9037076-01 Extreme Campus Controller v05.36.02.0011 RelNotes
9037076-01, Extreme, Campus, Controller, v05.36.02.0011 RelNotes
ExtremeNetworks Extreme Networks, Inc.
Extreme Campus Controller version 5.36.02 Release Notes Jun 2021
Extreme Campus Controller Version 5.36 - Extreme Networks
Not Your Device? Search For Manuals or Datasheets below:
File Info : application/pdf, 18 Pages, 362.09KB
Document DEVICE REPORT9037076-01 Extreme Campus Controller v05.36.02.0011 RelNotesCustomer Release Notes Extreme Campus Controller Firmware Version V05.36.02.0011 June 29, 2021 6480 Via Del Oro San Jose, CA 95119 +1 888-257-3000 INTRODUCTION: The Extreme Campus Controller, is a next generation orchestration application offering all the mobility services required for modern unified access deployments. The Extreme Campus Controller includes comprehensive critical network services for wireless and wired connectivity, wireless device secure onboarding, distributed and centralized data paths, role-based access control through the Application Layer (Layer 7), integrated location services, and IoT device onboarding through a single platform. Built on field proven architectures with the latest technology, the embedded operating system supports containerization of applications enabling future expansion of value-added applications for the unified access edge. The E3120 is a large application appliance meeting the needs of high-density and mission critical deployments with support for up to 10,000 APs/Defenders, 2000 switches, and 100,000 mobility sessions in high-availability mode. An optional redundant power supply is available for ordering separately. The E2120 is an application appliance meeting the needs of medium sized high-density and mission critical deployments with support for up to 4,000 APs/Defenders, 800 switches and 32,000 mobility sessions in highavailability mode. An optional redundant power supply is available for ordering separately. The E2122 is an application appliance meeting the needs of medium sized high-density and mission critical deployments with support for up to 4,000 APs/Defenders, 800 switches and 32,000 mobility sessions in highavailability mode. An optional redundant power supply is available for ordering separately. The E1120 is an entry to mid-level platform expandable to 250 APs/Defenders, 100 switches, and 4,000 mobility sessions in high-availability mode. The VE6120 is an elastic virtual appliance that supports up to 1,000 APs/Defenders, up to 400 switches and 16,000 mobility sessions in high-availability mode depending on the hosting hardware. The VE6120 and VE6120H offer elastic capacities to cover the full range of offering as VMWare/MS Hyper-V, ranging from VE6120/VE6120H-Small to VE6120/VE6120H-Large. The VE6125 XL is an virtual appliance that supports up to 4,000 APs/Defenders, up to 400 switches and 32,000 mobility sessions in high-availability mode, depending on the hosting hardware. The Extreme Campus Controller offers the ability to expand capacity to meet any growing business needs. The hardware and virtual packages are available for purchase using a traditional CAPEX model. The customer has the option to purchase adoption capacity via a Perpetual (CAPEX) model or as a Right-To-Use Subscription model, supporting flexible quantites (per managed device) and term (multiple-year extended term) option. 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 1 of 18 Extreme Campus Controller Customer Release Notes Enhancements in 05.36.02.0011 Introduced WPA3-Enterprise as a new authentication type option for Network privacy definitions. Increased the Organizational Identifiers from 2 to 8 for Hotspot 2.0 in support of the WiFi4EU Initiative. Added support for configuring HEX-encoded pre-shared key for WPA-PSK WLANs. Provided the ability to clone an existing configuration Profile for use with a device group that supports the same devce type. Provided the ability to filter events on the Logs screen for Events, Station Events, Audit, and AP Logs. The filtered list will persist during your session. You can navigate away from the page and return to the same filtered list. The filter is cleared after you log out or reboot the controller. XCC-1455 XCC-1400 XCC-1322 XCC-1219 XCC-981 Changes in 05.36.02.0011 GUI Mesh Report is missing the information about the Root AP with Ethernet connection. This problem will be addressed in a future release. I.D ECA-565 Enhancements in 05.36.01.0013 Improved visualization of user location on floor plan by providing option to auto-refresh to pick up new-location of tracked devices. Provided automatic option to hide badges as a way to improve readabilty of location of device location relative to the underlying floor plans. Added support for wired client connection for AP305C/X in Mesh. Added warning on console access that configuration via CLI is not supported. Only supported configuration methods are GUI or REST API. Added option for administrator to manually defined description per element of NAI Realm, Roaming Consortium, and 3GPP Network IDs. Added discovery and display of attributes of Switch and Port where AP is connected. Added detection of uplink failure to Root Mesh APs. Increased supported resolution for floor plans. Added support of Mesh (MCX) to AP302W. Validated integration with A3/ExtremeNAC. Requires ExtremeNAC/A3 version 4.0 or higher. XCC-1341 XCC-1205 XCC-1172 XCC-1130 XCC-979 XCC-971 XCC-957 XCC-956 XCC-880 Changes in 05.36.01.0013 Extreme Campus Controller 5.36.01 packages WiNG 7.6.2.0 image as default image. This AP firmware revision contains the protection for "Fragmentation" (aka "Frag") attacks for WiFi 6 Access Points. Firmware to protect FRAG attacks against WiFi 5 (AP39xx) is in the works and will be made available in a future release. Corrected device type recognition for device group rules to match and filter intended devices. I.D XCC-1506 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 2 of 18 Extreme Campus Controller Customer Release Notes Changes in 05.36.01.0013 I.D Extreme Campus Controller can detect device type for Apple devices running iOS v14 with build 5.36.01.0013/7.6.2.0-018R. The fix applies to the AP WiNG image and Extreme Campus Controller. XCC-1407 Corrected the issue that prevented sending Link Aggregation Group (LAG) configuration from XCC-1298 Extreme Campus Controller to Extreme 220 Series switches. Extreme Networks recommends that you thoroughly review this document prior to installing or upgrading this product. For the latest firmware versions, visit the download site at: www.extremenetworks.com/support/ FIRMWARE SPECIFICATION: Status Current Version Previous Version Version No. V.05.36.02.0011 V.05.36.01.0013 Type Feature Release Feature Release Release Date June 29, 2021 June 04, 2021 SUPPORTED APPLIANCES, ACCESS POINTS AND SWITCHES: Product Name Extreme Campus Controller VE6120 VMware Min Supported ESXi version 5.1 or later, (tested 6.7) Extreme Campus Controller VE6120H (Windows server 2016 or later) Extreme Campus Controller VE6125 Min Supported ESXi version 5.5 or later, (tested 6.7) Extreme Campus Controller E1120 Extreme Campus Controller E2120 Extreme Campus Controller E2122 Extreme Campus Controller E3120 SA201 APVMAP7 APVMAP7 AP302W-CAN AP302W-FCC AP302W-IL AP302W-WR AP305C-CAN AP305C-FCC AP305C-IL AP305C-WR Image ECA-05.36.02.0011-1.dle ECA-05.36.02.0011-1.spe ECA-05.36.02.0011-1.rse ECA-05.36.02.0011-1.sme ECA-05.36.02.0011-1.jse ECA-05.36.02.0011-1.wze ECA-05.36.02.0011-1.ose AP391x-10.51.18.0002.img APVMAP7-7.6.3.0-012R.img AP302W-LEAN-7.6.3.0-012R.img AP3xxC-LEAN-7.6.3.0-012R.img 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 3 of 18 AP305CX-CAN AP305CX-FCC AP305CX-IL AP305C-WR Product Name AP310e-CAN AP310e-FCC AP310e-IL AP310e-WR AP310i-CAN AP310i-FCC AP310i-IL AP310i-WR AP360e-CAN AP360e-FCC AP360e-IL AP360e-WR AP360i-CAN AP360i-FCC AP360i-IL AP360i-WR AP3912i-FCC AP3912i-ROW AP3915e-FCC AP3915e-ROW AP3915i-FCC AP3915i-ROW AP3916ic-FCC AP3916ic-ROW AP3916-camera AP3917e-FCC AP3917e-ROW AP3917i-FCC AP3917i-ROW AP3917k-FCC AP3917k-ROW AP3935e-FCC AP3935e-ROW AP3935i-FCC AP3935i-IL AP3935i-ROW AP3965e-FCC Extreme Campus Controller Customer Release Notes Image AP3xx-LEAN-7.6.3.0-012R.img AP3xx-LEAN-7.6.3.0-012R.img AP391x-10.51.18.0002.img AP391x-10.51.18.0002.img AP391x-10.51.18.0002.img AP3916IC-V1-0-14-1.dlf AP391x-10.51.18.0002.img AP3935-10.51.18.0002.img AP3935-10.51.18.0002.img 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 4 of 18 Extreme Campus Controller Customer Release Notes AP3965e-ROW AP3965i-FCC AP3965i-ROW Product Name AP410C-CAN AP410C-FCC AP410C-IL AP410C-WR AP410e-CAN AP410e- FCC AP410e-IL AP410e-WR AP410i-CAN AP410i-FCC AP410i-IL AP410i-WR AP460C-CAN AP460C-FCC AP460C-IL AP460C-WR AP460S12C-CAN AP460 S12C-FCC AP460 S12C-IL AP460 S12C-WR AP460S6C-CAN AP460S6C-FCC AP460S6C-IL AP460S6C-WR AP460e-CAN AP460e-FCC AP460e-IL AP460e-WR AP460i-CAN AP460i-FCC AP460i-IL AP460i-WR AP505i-FCC AP505i-WR AP510e-FCC AP510e-WR AP510i-FCC AP510i-WR AP560h-FCC AP560h-WR AP560i-FCC AP560i-WR 06/29/2021 P/N: 9037076-01 F0615-O Image AP4xxC-LEAN-7.6.3.0-012R.img AP4xx-LEAN-7.6.3.0-012R.img AP4xxC-LEAN-7.6.3.0-012R.img AP4xx-LEAN-7.6.3.0-012R.img AP5xx-LEAN-7.6.3.0-012R.img AP5xx-LEAN-7.6.3.0-012R.img AP5xx-LEAN-7.6.3.0-012R.img Subject to Change Without Notice Page: 5 of 18 Product Name Switches 210-12p-10GE2 210-24p-10GE2 210-48p-10GE2 210-12p-10GE2 POE 210-24p-10GE2 POE 210-48p-10GE2 POE 220-12p-10GE2 220-24p-10GE2 220-48p-10GE2 220-12p-10GE2 POE 220-24p-10GE2 POE 220-48p-10GE2 POE X435-24P/T-4S X440G2-12t-10G4 X440G2-24t-10G4 X440G2-48t-10G4 X440G2-12t-10G4 POE X440G2-24t-10G4 POE X440G2-48t-10G4 POE X465_24W X465_48T X465_48P X465_48W X465_24MU X465_24MU_24W X620-16x Extreme Campus Controller Customer Release Notes Image 210-series_V1.02.05.0013.stk fp-connector-3.3.0.4.pyz (cloud connector) 220-series_V1.02.05.0013.stk, fp-connector-3.3.0.4.pyz (cloud connector) summitlite_arm-30.7.1.1.xos, summitlite_arm30.5.0.259-cloud_connector-3.4.2.6.xmod summitX-30.2.1.8-patch2-5.xos summitX-30.2.1.8-cloud_connector-3.4.1.20.xmod (cloud connector) onie-30.2.1.8-patch2-5-vpex_controlling_bridge.lst, onie-30.2.1.8-cloud_connector-3.4.1.20.xmod onie-30.2.1.8-patch2-5-vpex_controlling_bridge.lst, onie-30.2.1.8-cloud_connector-3.4.1.20.xmod summitX-30.2.1.8-patch2-5.xos, summitX-30.2.1.8cloud_connector-3.4.1.8.xmod (cloud connector) NETWORK MANAGEMENT SOFTWARE SUPPORT Network Management ExtremeManagementTM Center ExtremeControlTM ExtremeAnalyticsTM ExtremeCloudTM A3 ExtremeCloudTM IQ-Site Engine 8.5.6 or higher 8.5.6 or higher 8.5.6 or higher 4.0 21.4.11 (patch) Version Air Defense and Location ExtremeAirDefenseTM 10.4 ExtremeLocationTM 3.1 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Version Page: 6 of 18 ExtremeGuest ExtremeGuestTM Extreme Campus Controller Customer Release Notes 6.0.1.0-001R Version Note: Platform and AP Configuration functions are not supported by ExtremeManagementTM. Extreme Campus Controller does not yet expose support for ExtremeLocationTM Calibration procedure. ExtremeLocation will work correctly for Zone and Occupancy level analytics but does not fully support Position Tracking with this release. Enhanced support for Position Tracking will be added to a future release of Extreme Campus Controller. INSTALLATION INFORMATION: E1120 E2120 E2122 E3120 VE6120/VE6125 VE6120H Appliance Installations Extreme Campus Controller E1120 Installation Guide Extreme Campus Controller E2120 Installation Guide Extreme Campus Controller E2122 Installation Guide Extreme Campus Controller E3120 Installation Guide Extreme Campus Controller VE6120/VE6125 Installation Guide Extreme Campus Controller VE6120H Installation Guide Known Restrictions and Limitations: Known Restriction or Limitation Certain wireless clients (such as Qualcomm Killer Wireless 1535 and Intel 7265D/8260/8265) have been known to not complete the 4-way handshake in order to fulfill the association process in networks that have both PMF/MFP (802.11w) and Fast-Transition (802.11r [FT]) enabled. The currently recommended workaround is to not enable PMF/MFP configuration on a service that is also using 802.11r. Such clients have been demonstrated to work correctly on services with just 802.11r (FT) enabled. When infrastructure WLAN, used for connecting client bridge APs, has Quiet IE enable, the client bridge link becomes unstable. It is recomended to disable Quiet IE if a WLAN is used for client bridge connection. Windows 10 clients are not able to connect to WPA3-Enterprise WLAN, and to WPA2 WLANs with Protected Management Frames required. ExtremeCloud IQ-Site Engine 21.4.11 or Extreme Management Center 8.5.6 is minimum required revision for representation of Extreme Campus Controller 5.36.01 or later revisions. A reboot of the peer Extreme Campus Controller is required when Availability is configured for the first time to ensure synchronization of the configuration of 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice I.D nse0003416 XCC-1570 XCC-1569 XCC-1486 ECA-622 Page: 7 of 18 Extreme Campus Controller Customer Release Notes Known Restriction or Limitation ONBOARD attributes, such as device groups. This issue will be addressed in a future release. The switch primary/backup availability is not supported on the EXOS switches running the 3.4.1.8 Cloud Connector. This affects the deployments where two appliances are configured in an Availability Pair. If the primary appliance is going down, then the EXOS switches will not send statistics to the backup appliance and will be marked in red "Critical" state. When the primary appliance is coming up again, the switches will resume sending statistics information to the primary appliance and the state of the switch will be marked with a green "Running" state. Allow UTF-8 characters in JSON payload for all Rest API so non-ASCII / Unicode characters are accepted in Rest API requests to comply with current Rest API standards. MAC-based authentication and WPA3-Compatibility (SAE or WPA2-PSK) and PMF "Required" may not work. This issue will be addressed in a future release. AP310 models are not currently supported by ExtremeLocationTM. Do not enable ExtremeLocation settings in the configuration Profile for an AP310 device group. Doing so may have a negative impact on AP performance. For Extreme Campus Controller configured for authentication of administrators over RADIUS server, the GUI responsiveness may be slow, possibly over 30 seconds if target server(s) are unavailable/unreachable at login time. If outage is extensive, system will eventually timeout to validate against local credentials when provisioned. For High-Availability installations, on systems configured with RADIUS Accounting or Smart RF enabled, clients (end-systems) may experience a momentary disconnect during the upgrade process (maintenance window). Users immediately reconnect to the available infrastructure, so impact is negligible. For smoother session availability with fast-failover during a failover event, it is recommended to not run these options. This issue is being investigated and will be addressed in a future release. Upgrade failure will occur when using special characters (escape back slash) in topology. In SmartRF mode, the AP510 power may temporarily drop to 0dBm and returns to 4dBm. With on-air-busy channel conditions, it is possible for the ACS not to produce the expected results. In this instance, perform manual channel selection. Widgets do not show tooltips for lower and upper values. This issue will be addressed in a future release. Firmware for ExtremeWireless AP3900 series access points does not currently support Smart RF. No Smart RF data is displayed. Released revisions of Extreme Management Center (XMC) do not recognize the new Extreme Campus Controller (XCC) 5.36.01 revision. ExtremeCloud IQ Site Engine (XIQ-SE) is the defined upgrade path for XMC installations. To properly visualize state of wireless installations and manage policy configuration of an XCC 5.36.01, a minimum revision of XIQ-SE 21.4.11 (patch, available through GTAC) or greater, or a minimum revision of XMC 8.5.6 or greater, is required. We recommend delaying the upgrade of Extreme Campus Controller appliances (physical or virtual) to 5.36.01 until notice of general availability of Extreme Management Center 8.5.6 or confirmation by GTAC on availability of ExtremeCloud I.D ECA-455 ECA-321 ECA-1961 ECA-1620 ECA-1396 ECA-1264 ECA-466 ECA-469 ECA-528 ECA-567 ECA-1484 Info 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 8 of 18 Extreme Campus Controller Customer Release Notes Known Restriction or Limitation IQ Site Engine 21.4,11. Both updated revisions are in plan towards the end-of-July 2021 timeline. Several old Intel clients (i.e. Intel dual band Wireless AC 7260) if they are using old drivers are NOT seeing BSSID / SSID advertising 11x capability. This is a client issue (forward compatibility). Other older clients may have this issue. See: [https://www.intel.com/content/www/us/en/support/articles/000054799/network-and-io/wireless-networking.html|http://example.com] See KB: [https://gtacknowledge.extremenetworks.com/articles/Solution/AP510-Unable-to-seethe-SSID-on-my-laptop|http://example.com] NB The client driver update must be done from Intel\drivers' site because the Windows update reports that the client is running the latest driver. If the client driver cannot be controlled (in a BYOD environment), then the AP radios must be configured on a/n/ac (disable ax) until all clients will upgrade to the latest driver. Default router/gateway should be configured with a next-hop associated with one of the physical interfaces. Pointing the default route to the Admin interface will lead to issues because access points will not get the correct services from the data plane. We recommend setting the default route via data ports, and if necessary, configuring static routes on the Admin port for administration level access. Before installing a new Extreme Campus Controller license, you must configure Network Time Protocol (NTP) Server settings. Licensing management is dependent on accurate NTP configuration. Configure NTP via the Extreme Campus Controller initial Configuration Wizard, or go to Admin > System > Network Time to configure and verify the NTP settings. For AP deployments in remote locations where access points and controllers may need to be discovered and connected over firewalls, a best practice is to leverage DNS or DHCP Option 60/43 methods for zero-touch-provisioning discovery. These methods provide direct connectivity to the defined IP address. DHCP Option 78, which refers to the controller as a Service Location Protocol Directory Agent (SLPDA), requires the exchange of SLP protocol between the AP and the appliance at the core, necessitating that UDP 427 be allowed by any firewall in the path. For such installations, discovery over DHCP Option 78 assist is not recommended. When using SLP, for an AP to establish connection with a controller, it must first exchange SLP Directory Agent registration before IPSEC establishment with the eventual controller. That means that SLP UDP 427 must be open along the path. Further issues can occur if Network Address Translation (NAT) is involved. While this method is popular and widely deployed within a homogenous campus, it may result in inadvertent complications for remote connections. Therefore, it should not be used in favor of an alternate method (DHCP 60/43, DNS, or static override). When configuring system for NTP time assignment, ensure that the NTP server is properly configured. Incorrect time settings (like timestamps far in the future) may adversely affect system operation, such as certificate expiration that may trigger failures in device registration or system instability. Appliances in a High-Availability pair must be of the same model and at the same exact software revision (and time synched) for configuration synchronization to propagate to the peer. During the upgrade process of a High-Availability pair, any configuration changes made while only one appliance has been upgraded (and therefore resulting in a version mismatch) will not be propagated until the peer is 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice I.D Info Info Info Info Info nse0003696 Info nse0005086 Page: 9 of 18 Extreme Campus Controller Customer Release Notes Known Restriction or Limitation correspondingly upgraded to the same revision. We recommend that you NOT perform configuration changes to one of the members of a High-Availability pair while the peer has a different software revision. For High-Availability configurations, during upgrade phases or configuration restore operations, wait until the availability link is established and synchronized before attempting to make any new configuration changes. The Availability status will only re-establish to Synched status when both appliances are running the exact same firmware revision. During upgrade periods, the Availability link will only re-establish when both the appliance status of availability link and synchronization status can be found. Go to: · "Network Health" widget on the Dashboard, or · Administration -> System -> Availability Recommendation settings for setup of redundant RADIUS server authentication: · Response Window to 5s [Default: 20s] · Revival Interval to 10s [Default: 60s] I.D Info ECA-776 Info ECA-875 SUPPORTED WEB BROWSERS For Extreme Campus Controller management GUI, the following Web browsers were tested for interoperability: · Firefox 81.0 · Google Chrome 86.0 Note: Microsoft IE browser is not supported for UI management. The Wireless Clients (Captive Portal, AAA): Browsers Chrome Version 75.0.37770.142 Microsoft IE 11 Microsoft Edge Firefox Safari Safari 42.17134 68.0 Preinstalled with iOS 12.2 Preinstalled with iOS 9.3.5 OS Windows 7 Windows 10 Windows 7 Windows 8.1 Windows 10 Windows 10 Windows 10 iOS 12.2 iOS 9.3.5 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 10 of 18 Extreme Campus Controller Customer Release Notes PORT LIST The following list of ports may need to remain open so that the Appliances and APs will function properly on a network that includes protection equipment like a firewall. Extreme Campus Controller TCP/UDP Port Assignment Reference Comp. Source Comp. Dest Protocol Src (TCP/UDP) Port Dest Port Service Ports for AP/Appliance Communication Remark Open Firewall Req'd Appliance Access Point UDP Any 13910 Access Appliance Point UDP Any 13910 Appliance Access Point UDP 4500 Any Access Appliance Point UDP Any 4500 Access Point Access Point Appliance Appliance UDP UDP Any 13907 Any 67 Access Appliance Point UDP Any 68 Access Appliance Point UDP Any 427 Appliance Access TCP/UDP Any 69 Point Access Appliance TCP/UDP Any 69 Point Appliance Access TCP/UDP Any 22 Point Any Access TCP Any 2002, Point 2003 WASSP WASSP Secured WASSP Secured WASSP WASSP DHCP Server DHCP Server SLP TFTP TFTP SCP RCAPD Management and Data Tunnel between AP and Appliance Management and Data Tunnel between AP and Appliance Management Tunnel between AP and Appliance Management Tunnel between AP and Appliance AP Registration to Appliance If Appliance is DHCP Server for AP If Appliance is DHCP Server for AP AP Registration to Appliance AP image transfer Yes Yes Optional Optional Yes Optional Optional Optional Yes AP image transfer Yes AP traces Yes AP Real Capture (if Optional enabled) 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 11 of 18 Extreme Campus Controller Customer Release Notes Comp. Source Any Any Any Any Any Any Any Any Any Any Any Any Any Any Appliance Appliance Appliance Appliance Comp. Dest Protocol Src (TCP/UDP) Port Dest Port Service Remark Access TCP/UDP Any 22 Point SSH Remote AP login (if enabled) Access TCP/UDP Any 445 Point Microsoft CIFS LDAP support Access TCP/UDP Any 137, Point 138, 139 NetBIOS LDAP support Ports for Appliance Management Appliance TCP/UDP Any 22 SSH Appliance CLI access Appliance TCP/UDP Any 5825 HTTPS Appliance GUI access Appliance TCP/UDP Any 161 SNMP Appliance SNMP access Appliance TCP/UDP Any 162 SNMP Trap Appliance SNMP access Appliance TCP Any 80 HTTP Appliance SNMP access ICP Self Registration Appliance TCP Any 443 HTTPS ICP Self Registration Appliance UDP 500 500 IKE IKE phase 1 Appliance TCP/UDP Any 69 TFTP TFTP support Appliance UDP Any 4500 IPSec IPSec NAT traversal Appliance UDP Any 13907 Discovery Used by Discovery Appliance UDP Any 13910 WASSP Used by L3 WASSP Ports for Inter Controller Mobility1 and Availability Appliance UDP Any 13911 WASSP Mobility and Availability Tunnel Appliance TCP Any 427 SLP SLP Directory Appliance TCP Any 20506 Langley Remote Langley Secure Appliance TCP Any 60606 Mobility VN MGR Open Firewall Req'd Optional Optional Optional Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes 1For extension of ExtremeWireless deployment via Inter Controller Mobility. 06/29/2021 P/N: 9037076-01 Subject to Change Without Notice F0615-O Page: 12 of 18 Extreme Campus Controller Customer Release Notes Comp. Source Comp. Dest Appliance Appliance Appliance DHCP Server DHCP Server Appliance Appliance Appliance DNS Server Syslog Server Appliance RADIUS Server Appliance Appliance RADIUS Server RADIUS server Appliance Dynamic Auth. Server (NAC) Appliance RADIUS server Appliance AeroScout Server AeroScout Appliance Server Appliance Extreme Cloud IQ Protocol (TCP/UDP) TCP Src Port Any Dest Port 123 UDP Any 67 UDP Any 68 Service NTP SLP SLP Core Back-End Communication UDP Any 53 DNS UDP Any 514 Syslog UDP UDP UDP UDP UDP Any 1812 RADIUS Authenticatio n and Authorization Any 1813 RADIUS Accounting Any 1814 RADIUS Authenticatio n and Authorization Any 1815 RADIUS Accounting Any 3799 DAS UDP UDP TCP 1144 12092 12092 1144 Any 443 Location Based Service Proxy Location Based Service Proxy NSight Remark Availability time sync Asking DHCP Server for SLP DA RespoECA from DHCP Server for SLP DA request If using DNS If Appliance logs to external syslog server If using RADIUS AAA If enabled RADIUS accounting If using RADIUS AAA If enabled RADIUS Accounting Request from DAS client to disconnect a specific client Aeroscout Location-Based Service Aeroscout Location-Based Service Statistics Report into ExtremeCloud IQ Open Firewall Req'd Yes Yes Yes Optional Optional Optional Optional Optional Optional Optional Optional Optional Yes 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 13 of 18 Extreme Campus Controller Customer Release Notes IETF STANDARDS MIB SUPPORT: RFC No. Draft version of 802.11 1213 1573 1907 1493 2674 2674 Title IEEE802dot11-MIB RFC1213-MIB IF-MIB SNMPv2-MIB BRIDGE-MIB P-BRIDGE-MIB Q-BRIDGE-MIB Groups Supported Most of the objects supported ifTable and interface scalar supported System scalars supported EWC supports relevant subset of the MIB EWC supports relevant subset of the MIB EWC supports relevant subset of the MIB EXTREME NETWORKS PRIVATE ENTERPRISE MIB SUPPORT Extreme Networks Private Enterprise MIBs are available in ASN.1 format from the Extreme Networks website at: https://extremeportal.force.com/. Standard MIBs Title IEEE802dot11-MIB RFC1213-MIB.my IF-MIB SNMPv2-MIB BRIDGE-MIB P-BRIDGE-MIB Q-BRIDGE-MIB Description Standard MIB for wireless devices Standard MIB for system information Interface MIB Standard MIB for system information VLAN configuration information that pertains to EWC VLAN configuration information that pertains to EWC VLAN configuration information that pertains to EWC Siemens Proprietary MIB Title HIPATH-WIRELESS-HWC-MIB.my HIPATH-WIRELESS-PRODUCTS-MIB.my HIPATH-WIRELESS-DOT11-EXTNS-MIB.my HIPATH-WIRELESS-SMI.my Description Configuration and statistics related to EWC and associated objects Defines product classes Extension to IEEE802dot11-MIB that complements standard MIB Root for Chantry/Siemens MIB 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 14 of 18 Extreme Campus Controller Customer Release Notes 802.11AC AND 802.11N CLIENTS Please refer to the latest release notes for ExtremeWirelessTM 10.41.09 or later and/or ExtremeWireless WiNG 5.9.02 or later for the list of compatibility test devices. RADIUS SERVERS AND SUPPLICANTS RADIUS Servers Used During Testing Vendor FreeRADIUS FreeRADIUS IAS SBR50 NPS 1.1.6 Model OS 1.0.1 5.2.3790.3959 6.1.6 6.0.6002.18005 Version FreeRADIUS FreeRADIUS Microsoft Server 2003 IAS SBR Enterprise edition Microsoft Server 2008 NPS 802.1x Supplicants Supported Vendor Model OS Juniper Networks® / Funk Odyssey client Version Version 5.10.14353.0 Version 5.00.12709.0 Version 4.60.49335.0 Wireless Zero Configuration Version Windows XP-4K891859-Beta1 Microsoft® Wireless Network Connection Configuration Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services Information Element (WPS IE) update for Windows XP with Service Pack 2 Version Microsoft Window Server 2003, Enterprise Edition R2 SP2 Version WindowsXPKB893357-v2-x86-ENU.exe Intel® Intel PRO Set/Wireless Version 13.0.0.x (with Windows® Intel® driver version 13.0.0.x) Microsoft® Wireless Zero Windows 7, 8, 8.1 Pro, 10 Pro Windows Phone 8.1, Windows Mobile 10 Provided with Windows® 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 15 of 18 Appliance LAN Switch Verification Extreme Campus Controller Customer Release Notes Vendor Model OS Version Role Extreme Extreme Extreme Extreme Extreme Extreme Extreme Extreme Extreme Cisco X-460-G2 12.5.4.5 ECA connection X440G2-48p-10G4 21.1.1.4 ECA connectivity Summit 300-48 7.6e1.4 ECA connection VSP-4850GTS-PWR (6.0.1.1_B003) (PRIVATE)Â HW ECA connection Base: ERS 4850 K6 Â 08.63.02.0004 ECA connection K6 08.42.03.0006 ECA connection X440G2-48p-10GE4 21.1.5.2 ECA connection X440-G2-12p 21.1.1.4 ECA connection X460-48p 12.5.4.5 ECA connection Catalyst 3550 12.1(19)EA1c ECA connection CERTIFICATION AUTHORITY Server Vendor Microsoft CA Microsoft CA OpenSSL Model OS Version Windows Server 2003 Enterprise Edition 5.2.3790.1830 Windows Server 2008 Enterprise Edition 6.0 Linux 1.1.1g RADIUS ATTRIBUTES SUPPORT RADIUS Authentication and Authorization Attributes Attribute Called-Station-Id Calling-Station-Id Class EAP-Message Event-Timestamp Filter-Id Framed-IPv6-Pool Framed-MTU Framed-Pool Idle-Timeout RFC Source RFC 2865, RFC 3580 RFC 2865, RFC 3580 RFC 2865 RFC 3579 RFC 2869 RFC 2865, RFC 3580 RFC 3162 RFC 2865, RFC 3580 RFC 2869 RFC 2865, RFC 3580 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 16 of 18 Extreme Campus Controller Customer Release Notes Attribute Message-Authenticator NAS-Identifier NAS-IP-Address NAS-IPv6-Address NAS-Port NAS-Port-Id NAS-Port-Type Password-Retry Service-Type Session-Timeout State Termination-Action Tunnel Attributes User-Name Vendor-Specific RFC Source RFC 3579 RFC 2865, RFC 3580 RFC 2865, RFC 3580 RFC 3162 RFC 2865, RFC 3580 RFC 2865, RFC 3580 RFC 2865, RFC 3580 RFC 2869 RFC 2865, RFC 3580 RFC 2865 RFC 2865 RFC 2865, RFC 3580 RFC 2867, RFC 2868, RFC 3580 RFC 2865, RFC 3580 RFC 2865 RADIUS Accounting Attributes Attribute Acct-Authentic RFC 2866 Acct-Delay-Time RFC 2866 Acct-Input-Octets RFC 2866 Acct-Input-Packets RFC 2866 Acct-Interim-Interval RFC 2869 Acct-Output-Octets RFC 2866 Acct-Output-Packets RFC 2866 Acct-Session-Id RFC 2866 Acct-Session-Time RFC 2866 Acct-Status-Type RFC 2866 Acct-Terminate-Cause RFC 2866 RFC Source 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 17 of 18 Extreme Campus Controller Customer Release Notes GLOBAL SUPPORT: By Phone: +1 800-998-2408 (toll-free in U.S. and Canada) For the toll-free support number in your country: https://extremeportal.force.com/ By Email: [email protected] By Web: https://extremeportal.force.com/ By Mail: Extreme Networks, Inc. 6480 Via Del Oro San Jose, CA 95119 USA For information regarding the latest software release, recent release note revisions and documentation, or if you require additional assistance, please visit the Extreme Networks Support website. Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of Extreme Networks, Inc. in the United States and/or other countries. All other names (including any product names) mentioned in this document are the property of their respective owners and may be trademarks or registered trademarks of their respective companies/owners. Extreme Networks IPS includes software whose copyright is licensed from MySQL AB. For additional information on Extreme Networks trademarks, please see: www.extremenetworks.com/company/legal/trademarks/ 06/29/2021 P/N: 9037076-01 F0615-O Subject to Change Without Notice Page: 18 of 18ExtremeNetworks Adobe PDF Library 21.5.80