Selective Multicast
The existing broadcast filter all parameter is modified to allow wireless to wireless multicast where the
receiver joins the sender's IGMP group, if IGMP snooping\proxy is enabled.
If IGMPsnooping\proxy is disabled, the existing functionality (drop the wireless to wireless multicast packets)
of broadcast filter all remains the same.
For additional information on this feature, see AOS-W 6.4.x User Guide.
New Features | 9
10 | New Features
Chapter 3
Regulatory Updates
DRT-1.0_51477
For a complete list of countries certified with different AP models, refer to the DRT release notes at
service.esd.alcatel-lucent.com.
Regulatory Updates | 11
12 | Regulatory Updates
Chapter 4
Resolved Issues
This chapter describes the issues resolved in this release of AOS-W. Additionally, the following issues are
resolved in this release.
Air Management-IDS
Table 3: Air Management-IDS Fixed Issues
Bug ID
Description
120280
Symptom: OAW-AP200 Series was unable to detect neighbor SSIDs in the Air Monitor mode (AMmode). This issue is resolved by disabling the VAP for bridge or d-tunnel only for AP mode and
enabling the VAP for monitoring mode.
Scenario: This issue was observed in OAW-AP200 Series access points connected to switches running
AOS-W 6.4.3 FIPS version.
Platform: OAW-AP200 Series access points.
Reported Version: AOS-W 6.4.3.2.
AP-Datapath
Table 4: AP-Datapath Fixed Issues
Bug ID
Description
115787
Symptom: Users were unable to get an IP address from some APs, when they connected to a splittunnel SSID. The fix ensures that VLAN/multicast entries are changed according to the L2 user entry
and not an L3 user entry when setting the ACL.
Scenario: This issue was observed in OAW-AP225 access points connected to OAW-4550 switches
running AOS-W 6.4.2.5.
Platform: OAW-AP225 access points.
Reported Version: AOS-W 6.4.2.5.
Resolved Issues | 13
AP-Platform
Table 5: AP-Platform Fixed Issues
Bug ID
Description
100296
Symptom: The switch displayed the following error message, An internal system error has
occurred at file sapd_sysctl.c function sapd_sysctl_write_param line 102 error Error opening
/proc/sys/net/aruba000/11r: No such file or directory. repeatedly. This issue is resolved by adding
a check before resetting the dot11r/hotspot parameter when the radio is operating in soft-ap mode.
Scenario: This issue was observed in OAW-M3 switches running AOS-W 6.3.1.6.
Platform: All platforms.
Reported Version: AOS-W 6.3.1.6.
114495
Symptom: An AP transmitted DHCPv6 solicit messages even when the M flag in Router
Advertisement (RA) was set to 0 and the O flag was set to 1. The fix ensures that the AP sends an
Information-Request message to obtain only the configuration settings.
Scenario: This issue occurred when an AP sent a solicit message instead of a DHCPv6 information
request. This issue was observed in an IPv6 network in switches running AOS-W 6.4.2.3.
Platform: All platforms.
Reported Version: AOS-W 6.4.2.3.
118071
Symptom: Although the BLE feature was not supported on OAW-4306 Series, OAW-4x04 Series, and
OAW-6000 Series switches, if the system profile for an AP had BLR-URL and token, the URL was sent as
a part of the configuration download to the APs that terminated on these switches. The fix ensures
that the BLE-URL and token are not pushed to APs that terminate on switches that do not support BLE.
Scenario: This issue was observed when the BLE URL and BLE Relay tags were sent to APs that
terminated on switches that did not support BLE. This issue was observed in OAW-4306 Series, OAW4x04 Series, and OAW-6000 Series switches running AOS-W 6.4.3.0.
Platform: OAW-4306 Series, OAW-4x04 Series, and OAW-6000 Series switches.
Reported Version: AOS-W 6.4.3.0.
121937
Symptom: A user was unable to configure OAW-AP200 Series in bridge mode for AOS-W 6.4.3.2 FIPS.
This issue is resolved by deleting the bridge mode restrictions.
Scenario: This issue was observed only in AOS-W 6.4.3 FIPS version as a bridge mode restriction was
applied to disable bridge and d-tunnel mode on OAW-AP200 Series.
Platform: OAW-AP200 Series access points.
Reported Version: AOS-W 6.4.3.2.
122542
121740
122374
122539
123026
123126
123152
123563
123761
124000
Symptom: Clients failed to associate with the AP since the station management process of the AP
was busy. This issue is resolved by enhancing the WLAN driver.
Scenario: This issue was observed when client match was enabled and the switch moved the client
from one AP to another. This issue was observed in OAW-AP110 Series, OAW-AP120 Series, and OAWAP130 Series access points connected to switches running AOS-W 6.3.1.x, 6.4.2.x, or 6.4.3.x.
Platform: OAW-AP110 Series, OAW-AP120 Series, and OAW-AP130 Series access points.
Reported Version: AOS-W 6.4.2.9.
14 | Resolved Issues
AP-Wireless
Table 6: AP-Wireless Fixed Issues
Bug ID
Description
108650
Symptom: When clients associated with an AP, some of the clients exhibited retry rates that were
higher than expected. The retry rates were observed in the switch dashboard, CLI, or AP radio
statistics. This issue is resolved by reducing the retry transmit rate for OAW-AP90 Series, OAW-AP100
Series, and OAW-AP130 Series access points.
Scenario: This issue was observed in APs running AOS-W 6.1.x, AOS-W 6.3.x, or AOS-W 6.4.x.
Platform: OAW-AP90 Series, OAW-AP100 Series, and OAW-AP130 Series access points.
Reported Version: AOS-W 6.3.1.9.
113845
Symptom: The show user-table command output occasionally did not display bridge mode users.
The fix ensures that the bridge mode users are always displayed when the command is executed.
Scenario: This issue was observed when the client was in power save mode and the chipset driver did
not send deauthentication frame with the reason, client-match.
Platform: All Remote APs.
Reported Version: AOS-W 6.3.1.10.
115865
Symptom: Clients experienced connectivity issues on the G radios of OAW-AP200 Series access
points. This issue is resolved by checking and removing stale striping IP entries whenever ap-lacp
profile is changed.
Scenario: This issue was observed in OAW-AP200 Series access points connected to OAW-4750
switches running AOS-W 6.4.2.5. This issue was observed when striping-ip was configured in aplacp-striping-ip where the same striping-ip was earlier configured but removed on another switch.
Hence, a stale route cache entry for the striping-ip was left over on the other switch.
Platform: OAW-AP200 Series access points.
Reported Version: AOS-W 6.4.2.5.
117740
118199
118343
Symptom: OAW-AP115 access point sent out-of-order multicast packets. Clients reported TKIP MIC
error and disconnected during heavy multicast traffic. This issue is resolved by using software TKIP
instead of split TKIP.
Scenario: This issue was observed in OAW-AP115 access points connected to OAW-4704 switches
running AOS-W 6.3.1.
Platform: OAW-AP115 access points.
Reported Version: AOS-W 6.3.1.0.
120117
123314
Symptom: OAW-AP225 access point crashed. This issue is resolved by changing how the BSS
configuration is accessed.
Scenario: This issue was observed when an access point received a management action frame of
unsupported type. This issue was observed in OAW-AP225 access points connected to switches
running AOS-W 6.3.1.9.
Platform: OAW-AP225 access points.
Reported Version: AOS-W 6.3.1.9.
Resolved Issues | 15
Base OS Security
Table 7: Base OS Security Fixed Issues
Bug ID
Description
115960
123937
Symptom: On the OV3600 WebUI, the Connection Mode for wireless clients was displayed as
802.11b although the clients were connected to either the 802.11a or 802.11g band in the switch. This
issue is resolved by sending the PhyType and HTMode MIBs as per the Aruba MIB definition while
using SNMP traps.
Scenario: The OV3600 WebUI displayed incorrect values using SNMP traps for polling. On further
investigation, it was observed that the SNMP traps carried the PhyType and HTMode information but
was not part of the standard Aruba MIB definition. This issue was observed in switches running AOS-W
6.4.2.3.
Platform: All platforms.
Reported Version: AOS-W 6.4.2.3.
Switch-Datapath
Table 8: Switch-Datapath Fixed Issues
Bug ID
Description
114426
Symptom: The client was able to pass traffic even though the static IP client is connected to a wired
RAP port and the enforce-dhcp is enabled through AAA. The fix ensures that the client is unable to
pass traffic when the user entry is inactive and upstream trusted clients initiate TCP traffic to untrusted clients.
Scenario: This issue was observed in RAPs but was not limited to any specific switch model.
Platform: All platforms.
Reported Version: AOS-W 6.3.1.9.
114684
114563
115868
116324
117331
Symptom: A switch stopped responding and rebooted. The log files for the event listed the reason as
datapath timeout. The fix ensures that the controller does not reboot.
Scenario: This issue was observed in OAW-4x50 Series switches when the Aggregate MAC Service
Data Unit (AMSDU) feature was enabled. This issue was observed when the crypto engine was
interrupted.
Platform: OAW-4x50 Series switches.
Reported Version: AOS-W 6.4.2.4.
121252
Symptom: The datapath module of a OAW-4504 switch crashed when sending airplay audio packets
(TCP port 5000) with policy-based routing feature enabled. This issue is resolved by rectifying an
inconsistency in session states for AirPlay audio.
Scenario: This issue was observed in standalone switches running AOS-W 6.4.3.2 with AirPlay audio
traffic and policy-based routing configuration on user-role enabled.
Platform: All platforms.
Reported Version: AOS-W 6.4.3.2.
122033
Symptom: Route-acl attachment to user role was not preserved after reloading a standby switch. This
issue is resolved by generating routing policy map on the standby switch after a configuration
snapshot.
Scenario: This issue was observed after reloading a standby switch with route-acl. This issue was
observed in switches running AOS-W 6.4.3.x in master-standby topology.
Platform: All platforms.
Reported Version: AOS-W 6.4.3.2.
122120
Symptom: By default, the asterisk wildcard was appended to the netdetsination provided by the
user. This issue is resolved by modifying the DNS snooping to check if the netdestination is an
absolute URL or a wildcard URL.
Scenario: This issue was observed in switches running AOS-W 6.4.2.4.
Platform: All platforms.
Reported Version: AOS-W 6.4.2.4.
16 | Resolved Issues
Switch-Platform
Table 9: Switch-Platform Resolved Issues
Bug ID
Description
109472
116831
Symptom: An increase in WebCC memory was observed when there was a connectivity issue to the
Webroot server. As a result, the available/free memory decreased and to recover the memory,
processes were terminated. The fix ensures that there is no increase in WebCC memory consumption
when there is a connectivity issue to the Webroot server.
Scenario: A memory leak was observed as the host was not reachable. This issue was observed in
switches running AOS-W 6.4.2.x or AOS-W 6.4.3.x.
Platform: All platforms.
Reported Version: AOS-W 6.4.2.3.
115433
Symptom: The client was able to access the switch using the WebUI, but was unable to initiate an SSH
session with the switch when the uplink connection changed from wired to cellular. The fix ensures
that the client can initiate an SSH session even when the uplink connection changes from wired to
cellular.
Scenario: This issue was observed in OAW-4010 switches running AOS-W 6.4.2.5.
Platform: OAW-4010 switches.
Reported Version: AOS-W 6.4.2.5.
116932
Symptom: Centralized image upgrade failed. This issue is resolved by uploading the correct build
image.
Scenario: This issue was observed only in OEM builds where there were multiple switch type entries
for the same internal type. For example, OAW-6000 and OAW-M3 are both categorized under OAW6000. This issue was observed in OAW-6000 switches running AOS-W 6.4.2.6, in a master local
topology.
Platform: OAW-6000 switches.
Reported Version: AOS-W 6.4.2.6.
118599
123996
124152
Symptom: A switch rebooted unexpectedly. The log file for the event listed the reasons as kernel
panic, hard watchdog reset, or soft watchdog reset. This issue is resolved by correcting the SOS
coredump path.
Scenario: This issue occurred when SOS coredump was triggered in OAW-40xx Series or OAW-4x50
Series switches running AOS-W 6.4.x.
Platform: OAW-40xx Series and OAW-4x50 Series switches.
Reported Version: AOS-W 6.4.2.6
Resolved Issues | 17
Description
119559
94286
Symptom: A OAW-4306G switch failed to upgrade to AOS-W 6.4.2.6-FIPS due to insufficient memory.
The fix ensures that a OAW-4306G switch can be successfully upgraded to a FIPS version of AOS-W.
Scenario: This issue was observed in OAW-4306G switches running AOS-W 6.3.1.17.
Platform: OAW-4306G switches.
Reported Version: AOS-W 6.3.1.17.
120561
Symptom: The Network Time Protocol (NTP) synchronization failed as the switch sent NTP packets
with invalid source IPs. The fix ensures that invalid binding is resolved by making internal code
changes.
Scenario: This issue was observed when ntpd was bound to the wrong local address. This issue was
observed in OAW-4550 switches running AOS-W 6.4.2.8.
Platform: OAW-4550 switches.
Reported Version: AOS-W 6.4.2.8.
122773
123921
124070
124130
124204
Symptom: A master switch rebooted unexpectedly. The log files for the event listed the reason as
kernel panic. This issue is resolved by displaying a warning message in case of an invalid Direct
Memory Access (DMA)type.
Scenario: To transfer a packet from the control plane to the datapath, a message was sent to the
DMA to copy the packet to the SOS. To confirm the transfer, DMA sent a message and checked the
descriptor for the packet buffer pointer, which was NULL. This resulted in a kernel crash with a NULL
pointer exception. This issue was observed in OAW-40xx Series and OAW-4450 switches running AOSW 6.4.3.2.
Platform: OAW-40xx Series and OAW-4450 switches.
Reported Version: AOS-W 6.4.3.2.
DHCP
Table 10: DHCP Fixed Issues
Bug ID
Description
108349
Symptom: When a client connected to a Wi-Fi network, there was a delay in getting an IP address
from the DHCP server. The delay in obtaining the IP address was due to the delay introduced by the
Process Application Programming Interface (PAPI) protocol to communicate the station information
from authentication to DHCP relay agent process. The fix addresses this delay by using Global Shared
Memory (GSM) to retrieve the station information instead of the PAPI protocol.
Scenario: When an ip helper-address was configured on a VLAN interface together with option-82
essid or option-82 ap-name, the DHCP process dropped the first DHCP packet from the client while
it waited for the Authentication Manager to respond. This issue was observed in switches running
AOS-W 6.1.3.x, AOS-W 6.3.x, or AOS-W 6.4.x.
Platform: All platforms.
Reported Version: AOS-W 6.3.1.7.
18 | Resolved Issues
DPI
Table 11: Deep Packet Inspection Fixed Issues
Bug ID
Description
118361
123175
Symptom: Users failed to access the Amazon workspace after logging in. The web-page displayed
the page cannot be displayed error message. The fix ensures that users successfully access the
Amazon workspace and the switch classifies Amazon Web Services (AWS) as a web category.
Scenario: This issue was observed when the client connected to an SSID, received an user-role which
allowed AWS, but the switch failed to classify AWS as a web category. This issue was observed in
switches running AOS-W 6.4.2.x or AOS-W 6.4.3.x.
Platform: All platforms.
Reported Version: AOS-W 6.4.2.4.
IPsec
Table 12: IPsec Fixed Issues
Bug ID
Description
121339
Symptom: The strength of Internet Key Exchange (IKE), based on the length of the symmetric cipher
key, was lower than the strength of Encapsulation Security Payload (ESP), which was a violation of
Common Criteria requirements. This issue is resolved by changing the strength of IKE to be equal to
or greater than the strength of ESP. This change applies only to ArubaOS FIPS versions.
Scenario: This issue was not specific to any switch model or AOS-W version.
Platform: All platforms.
Reported Version: AOS-W 6.4.4.0.
Mobility
Table 13: Mobility Fixed Issues
Bug ID
Description
122063
Symptom: DHCP clients could not pass traffic. The fix ensures that the DHCP clients can pass traffic
based on the scenario mentioned below.
Scenario: This issue was observed when L3 mobility was enabled, and anchor IP table and the no ip
mobile proxy auth-sta-roam-only parameter were configured. This issue was observed in switches
running AOS-W 6.4.x or 6.3.x versions.
Platform: All platforms.
Reported Version: AOS-W 6.4.3.1.
Resolved Issues | 19
Master-Local
Table 14: Master-Local Fixed Issues
Bug ID
Description
118873
Symptom: Configuration synchronization time was invalid when synchronizing large configurations
between master and local switches. This issue is resolved by correcting the synchronization time when
large configurations are pushed to the switches.
Scenario: This issue was observed when the configuration synchronization time was reset to 0 and a
connection was lost when a large configuration that was pushed to a local switch took a long time. As
the configuration module was busy applying the configuration, it was not able to send heartbeat
message to the master switch. Then, the master switch flagged the status of the local switch as down
after it did not get a heartbeat message from the local switch for some time.
Platform: All platforms.
Reported Version: AOS-W 6.4.2.6.
121996
Symptom: DNS server IP longer than 10 characters failed bulk edit resulting in DNS field set to 0.0.0.0.
The fix ensures that the switch sets the DNS server IP correctly.
Scenario: When you bulk edit a DNS server IP lesser than 10 characters long (example: x.x.x.x), the
switch set the IP correctly. But for DNS server IP longer than 10 characters (example: xx.xx.xx.xx), the
switch set the IP to 0.0.0.0. This issue was observed in switches running AOS-W 6.4.x.
Platform: All platforms.
Reported Version: AOS-W 6.4.0.0.
Station Management
Table 15: Station Management Fixed Issues
Bug ID
Description
121643
121642
Symptom: A switch crashed and the log files were flooded withhandle_ap_message_response: BSS
<MAC> nothing outstandingwarning messages. This issue is resolved by making changes to handle
the expected response from GSM channel properly instead of error logging.
Scenario: This issue was observed on switches running AOS-W 6.4.3.2. This issue occurred when
responses from the BSS GSM channel was not handled correctly by the Station Management (STM).
Platform: All platforms.
Reported Version: AOS-W 6.4.3.2.
Voice
Table 16: Voice Fixed Issues
Bug ID
Description
117456
Symptom: UCC dashboard and the show ucc call-info cdrs and show ucc statistics counter call
client commands, displayed the Lync call statistics for other peer-to-peer conversations even though
Alcatel-Lucent client was not part of the Lync conversation. This issue is resolved by changing how the
XML message of the external clients are handled.
Scenario: This issue was observed when a switch received XML message for audio call, where both the
client IP addresses are external to switch and one of the clients call was on-going.
Platform: All platforms.
Reported Version: AOS-W 6.4.2.5.
20 | Resolved Issues
Web Server
Table 17: Web Server Fixed Issues
Bug ID
Description
115229
Symptom: Captive Portal incorrectly converted the original uniform resource identifier (URI). This
issue is resolved by using the URL that contains the protocol information, which includes the unparsed
URI instead of generating the URL from hostname and protocol information.
Scenario: This issue was observed when the unparsed URI contained protocol information, and as a
result the redirected landing page URL was invalid. This issue was observed in switches running AOS-W
6.4.x and 6.3.x with Captive Portal page enhancements.
Platform: All platforms.
Reported Version: AOS-W 6.4.2.5.
WebUI
Table 18: WebUI Fixed Issues
Bug ID
Description
120008
Symptom: The VAP was not deleted when the user selected --NONE-- from the Virtual AP drop-down
list, in ADVANCED SERVICES > All Profiles > Wireless LAN > Virtual AP > Show Reference page
of the WebUI. An internal JavaScript code fix ensures that the VAP profile is deleted when the user
selects the --NONE-- options from the Virtual AP drop-down menu.
Scenario: This issue was observed in switches running AOS-W 6.4.3.2.
Platform: All platforms.
Reported Version: AOS-W 6.4.3.2.
802.1X
Table 19: 802.1X Fixed Issues
Bug ID
Description
121447
122157
Symptom: Users were unable to connect to access points that used 802.1x authentication and
displayed the following error message received eapol-pkt before assos. This issue is resolved by
resetting the timer in mac_reauth_timer_handler.
Scenario: This issue was observed in APs connected to switches running AOS-W 6.4.2.8. This issue
occured when the PAPI timer was deleted incorrectly by mac_start_reauth_timer because the
authentication server did not reset the mac_reauth_timer variable in the user table when the handler
function mac_reauth_timer_handler was called after the timer expired. After a successful reauthentication when the authentication server called mac_start_reauth_timer to restart the timer it
called DispRemoveTimer for an already expired Timer ID, which could have been reallocated to a
different user.
Platform: All platforms.
Reported Version: AOS-W 6.4.2.8.
Resolved Issues | 21
22 | Resolved Issues
Chapter 5
Known Issues and Limitations
This chapter describes the known and outstanding issues identified in this release of AOS-W.
If there is any specific bug that is not documented in this section, contact Alcatel-Lucent Technical Support with your
case number.
AP-Platform
Table 20: AP-Platform Known Issues
Bug ID
Description
118120
Symptom: Multiple DHCP processes are running even when an OAW-AP225 access point is
connected to the network with no DHCP on the AP VLAN.
Scenario: This issue is observed while configuring the static IPv6 address on the access point and
connecting it to the network without a DHCP.
Platform: All platforms.
Reported Version: AOS-W 6.4.2.6.
Workaround: None.
ARM
Table 21: ARM Known Issues
Bug ID
Description
112409
Symptom: The wireless chipset for an 802.11ac-capable access point does not dynamically switch
from 80 MHz to 40/20 MHz even with strong interference.
Scenario: This issue is observed in OAW-AP220 Series and other 802.11ac-capable access points
connected to switches running AOS-W 6.4.2.4.
Platform: OAW-AP200 Series, OAW-AP210 Series, OAW-AP220 Series, and OAW-AP270 Series access
points.
Reported Version: AOS-W 6.4.2.4.
Workaround: None.
113843
Authentication
Table 22: Authentication Known Issues
Bug ID
Description
120154
Symptom: The user is unable to clear more than six session IDs using the clear loginsession
command.
Scenario: Although more than six session IDs are displayed when the show loginsession command is
executed, only six session IDs can be cleared using the clear loginsession command. In addition, the
command does not allow the user to delete any WebUI sessions. This issue is observed in switches
running AOS-W 6.3.1.x, AOS-W 6.4.2.x, or AOS-W 6.4.3.x.
Platform: All platforms.
Reported Version: AOS-W 6.4.2.5.
Workaround: None.
Base OS Security
Table 23: Base OS Security Known Issues
Bug ID
Description
117141
Symptom: Authentication with certificate or Pre-Shared Key (PSK) based VIA using IKEv1 or IKEv2 fails.
Scenario: This issue is specific to Dell Defender acting as an external RADIUS server. Certificate or
PSK-based VIA with IKEv1 or IKEv2 fails because the authentication process in the switch sends the
external IP address of the VIA client as the Frame-IP-Address to the Dell Defender RADIUS server. The
RADIUS server responds to the switch with the same IP address. The authentication process considers
this IP address as the inner IP of the VIA client. As the inner and external IP addresses are the same,
IKE rejects the connection. This issue is observed in switches running any version of AOS-W.
Platform: All platforms.
Reported Version: AOS-W 6.4.2.5.
Workaround: None.
Mobility
Table 24: Mobility Known Issues
Bug ID
Description
123985
Voice
Table 25: Voice Known Issues
Bug ID
Description
121964
Symptom: The switch reboots as the Station Management (STM) process that handles AP
management and client association stops responding.
Scenario: This issue is observed in OAW-4650 switch running AOS-W 6.4.2.5.
Platform: OAW-4650 switches.
Reported Version: AOS-W 6.4.2.5.
Workaround: None.
WebUI
Table 26: WebUI Known Issues
Bug ID
Description
121622
Symptom: When a user attempts to delete the smart configuration from the WebUI of the master
switch, the Config group is being used. Remove reference in whitelist before deleting error
message is displayed.
Scenario: This issue is observed when a user has multiple config-groups with similar names and the
user attempts to delete smart configuration from a master switch. This issue is observed in switches
running AOS-W 6.4.3.2.
Platform: All platforms.
Reported Version: AOS-W 6.4.3.2.
Workaround: None.
Chapter 6
Upgrade Procedure
This chapter details software upgrade procedures. Alcatel-Lucent best practices recommend that you schedule
a maintenance window for upgrading your switches.
Read all the information in this chapter before upgrading your switch.
Downgrading on page 34
Upgrade Caveats
l
Starting with AOS-W 6.3.1.0, the local file upgrade option in the OAW-4306 and OAW-4306G switch
WebUIshave been disabled.
AOS-W 6.4.x does not allow you to create redundant firewall rules in a single ACL. AOS-W will consider a rule
redundant if the primary keys are the same. The primary key is made up of the following variables:
n
source IP/alias
destination IP/alias
proto-port/service
If you are upgrading from AOS-W 6.1 or earlier and your configuration contains an ACL with redundant
firewall rules, upon upgrading, only the last rule will remain.
For example, in the below ACL, both ACE entries could not be configured in AOS-W 6.4.x. When the second
ACE is added, it overwrites the first.
Upgrade Procedure | 27
AOS-W 6.4.x supports only the newer MIPS switches (OAW-4x50 Series, OAW-40xx Series, OAW-M3, OAW4504XM, OAW-4604, OAW-4704, and OAW-4306 Series). Legacy PPC switches (OAW-4302, OAW-4308,
OAW-4324, SC1/SC2) and OAW-4504 switches are not supported. Do not upgrade to AOS-W 6.4.x if your
deployment contains a mix of MIPS and PPC switches in a master-local setup.
When upgrading the software in a multiswitch network (one that uses two or more Alcatel-Lucent switches),
special care must be taken to upgrade all the switches in the network and to upgrade them in the proper
sequence. (See Upgrading in a Multiswitch Network on page 30.)
AOS-W 6.4.3.4 continues to support L2 GRE tunnel type zero, but it is recommended to use a non-zero
tunnel type.
If both L2 and L3 tunnels are configured between end point devices, you must use a non-zero tunnel type
for L2 GRE tunnels.
Schedule the upgrade during a maintenance window and notify your community of the planned upgrade.
This prevents users from being surprised by a brief wireless network outage during the upgrade.
Avoid making any other changes to your network, such as configuration changes, hardware upgrades, or
changes to the rest of the network during the upgrade. This simplifies troubleshooting.
Know your network and verify the state of your network by answering the following questions:
n
How many APs are assigned to each switch? Verify this information by navigating to the Monitoring >
NETWORK > All Access Points section of the WebUI, or by executing the show ap active and show
ap database CLI commands.
How are those APs discovering the switch (DNS, DHCP Option, Broadcast)?
Are all switches in a master-local cluster running the same version of software?
Which services are used on the switches (employee wireless, guest access, remote AP, wireless voice)?
If possible, use FTP to load software images to the switch. FTP is faster than TFTP and offers more resilience
over slow links. If you must use TFTP, ensure the TFTP server can send over 30 MB of data.
Always upgrade the non-boot partition first. If problems occur during the upgrade, you can restore the
flash, and switch back to the boot partition. Upgrading the non-boot partition gives you a smoother
downgrade path should it be required.
Before you upgrade to this version of AOS-W, assess your software license requirements and load any new
or expanded licenses you may require. For a detailed description of these new license modules, refer to the
Software Licenses chapter in the AOS-W 6.4.x User Guide.
Memory Requirements
All Alcatel-Lucent switches store critical configuration data on an onboard compact flash memory module.
Ensure that there is always free flash space on the switch. Loading multiple large files such as JPEG images for
28 | Upgrade Procedure
RF Plan can consume flash space quickly. To maintain the reliability of your WLAN network, the following
compact memory best practices are recommended:
l
Confirm that there is at least 60 MB of free memory available for an upgrade using the WebUI, or execute
the show memory command to confirm that there is at least 40 MB of free memory available for an
upgrade using the CLI. Do not proceed unless this much free memory is available. To recover memory,
reboot the switch. After the switch comes up, upgrade immediately.
Confirm that there is at least 75 MB of flash space available for an upgrade using the WebUI, or execute the
show storage command to confirm that there is at least 60 MB of flash space available for an upgrade
using the CLI.
In certain situations, a reboot or a shutdown could cause the switch to lose the information stored in its compact flash
card. To avoid such issues, it is recommended that you execute the halt command before power cycling.
If the output of the show storage command indicates that there is insufficient flash memory space, you must
free up some used memory. Any switch logs, crash data, or flash backups should be copied to a location off the
switch, then deleted from the switch to free up flash space. You can delete the following files from the switch
to free up some memory before upgrading:
l
Crash Data: Execute the tar crash command to compress crash files to a file named crash.tar. Use the
procedures described in Backing up Critical Data on page 29 to copy the crash.tar file to an external server,
and then execute the tar clean crash command to delete the file from the switch.
Flash Backups: Use the procedures described in Backing up Critical Data on page 29 to back up the flash
directory to a file named flash.tar.gz, and then execute the tar clean flash command to delete the file
from the switch.
Log files: Execute the tar logs command to compress log files to a file named logs.tar. Use the
procedures described in Backing up Critical Data on page 29 to copy the logs.tar file to an external server,
and then execute the tar clean logs command to delete the file from the switch.
Configuration data
WMS database
Licensing database
x.509 certificates
Switch Logs
Upgrade Procedure | 29
4. Click Create Backup to back up the contents of the compact flash file system to the flashbackup.tar.gz
file.
5. Click Copy Backup to copy the file to an external server.
You can later copy the backup file from the external server to the compact flash file system using the file
utility in the Maintenance > File > Copy Files page.
6. To restore the backup file to the Compact Flash file system, navigate to the Maintenance > File >
Restore Flash page and click Restore.
2. Execute the backup command to back up the contents of the compact flash file system to the
flashbackup.tar.gz file.
(host) # backup flash
Please wait while we tar relevant files from flash...
Please wait while we compress the tar file...
Checking for free space on flash...
Copying file to flash...
File flashbackup.tar.gz created successfully on flash.
3. Execute the copy command to transfer the backup flash file to an external server or storage device.
(host) copy flash: flashbackup.tar.gz ftp: <ftphost> <ftpusername> <ftpuserpassword>
<remote directory>
(host) copy flash: flashbackup.tar.gz usb: partition <partition-number>
You can later transfer the backup flash file from the external server or storage device to the compact flash
file system by executing the copy command.
(host) # copy tftp: <tftphost> <filename> flash: flashbackup.tar.gz
(host) # copy usb: partition <partition-number> <filename> flash: flashbackup.tar.gz
4. Execute the restore command to untar and extract the flashbackup.tar.gz file to the compact flash file
system.
(host) # restore flash
30 | Upgrade Procedure
For switches running AOS-W 3.x versions earlier than AOS-W 3.4.4.1, download the latest version of
AOS-W 3.4.5.x.
For switches running AOS-W 3.x or those running AOS-W 5.0.x versions earlier than AOS-W 5.0.3.1,
download and install the latest version of AOS-W 5.0.4.x.
For switches running AOS-W 6.0.0.0 or 6.0.0.1 versions, download and install the latest version of AOSW 6.0.1.x.
Follow step 2 to step 11 of the procedure described in Upgrading From a Recent Version of AOS-W on page 31
to install the interim version of AOS-W, and then repeat steps 1 through 11 of the procedure to download and
install AOS-W 6.4.3.4.
3.4.4.1 or later
Install the AOS-W software image from a PC or workstation using the WebUI on the switch. You can also install
the software image from a TFTP or FTP server using the same WebUI page.
1. Download AOS-W 6.4.3.4 from the customer support site.
2. Upload the new software image(s) to a PC or workstation on your network.
3. Validate the SHA hash for a software image:
a. Download the Alcatel.sha256 file from the download directory.
b. To verify the image, load the image onto a Linux system and execute the sha256sum <filename>
command or use a suitable tool for your operating system that can generate a SHA256 hash of a file.
c. Verify that the output produced by this command matches the hash value found on the support site.
The AOS-W image file is digitally signed, and is verified using RSA2048 certificates preloaded on the switch at the
factory. Therefore, even if you do not manually verify the SHA hash of a software image, the switch will not load a
corrupted image.
Upgrade Procedure | 31
9. Choose Yes in the Save Current Configuration Before Reboot radio button.
10.Click Upgrade.
When the software image is uploaded to the switch, a popup window displays the Changes were written
to flash successfully message.
11.Click OK.
If you chose to automatically reboot the switch in step 8, the reboot process starts automatically within a
few seconds (unless you cancel it).
12.When the reboot process is complete, log in to the WebUI and navigate to the Monitoring > NETWORK >
All WLANControllers page to verify the upgrade.
When your upgrade is complete, perform the following steps to verify that the switch is functioning as
expected.
1. Log in to the WebUI to verify all your switches are up after the reboot.
2. Navigate to the Monitoring > NETWORK>Network Summary page to determine if your APs are up and
ready to accept clients. In addition, verify that the number of access points and clients are what you would
expect.
3. Verify that the number of access points and clients are what you would expect.
4. Test a different type of client for each access method that you use and in different locations when possible.
5. Complete a backup of all critical configuration data and files on the compact flash file system to an external
server or mass storage facility. See Backing up Critical Data on page 29 for information on creating a
backup. If the flash (Provisioning/Backup) image version string shows the letters rn, for example,
3.3.2.11-rn-3.0, note those AP names and IP addresses. The OAW-RAP5/OAW-RAP5WN reboots to
complete the provisioning image upgrade.
32 | Upgrade Procedure
3.4.4.1 or later
To install the AOS-W software image from a PC or workstation using the CLI on the switch:
1. Download AOS-W 6.4.3.4 from the customer support site.
2. Open an SSH session on your master (and local) switches.
3. Execute the ping command to verify the network connection from the target switch to the SCP/FTP/TFTP
server.
(hostname)# ping <ftphost>
or
(hostname)# ping <tftphost>
or
(hostname)# ping <scphost>
4. Execute the show image version command to check if the AOS-W images are loaded on the switch's flash
partitions. The partition number appears in the Partition row; 0:0 is partition 0, and 0:1 is partition 1. The
active boot partition is marked as Default boot.
(hostname) #show image version
---------------------------------Partition
: 0:0 (/dev/ha1)
Software Version
: AOS-W 6.1.1.0 (Digitally Signed - Production Build)
Build number
: 28288
Label
: 28288
Built on
: Thu Apr 21 12:09:15 PDT 2012
---------------------------------Partition
: 0:1 (/dev/hda2) **Default boot**
Software Version
: AOS-W 6.1.3.2 (Digitally Signed - Production Build)
Build number
: 38319
Label
: 38319
Built on
: Fri June 07 00:03:14 2013
5. Execute the copy command to load the new image onto the nonboot partition.
(hostname)# copy ftp: <ftphost> <ftpusername> <image filename> system: partition <0|1>
or
(hostname)# copy tftp: <tftphost> <image filename> system: partition <0|1>
or
(hostname)# copy scp: <scphost> <scpusername> <image filename> system: partition <0|1>
or
(hostname)# copy usb: partition <partition-number> <image filename> system: partition <0|1>
The USB option is available on the OAW-4010, OAW-4030, and OAW-4x50 Series switches.
6. Execute the show image version command to verify that the new image is loaded.
(hostname)# show image version
---------------------------------Partition
: 0:0 (/dev/hda1) **Default boot**
Software Version
: AOS-W 6.4.3.4 (Digitally Signed - Production Build)
Build number
: 51519
Upgrade Procedure | 33
Label
: 51519
Built on
: Thu Sep 3 00:49:57 PDT 2015
---------------------------------Partition
: 0:1 (/dev/hda2)
Software Version
: AOS-W 6.4.3.0 (Digitally Signed - Production Build)
Build number
: 49296
Label
: 49296
Built on
: Sun Mar 15 01:15:24 PDT 2015
8. Execute the show version command to verify that the upgrade is complete.
(hostname)# show version
When your upgrade is complete, perform the following steps to verify that the switch is functioning as
expected.
1. Log in to the CLI to verify that all your switches are up after the reboot.
2. Execute the show ap active command to determine if your APs are up and ready to accept clients.
3. Execute the show ap database command to verify that the number of access points and clients are what
you expected.
4. Test a different type of client for each access method that you use and in different locations when possible.
5. Complete a backup of all critical configuration data and files on the compact flash file system to an external
server or mass storage facility. See Backing up Critical Data on page 29 for information on creating a
backup.
Follow the steps below to install the FIPS software that is currently running a non-FIPS version of the software:
1. Install the FIPS version of the software on the switch.
2. Execute the write erase command to reset the configuration to the factory default; otherwise, you cannot
log in to the switch using the CLI or WebUI.
3. Reboot the switch by executing the reload command.
This is the only supported method of moving from no-FIPS software to FIPS software.
Downgrading
If necessary, you can return to your previous version of AOS-W.
If you upgraded from AOS-W 3.3.x to AOS-W 5.0, the upgrade script encrypts the internal database. New entries
created in AOS-W 6.4.3.4 are lost after the downgrade (this warning does not apply to upgrades from AOS-W 3.4.x to
AOS-W 6.1).
34 | Upgrade Procedure
If you do not downgrade to a previously saved pre-6.1 configuration, some parts of your deployment may not work as
they previously did. For example, when downgrading from AOS-W 6.4.3.4 to 5.0.3.2, changes made to WIPS in AOS-W
6.x prevent the new predefined IDS profile assigned to an AP group from being recognized by the older version of
AOS-W. This unrecognized profile can prevent associated APs from coming up, and can trigger a profile error.
These new IDS profiles begin with ids-transitional while older IDS profiles do not include transitional. If you have
encountered this issue, execute the show profile-errors and show ap-group commands to view the IDS profile
associated with the AP group.
When reverting the switch software, whenever possible, use the previous version of software known to be used on the
system. Loading a release not previously confirmed to operate in your environment could result in an improper
configuration.
Restore pre-AOS-W 6.4.3.4 flash backup from the file stored on the switch. Do not restore the AOS-W
6.4.3.4 flash backup file.
You do not need to reimport the WMS database or RF Plan data. However, if you have added changes to
RF Plan in AOS-W 6.4.3.4, the changes do not appear in RF Plan in the downgraded AOS-W version.
If you installed any certificates while running AOS-W 6.4.3.4, you need to reinstall the certificates in the
downgraded AOS-W version.
Upgrade Procedure | 35
or
(host) # copy tftp: <tftphost> <image filename> system: partition 1
3. Execute the show image version command to view the partition on which your previous software image
is stored. You cannot load a new image into the active system partition (the default boot).
In the following example, partition 1, the backup system partition, contains the backup release AOS-W
6.1.3.2. Partition 0, the default boot partition, contains the AOS-W 6.4.3.4 image.
(host)#show image version
---------------------------------Partition
: 0:0 (/dev/hda1) **Default boot**
Software Version
: AOS-W 6.4.3.4 (Digitally Signed - Production Build)
Build number
: 50954
Label
: 50954
Built on
: Fri Jul 24 01:55:05 PDT2015
---------------------------------Partition
: 0:1 (/dev/hda2)
Software Version
: AOS-W 6.1.3.2 (Digitally Signed - Production Build)
Build number
: 38319
Label
: 38319
Built on
: Fri June 07 00:03:14 2013
6. When the boot process is complete, verify that the switch is using the correct software.
(host) # show image version
36 | Upgrade Procedure
2. Provide the wireless device's make and model number, OS version (including any service packs or patches),
wireless Network Interface Card (NIC) make and model number, wireless NIC's driver date and version, and
the wireless NIC's configuration.
3. Provide the switch logs and output of the show tech-support command via the WebUI Maintenance tab
or via the CLI (tar logs tech-support).
4. Provide the syslog file of the switch at the time of the problem. Alcatel-Lucent strongly recommends that
you consider adding a syslog server if you do not already have one to capture logs from the switch.
5. Let the support person know if this is a new or existing installation. This helps the support team to
determine the troubleshooting approach, depending on whether you have an outage in a network that
worked in the past, a network configuration that has never worked, or a brand new installation.
6. Let the support person know if there are any recent changes in your network (external to the Alcatel-Lucent
switch) or any recent changes to your switch and/or AP configuration. If there was a configuration change,
list the exact configuration steps and commands used.
7. Provide the date and time (if possible) of when the problem first occurred. If the problem is reproducible,
list the exact steps taken to re-create the problem.
8. Provide any wired or wireless sniffer traces taken during the time of the problem.
9. Provide the switch site access information, if possible.
Upgrade Procedure | 37
38 | Upgrade Procedure