TrustSec Configuration and bug fixes
New Features
Certificate Based MACsec
The Certificate based MACsec Encryption feature uses 802.1X port-based authentication with Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) to carry Certificates for ports where MACsec encryption is required.
TrustSec Configuration on Parallel Redundancy Protocol (PRP) Interface
You can configure TrustSec on member interfaces of a PRP channel.
PTP over DLR
The integration of PTP and DLR delivers fast convergence in a time-sensitive application while ensuring that neither DLR nor PTP cause any synchronization faults during an outage.
On Board Failure Logging (OBFL)
OBFL monitors and records the health state of the vital pieces of a network equipment. The software temperature monitors and logs the data into a separate partition on the internal flash.
Open Caveats
CSCwi01476
All IE3x00 platforms and ESS3300: Memory leak in "Pool manager", small buffers leaking memory due to PTP packets
CSCwi23741
EAP-TLS auth issue after updating IE3400 Switches from 17.1.x or 17.3.x releases to 17.7.x and above
Resolved Caveats
CSCwh87343
All IE3x00 platforms and ESS3300: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
CSCwf83475
IE3100: Moving port across vlan, MRP ring does not converge
CSCwh75542
IE3400 and IE3400H switches increasing the memory usage
CSCwh38767
IE3x00: Interface input errors(ifInErrors) is getting reset on every read
CSCwf80202
REP Alt port does not return to the designated port after recovering from the malfunction
CSCw h79813
All IE3x00 platforms and ESS3300: Etherchannel Mismatch Triggers Loop (mac-flap)