7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.

txt

Evaluation Report
Case Number: 02620467

Project: 02620467

Platform: voss

Owner: ssafiee

Executed: Sat Jul 23 2022 01:38:53 GMT+0800 (Malaysia Time)

Total Number of Rules for Execution: 0

Fails: 8 Fail Details

Pass or Non-Relevant: 57 Pass Details

Fail Items

Rule Name Level Status Message Description

REC ACCESS POLICY major Fail Platform: VSP-7254XSQ This rules checks whether Access-Policy is
ENABLE CHECK S/W version: 7.1.0.1

Access-Policy is disabled globally

enabled globally as minimum security
measure to allow only specific IP blocks or
hosts to allow to access switches.  Please
make assure that access-policy is enabled
globally and user accessible IP blocks are
properly configured for management
services(ssh, https, snmpv3).

REC SYSTEM SERVICE WEB warning Fail Web Service(HTTP) is enabled without secure mode Check Webserver enabled or not. Security compliance
SERVER CHECK recommends using secure web server only from the system

REC NTP SERVER warning Fail NTP Server:172.28.88.102, Sync Status:not synchronized, To prevent clock drift, NTP configuration is
CONFIGURATION CHECK Reachability:unreachable, Precision:unknown, Version:N/A
NTP Server:172.28.88.103, Sync Status:not synchronized,

required.  This rule checks whether NTP

Reachability:unreachable, Precision:unknown, Version:N/A configuration is applied and time is
synchronized with NTP servers.

Please follow the action described in the

knowledge article how to configure NTP

REC LOG SHOWING DIGITAL warning Fail 2022-07-22T18:10:46.743,-04:00, Slot:CP1, This rule checks whether the below message
CERTIFICATE EXPIRED VRF:GlobalRouter, Message(1): Digital Certificate
CHECK /intflash/.cert/.ssl/cert.der Expired!
affects customer switch or not.  

The problem : SSL certificate has expired in

the VSP switch. By default, the system
generates a default certificate (host.cert and
also the key file, host.key) with a validity
period of 365 days.  

“GlobalRouter DIGITALCERT INFO Digital

Certificate /intflash/.cert/.ssl/cert.der Expired!”

Please refer to the knowledge article, How To

Generate and Load the SSL Certificates On
Switch for Secure Access To EDM

REC SYSTEM SERVICE info Fail Tftpd is enabled Check TFTPD is enabled or not. Security
TFTPD CHECK
compliance recommends disabling tftpd from
the system

REC SYSTEM SERVICE info Fail Telnet is enabled Check Telnetd is enabled or not. Security compliance
TELNET CHECK recommends disabling telnetd from the system

1/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Rule Name Level Status Message Description

REC SYSTEM SERVICE FTPD info Fail ftpd is enabled Check FTPD is enabled or not. Security
CHECK
compliance recommends disabling ftpd from
the system

SYSTEM LOG WARNING warning Fail 2022-07-22T18:07:44.698,-04:00 Slot:CP1 Module:HW, This rule check existence of any warning logs
CHECK Message(1): Chassis does not have redundant Power
Supply
in the system and shows information.  Please
check error message from the document,
Alarms and Logs Reference for VOSS.

2/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Pass Items

Rule Name Level Status Description

ISSUE PING ERRROR FOR critical Pass This rule checks whether problem VOSS-13198 affects customer switch or not. The
REDISTRIBUTED CLIP IN VRF
affected version: VOSS 7.1.1.0 or 8.0.0.0 or 8.0.1.0.  

The problem : Unable to Communicate between VRF CLIP IP

Please refer to the JIRA VOSS-13198. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.0.5.0 or ≥ 7.1.3.0
version.

REC SPBM SMLT VLAN ISID major Pass Problem Description:  When SPBM is enabled, All VLANs over SMLT Port must be
MAP CHECK
mapped into ISID values.  This rule detects any missing VLAN-ISID mappings over
SMLT Ports.

Platform :VOSS

Condition: All VLANs over SMLT with SPBM must be mapped to ISID Values.

Refer to User Guide Configuring SMLT Parameters for SPBM

ISSUE VSP4450 SILENT major Pass Problem Description: VSP 4450: Randomly Rebooting and No Core File Present
REBOOT
Cause: Software defect

Condition: Silent Reboot with no core files. Run command “show core-files” and notice
no files under it

Affected Version: 8.x

Refer Section : VSP 4450 Randomly Rebooting and No Core File Present (Silently
Rebooting)

Remedy Action or Workarounds: Issue resolved in 8.1.10.0, 8.2.8, 8.4.0

ISSUE VIST PEERMAC Pass Problem Description: Warning about VIST peer mac learned on non-IST ports
NONISTPORT
Cause: Result of network loop

Condition: Look for log "GlobalRouter COP-SW INFO VIST peer mac
64:6a:52:a5:c9:03 on VID 21 is learnt on non-IST MltId 403, Pointing record back to
IST port. Total Peer Mac Move Count: 1661"

Affection version: NA

Refer section: KB article- 000058635

Remedy action:

Track the source of the loop and disable it. As a preventive action in the future,
implement loop prevention protocols such as STP for normal ports and SLPP for
SMLT ports. 
 

ISSUE SAVE TO CONFIG FILE major Pass This rule checks whether the below logs message affects customer switch or not. The
FAILED VSP4850
affected platform/version: VSP4850/All VOSS release.

The problem : Switch returns error when attempting to save configuration

“GlobalRouter SW INFO Save config to file /intflash/config.cfg failed”

“GlobalRouter SW ERROR Slot 1: GetChassisNvram: unable to open chassis NVRAM

-3”

Please refer to knowledge article, Error "Save config to file /intflash/config.cfg failed"
When Saving Configuration File.

3/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Rule Name Level Status Description

ISSUE ROUTE NEXTHOPS major Pass This rule checks whether problem VOSS-15320 affects customer switch or not. The
REPORTED AS UNKNOWN-
ERROR
affected version: VOSS 7.1.1.0.  

The problem : Route/Mask combos that are being reported as UNKNOWN-ERROR

Please refer to the JIRA VOSS-15320. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.0.7.0 or ≥ 7.1.5.0
version.

ISSUE OSPF CHECKSUM major Pass Problem Description: Frequent OSPF Error Non-virtual interface checksum failures
FAILURES FROM BCM DRAM
CORRUPTION
Cause: CRC errors on Broadcom Jericho chip's DRAM memory on the VSP8600 platform
manifest themselves corrupting packets handled by the MMUs

Platform: VSP8600

Symptoms: 

OSPF ERROR Checksum failures occurring on LSA updates (-> ospf type:4) and also on
LSA acknowledgments (-> ospf type:5). These may lead to brief OSPF adjacency flap
Errors also register in the OSPF statistics output

Affected Version:  < 6.3.8.0 or < 8.0.2.0

Refer Section : KB: 000057098

Internal: JIRA: VOSS-15447,VOSS-14987

Remedy Action or Workarounds:  Upgrade to VSP8600 release 6.3.8.0 or 8.0.2.0

ISSUE NO ROUTING IP RSMLT major Pass This rule checks whether problem VSP-17087 affects customer switch or not. The
EDGE SUPPORT
affected platform/version: VSP8600/VOSS 6.3.3.0 or earlier.

The problem : If the both VSP8608 in cluster are powered off and then only one of
them is booted up, packets are not routed even though ip rsmlt edge-support is
configured.

Please refer to the JIRA VSP-17087. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 6.3.4.0.

ISSUE NO ROUTING BETWEEN major Pass This rule checks whether problem VOSS-16552 affects customer switch or not. The
VRFS WITH NO ACTIVE NNI
PORT
affected version: VOSS 7.1.0.0

The problem : Unable to communicate between the VRFs or between the VRF and GRT when
none of the NNI port is active

Please refer to the JIRA VOSS-16552. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.0.8.0 or ≥ 8.1.2.0
version.

ISSUE LOG WRONG DISPLAY major Pass This rule checks whether the below message affects customer switch or not. The
SMLT BUFFER OVERUSAGE
VSP8400
affected platform/version: VSP8400/ Prior to VOSS 8.0.6.0 release

The problem : SMLT buffer memory high/low memory wrong alarm detection. VSP
8400 shows "SMLT buffer usage over 200M. Low memory warning condition"
repeatedly in the log file.

Please refer to the knowledge article, SMLT buffer usage over 200M. Low memory
warning condition on VSP 8400.

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.0.6.0 version.

4/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Rule Name Level Status Description

ISSUE LOG VIST PEER MAC major Pass This rule checks whether the below logs affects customer switch or not. The affected
LEARNED WRONG PORT
platform/version: VOSS releases prior to 7.1.5.0 & 8.0.7.0, VSP8600 releases prior to
6.3.3.0

The problem : VIST peer MAC learned on non-IST port' message still reports incorrect
ports and VIST ports.

Please refer to the knowledge article, VOSS & VSP8600: VIST peer mac learned on
non-ist port reports wrong port

Remedy Action:  This has been addressed in VOSS releases 7.1.5.0, 8.0.7.0 & 8.1.0.0
upwards and in VSP8600 release 6.3.3.0.

ISSUE LOG TUNI/SUNI major Pass This rule checks whether the below VOSS-17495 affects customer switch or not. The
INSUFFICIENT AVP
RESOURCES
affected version: VOSS 8.1.4.0 and earlier.

The problem : DVR environment, While trying to add a port on I-Sid elan to DVR leaf,
the switch reports following ERROR message:

“GlobalRouter TUNI/SUNI ERROR Insufficient AVP resources for i-sid=<value> CVID-

<value> PORT-<value>".

Please refer to the VOSS-17495 and knowledge article, VOSS - TUNI/SUNI ERROR
Insufficient AVP resources

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.1.5.0 version.

ISSUE LOG RCIPVRRPIN major Pass This rule checks whether the below message affects customer switch or not. 
INVALID VRRP SOURCE IP
The problem : IP WARNING rcIpVrrpIn: Invalid VRRP Source IP messages are
continuously being logged.

“CP1 [XX/XX/XX XX:XX:XX.XXX:EST] GlobalRouter IP WARNING rcIpVrrpIn: Invalid

VRRP source IP XXX.XX.X.X received for Vrid YY on IfIndex ZZZ, same as local
primary IP”

Please refer to the knowledge article, VOSS: System continuously logging

GlobalRouter IP WARNING rcIpVrrpIn Invalid VRRP source IP Messages

ISSUE LOG MISCONFIG VRRP major Pass This rule checks VRRP Advertisement interval mismatch logs from switch.  If the
ADVERTISEMENT INTERVAL
CHECK
interval is not configured as the same value among VRRP enabled switches, it
can lead into longer convergence when VRRP master with short interval reboots
or becomes unavailable. Please use the same VRRP interval among VRRP
enabled switches.

ISSUE LOG MISCONFIG VRRP major Pass This rule checks VRRP Advertisement interval mismatch logs from switch.  If the
ADVERTISEMENT INTERVAL
CHECK
interval is not configured as the same value among VRRP enabled switches, it
can lead into longer convergence when VRRP master with short interval reboots
or becomes unavailable. Please use the same VRRP interval among VRRP
enabled switches.

ISSUE LOG FREQUENT major Pass This rule checks whether the below VOSS-15959 affects customer switch or not. The
CYCLICAL FAILURE ADD
DELTE ECMP ROUTE
affected platform/version: VSP8600/ Release prior to 8.0.0.0

The problem : VSP8600 - frequent cyclical failures to add & delete ECMP routes
generate COP-SW ERRORs

Please refer to the VOSS-15959 and knowledge article,

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.0.0.0 version.

ISSUE LOG major Pass This rule checks whether the below message affects customer switch or not. The
ERCDPROCARPRECMSG
FAILED ADD RECORD VSP8600
affected platform/version: VSP8600/ Prior to VOSS 6.3.6.0 release

The problem : "COP-SW ERROR ercdProcArpRecMsg: Failed to Add Arp Record for
ip x.x.x.x" flooded in the logs of multiple VSP8600s after adding new services.

Remedy Action:  Please upgrade switch with VOSS version ≥ 6.3.6.0 version.

5/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Rule Name Level Status Description

ISSUE LOG major Pass This rule checks whether the below logs affects customer switch or not. The affected
ERCDBCMADDL3MAC FAILED
TO ADD L3 MAC
platform/version: All VOSS platform / All releases

The problem : Following error message visible in the logs, possibly leading to a
network impact, for example by deactivating some static routes. 

“COP-SW ERROR ercdBcmAddL3Mac: Failed to add L3 Mac 00:00:11:22:33:44,

VlanId XYZ, to BCM Unit 0,bcmStatus=-6”

Please refer to the knowledge article, Error message ercdBcmAddL3Mac: Failed to

add L3 Mac seen on core device.

Remedy Action:  Please Remove some of the IP interfaces to not to exceed the
hardware limit.

ISSUE LOG DVR LEAF NODE major Pass This rule checks whether the below message affects customer switch or not. The
ALERT ECMP GROUP LIMIT
REACHED
affected version: Prior to 8.1.5.0

The problem : A DVR Leaf node VSP is alerting with a warning message
"GlobalRouter COP-SW WARNING Total ECMP group limit reached: 1024"

Please refer to the knowledge article, DVR Leaf node logging messages “ ECMP
group limit reached: 1024”

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.1.5.0 version.

ISSUE IPMC ERROR major Pass This rule checks whether the below message affects customer switch or not. The
INSUFFICIENT VFI/VPN
RESOURCES
affected version: VOSS 7.1.1.0, 7.1.2.0 and 8.0.0.0

The problem : The switch system log file is flooded with messages related to
insufficient resources and lists a VRF that is not configured on the switch as below.

“1 2019-03-26T15:07:38.798+03:00 VSP CP1 - 0x0006c6b7 - 00000000 GlobalRouter

IPMC ERROR Insufficient VFI/VPN resources to create McoSpb source X.X.X.X group
Y.Y.Y.Y vrfId ZZ.”

Please refer to the knowledge article "IPMC ERROR Insufficient VFI/VPN resources to
create McoSpb" Flooding System Log and Referencing Non-Existent VRF".

Remedy Action: Please upgrade switch with VOSS version ≥ 7.1.3.0 or ≥ 8.0.1.0 

ISSUE HWSSERVER PROCESS major Pass Problem Description: VSP 7400-48Y-8C: Device generating several core dumps every
CRASH
time it reboots

Cause: Faulty PSU

Condition: Look for log

"2021-08-12T09:12:15.157-07:00 VSP-7400-48Y-8C IO1 - 0x00270415

- 00000000 GlobalRouter SW ERROR Crash reporter data: Process
Name: hwsServer, Thread Name: main, Signal: 6, Slot: 1, PID:
17348, LWP: 17348" in the output of "show logging file tail". The
Keywords, Signal, Slot, PID, LWP could vary

AND

"HW ERROR PSU#1: carbonatelib_ps_read_eeprom: numread(-8) !=

reqread(255). CACPLD_OPERATION_FAILED: Error in reading device,
PSU: 2"

Affected Version: NA

Refer Section : Article VSP 7400-48Y-8C: Device generating several core dumps
every time it reboots 

JIRA: VOSS-22306

Remedy Action or Workarounds: Replace the faulty PSU

REC SYSTEM GA VERSION warning Pass GA version should be running for GTAC support
CHECK
Please refer to the Extreme Portal to check GA version. 

6/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Rule Name Level Status Description

REC MAX NUMBER VRRPID warning Pass This rule checks whether maximum number of VRRP entries exceeded or not on
CHECK VSP8600
customer switch. The affected platform/version: VSP8600/All release

The problem : Unable to create more than 8 VRRP addresses on VSP8600. When
adding a VRRP address on a 9th VLAN the error "Error: maximum number of VRRP
entries exceeded" appears. 

Please refer to the knowledge article, VSP 8600 Error maximum number of VRRP
entries exceeded.

Remedy Action:  Please reuse the same eight values across all VLANs on the device.

REC LOG X509V3 HOST warning Pass This rule checks whether the below message is generated in the log.
CERTIFICATES UNAVAILABLE
CHECK
“GlobalRouter SSH INFO X509v3 host certificate is unavailable”

The message indicates that there is no valid x509v3 ssh-rsa certificate available and
that either an RSA or DSA auth is offered.

Please refer to the knowledge article, GlobalRouter SSH INFO X509v3 host certificate
is unavailable.

REC EAPOL NTP TIME SYNC warning Pass This rule checks NTP is properly configured when eapol enabled for device
CHECK
authentication.  

If switch can not sync with NTP sever and there is time difference between RTC on
switch and radius server, authentication may not be working as expected.

Check the time on both VSP switch and RADIUS and see if the they are in sync. If the
time difference is more than 300s per RFC, adjust the time on both ends or
synchronize the time using NTP

Please follow the action described in the knowledge article how to configure NTP

REC CLOCK TIMEZONE SET warning Pass System Clock must be properly set into the right timezone and area where switch is
deployed.  Default timezone is UTC.  If the area where system is deployed belongs to
UTC zone, it can be ignored. 

ISSUE PORT NOT warning Pass FCS Error or InDiscards has noticed on ports
FORWARDING TRAFFIC
Cause: Issue is due to bad port/SFP/cable faulty or receiving untagged frames on the
port

Condition: Bad SFP/Port/Cable or in-correct protocol configured on port like

STP,EDP,CDP etc...

Affected Version: NONE

Remedy Action: Change faulty SFP/Cable/Port or try to disable protocols like

STP,EDP,CDP which switch doesn't understand and discard. Article:ERS/VSP
Stackables: Increment On Indiscard/Filtered Packets Count
 

ISSUE LOG K2-1 GE Event INT warning Pass This rule checks whether system generates “K2-1 GE Event INT" warnings for a
WARNING IORESET CHECK
specific I/O card followed by I/O card reset.  Please check whether the mirroring is
enabled properly. 

Platform: VSP9K

Cause: Issue may be due to incorrect implementation of port mirroring.

Resolution:

      Below steps are recommended steps to mitigate the issue:

Don't run the port mirroring for long time. Use it for troubleshooting purpose.
By using Slice knob  under  port -mirroring where the "in-port" and "out-port" should be under same slice. -
9024XL has 24x 10G ports which are sliced into three slices with eight ports in each slice; slice#1 = ports 1-
8,  slice#2 = ports 9-16, and slice#3 = ports 17-24

Please refer to the article VSP 9000: Port mirroring causes the network to go down

7/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Rule Name Level Status Description

ISSUE LOG ERROR warning Pass This rule checks whether problem VOSS-15643 affects customer switch or not. The
ercdProcIpRecMsg WHEN
BLACKHOLE ROUTE ADDED
affected version: VOSS 8.0.0.0

The problem : System displays "COP-SW ERROR ercdProcIpRecMsg: Failed to

Replace IP Record." when a blackhole route is added

Please refer to the JIRA VOSS-15643. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.0.8.0 or ≥ 7.1.6.0
version.

ISSUE ISIS VLACP PORT FLAP warning Pass Problem Description: ISIS Port flaps due to VLACP flap

Platform: VOSS

Cause: ISIS port gets flapped due to VLACP flap on ISIS enabled port

Condition: Look for log “ SPBM detected adj DOWN on Port1/9 , neighbor
000e.6202.1400 (JAMEDSK03) and trapSendVlacpLinkDown: Vlacp Link 1/9  is down
"

Affected Version: NA

Refer Section: NA

Remedy Action or Workarounds: VLACP Timeout is configured as short 1.5sec and

ISIS Expiry Timer is 27sec. ISIS DBSync update sent every 20-30 min which might
cause VLACP PDU not get processed by CPU and VLACP takes down ISIS Port
along with ISIS Adj. Workaround is to increase VLACP Timeout time to long (30sec)
for disable VLACP on ISIS Port.

ISSUE DUPLICATE VIST ISID warning Pass Problem Description: Warning about another switch other than the vIST peer using the
same virtual IST I-SID

Cause: Incorrect configuration

Condition:  Look for log " GlobalRouter VLAN WARNING A switch 02eb.0774.0348
(VSP-7400-MRD-03) other than the Virtual IST peer is configured to use the Virtual I-
SID 13074050" (Note: Switch system id and vIST I-SID would change depending on
the switch's config)

Affected Version: NA

Refer Section : KB Article:000060840

Remedy Action or Workarounds: 

Assign unique I-SID value for vIST VLAN to each pair of vIST clusters. Vlan and IP
address can be configured to be the same as other clusters but I-SID values need to
be unique. Example:
 

vlan create 4050 name ""IST-VLAN"" type port-mstprstp 0

vlan i-sid 4050 13074051"

8/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Rule Name Level Status Description

REC DUPLICATE ISIS SYSTEM minor
ID SYSTEM REPLACEMENT
Pass 1.VOSS: Duplicate System ID detected
2. Cause: Issue could be due to: 
Incorrect configuration. 
Improper implementation of recommended replacement procedure.

3.Condition: 

Look for log "GlobalRouter ISIS WARNING Duplicate System ID

04d4.0b20.0a69 detected between HostName:TRB-20-4K2 Chassis
MAC:bc:ad:ab:f1:10:00 and HostName:TRB-20-4K2 Chassis
MAC:bc:ad:ab:7d:6c:00"

Note: System ID, HostName and MAC Address would differ with the device

4.Affected Version: NA

5.Refer Section : KB: 000084284

6.Remedy Action or Workarounds: 

When the old VOSS/VSP switches are replaced with new switches with same system ID and nick name, we
must wait for 20 min for the original LSP system ID to age out
Adding of new switches and suppressing duplicate detection before the LSP age out could be achieved  by
configuring ISIS dup-detection-temp-disable command before connecting new switch into SPBM Network.

To configure dup-detection-temp-disable on VOSS/VSP:

VSP:1>enable
VSP:1#config term
VSP:1(config)#router isis
VSP:1(config-isis)#isis dup-detection-temp-disable

ISSUE VRRP VRID ERR minor Pass This rule checks VRID error counter is recorded. If found, please check if there is a node that
COUNTER CHECK advertises invalid VRRP hello packet with same VRID. Please follow the action described in the
knowledge article VRRP vridError counter is increasing.

ISSUE SSH NOT WORKING minor Pass Problem Description: VOSS: Unable to SSH into the device

Cause: Incorrect Configuration

Condition:
1. Run command “show boot config flags” and check the 'sshd' flag.
2. If accept-policy is enabled (AccessPolicyEnable), run command “show accept-policy” to verify
“AccessLevel” and “AccessStrict”

Affected Version: NA

Refer Section : KB: https://extremeportal.force.com/ExtrArticleDetail?an=000062373

Remedy Action or Workarounds:

1. Make sure sshd flag is set to true
2. Make sure “AccessLevel” is set to 'ReadWriteAll' and "Access Strict" is set to ‘false’. 

ISSUE SNMPWALK TIMEOUT minor Pass This rule checks whether problem VOSS-18614 affects customer switch or not. The
DNS SERVER CONFIGURATION
affected platform/version: VSP8600/VOSS TSU-6.3.4.0 or earlier.

The problem : SNMPwalk stops and timeout if DNS server is configured on switch.

Please refer to the JIRA VOSS-18614. 

Remedy Action:  Please upgrade switch with VSP8600 VOSS version ≥ 8.0.0.0.

9/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Rule Name Level Status Description

ISSUE SLPP PORT DOWN minor Pass Problem Description: MLT port goes to a disabled state

Platform: VOSS

Cause: SLPP detects a layer 2 loop on the MLT and shuts it down

Condition:  Log noticed "GlobalRouter IPMC INFO Slpp port down"

Affected Version: NA

Refer Section : Article KB 000057931

Remedy Action or Workarounds: Check the access switch connected to the MLT port
for layer 2 loops by troubleshooting and make sure whether SLPP guard/other loop
prevention protocols are enabled in its user-connected ports.

ISSUE NO ROUTING WITH NO minor Pass This rule checks whether problem VOSS-16537 affects customer switch or not. The
ACTIVE NNI PORT EXCEPT FE
INTERFACES
affected version: VOSS 8.1.1.0

The problem : Inter-VRF Route leaking is not working in a specific scenario where
there are no NNI links, but just FE interfaces

Please refer to the JIRA VOSS-16537. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.0.8.0 or ≥ 8.1.2.0
version.

ISSUE NO LOGIN BANNER VIA minor Pass Problem Description: Banner Is Not Displayed When Accessing Switch Via SSH.
SSH
Cause: Inappropriate steps followed while accessing switch via ssh with banner
configured

Condition:  Look for log "GlobalRouter SNMP INFO Updated banner will be visible
while using ssh connections only after the ssh daemon has been restarted ( no ssh /
ssh ). EDM or telnet connectivity can be used for this"

Affected Version: NA

Refer Section : Article KB: 000098346

Remedy Action or Workarounds: If unable to notice the banner while accessing the
switch via ssh, perform , the below:
For VOSS platforms Release 8.1.1.0, 8.0.7.2 and below VSP 8600 Release 6.3.3.0 and below, execute
below  commands
#no ssh
#ssh
For VOSS platforms Release  8.1.2.0 and above and VSP 8600 Release 6.3.4 and above, execute below
command
#ssh reset

ISSUE NON LOCAL NEXT HOP minor Pass This rule checks whether problem VOSS-19248 affects customer switch or not. The
STATIC ROUTES
affected version: 8.1.7.0 (only)

The problem : Static routes which use the "no local-next-hop enable" feature are completely
broken in VOSS 8.1.7.0  They work fine in VOSS 8.1.6.0 and lower.

Please refer to the JIRA VOSS-19248. 

Remedy Action:  Please upgrade switch with VSP8600 VOSS version ≥ 8.1.8.0.

ISSUE MACSEC CONFIG LOSS minor Not Relevant This rule checks whether problem VOSS-14478 affects customer switch or not. The
MSTP FC MULTI HOMING
ENABLED
affected version: VOSS 7.1.3.0.  

The problem : Macsec port config loss after reboot when MSTP-Fabric Connect Multi-
homing is enabled in SPBM.

Please refer to the JIRA VOSS-14478. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.1.0.0 or ≥ 7.1.4.0
version.

10/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Rule Name Level Status Description

ISSUE LOADED LICENSE NOT minor Pass This rule checks whether problem VOSS-16781 affects customer switch or not. The
REFLECTED CORRECTLY
affected version: VOSS 7.1.0.0.  

The problem : License file is not reflected in CLI (show license) without switch reboot

Please refer to the JIRA VOSS-16781. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.1.5.0 or ≥ 7.1.7.0
version.

ISSUE LINK OSCILLATION minor Pass Platform: VOSS

Problem Description: Link Flapping and Taken Down By Switch Due To Excessive Link
State Changes

Cause: Use of Incompatible/non-extreme Gbic

Condition: Look for log "GlobalRouter SNMP INFO Link Oscillation <PORT_#>" in
 output of 'show logging file'. If it does, check the "Vendor Name  : " field under the
command "show pluggable-optical-modules detail" for the port# where the oscillation
error was reported.

Affected Version: NA

Refer Section : Article KB: 000056590

Remedy Action or Workarounds: If the vendor name is anything other than 'Extreme' then change
the Gbic which is supported by that device. Visit website optics.extremenetworks.com to check the
supported Gbic

ISSUE ISIS ADJ NOT UP WITH minor Pass This rule checks whether problem VOSS-13194  affects customer switch or not.  The
MANUAL AREA 00.0000
affected version: VOSS 7.1.0.0.  

The problem : ISIS adjacency not coming up for manual-area “00.0000"

Please refer to the JIRA VOSS-13194. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 7.1.3.0 version.

ISSUE INCORRECT minor Pass This rule checks whether problem VOSS-16276 affects customer switch or not. The
TEMPERATURE ALARM
affected version: VOSS 7.1.5.0

The problem : VSP platforms Should display Temperature Alarms based on their
Threshold Ranges for individual Sensors but switch record temperature alarm
incorrectly.

Please refer to the JIRA VOSS-16276. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.0.8.0 or ≥ 7.1.6.0
version.

ISSUE FAN AIRFLOW DISPLAY minor Pass This rule checks whether problem VSP7200-66 affects customer switch or not. The
ERROR VSP7200
affected platform/version: VSP7200/VOSS 7.0.0.0

The problem : B2F power supply is installed along with B2F fans in VSP7254XSQ and
CLI shows the power supply fan as F2B

Please refer to the JIRA VSP7200-66. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 7.1.0.0 version.

11/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Rule Name Level Status Description

ISSUE FAIL TO LOAD qcow2 minor Pass Problem Description: Unable to load .qcow2 packages with error “Error: Insight
PACKAGE
partition not present”

Cause: 
Device running on Unsupported software version
No SSD Module installed

Affected Version: 8.3 and below

Condition:  
When issue command ‘cd /var/lib/insight/package’ for using 3rd party VM or Fabric IPSec G/W (it needs
SSD).
"Error: Insight partition not present" is logged
Under "show sys-info" should have software version 8.3 and above
Under "sho sys-info ssd " should have the module details as below:
If SSD Installed
VSP-4900:1#sho sys-info ssd 
SSD Module Info:
Product Name : XN-SSD-001-120 
Vendor Name : Extreme Networks Inc. 
Manufacture Date : 08/03/2020 09:30:00 
Serial Num : 2031F-10145 
Part Num : 800954-00-AB 
Device Version : 0 
Total Size : 120GB 
If SSD not installed , below output noticed:
VSP-4900:1#show sys-info ssd 
SSD Not inserted

Refer Section : KB: 000096567

Remedy Action or Workarounds: FIGW is only supported on the devices running on

software version 8.3 and above, along with SSD module loaded. If this does not help,
upgrade the device to the latest available version, if not done already.

ISSUE DATA PATH HEARTBEAT minor Pass 1. VSP 9000: Ports on a particular IO Slot not coming up
FAILURE 2. Cause: The issue could be due to a Hardware defect
3. Condition:  Log noticed: CP1  0x0000c607 00300001.395 DYNAMIC SET GlobalRouter HW
WARNING Link [slot/port-no] will be kept down due to Data Path Heartbeat Failure
4. Affected Version: NA
5. Refer Section : KB: 00007680
6. Remedy Action or Workarounds: Reset the card by following the below steps"
Power down the affected module by executing the command “no sys power slot <SLOT_NUMBER>”
Remove the Card  and wait for approx a minute
Insert the card back
Power-up the module by executing the command “sys power slot <SLOT_NUMBER>”

If the above does not help, upgrade the device to the latest available version, if not done already.
If still the issue, replace the module 

ISSUE ARP SPOOF DETECT minor Pass This rule checks whether problem VOSS-17599 affects customer switch or not. The
NOT WORK WITH VRRP V3
affected version: VOSS 8.0.7.0, 8.1.1.0, 8.1.2.0

The problem : With VRRP version 3 configured on a vlan, spoof-detect was not
detecting an incomming arp with a source IP address matching

the VRRP IP address.

Please refer to the JIRA VOSS-17599. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.1.6.0.

12/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Rule Name Level Status Description

ISSUE APP TELEMENTRY minor Pass This rule checks whether the below message affects customer switch or not. The
COLLECTOR RECHABILITY
FLAP
affected version: Any VOSS 7.1.x release

The problem : Customer added two VSP 8400 core switches(working in DVR
environment as DVR controllers) to XMC as flow collector, app-telemetry is working
fine and the analytics data is being received as expected, however, since adding these
they are getting warning messages continuously in the logs.

“GlobalRouter FILTER INFO App-Telemetry: Collector is reachable via A.B.C.D”

“GlobalRouter FILTER WARNING App-Telemetry: Collector is not reachable”

Please refer to the knowledge article, VOSS: App-Telemetry - Collector is not

reachable.

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.0.0.0 version.

REC SYSTEM SERVICE SSHD info Pass Check sshd is enabled or not. Security compliance recommends enabling sshd from the system
CHECK

REC SYSTEM JUMBO info Pass Jumbo Frame Support should be enabled for SPBm. Please refer to the article link
FRAMESIZE CHECK
how to enable jumbo frames on ERS/VOSS

REC SYSTEM CLILOGGING info Pass CLILOGGING should be enabled to track CLI command executed.
ENABLE CHECK

REC SYSTEM CFM SPBM info Pass Enable CFM SPBM is highly recommended for SPBM troubleshooting
ENABLE CHECK

ISSUE SYSUPTIME ROLLOVER info Pass This rule checks whether problem VOSS-16843 affects customer switch or not. The
DISPLAY ERROR
affected version: VOSS 7.1.0.0

The problem : VSP running 7.1.0.0 code looked like they reset as sysuptime showed 3
days but ISIS adjacencies never went down.  

Please refer to the JIRA VOSS-16843. 

Remedy Action:  Please upgrade switch with VOSS version ≥ 8.1.6.0 or ≥ 7.1.7.0
version.

ISSUE LOG PROTOCOL METER info Pass This rule checks logs with “Protocol meter ICMPv4 has gone out-of-profile” from
ICMPv4 HAS GONE OUT OF
PROFILE CHECK
switch's logs.

Symptoms: Switch generates following ICMPv4 Protocol drop warnings continuously after adding
static routes.

Environment: VSP9K running any supported software version

Cause: Product is functioning as Designed

Refer to Article : VSP 9000: Generates ICMPv4 Protocols Drop Warning Messages
Continuously

SYSTEM LOG FATAL CHECK critical Pass This rule check existence of any fatal logs in the system and shows information.
 Please check error message from the document, Alarms and Logs Reference for
VOSS.

SYSTEM LOG ERROR CHECK major Pass This rule check existence of any error logs in the system and shows information.
 Please check error message from the document, Alarms and Logs Reference for
VOSS.

13/14
7/23/22, 1:57 AM 02620467_02620467_voss_fulltech.txt

Notes (Please update the below table with additional information)

14/14