Added links to Virtual Assistance and Cisco Business Dashboard (CBD) Product Web Page

What's New

GUI

Added in GUI to the Virtual Assistance and to the CBD Product Web page:

• As icons on the Mast page.
• As Other Resources hyperlinks on the Getting Started page.

CBD Probe Version

The CBD probe version was updated to 2.6.1.20231011 (from version 2.6.0.20230314 in release 3.3.

OpenSSL Version Upgrade

OpenSSL version was upgraded to version OpenSSL 1.1.1w (from version OpenSSL 1.1.1q in release 3.3).

Updates TLS Ciphers List

The following CBC based ciphers are no longer supported in release 3.4

• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_CBC_SHA

Therefore the list of supported ciphers in release 3.4 is:

TLS 1.2 ciphers:

• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1)
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1)
• TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1)
• TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 3072)
• TLS_AES_256_GCM_SHA384
• TLS_CHACHA20_POLY1305_SHA256
• TLS_AES_128_GCM_SHA256
  TLS 1.3 ciphers:
• TLS_AES_128_GCM_SHA256
• TLS_CHACHA20_POLY1305_SHA256
• TLS_AES_256_GCM_SHA384

Resolved Issues

CSCwc24759

The Global PoE Power consumption does not match the per port calculation is displayed in CLI and GUI.

CSCwe92236

In some cases binding to port fails for an ACL that containing multiple rules with TCP/UDP port range.

CSCwf13332

Can't use a period (.) in the GUI when configuring DHCP Server Option 66 text field.

CSCwe25855

Link flapping may occur when inserting the GLC-TE v03 S/N prefix ACWxxxxx.

CSCvx44260

Connection toPNPserver failsifPNPserver addressis configured asIPv6 Link Local address.

CSCwd42686

If an interface is not a member of the native trunk VLAN, it will generate a "native VLAN mismatch" syslog even though the link partner has the same configuration

CSCwa31487

Traffic is blocked on an interface if the IP source guards is enabled on the port and in addition an IPv6 ACL is applied to the same interface.

CSCwd05831

Traffic on standby unit is blocked in case BPDU guard is enabled on multiple interfaces and a stack topology change occurs.

CSCwd59630

The passwords in RADIUS server users are displayed in cleartext in the show running command.

CSCwe07075

When 802.1x is used for a VLAN assignment (DVA) and a guest VLAN is enabled, after a while some ports may incorrectly assign a client to the guest VLAN even though they've successfully authenticated.

CSCwd67981

Following active unit failure, the uplink ports on the standby unit, move to the down state and don’t pass traffic.

CSCwf48882

In some cases an ACE configured on a VLAN will be applied to an interface on the active unit only after the active unit is reloaded.

CSCwf66976

UDP port 5353 stays open even though Bonjour is disabled

CSCwh59622

Device does not present login prompt following reload in case certain DNSclient configurations are present in the startup config file.

CSCwi35929

The SSH Connection to the DUT fails with a Key exchange algorithm of RSA-SHA2-512 and RSA-SHA2-256.

CSCwi54917

Green Ethernet energy detection - it is not possible to enable on 10G ports via the GUI.

CSCwi54919

SSH-client terminal session stuck with Bitvise SSH-Server.

CSCwi54921

No PNP CA bundle present after a factory default reset.

Known Issues

CSCwh06602

CBS350 - dot1x mac address table issue when STP is disabled but STP mode is PVST or RPVST