Transcription
NetMRI 7.5.1 Release NotesINTRODUCTION . 2NEW FEATURES . 2DEPRECATED AND OBSOLETE FEATURES . 2Deprecated Features . 2Obsolete Features . 2Planning for Deprecated and Obsolete Features . 2DEVICE SUPPORT UPDATES . 3UPGRADE GUIDELINES . 8A Note on External Authentication and Authorization Services . 8Upgrade Sandbox Instances . 8OTHER REQUIREMENTS . 9Tested Versions of Web Browsers . 9Supported Hypervisors . 10TECHNICAL SUPPORT . 10Product Support . 10Documentation . 10Training . 10RESOLVED ISSUES . 10Fixed in NetMRI Release 7.5.1 . 10Fixed in NetMRI Release 7.5.1 Documentation . 12KNOWN ISSUES IN NETMRI RELEASE 7.5.1 . 13 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 1 of 148/27/2021
NetMRI 7.5.1 Release NotesINTRODUCTIONAll existing customers have the option to upgrade their deployments to the auto-failover configuration forstandalone, Operations Center, and collector appliances.The following sections describe new features, device support, upgrade guidelines, resolved issues, and knownissues for the current release.NOTE: Active penetration and vulnerability scans are conducted as part of the security testing. All reported anddiscovered SQL injection vulnerabilities have been fixed. A number of other vulnerabilities have beenfound and fixed as well, but the fixes for lower-severity vulnerabilities will be completed in theupcoming releases. All vulnerabilities require an authenticated user to initiate the action. To the best ofour knowledge and testing ability, we are unaware of unauthenticated exploits.NEW FEATURESThe current release does not contain new features or improvements but provides a number of bug fixes. Formore information, see Resolved Issues.DEPRECATED AND OBSOLETE FEATURESThis section describes features no longer supported in this release or planned for removal in a future release.These are the features that have not been adopted by customers or have been used only for specific cases in thepast. NetMRI contains a rich set of features; to ensure that the focus remains on improving the features that arein use, we have trimmed many existing features and added new ones in areas where the number of use cases isgrowing.Deprecated FeaturesDeprecated features are features that are skipped during release qualification. The code remains unchanged butmight be removed in a future release.There are no deprecated features in NetMRI version 7.5.1.Obsolete FeaturesBecause the SSH client has been upgraded, NetMRI 7.4.4 has dropped support for the following: SSH protocol version 1, associated configuration options, and documentation.hmac-ripemd160 MAC.ARCFOUR, Blowfish, and CAST ciphers.RSA keys that are less than 1024 bits in length.Compatibility support for some very old SSH implementations, including ssh.com 2. and OpenSSH 3.These versions were released in or before 2001 and predate the final SSH RFCs. The support in questionis not necessary for RFC-compliant SSH implementations.If you get a “no matching cipher” error when connecting to devices from NetMRI over SSH, use the configuressh command to adjust the list of ciphers.Planning for Deprecated and Obsolete FeaturesThis release does not contain features that are candidates for becoming deprecated or obsolete in a futurerelease. 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 2 of 148/27/2021
NetMRI 7.5.1 Release NotesDEVICE SUPPORT UPDATESThe following devices are newly supported for release 7.5.1:VendorModelTypeOS or FirmwareAcmePacket3900VoIP GatewaySCZ8.3.0 Patch 7 (Build 123)AcmePacket4600VoIP GatewayECZ8.1.0 MR-1 Patch 14 (Build 387)AlcatelOS9900Switch-Router8.5.199.R04 GAAlcatel6465T-P12Switch-Router8.6.289.R01 GAAlteon6024Load Balancer30.5.10.0Avocentacs8016Console Server2.6.4.4336Avocentacs6016Console Server3.7.0.11Avocentacs8032Console 1BSNBig Cloud FabricSD-WAN4.7.9CheckPoint6500FirewallGaia R80.20CheckPoint5600FirewallGaia R80.30CiscoASR9904RouterIOS-XR 6.2.3[Default]CiscoFirepower Fpr2110tdFirewall6.4.0.7 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 3 of 148/27/2021
NetMRI 7.5.1 Release NotesVendorModelTypeOS or uter15.5(3)M5CiscoUCS C240 wer Fpr2130tdFirewall6.6.0CiscoFirepower Fpr4145K9Firewall5.0(3)N2(4.61)CiscoFirepower uter9.3(3)CiscoFirepower er9.3(3)CitrixNSMPX-26000-50SLoad BalancerNS12.1: Build 56.22.ncCitrixSDX 14020Load Balancer12.1CitrixNSSDX-14000Load Balancer12.1CitrixNSMPX-11500-ZLoad BalancerNS13.0: Build 61.48.ncCheckPoint15600FirewallGaia R80.30 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 4 of 148/27/2021
NetMRI 7.5.1 Release NotesVendorModelTypeOS or FirmwareCoriantGroove G30Disaggregation 9 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 5 of 148/27/2021
NetMRI 7.5.1 Release NotesVendorModelTypeOS or er7.1.070, Release , Release 2432P06H3C5900AF48G4XG2QSFPPlus Switch-Router7.1.045, Release 99 Release ASwitch-RouterArubaOS-CX 2 uter6.3.3.0 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 6 of 148/27/2021
NetMRI 7.5.1 Release NotesVendorModelTypeOS or gearIM7248-2-DACConsole Server3.10.0-uc0OpengearCM7148-2-DACConsole Server3.10.0-uc0RiverbedSteelhead ireless AP4.0.80.10875UbiquitiUniFi AP-AC-MeshWireless AP4.3.20.11298 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 7 of 148/27/2021
NetMRI 7.5.1 Release NotesUPGRADE GUIDELINESThe file with the upgrade image is ib network automation-7.5.1.XXXXX.gpg.The following table provides guidelines for upgrading previous versions of NetMRI to the 7.5.1 version. The tableincludes specific cases.VersionGuidelines6.9.x or earlierFollow this upgrade path: 7.0.5 7.1.4 7.4.5 7.5.1.7.0.x7.1.xUpgrade to 7.1.4, then to 7.4.5, and then to 7.5.1.7.2.xUpgrade to 7.4.5, and then to 7.5.1.7.3.x7.4.x7.5.xUpgrade directly to 7.5.1.HA system running7.1.[2-4]Before performing the upgrade, apply one of the v7.1.[2-4]NETMRI-30000.gpg hotfixes available on the AutoUpdateserver.When applying a hotfix, ignore the reference to 7.1.4NETMRI-30000.HA system running7.3.2, 7.3.3, or 7.4.[14]Before performing the upgrade, apply the NETMRI-33842.gpghotfix for the appropriate NetMRI. These hotfixes areavailable on the AutoUpdate server.When applying the hotfix, ignore the reference to NETMRI33842.Systems that do notconnect to the Internetor AutoUpdate serverDownload the upgrade image file and SCP it to the adminusers’ directory on the appliance. Next, perform a 7.5.1upgrade by running the standard AutoUpdate utility from theNetMRI Admin Shell.In Operations Center Controller-to-Collector communications, all collected network data passes from theCollector to the Controller through a tunnel connection. Because the tunnel connection is shut down during anupgrade to 7.5.1, data collection is shut down on Operation Centers.A Note on External Authentication and Authorization ServicesIf you are using external authentication over SSL, ensure it supports TLS 1.2 prior to upgrading NetMRI.Upgrade Sandbox InstancesBefore starting an upgrade, ensure that all local and remote sandboxes are fully and properly upgraded orreinstalled on the starting release version. If a sandbox is in an incorrect state prior to a follow-on upgrade, thismight create issues that are difficult to diagnose.Local sandbox instances for NetMRI are upgraded automatically.Remote Sandbox instances (for example, those on a VM server) must be manually reinstalled in the followingcases: 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 8 of 148/27/2021
NetMRI 7.5.1 Release Notes You are upgrading between major versions, for example, from 7.3.3 to 7.4.1.You are upgrading to 7.4.5, which is a minor version.When upgrading between other minor versions, for example, from 7.4.1 to 7.4.2, you do not need to redeploythe remote sandbox.To reinstall a remote sandbox instance:1. Download a new Sandbox VM file from Infoblox.2. In the Admin Shell, run the sandbox deregister command for the previous remote sandbox.3. After the NetMRI upgrade is complete, deploy a new instance of the sandbox image.4. In the Admin Shell, register the new instance with the sandbox register command.For more information, refer to the topics Using the NetMRI Sandbox and Setting Up a Remote Sandbox in theonline Help.To extend the size of an image and of an internal swap partition size for the local sandbox, manually executethe sandbox reset command after the upgrade. Any changes made to the sandbox (for example, additionallibraries installed) will be lost during this process.OTHER REQUIREMENTSTested Versions of Web BrowsersNetMRI 7.5.1 has been tested with the following web browsers:OSBrowserMicrosoft Windows 7 Microsoft Internet Explorer 11.xMozilla Firefox 63.xLatest version of Google ChromeMicrosoft Windows 8.1 Microsoft Internet Explorer 11.x, EdgeMozilla Firefox 63.xLatest version of Google ChromeMicrosoft Windows 10Microsoft Internet Explorer 11.x, EdgeMozilla Firefox 63.xLatest version of Google ChromeApple Mac OS X 10.13.6Safari 13.0.5NOTE: Internet Explorer 11 does not render Topology Viewer well. Topology Viewer requires a browser thatsupports the ES6 standard (ECMAScript 2015 and later), but IE11 does not support this and laterstandards.We have removed the “The browser you are using is not supported” warning. Occasional issues with displaymight arise because these browsers go through their rapid release cycles; however, we expect that their codingis compatible with NetMRI and that it is no longer necessary to highlight the version difference in red duringevery login.When viewing NetMRI, set the screen resolution of your monitor as follows: Minimum resolution: 1024x768Recommended resolution: 1280x800 or better 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 9 of 148/27/2021
NetMRI 7.5.1 Release NotesSupported HypervisorsInfoblox offers NetMRI in a virtual machine version. The following hypervisors support the NetMRI 7.5.1 VMoperation: VMware ESXi 5.5, ESXi 6.5, and ESXi 6.7OpenStack VictoriaTECHNICAL SUPPORTProduct SupportInfoblox technical support contact information:Telephone: Toll-free number for the US and Canada: 1-888-463-6259EMEA: 32 3 2590440US: 1-408-986-4000, ext. 1Email: support@infoblox.comWeb: https://support.infoblox.comDocumentationThe latest documentation is available on docs.infoblox.com.TrainingTraining information is available on https://training.infoblox.com.RESOLVED ISSUESThe following issues were reported in previous NetMRI releases and resolved in this release.Fixed in NetMRI Release 7.5.1IDSummaryNETMRI-32884Information about the failover configuration remained in the menu after the HA collectorwas removed.NETMRI-34143Negative interface utilization values were displayed for Nexus devices.NETMRI-34251The SDN Network Mapping Policy setting in advanced settings could be set to an incorrectvalue by using API.NETMRI-34254The Config Running Not Saved issue was triggered for Cisco Cat9200 devices even after anadditional noise filter DSB was installed. 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 10 of 148/27/2021
NetMRI 7.5.1 Release NotesIDSummaryNETMRI-34347The Cisco Command tool tried to use an unavailable cipher for the SSH session.NETMRI-34385The collected inventory data could not be cleaned up on virtual devices.NETMRI-34388The CiscoWS-C3850* Gi0/0 interface did not contain the inventory record.NETMRI-34407Dates were not displayed on the x-axis of the History graph on the Issue Viewer page.NETMRI-34415Issue Viewer did not display Device Sys Description for the Device Identity Change issue.NETMRI-34417VLAN names are not displayed in Device Viewer Interface Configuration.NETMRI-34434Syslog issue notifications did not specify the status of the issue.NETMRI-34465Old RPM packages were not removed from the Sandbox repository after upgrades wereperformed.NETMRI-34468NetMRI appliances would sometimes run out of memory and had to be rebooted.NETMRI-34472Basic system information was not collected for unlicensed SDN devices.NETMRI-34473In some cases, end hosts were not displayed on the following page: Network Explorer Switch Port Management End Hosts End Hosts Not Present.NETMRI-34497UI became unresponsive when users clicked Network Analysis Policy Compliance.NETMRI-34503Reports were empty if they contained the Configuration File Revisions: Text column.NETMRI-34506A Viptela controller was not checked for reachability before an API request was sent.NETMRI-34511The Neighbor Name, Neighbor Type, Neighbor Address, and Neighbor Interface Namecolumns did not display any data in the FindIT tool. 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 11 of 148/27/2021
NetMRI 7.5.1 Release NotesIDSummaryNETMRI-34548Viptela fabric failed to log out, and this overloaded Viptela devices.NETMRI-34553NetMRI polls caused Vipela CPU and disk to overload and affected other network devices.NETMRI-34554Wireless APs were discovered as routers despite being specified as APs in Device Hints.NETMRI-34555XML policy rules failed despite meeting the conditions in their configuration files.NETMRI-34565The Max Requests per Second setting did not limit the number of calls made to SDNcontrollers.NETMRI-34566The custom column deviceversion caused malfunctions on the following page: NetworkExplorer Inventory OSs View All OSs.NETMRI-34569Default issue descriptions that contain See Also links did not direct users to the Ciscowebsite.NETMRI-34575Management and VRRP IP addresses were not collected for Alteon devices.NETMRI-34576Virtual device context was included in discovery when the virtual host had the interfaceconfigured in the Admin Down status.NETMRI-34577The Remote Config Archive feature did not work as expected on VM setups with new VMpartitioning.TOPOV-96It was impossible to launch a topology viewer of any type (L2 nHop, L3 nHop, L3 PathViewer, or L2/L3 Path Viewer) from the Device Actions menu.Fixed in NetMRI Release 7.5.1 DocumentationIDSummaryNETMRI-30332The instructions for configuring physical or virtual scan interfaces were updated.NETMRI-30442The information about managing IP and VIP addresses of Operation Centers was updated. 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 12 of 148/27/2021
NetMRI 7.5.1 Release NotesIDSummaryNETMRI-32340The instructions for deleting NetMRI Collectors were added.NETMRI-32720The instructions for creating support bundles were updated.NETMRI-33009The description about changing blackout for discovery ranges was added to the end-userdocumentation.NETMRI-33631The snmpwalk was updated in the Administrator Guide and Online Help.NETMRI-34432The index in NetMRI Online Help was fixed and displays all keywords.NETMRI-34477The Infoblox logo was updated in the end-user documentation.KNOWN ISSUES IN NETMRI RELEASE 7.5.1The following items are notable bugs or potential improvements found by Infoblox or reported by customers.These are candidates for future maintenance or major releases. For information on specific tickets, pleasecontact support.IDSummaryNETMRI-28959The Device Groups list is empty in the Discovery Diagnostic that is displayed on the OC.NETMRI-29831After the initial boot of the imported NetMRI OVA/OVF Virtual Appliance, an incorrectserial number is displayed in the login banner, command prompt, and show versioncommand.NETMRI-30460Reports that take longer than 5000 seconds do not send email notifications.NETMRI-30616Unicast counts are set to 0 when NetMRI uses SNMPv1 for polling on devices that supportHC counters.NETMRI-32989Policies are not deployed when the All Devices checkbox is selected on the followingpage: Config Management Policy Design Center Policy Deployment. 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 13 of 148/27/2021
NetMRI 7.5.1 Release NotesIDSummaryNETMRI-33586The SNMP value of sysUpTime does not equal the CLI value on Nexus devices for Cisco.NETMRI-33877For some Cisco devices, configuration is not collected automatically and the CLIcredentials fail even though they were added correctly.NETMRI-34390SNMPWalk does not work on Cisco devices with SNMPv3 with AES-192/256.NETMRI-34427Devices have unmanaged and unlicensed status after the replacement of the referencedregistered collector.NETMRI-34430The hpacucli command sometimes stops responding, and this causes systemd to stopresponding and prevents a reboot.NETMRI-34550The DSB failure can cause the DSB to be continuously installed on collectors.NETMRI-34630Ranges exported from NetMRI 7.5.0 or older versions do not contain discovery andchange blackout schedules. After these ranges are imported, the discovery blackout andchange blackout must be scheduled manually in NetMRI.TOPOV-97Search by criteria is not working in Network Explorer Topology. 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.P/N 400-0752-000Page 14 of 148/27/2021
NOTE: Active penetration and vulnerability scans are conducted as part of the security testing.All reported and discovered SQL injection vulnerabilities have been fixed. A number of other vulnerabilities have been found and fixed as well, but the fixes for lower-severity vulnerabilities will be completed in the
