TrustSec Configuration and bug fixes

New Features

Certificate Based MACsec

The Certificate based MACsec Encryption feature uses 802.1X port-based authentication with Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) to carry Certificates for ports where MACsec encryption is required.

TrustSec Configuration on Parallel Redundancy Protocol (PRP) Interface

You can configure TrustSec on member interfaces of a PRP channel.

PTP over DLR

The integration of PTP and DLR delivers fast convergence in a time-sensitive application while ensuring that neither DLR nor PTP cause any synchronization faults during an outage.

On Board Failure Logging (OBFL)

OBFL monitors and records the health state of the vital pieces of a network equipment. The software temperature monitors and logs the data into a separate partition on the internal flash.

Open Caveats

CSCwi01476

All IE3x00 platforms and ESS3300: Memory leak in "Pool manager", small buffers leaking memory due to PTP packets

CSCwi23741

EAP-TLS auth issue after updating IE3400 Switches from 17.1.x or 17.3.x releases to 17.7.x and above

Resolved Caveats

CSCwh87343

All IE3x00 platforms and ESS3300: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

CSCwf83475

IE3100: Moving port across vlan, MRP ring does not converge

CSCwh75542

IE3400 and IE3400H switches increasing the memory usage

CSCwh38767

IE3x00: Interface input errors(ifInErrors) is getting reset on every read

CSCwf80202

REP Alt port does not return to the designated port after recovering from the malfunction

CSCw h79813

All IE3x00 platforms and ESS3300: Etherchannel Mismatch Triggers Loop (mac-flap)