Oracle Sun Blade 6000 Product Notes

Download

Page 1

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes

Part No: E26764-08

March 2016

Page 2

Page 3

Part No: E26764-08

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?

ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.

Page 4

Référence: E26764-08

Ce logiciel et la documentation qui l’accompagne sont protégés par les lois sur la propriété intellectuelle. Ils sont concédés sous licence et soumis à des restrictions d’utilisation et de divulgation. Sauf stipulation expresse de votre contrat de licence ou de la loi, vous ne pouvez pas copier, reproduire, traduire, diffuser, modifier, accorder de licence, transmettre, distribuer, exposer, exécuter, publier ou afficher le logiciel, même partiellement, sous quelque forme et par quelque procédé que ce soit. Par ailleurs, il est interdit de procéder à toute ingénierie inverse du logiciel, de le désassembler ou de le décompiler, excepté à des fins d’interopérabilité avec des logiciels tiers ou tel que prescrit par la loi.

Les informations fournies dans ce document sont susceptibles de modification sans préavis. Par ailleurs, Oracle Corporation ne garantit pas qu’elles soient exemptes d’erreurs et vous invite, le cas échéant, à lui en faire part par écrit.

Si ce logiciel, ou la documentation qui l’accompagne, est livré sous licence au Gouvernement des Etats-Unis, ou à quiconque qui aurait souscrit la licence de ce logiciel pour le compte du Gouvernement des Etats-Unis, la notice suivante s’applique:

Ce logiciel ou matériel a été développé pour un usage général dans le cadre d’applications de gestion des informations. Ce logiciel ou matériel n’est pas conçu ni n’est destiné à être utilisé dans des applications à risque, notamment dans des applications pouvant causer des dommages corporels. Si vous utilisez ce logiciel ou matériel dans le cadre d’ applications dangereuses, il est de votre responsabilité de prendre toutes les mesures de secours, de sauvegarde, de redondance et autres mesures nécessaires à son utilisation dans des conditions optimales de sécurité. Oracle Corporation et ses affiliés déclinent toute responsabilité quant aux dommages causés par l’utilisation de ce logiciel ou matériel pour ce type d’applications.

Oracle et Java sont des marques déposées d’Oracle Corporation et/ou de ses affiliés. Tout autre nom mentionné peut correspondre à des marques appartenant à d’autres propriétaires qu’Oracle.

Intel et Intel Xeon sont des marques ou des marques déposées d’Intel Corporation. Toutes les marques SPARC sont utilisées sous licence et sont des marques ou des marques déposées de SPARC International, Inc. AMD, Opteron, le logo AMD et le logo AMD Opteron sont des marques ou des marques déposées d’Advanced Micro Devices. UNIX est une marque déposée d’The Open Group.

Ce logiciel ou matériel et la documentation qui l’accompagne peuvent fournir des informations ou des liens donnant accès à des contenus, des produits et des services émanant de tiers. Oracle Corporation et ses affiliés déclinent toute responsabilité ou garantie expresse quant aux contenus, produits ou services émanant de tiers, sauf mention contraire stipulée dans un contrat entre vous et Oracle. En aucun cas, Oracle Corporation et ses affiliés ne sauraient être tenus pour responsables des pertes subies, des coûts occasionnés ou des dommages causés par l’accès à des contenus, produits ou services tiers, ou à leur utilisation, sauf mention contraire stipulée dans un contrat entre vous et Oracle.

Accessibilité de la documentation

Pour plus d’informations sur l’engagement d’Oracle pour l’accessibilité à la documentation, visitez le site Web Oracle Accessibility Program, à l’adresse http://www.oracle.com/

pls/topic/lookup?ctx=acc&id=docacc.

Accès aux services de support Oracle

Les clients Oracle qui ont souscrit un contrat de support ont accès au support électronique via My Oracle Support. Pour plus d’informations, visitez le site http://www.oracle.com/

pls/topic/lookup?ctx=acc&id=info ou le site http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs si vous êtes malentendant.

Page 5

Using This Documentation ................................... .............................................. 7

Product Documentation Library . ..................................................................... ... 7

Feedback ................................... .................................................................... 7

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product

Notes ................................... ..................................................................... ........... 9

NEM Documentation Reading Order .......................................................... ........ 9

Introducing What's New in Release 1.2 ............................................................. 10

IPv6 Switching and Routing ........................................... .................... ..... 10

ONET Protocol ................................. .................... ................................ 11

PVRST+ Protocol ............................................ ...................................... 11

Server Load Balancer ...... ..................................................................... .. 12

Oracle ILOM 3.0 Features ............................................................. ......... 13

Updates to 1.2 Release From Patch Update ................. ....................................... 13

Supported Configurations, Operating Systems, and Required Patches ...................... 14

Required Firmware and Kernel Drivers ........ ..................................................... 15

Modular System Limitations ....................................... .................... ................. 15

Enabling SAS2 Functionality .......... ................................................................. 16

Important Firmware Upgrade Before Mixing SAS1 and SAS2 Components ...... 16

Supported Server Modules and REMs .............................. ......................... 16

Minimum Required Software ......................................... .......................... 17

Sun Blade ZoneManager ............................ ............................................ 17

Upgrading the NEM Firmware ............................................................... ......... 17

▼ Back Up the Current Configuration Before Upgrading ............................. 18

▼ Download the NEM Firmware Package .............. .................................. 20

▼ Upgrade the NEM Firmware .............................................................. 21

▼ Enable or Disable SAS2 From Oracle ILOM ................................... ...... 23

▼ Configure 1Gbps Mode on SFP+ Interfaces .................................................. 25

▼ Fine Tune the VLAN Setup ............................................................. .......... 25

Managing SEFOS Configurations ... .................................................................. 27

▼ Include the SEFOS Configuration in Backups ........................................ 27

Page 6

Contents

▼ Restore the Configuration .................. ................................................ 28

Configuring TACACS+ ..................................................... .................... ......... 29

TACACS+ Properties ..................................................... ........................ 29

▼ Configure TACACS+ Settings ...................... ...................................... 30

Issues Corrected in the Patch Update .......... ...................................................... 30

Issues Corrected in Prior Updates ........................................ ............................. 31

Known Issues .......................................... .................... ................................. 35

SLB-L2 Error is Seen When Reassigning a Port From One LBG Group to

Another (7100720) ................................................................ ................ 36

SLB Must Not Allow Different VLANs in the Same Group (7095155) ...... ...... 36

SLB L2 Cannot Create More Than Two Groups, SLB L2 Limits to Two LBGs

(7092380) ................................... ......................................................... 36

Manually Deleting Static Route Does Not Affect the Corresponding SLB Entry

(7064092) ................................... ......................................................... 37

Changing the Default Value for default-vlan-id Could Result in VLAN

Misconfiguration (7015004) ........ ............................................................ 37

Some of the IGMP Conformance Results Don't Match Expectations (7006297

and 6997415) .............................................................. .................... ...... 37

Ports Lock and Corresponding LEDs Stay Lit or NEM Fails to Power On After

Doing Consecutive Hardware Resets (6992127) ........................ .................. 37

QoS - set algo-type tailDrop queue-drop-algo Does Not Work

(6991230) ................................... ......................................................... 38

Packets Might Be Dropped When Using Q-in-Q Interop in Certain

Configurations (6989048) ................. ...................................................... 38

The no default-metric [,short(1-16)>] Command Does Not Work as

Documented (6987482) .......................... .................... ............................ 38

CMM Reports SAS2 on the NEM as Faulty if SAS2 Is Not Enabled

(6977266) ................................... ......................................................... 38

Using vlan 1 as Shown in Various Examples in the Documentation Generates

Error Codes (6968484) ................. .......................................................... 39

When Multiple Configuration Scripts Are Run in Parallel, SEFOS Application

Can Crash (6936742) ...... ..................................................................... .. 39

Unlit Link and Activity LEDs for the SFP+ Ports (6873825) ......................... 39

The switch Command Line Option Is Unsupported ..................................... 39

SSL V3.0 POODLE DISABLE SSL V3 (19842641) .................................... 39

6 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 7

Using This Documentation

■

Overview – Contains important late-breaking information about this release of Oracle's Sun Blade 6000 Ethernet Switched NEM 24p 10GbE

■

Audience – Technicians, system administrators, and authorized service providers

■

Required knowledge – Advanced experience troubleshooting and replacing hardware

Product Documentation Library

Documentation and resources for this product and related products are available at http://

docs.oracle.com/cd/E19934-01/index.html.

Feedback

Provide feedback about this documentation at http://www.oracle.com/goto/docfeedback.

Using This Documentation 7

Page 8

8 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 9

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes

These product notes provide important late-breaking information and instructions for upgrading the firmware to the latest version.

■

“NEM Documentation Reading Order” on page 9

■

“Introducing What's New in Release 1.2” on page 10

■

“Updates to 1.2 Release From Patch Update ” on page 13

■

“Supported Configurations, Operating Systems, and Required Patches” on page 14

■

“Required Firmware and Kernel Drivers” on page 15

■

“Modular System Limitations” on page 15

■

“Enabling SAS2 Functionality” on page 16

■

“Upgrading the NEM Firmware” on page 17

■

“Configure 1Gbps Mode on SFP+ Interfaces” on page 25

■

“Fine Tune the VLAN Setup” on page 25

■

“Managing SEFOS Configurations” on page 27

■

“Configuring TACACS+” on page 29

■

“Issues Corrected in the Patch Update” on page 30

■

“Issues Corrected in Prior Updates” on page 31

■

“Known Issues” on page 35

NEM Documentation Reading Order

All of the NEM product documentation and related documentation can be found at: http://

docs.oracle.com/cd/E19285-01/index.html

Read the documentation in this order.

Step Document Title or Type Information Provided

1. Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 9

Late-breaking information, supported configurations, and system limitations

Page 10

Introducing What's New in Release 1.2

Step Document Title or Type Information Provided

2. Sun Blade 6000 Ethernet Switched NEM 24p 10GbE

3. Sun Blade 6000 Ethernet Switched NEM 24p 10GbE

4. Administration guides Reference and administration material for the

User's Guide

Software Configuration Guide

Introducing What's New in Release 1.2

These new features are supported for this release.

■

“IPv6 Switching and Routing” on page 10

■

“ONET Protocol” on page 11

■

“PVRST+ Protocol” on page 11

■

“Server Load Balancer” on page 12

■

“Oracle ILOM 3.0 Features” on page 13

Installation instructions

Software configuration instructions

software

IPv6 Switching and Routing

■

Multicast Listener Discovery

Multicast listener discovery (MLD) works with IPv6 to control the reception of multicast data in a network. MLD functions similarly to IGMP, which manages multicast groups for IPv4. The MLD snooping (MLDS) function supported in this release enables switches to forward multicast data to only hosts that need to receive the data, rather than to all ports. MLDS enables a switch to snoop or capture information from MLD packets that are being sent back and forth between hosts and a router. Based on this information, the switch adds or deletes the multicast addresses from its address table, thereby enabling or disabling multicast traffic that is flowing to individual host ports.

Refer to the Sun Ethernet Fabric Operating System MLDS Administration Guide for more information about this feature.

■

Open Shortest Path First version 3

Open Shortest Path First version 3 (OSPFv3) adds support for IPv6 in the OSPF protocol. As described in RFC 2740, the fundamental mechanisms of OSPF (flooding, DR election, area support, and SPF calculations) remain unchanged in OSPFv3. However, some changes to OSPF were made to handle changes in protocol semantics between IPv4 and IPv6 and increased IPv6 address sizes.

Refer to the Sun Ethernet Fabric Operating System OSPFv3 Administration Guide for more information about this feature.

■

Routing Information Protocol Next Generation

10 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 11

Introducing What's New in Release 1.2

Routing Information Protocol next generation (RIPng), supported in this release, adds support for IPv6. RIPng functions similarly to RIP in IPv4 and offers the same dynamic route learning benefits. RIPng enhancements for IPv6, as detailed in RFC 2080, include support for IPv6 addresses and prefixes and the use of an all-RIP-routers multicast group address as the destination address for RIPng update messages. The IPv6 RIPng local routing table (RIB) contains a set of IPv6 RIP routes learned from all its neighboring networking devices.

Refer to the Sun Ethernet Fabric Operating System RIPng Administration Guide for more information about this feature.

■

Protocol Independent Multicast v6

Protocol Independent Multicast v6 (PIMv6) adds support for IPv6 in the PIM routing protocol. PIM is designed to provide scalable inter-domain multicast routing across the internet. PIM is a collection of multicast routing protocols, each optimized for a different environment. PIM provides multicast routing and forwarding capability to a router that runs IP along with Internet Group Management Protocol (IGMP). PIM depends on IGMP for multicast group membership information. PIM routes the multicast data packets independent of any unicast routing protocol.

Release 1.2 provides support for PIMv6 Sparse Mode.

Refer to the Sun Ethernet Fabric Operating System PIMv6 Administration Guide for more information about this feature.

ONET Protocol

ONET is an isolated logical grouping of downlink and uplink ports. ONET provides an internal and external isolated network connectivity for blade servers by bridging downlink ports with uplink ports that are connected to an external switched network.

In this release, only a one-to-one mapping of a downlink port to an uplink port is supported. External ports 11 to 14 are unusable.

Refer to the Sun Ethernet Fabric Operating System ONET Administration Guide for more information about this feature.

PVRST+ Protocol

For an Ethernet network to function properly, only one active path must exist between two stations. Multiple active paths between stations in a bridged network can cause loops in which Ethernet frames can endlessly circulate. STP can logically break such loops and prevent looping traffic from clogging the network. The dynamic control of the topology provides continued network operation in the presence of redundant or unintended looping paths.

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 11

Page 12

Introducing What's New in Release 1.2

Rapid spanning tree is a link management protocol that provides path redundancy while preventing undesirable loops in the network, such as multiple active paths between stations by forcing redundant paths into a standby or blocked state.PVRST+, which is supported in this release of the switch, is an enhancement of RSTP that works in conjunction with VLANs to provide better control over traffic in the network. A separate spanning tree is maintained for each active VLAN in the network, providing load balancing through multiple instances of the spanning tree, fault tolerance (because failure of one spanning tree instance does not affect other spanning trees), and rapid reconfiguration support through the RSTP.

Note - In PVRST+ spanning tree mode, the interface trunk encapsulation type ISL is not

supported.

Refer to the Sun Ethernet Fabric Operating System PVRST+ Administration Guide for more information about this feature.

Note - When using the PVRST+ feature, create the entire configuration from scratch to avoid

possible conflicts with features from an existing configuration saved from the previous release of the firmware.

Server Load Balancer

Server load balancer (SLB) provides traffic load distribution functionality for this release of the switch. Load distribution can be performed at layer 2 or layer 3 of the protocol layer.

■

SLB at layer 2.

When used at layer 2, load balancing groups (LBGs) consist of switch port members. Load distribution is performed through the link aggregation group (LAG) hash function of the switch. Load distribution policies are based on the contents of the L2/3/4 packet header. Failover is supported at the switch port members level. Depending on the fail-over method chosen, a failed member within an LBG is replaced by another switch port or by a group of switch ports within the group. Connectivity between the switch port and the server is monitored by a health check mechanism. The access control list (ACL) capability is extended such that a LBG can be set as a target when a switch port accepts a packet. Level 2 SLB is supported only in this NEM.

■

SLB at layer 3.

When used at layer 3, LBGs consist of server members identified by layer 3 protocol (IP) addresses. Server members are next hop targets of a targeted equal cost multiple path (ECMP) route. The LBG is identified by a Virtual IP address prefix (VIP) which is used to represent a virtual server. From the clients' point of view, the virtual server is a highly available server entity with expandable resource. Load distribution is performed through the routing hash function of the switch. Load distribution policies are based on the contents of the L3/4 packet header. Failover is supported at the server member's level. A failed member

12 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 13

Updates to 1.2 Release From Patch Update

within an LBG is replaced by another server member that is part of the same group. Health check is performed by the switch through an ICMP ping.

Refer to the Sun Ethernet Fabric Operating System SLB Administration Guide for more information about this feature.

Note - When using the SLB feature, create the entire configuration from scratch to avoid

possible conflicts with features from an existing configuration saved from the previous release of the product.

Oracle ILOM 3.0 Features

■

TACACS+

TACACS+ (Terminal Access Controller Access-Control System Plus) is an access control protocol for routers, network access servers, and other networked computing devices. TACACS+ provides separate authentication, authorization and accounting services. See

“Configuring TACACS+” on page 29.

■

LDAP and LDAP over SSL

Oracle ILOM supports LDAP authentication for users, based on the OpenLDAP software. LDAP is a general-purpose directory service. A directory service is a centralized database for distributed applications designed to manage the entries in a directory. Thus, multiple applications can share a single-user database. LDAP over SSL offers enhanced security to LDAP users by way of SSL technology.

Note - SEFOS supports nonlocal usernames up to 14 characters.

■

SAS2

The SAS2 feature that was delivered in the 1.1 release of this switch can now be enabled or disabled from the Oracle ILOM CLI. See “Enable or Disable SAS2 From Oracle

ILOM” on page 23.

■

Oracle ILOM

Banner configuration support.

Updates to 1.2 Release From Patch Update

This patch update includes enhancements, change requests, and corrected issues.

■

Logical Link Aggregation (LLA) is a layer 2 feature providing the aggregation of links from a server connected to two physical switches resulting in increased redundancy and capacity. LLA is only supported when the switch is running a Layer 2 configuration. LLA is

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 13

Page 14

Supported Configurations, Operating Systems, and Required Patches

not supported in Layer 3 configurations. Refer to the Sun Ethernet Fabric Operating System LLA Administration Guide for more information.

■

Upink Port Trailing Feature monitors the state of the uplink port and manages the downlink ports according to the state of the uplink port. When the uplink goes down, the downlink port(s) will be shut down, providing the HA feature the feedback it needs to switch over to alternate link or path. For more details, refer to the Uplink Trailing Administration Guide.

■

Change Request (CR) fixes. See “Issues Corrected in the Patch Update” on page 30.

Supported Configurations, Operating Systems, and Required Patches

This table lists the server modules (blades) and FEMs that are supported in a Sun Blade 6000 modular system or Sun Netra 6000 modular system chassis.

Note - In these product notes, the term "modular system" refers to both the Sun Blade 6000

modular system chassis and the Sun Netra 6000 modular system chassis.

Server Module (Blade) FEM on Server Blade Operating Systems and Required Patches

Sun Blade X6275 M2 10GbE Built in Mellanox ConnectX-2

controller

Sun Blade X6270 Sun Dual 10GbE PCIe 2.0 ■

Sun Blade T6340 Sun Dual 10GbE PCIe 2.0 ■

Sun Blade T6320 Sun Dual 10GbE PCIe 2.0 ■

■ Open Solaris 10 08/11

■ SLES 10 SP3 (64 bit only)

■ SLES 11 SP1 (64 bit only)

■ Microsoft Windows server 2008 R2

Note - A server-specific driver available on

the server tools and drivers ISO image or the Mellanox web site is required for 10GbE support.

Oracle Solaris 10 10/09 (with ixgbe driver patches 143355-03 and 143354-03 or later) and Oracle Solaris 10 5/09

■ OpenSolaris 2009.06

■ Windows 2008 32/64 bit, Windows Server 2008 R2, and Windows 2003 32/64 bit

■ VMware ESX 4.0 and VMware ESX 3.5

■ RHEL 5.3 32/64 bit and RHEL 4.8 32/64 bit

■ SLES 11 32/64 bit, SLES 10 SP3 64 bit, and SLES 9 SP5 64 bit

Oracle Solaris 10 10/09 (with ixgbe driver patches 143355-03 and 143354-03 or later) and Oracle Solaris 10 5/09

■ OpenSolaris 2009.06

Oracle Solaris 10 10/09 (with ixgbe driver patches 143355-03 and 143354-03 or later) and Oracle Solaris 10 5/09

14 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 15

Server Module (Blade) FEM on Server Blade Operating Systems and Required Patches

Sun Blade T6320 Sun Dual 10-GbE XAUI Pass-

Thru

Note - When using the Sun Blade T6320 server module with the Sun Dual 10-GbE XAUI Pass-

Thru FEM and the Sun Blade 6000 Ethernet Switched NEM 24p 10GbE, firmware 7.2.5 or later is required to enable network booting. Refer to the Sun Blade T6320 G2 and Sun Blade T6320 Server Modules Product Notes for details.

Download and unzip the patches from https://support.oracle.com. Install the patches using the directions provided in the associated README files.

Required Firmware and Kernel Drivers

■ OpenSolaris 2009.06

■

Oracle Solaris 10 10/09 (nxge driver patches 143521-02 and 143522-02 or later) and Oracle Solaris 10 5/09

■ OpenSolaris 2009.06

■

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE firmware, version 1.0.0.0 or higher

■

Sun Blade 6000 modular system CMM firmware version 3.1.2 or higher

■

Sun Blade X6270 server module service processor firmware version 3.0.6.10 or higher

■

Sun Dual 10GbE PCIe 2.0 FEM:

■

The Oracle Solaris driver, which is bundled in the Oracle Solaris 10 10/09 OS.

■

The Linux driver, version 2.0.44.14, which is available for download from the Intel web site.

■

ixgbe patches 143355-03 and 143354-03 or later. Refer to the Sun Dual 10GbE SFP +PCIe ExpressModule Release Notes for more information.

■

Sun Dual 10-Gigabit Ethernet XAUI Pass-Thru FEM:

■

nxge driver patches 143521-02 and 143522-02 or later

■

System firmware version 7.2.5 or higher, for netboot support

Modular System Limitations

These limitations apply to the NEM when installed in a Sun Blade 6000 modular system or Sun Netra 6000 modular system chassis.

■

This NEM cannot be installed in a modular system chassis with any other type of NEM. If any other type of NEM is installed in a modular system chassis, remove those NEMs before installing this NEM.

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 15

Page 16

Enabling SAS2 Functionality

■

External SAS2 ports are not supported. Only the internal SAS2 links with appropriate REM and storage modules are supported. See “Enabling SAS2 Functionality” on page 16 for more information.

■

In NEBS environments, only optical links to QSFP ports of this NEM are supported. Using optical links ensures that NEBS thermal limits are met.

Enabling SAS2 Functionality

If you plan to install this NEM with SAS2 enabled into a chassis that contains SAS1 components, you must upgrade the Sun Blade 6000 disk module firmware of your SAS1 components. See “Important Firmware Upgrade Before Mixing SAS1 and SAS2

Components” on page 16 for more information.

These topics provide information about enabling SAS-2 functionality on the NEM:

■

“Important Firmware Upgrade Before Mixing SAS1 and SAS2 Components” on page 16

■

“Supported Server Modules and REMs” on page 16

■

“Minimum Required Software” on page 17

■

“Sun Blade ZoneManager” on page 17

■

“Back Up the Current Configuration Before Upgrading” on page 18

■

“Enable or Disable SAS2 From Oracle ILOM” on page 23

Important Firmware Upgrade Before Mixing SAS1 and SAS2 Components

You must upgrade the Sun Blade 6000 Disk Module firmware of your SAS1 components (SAS1 NEMs and disk modules) to a firmware version that supports SAS1 and SAS2 coexistence. This upgrade must be done before you insert a SAS2 component such as this NEM into the chassis.

Refer to the SAS1/SAS2 Compatibility Upgrade Guide and NEM software release links for details on which devices require the upgrade, how to obtain the firmware, and how to perform the upgrade.

Supported Server Modules and REMs

This table lists the server modules and associated REMs that are supported for use with the Sun Blade 6000 Ethernet Switched NEM 24p 10GbE.

16 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 17

Upgrading the NEM Firmware

Server Modules (Blades) SAS-2 REM

Sun Blade Server X6270 M2 SG-SAS6-R-REM-Z

SG(X)-SAS6-R-REM-Z

Sun Blade Server T6320, T6340, T6340, T6360 SG-SAS6-REM-Z

Sun Blade Storage Module M2 SG-SAS6-REM-Z

Minimum Required Software

This table lists minimum software versions are required to use SAS-2 with the NEM.

Component Software Version

CMM v3.0.10.15.b r57573

Sun Blade Storage Module M2 5.3.7

Sun Blade Server X6270 M2SP v3.0.14.12 r58608

SG-SAS6-REM-Z ■ MPT firmware: 5.00.17.00-IR

■ NVDATA: 05.02.00.14

■ Util version: 7.05.05.00 (2010.05.19)

G(X)-SAS6-R-REM-Z ■ Firmware: 2.120.63-1242

■ Utility version: 7.05.05.00 (2010.05.19)

Sun Blade ZoneManager

Sun Blade ZoneManager is available through the Sun Blade 6000 CMM. This utility enables you to assign storage devices located on Sun Blade storage modules with SAS2-enabled server blades installed in the Sun Blade 6000 chassis.

A SAS2-enabled NEM must be installed in the chassis to enable a server blade to be zoned with storage devices on a storage blade. At this time, zoning of SAS2 external ports on the NEM is not supported. For information on setting up storage zoning, refer to the Oracle ILOM 3.0 documentation.

Upgrading the NEM Firmware

The Sun_Blade_6000_Ethernet_Switched_NEM_24p_10GE_sefos-1_2_2_15.pkg package upgrades the NEM software and required components to the newest version.

Firmware and drivers can be downloaded from: http://

www.lsi.com/sep/Pages/oracle/sg_x_sas6-r-rem-z. aspx

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 17

Page 18

Back Up the Current Configuration Before Upgrading

If, in addition to upgrading the NEM firmware, you also want to enable SAS2 functionality, perform the additional steps noted in “Enable or Disable SAS2 From Oracle

ILOM” on page 23.

Note - You must be logged in as root to do the upgrade. Before upgrading the switch firmware,

back up the current configuration as described in “Back Up the Current Configuration Before

Upgrading” on page 18.

Perform these tasks to upgrade the NEM firmware.

■

“Back Up the Current Configuration Before Upgrading” on page 18

■

“Download the NEM Firmware Package” on page 20

■

“Upgrade the NEM Firmware” on page 21

■

“Enable or Disable SAS2 From Oracle ILOM” on page 23

Back Up the Current Configuration Before Upgrading

Save the current NEM configuration to a remote site before upgrading the NEM software. Refer to the Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Software Configuration Guide for additional information.

If the switch is running the 1.1.0.x release, you can also use the backup and restore feature from Oracle ILOM to save the current Oracle ILOM and SEFOS configurations to a remote server. You can then restore the switch configuration after upgrading the firmware. See “Include the

SEFOS Configuration in Backups” on page 27.

Note - During the upgrade, if you answer yes to the question Preserve existing

configuration (y/n)?, the Oracle ILOM and SEFOS configurations is automatically

preserved and there is no need to explicitly restore the configuration. If a syslog server address was configured in Oracle ILOM, the address is not preserved (see CR 7022286), and you must reconfigure the syslog server setting after the upgrade or restore.

Configure the default IP address.

a.

Enter Global Configuration mode.

SEFOS# configure terminal

b.

Configure the default IP address and subnet mask as 10.0.0.100 and

255.255.0.0.

18 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 19

Back Up the Current Configuration Before Upgrading

SEFOS(config)# default ip address 10.0.0.100 subnet-mask 255.255.0.0

c.

Exit Global Configuration mode.

SEFOS(config)# end

Configure the restoration file name.

Caution - If you are upgrading the NEM from the 1.0.x.x version, you must complete Step 2d

(disabling the incremental-save feature) to save the configuration correctly before upgrading.

a.

Enter Global Configuration mode.

SEFOS# configure terminal

b.

Configure a configuration restoration file name for the NEM.

SEFOS(config)# default restore-file myconfig.conf

c.

Exit Global Configuration mode.

SEFOS(config)# end

d.

Disable the incremental save feature.

SEFOS# configure terminal SEFOS(config)# incremental-save disable SEFOS(config)# end

Save the current configuration for restoration.

SEFOS# write startup-config

Copy the configuration file to a remote location.

SEFOS# copy startup-config tftp://12.0.0.100/switch.conf

Exit and restart the NEM.

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 19

Page 20

Download the NEM Firmware Package

Note - The NEM might currently be low on memory. The restart frees up memory for a more

reliable upgrade.

SEFOS# exit

-> reset /SP Are you sure you want to reset /SP y Performing reset on /SP

SEFOS# write startup-config SEFOS# copy startup-config tftp://12.0.0.100/switch.conf

Download the NEM firmware package.

See “Download the NEM Firmware Package” on page 20.

Download the NEM Firmware Package

After backing up your current configuration, download the NEM firmware upgrade package Sun_Blade_6000_Ethernet_Switched_NEM_24p_10GE_sefos-1_2_2_15.pkg.

Select the Patches & Updates tab.

Under the Patch Search section, select Product or Family (Advanced Search).

Type nem in the Product field and select Sun Blade 6000 10GbE Switch NEM.

Select the down arrow in the Release field and select the Sun Blade 6000 10GbE Switch NEM folder.

Select the 1.2 release.

Click the Search button.

Click the number in the Patch Name column.

Click Download.

10.

Click the filename of the .zip file to begin the download.

11.

Save the file to an appropriate location.

20 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 21

Upgrade the NEM Firmware

12.

Upgrade the firmware.

See “Upgrade the NEM Firmware” on page 21.

Upgrade the NEM Firmware

Note - You must be logged in as root to perform the upgrade.

Note - Before upgrading the NEM firmware, back up the current configuration as described in

“Back Up the Current Configuration Before Upgrading” on page 18.

Ensure that you have a network configuration in place on the NEM.

For more information, refer to the Sun Blade 6000 Ethernet Switched NEM 24p 10GbE User's Guide.

(Optional) If you have not restarted the NEM as part of backing up the configuration, restart the NEM now.

Note - The NEM might currently be low on memory. The restart frees up memory for a more

reliable upgrade.

SEFOS# exit

-> reset /SP Are you sure you want to reset /SP y Performing reset on /SP

Use TFTP, FTP, or the Oracle ILOM web interface to copy the firmware image to your server.

The firmware image file is Sun_Blade_6000_Ethernet_Switched_NEM_24p_10GE_sefos1_2_2_15.pkg.

Answer the questions that appear on the screen as you proceed through the installation.

This example illustrates the NEM upgrade process using FTP from a server with an IP address of 192.168.1.100.

-> load -source ftp://username:password@192.168.1.100/

Sun_Blade_6000_Ethernet_Switched_NEM_24p_10GE_sefos-1_2_2_15.pkg

Downloading firmware image. This will take several minutes. ...

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 21

Page 22

Upgrade the NEM Firmware

NOTE: An upgrade takes about 6 minutes to complete. ILOM will enter a special mode to load new firmware. No other tasks can be performed in ILOM until the firmware upgrade is complete and ILOM is reset.

Are you sure you want to load the specified file (y/n)? y Preserve existing configuration (y/n)? y Starting FW upgrade. This will take approximately 3 minutes.

Checking "jffs2 root file system image"

Starting Root File System upgrade Upgrading Root File System image to partition 2

................................................................

Validating File System and updating Time Stamp. This will take 2-3 minutes, please wait.

Checking "compressed kernel image"

Starting kernel upgrade Upgrading kernel image to partition 2

.......

Syncing configuration files.

....................................

Checking "FPGA image"

Starting FPGA upgrade Skip upgrading FPGA (same version).

Checking "U-Boot image"

Starting U-Boot upgrade Skip upgrading U-Boot (same version). Firmware update is complete. The system must be reset for the new image to be loaded

-> reset /SP Are you sure you want to reset /SP (y/n)? y Performing reset on /SP

If the upgrade was done while in ONET mode, you must explicitly restart ONET from Oracle ILOM after the upgrade as follows:

-> start /NEM/onet Are you sure you want to start /NEM/onet (y/n)? y start: start: Please wait while onet comes up, this can take anywhere from 30 seconds to 2 minutes depending on the configuration

........................

start: ONET Enabled successfully.

22 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 23

Enable or Disable SAS2 From Oracle ILOM

When the NEM reboots after the upgrade, type the version command to verify that software version is upgraded.

To show the system information, type these commands.

-> cd /NEM/fs_cli/ cd: Connecting to Fabric Switch CLI

ORACLESP-0110SJC-0938CB0081 SEFOS# show system information

Hardware Version : 2.5.8_00209384 Firmware Version : ONEMSwitch Name : C10 NEM 24P System Contact : System Location : Logging Option : Console Logging Login Authentication Mode : Local Config Save Status : Not Initiated Remote Save Status : Not Initiated Config Restore Status : Not Initiated

Enable or Disable SAS2 From Oracle ILOM

By default SAS2 links are disabled on the SAS2 expander firmware for the NEM. To enable SAS2 links and to allow server modules with supported REMs to communicate with the Sun Blade Storage Module M2, you must enable SAS2 from Oracle ILOM.

Note - If you enabled SAS2 during a prior release, it stays enabled during and after the upgrade,

and no other steps are required. When SAS2 is disabled, the fru_extra_1 field shows SAS

5.3.2.0 in the output of the show /CH/NEMx command (where x is the NEM's slot number)

from the CMM level. When SAS2 is enabled, the fru_extra_1 field shows SAS 5.3.7.0 in the output of the show /CH/NEMx command (where x is the NEM's slot number) from the CMM

level.

Display the current SAS2 status.

-> cd /NEM/SAS/ /NEM/SAS /NEM/SAS-> ls Targets:

Properties: type = SAS Expander sas_status = disabled Commands: cd

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 23

Page 24

Enable or Disable SAS2 From Oracle ILOM

show start stop

Enable or disable SAS2 links.

■

To enable SAS2, select start.

-> cd /NEM/SAS/ /NEM/SAS

-> start Are you sure you want to start /NEM/SAS (y/n)? y Enabling the device will take approximately 2 minutes...

start: SAS Enabled successfully.

-> ls

/NEM/SAS Targets:

Properties: type = SAS Expander sas_status = enabled Commands: cd show start stop

■

To disable SAS2, select stop.

-> cd /NEM/SAS/ /NEM/SAS Are you sure you want to stop /NEM/SAS (y/n)? y

-> stop Disabling the device will take approximately 2 minutes...

stop: SAS Disabled successfully.

-> ls

/NEM/SAS Targets:

Properties: type = SAS Expander sas_status = disabled Commands: cd

24 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 25

Configure 1Gbps Mode on SFP+ Interfaces

show start stop

Note - See “CMM Reports SAS2 on the NEM as Faulty if SAS2 Is Not Enabled

(6977266)” on page 38 for important information about upgrading the NEM firmware if

you are not enabling the SAS2 functionality.

Configure 1Gbps Mode on SFP+ Interfaces

The two SFP+ ports, 1 and 2 are dual-speed capable ports and can provide 1Gbps connectivity when used with the supported transceivers and configured for 1Gbps operation from the SEFOS CLI.

■

To configure a 1G-MMF link, use the supported 10G/1G SFP+ transceiver (PN x2129a). The speed must be changed to 1G on the appropriate port (see example below).

■

To configure a 1G-Cu (RJ45) link, use the supported SFP transceiver (PN x2123a), which provides a RJ45 interface. This is a 1G-only transceiver and the speed must be changed to 1G on the appropriate port (see the following example).

Caution - When using 1Gbps mode, autonegotiation must be disabled on the link-partner. The

link-partner must be configured in 1Gbps-Forced-FDX mode.

Obtain the SEFOS prompt.

Type these commands to configure the speed to 1G.

For example, to configure ports 1 and 2.

SEFOS# config terminal SEFOS(config)# interface range extreme-ethernet 0/1-2 SEFOS(config-if)# shutdown SEFOS(config-if)# speed 1000 SEFOS(config-if)# no shutdown SEFOS(config-if)# end SEFOS# write startup-config

Fine Tune the VLAN Setup

The NEM provides flexibility in managing ingress VLAN traffic. For example, you can set port ingress filtering to enabled and can also specify the acceptable frame type to implement finegrained control on the ingress traffic. Refer to the Sun Ethernet Fabric Operating System CLI Base Reference Manual for details.

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 25

Page 26

Fine Tune the VLAN Setup

Obtain the SEFOS prompt.

Display the default port configuration.

For example:

SEFOS# show vlan port config port extreme-ethernet 0/3

Vlan Port configuration table

------------------------------Port Ex0/3 Port Vlan ID : 1 Port Acceptable Frame Type : Admit All Port Ingress Filtering : Disabled Port Mode : Hybrid Port Gvrp Status : Enabled Port Gmrp Status : Enabled Port Gvrp Failed Registrations : 0 Gvrp last pdu origin : 00:00:00:00:00:00 Port Restricted Vlan Registration : Disabled Port Restricted Group Registration : Disabled Mac Based Support : Disabled Subnet Based Support : Disabled Port-and-Protocol Based Support : Enabled Default Priority : 0 Filtering Utility Criteria : Default Port Protected Status : Disabled

-------------------------------------------------------

Reconfigure the port.

For example, to reconfigure the 10GbE port Ex0/3 as a tagged port in vlan 3 and allowing only tagged frames.

SEFOS# config terminal SEFOS(config)# vlan 3 SEFOS(config-vlan)# port extreme-ethernet 0/3 SEFOS(config-vlan)# exit SEFOS(config)# interface extreme-ethernet 0/3 SEFOS(config-if)# switchport ingress-filter SEFOS(config-if)# switchport acceptable-frame-type tagged SEFOS(config-if)# end SEFOS# show vlan port config port extreme-ethernet 0/3

Vlan Port configuration table

------------------------------Port Ex0/3 Port Vlan ID : 1 Port Acceptable Frame Type : Admit

Only Vlan Tagged

Port Ingress Filtering : Enabled Port Mode : Hybrid

26 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 27

Port Gvrp Status : Enabled Port Gmrp Status : Enabled Port Gvrp Failed Registrations : 0 Gvrp last pdu origin : 00:00:00:00:00:00 Port Restricted Vlan Registration : Disabled Port Restricted Group Registration : Disabled Mac Based Support : Disabled Subnet Based Support : Disabled Port-and-Protocol Based Support : Enabled Default Priority : 0 Filtering Utility Criteria : Default Port Protected Status : Disabled

Managing SEFOS Configurations

These tasks assist in managing SEFOS configurations:

■

“Include the SEFOS Configuration in Backups” on page 27

■

“Restore the Configuration” on page 28

Managing SEFOS Configurations

Include the SEFOS Configuration in Backups

By default, only the Oracle ILOM configuration is backed up when the backup feature is used. Complete the following tasks to include the SEFOS configuration in this backup.

Before backing up your SEFOS configuration using the Oracle ILOM backup feature, complete the following steps:

a.

Save the NEM configuration.

SEFOS# write startup-config Building configuration ... [OK]

b.

Set a passphrase.

-> cd /SP/config /SP/config

-> set passphrase=abc123 Set 'passphrase' to 'abc123'

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 27

Page 28

Restore the Configuration

Note - The passphrase you provide must not contain the @, ‘ (apostrophe), " (quotes), or \ (back

slash) symbols.

Ensure that you have proper login credentials for the server where the configuration is to be backed up.

Back up the configuration to remote server.

-> set dump_uri=ftp://username:password@192.168.1.100/tmp/myNEMconfig.bak Dump successful

Restore the Configuration

Note - The administrator must always reset the SNMP engine ID prior to doing the backup

or restore operation. Because of CR 6934622, the SNMP engine ID (even when previously set) is not visible after a reset of the system, and the administrator must record and set the ID explicitly.

Configure the network settings on the Oracle ILOM network management interface to communicate with the backup server.

-> cd /SP/network

Set the passphrase to the same value that was used for backup.

See “Include the SEFOS Configuration in Backups” on page 27.

-> cd /SP/config /SP/config

-> set passphrase=abc123 Set 'passphrase' to 'abc123'

Restore the configuration from the server.

-> set load_uri=ftp://username:password@192.168.1.100/tmp/myNEMconfig.bak Load successful.

Note - If DHCP is used for network configuration, the DNS setting is overwritten with values

supplied by the DHCP server upon restoration.

28 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 29

Note - If a syslog server address was configured in Oracle ILOM, the address is not retained

when upgrading from the 1.1.0.x release (see CR 7022286). The syslog server setting must be reconfigured after the upgrade or restore.

Configuring TACACS+

These topics describe how to configure TACACS+:

■

“TACACS+ Properties” on page 29

■

“Configure TACACS+ Settings” on page 30

TACACS+ Properties

CLI Property Default Value Description

address [tacacs+_server_IP_address] 0.0.0.0

Defaultrole [a|u|o|c|r|s| Administrator|Operator]

Operator

Specifies the IP address or DNS name of the TACACS+ server. If you use DNS, ensure that DNS is configured and functional.

Specifies the access role that is granted to all authenticated TACACS+ users.

This property supports the following legacy roles:

Configuring TACACS+

■

Administrator

■

Operator

■

Any individual role ID combinations where a = Admin, u = User Management, o = Operator, c = Console, r = Reset and Host Control, and s = Service.

fs_privilege [1|15] 1 Specifies the fs_privilege that is used for TACACS+ authenticated users

port [port_number] 49

protocol

service

secret [tacacs+_secret]

state [enabled|disabled] Disabled

†

In the TACACS+ server, the combination of ppp and ip can be configured to send additional fields in packet data. For Oracle ILOM clients this is used to send

Oracle ILOM-specific fields like sefos-fs-privilege and ilom-role.

ppp

[none] Specifies the shared secret that is used to protect sensitive data and to

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 29

to access and control SEFOS.

Specifies the port number used to communicate with the TACACS+ server.

protocol identifies the TACACS+ protocol type. service identifies the TACACS+ service type. (see footnote)

ensure that the client and server recognize each other.

Specifies whether the TACACS+ client is enabled or disabled.

†

Page 30

Configure TACACS+ Settings

Before You Begin

Note - Before you configure TACACS+ settings for use with SEFOS ensure that the User

Management (u) role is enabled. Also ensure that you have collected all relevant information about your TACACS+ environment, then configure the appropriate settings from Oracle ILOM to enable authentication using TACACS+.

Navigate to the tacacs+ directory.

-> cd /SP/clients/tacacs+

Use the set command to configure the TACACS+ properties.

-> set/SP/clients/tacacs+ state=enabled address=10.12.235.32 Set 'state' to 'enabled' Set 'address' to '10.12.235.32'

Use the show command to view the TACACS+ properties.

-> show /SP/clients/tacacs+ /SP/clients/tacacs+ Targets:

Properties: address = 10.12.235.32 defaultrole = o fs_privilege = 1 port = 49 protocol = ip secret = ***** service = ppp state = enabled

Commands: cd set show

Issues Corrected in the Patch Update

These issues have been corrected in this update.

Issue Number Description of Corrected Issue

22543509 Fix for CVE-2015-5600 Bug 22686043. Fix for CVE-2015-3197.

30 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 31

Issue Number Description of Corrected Issue

21164486 sefos crashing when an snmpwalk is performed on NEM using OID sefos.

Issues Corrected in Prior Updates

These issues were corrected in prior product updates.

Issues Corrected in Prior Updates

Issue number

21445917 Fix for CVE-2015-1793.

20440855 CVE-2015-0235 - "GHOST" Vulnerability in GLIBC

19888525 Provide support for LLA feature on NEM.

19884205 Please provide link-trailing feature

19689330 Apply fixes for BASH software threat: CVE-2014-7169 / CVE-2014-6271

18976705 CVE-2014-0224 ETC, MULTIPLE SECURITY BUGS - UPGRADE OPENSSL

18756094 Missing "#" in CLI Prompt

18391504 Enhance the CLI to clear dynamic MAC addresses globally, per-VLAN, and per-interface.

18391464 RIP: Triggered updates are sent from a passive interface.

18383281 NEM restarts due to memory shortage.

18291821 LDAPSSL, RADIUS, and TACACS+ client password authentication fails on even numbered

18262738

18118742 Unclean shutdown of the diagnostics does not release buffers/lock, can block Rx/Tx.

18118577 VLAN name cannot be specified for a new VLAN in PVRST mode.

18038564 Display CPU, memory, and disk usage from Oracle ILOM CLI.

18038543 Display host name in an Oracle ILOM prompt.

18038361 Copy SEFOS files from Oracle ILOM.

18038350

18038336 IPV6: ND/RA packets only get trapped to CPU and do not get switched to other ports.

18038328

18038322

18038311 When applying ACL to block RA from source server it blocks all ICMP.

18038285 Support for multiple RADIUS servers.

18038275 Support for multiple TACACS+ servers.

17943395 NEM configuration is not restored after a power failure.

16239036

17435862 A session's state is not cleaned up in SEFOS when remotely authenticated sessions exit.

17435883 Remotely authenticated user removed from SEFOS prematurely.

17435892 QSFP MMF transceiver and QSFP Cu Twinax cables are not recognized by SEFOS.

Description of Corrected Issue

occurrences of the password prompt.

root user login without password is possible when TACACS+ authentication is configured.

Implement reset for /SYS/sefos.

show debugging 2019 command always shows output OSPF3 - Critical debugging is on.

debug npapi command: Added Rx and Tx packet dump options.

fs_privilege accepts extra nonnumerical characters after valid value.

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 31

Page 32

Issues Corrected in Prior Updates

Issue number

Description of Corrected Issue

17435909 Dynamic MAC entries of the port do not get flushed on STP status change.

17435930

The port-channel state might not get reflected correctly by the show ether summary command.

17435949 Ping to broadcast IP fails over NEM.

7128865 1.2.1 IPv6 PMTU is restored after reboot.

7101943

1.2.1 shutdown opus interface does not cause nxge to show link down messages.

7096178 ACLv6 permit/deny combination is not blocking traffic.

7128877 ONEM does not return to ONET mode after reset.

7116342 SEFOS/ONET needs to be started after upgrading firmware in ONET mode and resetting SP.

7116607 SNMP error messages display wrong OID.

7100720 SLB L2: Error is seen when re-assigning a port from one LBG group to another.

7153553 Allow special characters to be included in the VLAN name.

2221780 XVLAN port delete is not handled correctly.

7152313 Watchdog exception on ONEM after shutting down Cisco 6509 port.

2221270 Add L3 functionality to XVLAN interfaces.

7174488 STP: Need to support the loop guard.

7167700 ONEM link doesn't come up after repetitive shut/no shut.

2222974 Allow debug print prior to debug thread start.

7174466

7174467

ping ipv4: Add ping command options to accept source as VLAN ID or IP address.

set port gvrp disable: Gobal gvrp disabled, but still needs to disable it on interface.

7007423 Incorrect message seen when assigning ports to port-channel repeatedly.

7042329

7174501

Save important log files so they exist even after a reset /SP command.

Better error message needed when fs_cli cannot be started.

7174602 Show CRC counters.

7174820 Do not show repeated history.

7174823 Use Oracle ILOM source for NTPD.

2221780 XVLAN port delete is not handled correctly.

2221270 Add L3 functionality to XVLAN interfaces.

7035740 Implement TACACS+ access control.

7187305 RIP with MD5 authentication: Keychain value is not preserved after save and reboot.

7187304 RIP with 2k routes: Not learning all the routes from the neighbor, and crashing after a while.

7184848 XVLAN+RIP: Route is not distributed or learned after save and reboot.

7179258

Issue with spanning-tree mst forward-time, spanning-tree mst max-age.

7187210 STP: MSTP port role and state not converged correctly during failover testing.

7206488 SLB: failover does not happen when standby node is available again.

7179564 SLB: failover does not happen when standby node is available again.

7186136 Make switch uptime and SEFOS uptime visible from Oracle ILOM.

7207591 SEFOS restarts with PVRST config.

2198812 SEFOS MIB access is lost due to the Agentx subagent dropping packets.

6899100 Garbage characters are displayed with backspace key at the login prompt.

32 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 33

Issues Corrected in Prior Updates

Issue number

Description of Corrected Issue

6985493 64-bit counters in the interface MIB are not working.

7004715 SEFOS audit log events should be routed to Oracle ILOM.

7004717

Add cron job to allow log rotation.

7007791 Route entry may not be added to a ECMP group when the next hop addresses are already resolved.

7015496 Restore of SNMP community fails.

7019251 Port speed change does not get saved across reboots if the port is a member of any LAG.

7020153 RADIUS default role is not preserved across a reboot.

7022286 Syslog target IP address is not preserved when upgrading firmware.

7029161 Make hostname part of SEFOS prompt.

7029946 [A-00002871][F-4746] IPv4/IPv6 static route is unstable after upgrade.

This fix requires you to recreate your configuration from scratch before installing the 1.1.0.11. firmware.

7030829 Routed traffic is trapped when multicast is shut down.

7033812 Advertise hostname as system name in LLDP.

7035245 Audit log should not display SEFOS passwords.

7036831 Debug messages on the console are misaligned.

7038044

RADIUS: Local root user is not able to get into SEFOS.

7039468 Protect SEFOS special users.

7040207 MAC learning is inconsistent across LAG (SDK 2.5.8).

7042329

Save important log files so they exist even after a reset /SP command is issued.

7043345 Debug messages are truncated to 80 bytes.

7043692 SEFOS shutdown task sometimes hang forever.

7043940 Increase maximum size of debug log file.

7046128

7046583

7046586

cd /NEM/fs_cli accepts characters after the command without reporting an error.

RADIUS root user can stop/start SEFOS.

When logging in as local user with role=s the switch reports Unable to set session remote IP address.

7056299 SEFOS is not sending a trap when CPU utilization exceeds the maximum threshold.

7058695 Port-channel sometimes can not establish connections.

7067339 SEFOS can not Restore if more than 10 IP addresses are used

7069057 IP route is missing for some VLANs and breaks connectivity.

7072399 Enable XVLAN/VLAN port sharing.

7078601 RIP packets should not be trapped if the RIP feature is disabled.

7080854

7080860

Creating a user with the string password displays an internal password in Oracle ILOM.

Unable to create a user in Oracle ILOM starting with the string password.

7092642 Static route sometimes not saved or restored correctly.

7097788 Protocol packets on port-channels use out of range MAC addresses.

7098864 SEFOS is not showing all PIMv4 neighbors.

7110231 VLAN: Problem in adding VLAN entries after a save or reboot.

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 33

Page 34

Issues Corrected in Prior Updates

Issue number

Description of Corrected Issue

7100755 IP RIP authentication mode MD5 causes some routing tables not to sync or update.

2213237 Bad values are returned in the SEFOS MIB.

6872119

The output of the show interfaces int counters command is not aligned.

6885891 Disable the service account by default.

6899100 Unnecessary characters are displayed with use of the backspace key at the login prompt on the

console.

6901521 Untagged ports can show up on the default VLAN as well as where they are actually assigned.

6916366 Re-enable PVRST+.

6920781 Make Oracle ILOM enterprise MIBs available on standard SNMP ports.

6920407 SNMP request for unsupported feature MIB should not return resourceUnavailable message.

6943438 SNMP agent doesn't invoke the MIB handlers for Sun enterprise OIDs greater than 231.

6947266 ILOM backup and restore feature should support switch configuration files as well.

6951536

Add the ability to set fs_privilege attribute from the web browser.

6952228 Allow SEFOS to be stopped or started without a reboot.

6962823 Upgrading switch firmware from 1.0.1.6 to version 1.1.0.0 through the web browser fails.

6964907 64-bit counters in interface MIB are not working.

6966581 Oracle ILOM restore from the telnet console restarts the session and the user can't login again.

6966772 Oracle ILOM restore from BUI restarts the session and user can't login again.

6970627 Enable Oracle ILOM advanced user authentication methods (RADIUS, etc.)

6972856

running-config shows different interface type for port mirror monitor session configure.

6973258 QoS: Weight is incorrectly calculated.

6979262

Reduce writes to flash file system by moving /var and /tmp to tmpfs.

6979532 ServiceTag should use the swordfish UUID rather than the part number.

6980869

The create user password=password command does not create the fs_privilege attribute.

6985379 Enable DNS.

6985524 SEFOS MIB access is lost due to the agentx subagent dropping packets.

6985910 Ping fails, the switch drops ICMP echo reply packets.

6987118 Re-setting the same serial port configuration from the console causes the session to close.

6987319 Traffic is not what is expected when MTU is set to 1500 bytes.

6988059 SSH v2 should be the only version in Oracle ILOM for the switch.

6988496 Assigning a port to a VLAN does not remove the port as a member of VLAN 1.

6989048 Packets might be dropped when using Q-in-Q interoperability in certain configurations.

6990073 The NEM SP does not blink the OK LED while the SP is booting.

6993233 MIB files are missing for OSPF and some bridge OIDs.

6994749

The help password command shows some unnecessary characters.

6994852 Disabling ServiceTag doesn't close ServiceTag Listener port.

6994875

Issue with stop /NEM/fs_cli and stop /NEM/sefos.

6991712 The switch crashes when changing mtu size.

6992172 CLI - The switch's CLI does not have any commands to show counter and packet types for a queue.

34 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 35

Known Issues

Issue number

6992476 Cannot login to Oracle ILOM.

6993232 Enable Agentx to forward OIDs originating from SEFOS.

6993286 User login name and login prompt are capitalized.

6993669

6993790 Email-alert is not working.

6994351

6996351 Need the remote IP address to be included in Oracle ILOM logging.

6997619 Multiple administrators configuring the switch at the same time can generate a bad configuration file.

6998458 Disabling SNMP can hang Oracle ILOM.

6999896 Events are not generated for fan faults.

7000727 Unexpected carriage return is added at end of the 1st line when displayed data spans 2 console lines.

7001228 Timezone changes are not reflected in SEFOS without restart.

7002324

7004641 The console connection should always be available.

7005015 The switch fails to power on during hot plug test.

7008862 The port-channel configuration is incompatible with range mode.

7014291

7030305 IP ACLs block ARP.

7030991 Make hostname part of the SEFOS prompt.

7057085 Add an option to show VLANs in ascending order (new token: show VLAN ascending).

7068895 NEM0 hung and required power cycling to recover. Configuration was lost.

7078601 RIP packets should not be trapped if the RIP feature is disabled.

7082585 PVRST+: Remove unused tokens.

7082599 SEFOS: Disable the hardware flow control by default.

Description of Corrected Issue

QOS: set meter command does not work with some parameters.

When a RADIUS user has an Oracle ILOM role of aucr, the show command in Oracle ILOM does not work properly on the switch.

QoS: set meter command failed.

Change SEFOS incremental save SW default to disabled.

Known Issues

The following known issues exist at the time of this release.

■

“SLB-L2 Error is Seen When Reassigning a Port From One LBG Group to Another (7100720)” on page 36

■

“SLB Must Not Allow Different VLANs in the Same Group (7095155)” on page 36

■

“SLB L2 Cannot Create More Than Two Groups, SLB L2 Limits to Two LBGs (7092380)” on page 36

■

“Manually Deleting Static Route Does Not Affect the Corresponding SLB Entry (7064092)” on page 37

■

“Changing the Default Value for default-vlan-id Could Result in VLAN Misconfiguration (7015004)” on page 37

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 35

Page 36

Known Issues

■

“Some of the IGMP Conformance Results Don't Match Expectations (7006297 and

6997415)” on page 37

■

“Ports Lock and Corresponding LEDs Stay Lit or NEM Fails to Power On After Doing Consecutive Hardware Resets (6992127)” on page 37

■

“QoS - set algo-type tailDrop queue-drop-algo Does Not Work (6991230)” on page 38

■

“Packets Might Be Dropped When Using Q-in-Q Interop in Certain Configurations (6989048)” on page 38

■

“The no default-metric [,short(1-16)>] Command Does Not Work as Documented (6987482)” on page 38

■

“CMM Reports SAS2 on the NEM as Faulty if SAS2 Is Not Enabled (6977266)” on page 38

■

“Using vlan 1 as Shown in Various Examples in the Documentation Generates Error Codes (6968484)” on page 39

■

“When Multiple Configuration Scripts Are Run in Parallel, SEFOS Application Can Crash (6936742)” on page 39

■

“Unlit Link and Activity LEDs for the SFP+ Ports (6873825)” on page 39

■

“The switch Command Line Option Is Unsupported” on page 39

■

“SSL V3.0 POODLE DISABLE SSL V3 (19842641)” on page 39

SLB-L2 Error is Seen When Reassigning a Port From One LBG Group to Another (7100720)

When a node member is reassigned from one SLB-L2 LBG to another SLB-L2 LBG, you must first remove the original LBGs and reestablish the two new groups.

SLB Must Not Allow Different VLANs in the Same Group (7095155)

SLB does not support multiple VLANs in the same SLB group. Such a configuration has unexpected results for fail-over. Currently, there is no prevention mechanism in place for setting up such a configuration.

SLB L2 Cannot Create More Than Two Groups, SLB L2 Limits to Two LBGs (7092380)

There is no workaround for this issue.

36 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 37

Known Issues

Manually Deleting Static Route Does Not Affect the Corresponding SLB Entry (7064092)

SLB tracks and manages static route entries that correspond to a load balancing group created by the SLB commands. If a static route entry was created by executing SLB commands, do not

use the no ip route command to remove that static route directly.

Changing the Default Value for default-vlan-id Could Result in VLAN Misconfiguration (7015004)

Workaround: If you need to change default-vlan-id from 1 (the default value) to some other value, you must do so before doing any other VLAN configuration. When using XVLAN

features, only default-vlan-id 1 is supported. In order to use the XVLAN feature, you must restore the default value of 1 for default-vlan-id if it was changed.

Some of the IGMP Conformance Results Don't Match Expectations (7006297 and 6997415)

The NEM does not fully adhere to the University of New Hampshire (UNH) IGMPv3 Conformance Test Suite.

Workaround: No workaround is available. If you experience a suspected IGMP interoperability problem or other issue with the NEM, contact your authorized Oracle service provider.

Ports Lock and Corresponding LEDs Stay Lit or NEM Fails to Power On After Doing Consecutive Hardware Resets (6992127)

Workaround: In the unlikely event that the NEM's switch ports lock upon consecutive hardware resets through CMM, complete these steps:

Power off the NEM from CMM: stop /CH/NEMx.

2. Wait five minutes while the capacitance discharges and power the NEM back on:

start /CH/NEMx

3. Remove the NEM, wait five minutes while the capacitance discharges, and reinstall the NEM in the chassis.

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 37

Page 38

Known Issues

QoS - set algo-type tailDrop queue-drop-algo Does Not Work (6991230)

The tailDrop keyword is not supported for use with this product.

Packets Might Be Dropped When Using Q-in-Q Interop in Certain Configurations (6989048)

Workaround: If you use Q-in-Q interop between the NEM and a third-party switch, manually turn on the Jumbo Frame feature on the third-party switch.

The no default-metric [,short(1-16)>] Command Does Not Work as Documented (6987482)

Workaround: Ignore the keyword short when it appears in the syntax of any command and execute the command without it. Using this CR's synopsis as an example, the command is

issued as no default-metric 1.

CMM Reports SAS2 on the NEM as Faulty if SAS2 Is Not Enabled (6977266)

If you choose to upgrade to the NEM 1.2 firmware, but keep the SAS2 feature disabled, the CMM reports a fault when you run the show faulty command. Upgrade the CMM firmware to

version 3.0.12.11.b or higher to fix this issue, or use the following.

Target | Property | Value

-------------------+-------------+------------------------------/CMM/faultmgmt/1 | fru | /CH/NEM0 /CMM/faultmgmt/1/ | class | fault.chassis.sas.comm.fail

Workaround: Clear the fault each time the NEM or the CMM is rebooted.

-> set /CH/NEM0/ clear_fault_action=true Are you sure you want to clear /CH/NEM0 (y/n)? y Set 'clear_fault_action' to 'true'

38 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016

Page 39

Known Issues

Using vlan 1 as Shown in Various Examples in the Documentation Generates Error Codes (6968484)

Workaround: Instead of using vlan 1 as shown in the product documentation, use any unused VLAN.

When Multiple Configuration Scripts Are Run in Parallel, SEFOS Application Can Crash (6936742)

The current release of the SEFOS configuration and management application doesn't support multiple, concurrent updates to the configuration database.

Workaround: Multiple SEFOS login sessions are allowed to read the system status at any time, however, use only one of these sessions to configure and update the NEM.

Unlit Link and Activity LEDs for the SFP+ Ports (6873825)

Unlit Link and Activity LEDs for the SFP+ ports might appear partially lit when the LEDs are viewed from an angle.

Workaround: View the LEDs directly from the front of the unit.

The switch Command Line Option Is Unsupported

The switch option in various commands is not supported when you are connected to SEFOS. In the SEFOS documentation, disregard the switch option listed in any command and disregard

any output examples that show multiple instances. Output examples that show a single instance are valid in SEFOS.

SSL V3.0 POODLE DISABLE SSL V3 (19842641)

Workaround: Disable SSLv3 from ILOM under /SP/service/https.

-> cd /SP/services/https

/SP/services/https

Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes 39

Page 40

Known Issues

-> set sslv3=disabled Set 'sslv3' to 'disabled'

-> show /SP/services/https Targets: ssl

Properties: port = 443 servicestate = enabled sslv2 = disabled sslv3 = disabled tlsv1 = enabled weak_ciphers = disabled

Commands: cd set show

40 Sun Blade 6000 Ethernet Switched NEM 24p 10GbE Release 1.2.2 Product Notes • March 2016