ExtremeCloud IQ Controller Latest ation | Extreme Networks Support ation
Support Release Notes Archive | Extreme Networks Support ation
The ExtremeCloud IQ Controller is a next generation orchestration application offering all the mobility services.
Customer Release Notes
ExtremeCloud IQ Controller
Firmware Version V.10.10.04.0001
January 6, 2025
INTRODUCTION:
The ExtremeCloud IQ Controller is a next generation orchestration application offering all the mobility services required for modern unified access deployments. The ExtremeCloud IQ Controller includes comprehensive critical network services for wireless and wired connectivity, wireless device secure onboarding, distributed and centralized data paths, role-based access control through the Application Layer (Layer 7), integrated location services, and IoT device onboarding through a single platform. Built on field proven architectures with the latest technology, the embedded operating system supports containerization of applications enabling future expansion of value-added applications for the unified access edge.
The CE1000 is an application on the Universal Compute Platform 1130C, replacing the E1120 appliance with similar functionality and limits. The CE1000 supports up to 250 APs/Defenders and 2000 users standalone, or 500 APs and 4000 users in an availability setup.
The E1120 is an entry to mid-level platform expandable to 250 APs/Defenders, 100 switches, and 4,000 mobility sessions in high-availability mode.
The E2120 is an application appliance meeting the needs of medium sized high-density and mission critical deployments with support for up to 4,000 APs/Defenders, 800 switches and 32,000 mobility sessions in highavailability mode. An optional redundant power supply is available for ordering separately.
The E2122 is an application appliance meeting the needs of medium sized high-density and mission critical deployments with support for up to 4,000 APs/Defenders, 800 switches and 32,000 mobility sessions in highavailability mode. An optional redundant power supply is available for ordering separately.
The E3120 is a large application appliance meeting the needs of high-density and mission critical deployments with support for up to 20,000 APs/Defenders, 2000 switches, and 100,000 mobility sessions in high-availability mode. An optional redundant power supply is available for ordering separately.
The E3125 is a large application appliance meeting the needs of high-density and mission critical deployments with support for up to 20,000 APs/Defenders, 2000 switches, and 100,000 mobility sessions in high-availability mode. An optional redundant power supply is available for ordering separately.
The VE6120 is an elastic virtual appliance that supports up to 1,000 APs/Defenders, up to 400 switches and 16,000 mobility sessions in high-availability mode depending on the hosting hardware.
The VE6120 VE6120H and VE6120K offer elastic capacities to cover the full range of offering as VMWare/MS Hyper-V/Linux KVM, ranging from VE6120/VE6120H/VE6120K-Small to VE6120/VE6120H/VE6120K-Large.
The VE6125/VE6125K XL are virtual appliances that supports up to 4,000 APs/Defenders, up to 400 switches and 32,000 mobility sessions in high-availability mode, depending on the hosting hardware.
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 1 of 22
ExtremeCloud IQ Controller Customer Release Notes
The ExtremeCloud IQ Controller offers the ability to expand capacity to meet any growing business needs. The hardware and virtual packages are available for purchase. The customer purchases adoption capacity as a RightTo-Use Subscription model, supporting flexible quantities (per managed device) and term (multiple-year extended term) option.
Changes in 10.10.04.0001 Updated compliance tables to reinstate channels 149 and above that WOS-7087 were mistakenly removed.
Changes in 10.10.03.0005
Resolved an issue where the license expiration warning time was not CFD-12309 recalculated when switching from connected mode to air-gap mode.
Implemented a new check in the parsing mechanism to support the use of quote characters (") in RADIUS passwords.
XCC-5420
Enhanced the reliability of statistical data sent to the Extreme Business Insights. Resolved performance issues by optimizing the cleanup process for outdated end systems, which prevents excessive resource usage. Corrected an issue preventing AP5010 information from displaying correctly on reports and floor plans. Enhanced the Ekahau floor plan import functionality to show the AP names on the floor plan instead of '?' mark that previously served as a placeholder. A resolution has been implemented for an AP 802.1X authentication issue utilizing PEAP, wherein improperly formatted passwords resulted in failed AP port authentication in some cases. Resolved an issue where the GUI failed to display the 6GHz heat map on floor plans. Added Indonesia outdoor mode for AP460S12C
Fixed an issue that was causing the RTLS (Real-Time Location System) to incorrectly report a difference of -7 every time. Corrected an issue on the AP505/510 that was causing beacons to be sent at the default rate instead of the configured rate. Enhanced Client IP address learning on AP.
Enhanced the flow hash algorithm to minimize duplicate entries that can lead to performance issues. Fixed check for maximum topology count on the AP.
Improved AFC timer expiry handling.
Allow radio driver TAF component to be configurable via AP CLI
CFD-11738 CFD-11749
CFD-11415 CFD-11860
CFD-12051
CFD-12578 WOS-7042 CFD-12350 CFD-12311 CFD-11715 CFD-11780 CFD-12884 CFD-12681 CFD-12560
Resolved a firmware upgrade issue in ExtremeCloud IQ Controller that caused unintended client disconnections.
CFD-11093
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 2 of 22
ExtremeCloud IQ Controller Customer Release Notes
Enhancements in 10.10.02.0016
Introduced SmartRF support for AFC (6 GHz outdoor standard power).
XCC-4948
Made minor enhancements to the AFC server status page and other AFC-related information on the AP monitoring page and Site/AP list view.
XCC-4946
Added enhancements to the AFC explorer such as the power slider view. This helps to visualize available channel plans for different minimum power levels.
XCC-4444
Extreme Networks® is pleased to introduce the ExtremeCloud IQ Controller Application CE1000 for small campus wireless deployments. The ExtremeCloud IQ Controller Application is hosted on ExtremeCloud Edge Universal Compute Platform. It is a highly scalable and highly available enterprise wireless controller that can support up to 250 APs in standalone mode and 500 APs in HA pair. The ExtremeCloud IQ Controller Application hosted on ExtremeCloud Edge (Self Orchestration) 1130C, is the latest generation of this market leading solution targeted to address various customer use cases.
Please refer to the datasheet and the documentation site for more details.
XCC-2978
Changes in 10.10.02.0016
Improved handling of large size floor plans
Corrected an issue that prevented access points from receiving complete configurations.
Fixed an issue where some APs did not report GPS location
Resolved an issue that caused incorrect GPS orientation and elevation readings.
I.D CFD-10570 CFD-11444
CFD-11764 CFD-11522
Enhancements in 10.10.01.0032
Introduced support for AP5050U-IL and AP5050D-IL Note: The controller recognizes the AP as a WorldWide (WW) model, with regulatory region set to IL (Israel). The AP5050U-IL and AP5050D-IL will only onboard to a site defined for country Israel.
XCC-4480
Refreshed captive portal certificate on access points to extend validity to June 2025.
WOS-6113
WPA3 Enterprise Transition Mode brings the ability to config the same WLAN / SSID to all three radios (2.4GHz, 5GHz and 6GHz). When this option is enabled, PMF (protected management frame) is enabled the following way. For 2.4 and 5GHz operation the authentication is set to WPA2 with PMF set as optional and for 6GHz operation, authentication is set to WPA2 with PMF set as mandatory complying with 6GHz requirements.
XCC-4296
Introduction of AP5020 Wi-Fi 7 Access Point. In this release we are delivering Wi-Fi 7 features like 4K QAM, 320 MHz Channel Width, Software defined radios (Modes 1 and 3), DL OFDM, DL MU-MIMO. Please refer to AP5020 datasheet for more information about the AP
XCC-3488
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 3 of 22
ExtremeCloud IQ Controller Customer Release Notes
Enhancements in 10.10.01.0032
and the different software defined radio modes. https://www.extremenetworks.com/products/wi-fi-accesspoints/universal-aps-indoor/ap5020
Introduced new SKU for China for AP3000X. SKU is AP3000X-CN
XCC-4492
Security hardening enhancements: Ability to create ACL for management plane access. The system admin can now create allow and deny rules for the management access.
XCC-4265
This release introduces the premier tier Wi-Fi AP5020 that requires PILOT license for its operation. For this reason XIQ-C now displays granular information on the licensing status page on which AP model is consuming what license level. AP5020 and future Wi-Fi 7 APs will consume PILOT license and previous generation APs will require NAVIGATOR or PILOT licenses.
XCC-4626
This release enhances the IoT profile to allow support for up to 5 applications as below * BLE Beacon: iBeacon, Eddystone-url Beacon * BLE Scan: iBeacon scan, Eddystone-url Scan and Generic Scan
XCC-4179
Previously, the AP5050U/D had an Environment choice of Indoor, Outdoor, or Outdoor -- Under Seat, depending on the installation location. Starting with this release, the 'Outdoor - Under Seat' mode has been deprecated. The regulatory compliance is the same for the modes 'Outdoor' and 'Outdoor - Under Seat', so there is no need to have a separate mode for under seat deployments.
XCC-4470
Changes in 10.10.01.0032
Fixed an issue that caused Registered device list in User Administration page to only shows 50 devices.
Resolved an issue where configuring a Site with the Country Code of Egypt caused the Sites to disappear from the GUI.
Resolved an issue preventing backups due to insufficient space in the /tmp/ directory.
Fixed an issue that could inadvertently allow WPA2 client to connect to WLAN configured for captive portal with WPA3 personal settings.
Fixed an issue where the channel hold-time expired prematurely, causing unintended channel changes.
Enhanced radius server package to prevent certain user authentication issues and provide additional robustness.
Improved the handling of client (FT capable) reauthentication timer expiry that could lead to client deauthentication.
Hardened system's security by implementing ADSP message validity checks tailored for terminating sessions, mitigating potential vulnerabilities and enhancing overall network integrity.
Addressed an issue that caused hidden SSID to be broadcasted.
Improved handling of default filters on APs when AP to XIQ-C connection is down.
I.D CFD-11384 CFD-11311 CFD-11131 CFD-11177/CFD-11176 CFD-11682 CFD-10746 WOS-6294 WOS-6288
CFD-11087 CFD-10928
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 4 of 22
ExtremeCloud IQ Controller Customer Release Notes
Extreme Networks recommends that you thoroughly review this document prior to installing or upgrading this product.
For the latest firmware versions, visit the download site at: www.extremenetworks.com/support/
FIRMWARE SPECIFICATION:
Status Current Version Previous Version Previous Version Previous Version
Version No. V.10.10.04.0001 V.10.10.03.0005 V.10.10.02.0016 V.10.10.01.0032
Type Maintenance Release Maintenance Release
Feature Release Feature Release
Release Date January 6, 2025 December 9, 2024 August 02, 2024 June 25, 2024
SUPPORTED APPLIANCES, ACCESS POINTS AND SWITCHES:
Product Name
Image
ExtremeCloud IQ Controller CE1000 application for Universal Compute Platform 1130C
ExtremeCloud IQ Controller VE6120 VMware Min Supported ESXi version 5.1 or later, (tested 7.0)
ExtremeCloud IQ Controller VE6120H (Windows server 2016 or later)
ExtremeCloud IQ Controller VE6120K Linux KVM
XIQC-10.10.04.0001-1.dke XIQC-10.10.04.0001-1.dle XIQC-10.10.04.0001-1.spe XIQC-10.10.04.0001-1.dve
ExtremeCloud IQ Controller VE6125 Min Supported ESXi version 5.5 or later, (tested 7.0)
ExtremeCloud IQ Controller VE6125K Linux KVM
XIQC-10.10.04.0001-1.rse XIQC-10.10.04.0001-1.mfe
ExtremeCloud IQ Controller E1120
XIQC-10.10.04.0001-1.sme
ExtremeCloud IQ Controller E2120
XIQC-10.10.04.0001-1.jse
ExtremeCloud IQ Controller E2122
XIQC-10.10.04.0001-1.wze
ExtremeCloud IQ Controller E3120
XIQC-10.10.04.0001-1.ose
ExtremeCloud IQ Controller E3125
XIQC-10.10.04.0001-1.dze
AP3000-WW AP3000X-WW
AP3xxx-LEAN-10.10.4.0-001R.img AP3xxx-LEAN-10.10.4.0-001R.img
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 5 of 22
AP302W-CAN AP302W-FCC AP302W-IL AP302W-WR
AP305C-1-CAN AP305C-1-FCC AP305C-1-IL AP305C-1-WR AP305C-CAN AP305C-FCC AP305C-IL AP305C-WR AP305CX-CAN AP305CX-FCC AP305CX-IL AP305CX-WR
AP310e-1-WR AP310e-CAN AP310e-FCC AP310e-IL AP310e-WR AP310i-1-WR AP310i-CAN AP310i-FCC AP310i-IL AP310i-WR
AP360e-CAN AP360e-FCC AP360e-IL AP360e-WR AP360i-CAN AP360i-FCC AP360i-IL AP360i-WR
AP3912i-FCC AP3912i-ROW
AP3915e-FCC AP3915e-ROW AP3915i-FCC AP3915i-ROW
AP3916ic-FCC AP3916ic-ROW
AP3916-camera
AP3917e-FCC AP3917e-ROW AP3917i-FCC AP3917i-ROW AP3917k-FCC AP3917k-ROW
1/6/2025 P/N: 9038937-03
F0615-O
Product Name
ExtremeCloud IQ Controller Customer Release Notes Image
AP302W-LEAN-10.10.4.0-001R.img
AP3xxC-LEAN-10.10.4.0-001R.img
AP3xx-LEAN-10.10.4.0-001R.img
AP3xx-LEAN-10.10.4.0-001R.img
AP391x-10.51.26.0001.img AP391x-10.51.26.0001.img
AP391x-10.51.26.0001.img AP3916IC-V1-0-14-1.dlf AP391x-10.51.26.0001.img
Subject to Change Without Notice
Page: 6 of 22
AP3935e-FCC AP3935e-ROW AP3935i-FCC AP3935i-IL AP3935i-ROW
AP3965e-FCC AP3965e-ROW AP3965i-FCC AP3965i-ROW
AP4000-1-WW AP4000-WW
AP410C-1-CAN AP410C-1-FCC AP410C-1-IL AP410C-1-WR AP410C-CAN AP410C-FCC AP410C-IL AP410C-WR
AP410e-CAN AP410e-FCC AP410e-IL AP410e-WR AP410i-1-FCC AP410i-1-WR AP410i-CAN AP410i-FCC AP410i-IL AP410i-WR
AP460C-CAN AP460C-FCC AP460C-IL AP460C-WR AP460S12C-CAN AP460S12C-FCC AP460S12C-IL AP460S12C-WR AP460S6C-CAN AP460S6C-FCC AP460S6C-IL AP460S6C-WR
AP460e-CAN AP460e-FCC AP460e-IL AP460e-WR AP460i-CAN AP460i-FCC AP460i-IL AP460i-WR
Product Name
ExtremeCloud IQ Controller Customer Release Notes Image
AP3935-10.51.26.0001.img AP3935-10.51.26.0001.img AP4000x-LEAN-10.10.4.0-001R.img AP4xxC-LEAN-10.10.4.0-001R.img
AP4xx-LEAN-10.10.4.0-001R.img
AP4xxC-LEAN-10.10.4.0-001R.img
AP4xx-LEAN-10.10.4.0-001R.img
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 7 of 22
AP5010-WW
AP5020-WW
AP5050D-WW
AP5050U-WW
AP505i-FCC AP505i-WR
AP510e-FCC AP510e-WR AP510i-1-FCC AP510i-1-WR AP510i-FCC AP510i-WR
AP560h-FCC AP560h-WR AP560i-FCC AP560i-WR
SA201
Switches
210-12p-10GE2 210-24p-10GE2 210-48p-10GE2 210-12p-10GE2 POE 210-24p-10GE2 POE 210-48p-10GE2 POE
220-12p-10GE2 220-24p-10GE2 220-48p-10GE2 220-12p-10GE2 POE 220-24p-10GE2 POE 220-48p-10GE2 POE
X435-24P/T-4S
Product Name
X440G2-12t-10G4 X440G2-24t-10G4 X440G2-48t-10G4 X440G2-12t-10G4 POE X440G2-24t-10G4 POE X440G2-48t-10G4 POE
X465_24W X465_48T X465_48P X465_48W X465_24MU X465_24MU_24W
ExtremeCloud IQ Controller Customer Release Notes
Image
AP5xxx-LEAN-10.10.4.0-001R.img AP5020-10.10.3.0-001R.img AP5xxx-LEAN-10.10.4.0-001R.img AP5xxx-LEAN-10.10.4.0-001R.img AP5xx-LEAN-10.10.4.0-001R.img
AP5xx-LEAN-10.10.4.0-001R.img
AP5xx-LEAN-10.10.4.0-001R.img
AP391x-10.51.26.0001.img
210-series_V1.02.05.0013.stk fp-connector-3.3.0.4.pyz (cloud connector)
220-series_V1.02.05.0013.stk fp-connector-3.3.0.4.pyz (cloud connector)
summitlite_arm-30.7.1.1.xos summitlite_arm-30.5.0.259cloud_connector-3.4.2.6.xmod summitX-30.2.1.8-patch2-5.xos summitX-30.2.1.8-cloud_connector3.4.1.8.xmod (cloud connector)
onie-30.2.1.8-patch2-5vpex_controlling_bridge.lst onie-30.2.1.8-cloud_connector3.4.1.20.xmod
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 8 of 22
X620-16x
Product Name
ExtremeCloud IQ Controller Customer Release Notes
Image
summitX-30.2.1.8-patch2-5.xos summitX-30.2.1.8-cloud_connector3.4.1.8.xmod (cloud connector)
NETWORK MANAGEMENT SOFTWARE SUPPORT Network Management
ExtremeControlTM
22.3 or higher
ExtremeAnalyticsTM
22.3 or higher
ExtremeCloudTM A3
4.0
ExtremeCloudTM IQ-Site Engine
22.3 or higher
Version
Air Defense ExtremeAirDefenseTM
ExtremeGuest ExtremeGuestTM
10.5 6.0.1.0-001
Version Version
Note:
Platform and AP Configuration functions are not supported by ExtremeManagementTM. ExtremeCloudTM IQ Site Engine v21.9 or greater is required.
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 9 of 22
INSTALLATION INFORMATION:
ExtremeCloud IQ Controller Customer Release Notes
CE1000 E1120 E2120 E2122 E3120 E3125 VE6120/VE6125 VE6120H VE6120K/VE6125K
Appliance Installations Extreme Campus Controller CE1000 Installation Guide Extreme Campus Controller E1120 Installation Guide Extreme Campus Controller E2120 Installation Guide Extreme Campus Controller E2122 Installation Guide Extreme Campus Controller E3120 Installation Guide Extreme Campus Controller E3125 Installation Guide Extreme Campus Controller VE6120/VE6125 Installation Guide Extreme Campus Controller VE6120H Installation Guide Extreme Campus Controller VE6120K/VE6125K Installation Guide
Known Restrictions and Limitations:
Known Restriction or Limitation
I.D
Certain wireless clients (such as Qualcomm Killer Wireless 1535 and Intel 7265D/8260/8265) have been known to not complete the 4-way handshake in order to fulfill the association process in networks that have both PMF/MFP (802.11w) and Fast-Transition (802.11r [FT]) enabled. The currently recommended workaround is to not enable PMF/MFP configuration on a service that is also using 802.11r. Such clients have been demonstrated to work correctly on services with just 802.11r (FT) enabled.
nse0003416
Client bridge (CB) and Mesh functionality is disabled for 6GHz (Standard Power Radio under AFC control) on 5050U/D in outdoor mode for this release due to FCC compliance approval. Smart RF feature for 6GHz (Standard Power Radio under AFC control) is not supported in this release. Use fixed channel and power. These functions will be released for 6GHz in subsequent releases.
XCC-4725
Controller functions, including internal communications and containerized applications, require the usage of reserved address space. Two subnets are reserved internally to the controller: * {{172.17.0.0/24}} * 172.31.0.16/28 The user interface prevents assigning IP addresses to local interfaces (physical or virtual) that conflict with these ranges.
XCC-3121
For ExtremeCloud IQ Controller (v5) systems previously onboarded into an ExtremeCloud IQ account for visibility, following an upgrade to ExtremeCloud IQ Controller (v10), you must remove and redeclare the controller to ExtremeCloud IQ. This will facilitate the
XCC-2463
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 10 of 22
ExtremeCloud IQ Controller Customer Release Notes
Known Restriction or Limitation
I.D
re-synchronization of the controller with the ExtremeCloud IQ account.
Before installing a new ExtremeCloud IQ Controller license, you must configure Network Time Protocol (NTP) Server settings. Licensing management is dependent on accurate NTP configuration. Configure NTP via the ExtremeCloud IQ Controller initial Configuration Wizard, or go to Admin > System > Network Time to configure and verify the NTP settings.
XCC-2353
For ExtremeCloud IQ Controller configured for authentication of administrators over RADIUS server, the GUI responsiveness may be slow, possibly over 30 seconds if the target server(s) are unavailable or unreachable at login time. If the outage is extensive, the system will eventually timeout to validate against local credentials when provisioned.
XCC-2350
ExtremeCloud IQ-Site Engine 22.3.10 is the minimum required revision for representation of ExtremeCloud IQ Controller 10.01.01 or later revisions. Extreme Management Center (8.5.x or later) does NOT recognize a controller running ExtremeCloud IQ Controller 10.01.01 or later.
XCC-2348
To improve stability of mesh when SmartRF is used with a mesh root AP: * Use fixed channel width. * Set SmartRF sensitivity to "Low" to decrease the time that the AP will abandon the channel for scanning.
XCC-1684
This PR is created to track the same problem that exists with calibration on HOS APs on 6 GHz band ( HOS-18808).
WOS-5655
At the moment, 6 GHz calibration works only with AP as client with 11mc ranging mode. If you use Pixel phone, 6 Ghz ranging does not work at all. It is phone problem ( wos-5629), but we should record this in the release notes.
Allow UTF-8 characters in JSON payload for all Rest API so nonASCII / Unicode characters are accepted in Rest API requests to comply with current Rest API standards.
MAC-based authentication and WPA3-Compatibility (SAE or WPA2PSK) and PMF "Required" may not work. This issue will be addressed in a future release.
For the Access Point Test feature, when using the wireless client option for the 5GHz band, if the access point is operating in dual5GHz mode, and radio 1 is set to 5GHz low (not 2.4GHz), the AP as a client will operate on the 5GHz low band. This may limit the test client's capability to connect to the infrastructure APs that operate in the 5GHz high band. Recommendation: Only exercise wireless AP Test on devices that are configured for full-band mode.
AP3900 series requires a minimum firmware revision of 10.41.01 (or later) for onboarding into ExtremeCloud IQ Controller. Customers migrating from ExtremeWireless installations or onboarding new AP3900 inventory to ExtremeCloud IQ Controller must ensure APs
ECA-321 ECA-1961 XCC-3284
XCC-3178
1/6/2025 P/N: 9038937-03
Subject to Change Without Notice
Page: 11 of 22
F0615-O
ExtremeCloud IQ Controller Customer Release Notes
Known Restriction or Limitation
I.D
are running at least the minimum revision prior to onboarding. Depending on the age of the inventory, this may require a manual upgrade of the unit firmware outside of the management framework.
Upgrade failure will occur when using special characters (escape back slash) in topology.
ECA-466
In SmartRF mode, the AP510 power may temporarily drop to 0dBm ECA-469 and returns to 4dBm.
With on-air-busy channel conditions, it is possible for the ACS not to ECA-528 produce the expected results. In this instance, perform manual channel selection.
Widgets do not show tooltips for lower and upper values. This issue ECA-567 will be addressed in a future release.
Firmware for ExtremeWireless AP3900 series access points does not currently support Smart RF. No Smart RF data is displayed.
ECA-1484
With 11r enabled on an 802.1x network, a Windows 10 PC with an Intel Wi-Fi card (ax200, ax210), running driver version 22.170.0.3 cannot reconnect automatically after an MU is disconnected. The workaround is to toggle the Wi-Fi off and on from the PC.
WOS-4480
Default router/gateway should be configured with a next-hop
Info
associated with one of the physical interfaces. Pointing the default
route to the Admin interface will lead to issues because access
points will not get the correct services from the data plane.
We recommend setting the default route via data ports, and if
necessary, configuring static routes on the Admin port for
administration level access.
For AP deployments in remote locations where access points and Info controllers may need to be discovered and connected over firewalls, a best practice is to leverage DNS or DHCP Option 60/43 methods for zero-touch-provisioning discovery. These methods provide direct connectivity to the defined IP address. DHCP Option 78, which refers to the controller as a Service Location Protocol Directory Agent (SLP- DA), requires the exchange of SLP protocol between the AP and the appliance at the core, necessitating that UDP 427 be allowed by any firewall in the path. For such installations, discovery over DHCP Option 78 assist is not recommended. When using SLP, for an AP to establish connection with a controller, it must first exchange SLP Directory Agent registration before IPSEC establishment with the eventual controller. That means that SLP UDP 427 must be open along the path. Further issues can occur if Network Address Translation (NAT) is involved. While this method is popular and widely deployed within a homogenous campus, it may result in inadvertent complications for remote connections. Therefore, it should not be used in favor of an alternate method (DHCP 60/43, DNS, or static override).
When configuring system for NTP time assignment, ensure that the NTP server is properly configured. Incorrect time settings (like timestamps far in the future) may adversely affect system operation, such as certificate expiration that may trigger failures in device registration or system instability.
Info nse0003696
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 12 of 22
ExtremeCloud IQ Controller Customer Release Notes
Known Restriction or Limitation
I.D
Appliances in a High-Availability pair must be of the same model and at the same exact software revision (and time synched) for configuration synchronization to propagate to the peer. During the upgrade process of a High-Availability pair, any configuration changes made while only one appliance has been upgraded (and therefore resulting in a version mismatch) will not be propagated until the peer is correspondingly upgraded to the same revision. We recommend that you NOT perform configuration changes to one of the members of a High-Availability pair while the peer has a different software revision.
Info nse0005086
For High-Availability configurations, during upgrade phases or configuration restore operations, wait until the availability link is established and synchronized before attempting to make any new configuration changes. The Availability status will only re-establish to Synched status when both appliances are running the exact same firmware revision. During upgrade periods, the Availability link will only re-establish when both the appliance status of availability link and synchronization status can be found. Go to: · "Network Health" widget on the Dashboard, or · Administration -> System -> Availability
Info ECA-776
Recommendation settings for setup of redundant RADIUS server authentication: · Response Window to 5s [Default: 20s] · Revival Interval to 10s [Default: 60s]
Info ECA-875
11mc not recommended for 2.4mHz band. 11mc works better with Info wider channels.
SUPPORTED WEB BROWSERS
For ExtremeCloud IQ Controller management GUI, the following Web browsers were tested for interoperability:
Browsers
Version
OS
Chrome
117.0.5938.152
Windows 10 Windows 11
Microsoft Edge
117.0.2045.60
Windows 10 Windows 11
Firefox
118.0.01
Windows 10 Windows 11
Note: Microsoft IE browser is not supported for UI management.
The Wireless Clients (Captive Portal, AAA)::
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 13 of 22
Browsers Chrome
Microsoft Edge Firefox
Safari
Version 117.0.5938.152
117.0.2045.60 118.0.01
15.4 (17613.1.17.1.13)
ExtremeCloud IQ Controller Customer Release Notes
OS Windows 10 Windows 11 Windows 10 Windows 10 Windows 11 iOS 16.7.1
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 14 of 22
ExtremeCloud IQ Controller Customer Release Notes
PORT LIST
The following list of ports may need to remain open so that the Appliances and APs will function properly on a network that includes protection equipment like a firewall.
ExtremeCloud IQ Controller TCP/UDP Port Assignment Reference
Comp. Source
Comp. Dest
Protocol Src (TCP/UDP) Port
Dest Port
Service
Ports for AP/Appliance Communication
Remark
Open Firewall Req'd
Appliance Access Point
UDP
Any 13910
Access Appliance Point
UDP
Any 13910
Appliance Access Point
UDP
4500 Any
Access Appliance Point
UDP
Any 4500
Access Point
Access Point
Appliance Appliance
UDP UDP
Any 13907
Any
67
Access Appliance Point
UDP
Any
68
Access Appliance Point
UDP
Any 427
Appliance Access TCP/UDP Any
69
Point
Access Appliance TCP/UDP Any
69
Point
Appliance Access TCP/UDP Any
22
Point
Any
Access
TCP
Any 2002,
Point
2003
WASSP
WASSP
Secured WASSP Secured WASSP WASSP DHCP Server DHCP Server
SLP TFTP TFTP SCP RCAPD
Management and Data Tunnel
between AP and Appliance
Management and Data Tunnel
between AP and Appliance
Management Tunnel between AP
and Appliance
Management Tunnel between AP
and Appliance
AP Registration to Appliance
If Appliance is DHCP Server for
AP
If Appliance is DHCP Server for
AP
AP Registration to Appliance
AP image transfer
Yes
Yes
Optional Optional
Yes Optional Optional Optional
Yes
AP image transfer Yes
AP traces
Yes
AP Real Capture (if Optional enabled)
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 15 of 22
ExtremeCloud IQ Controller Customer Release Notes
Comp. Source
Any Any Any
Any Any Any Any Any
Any Any Any Any Any Any
Appliance Appliance Appliance Appliance
Comp. Dest
Protocol Src (TCP/UDP) Port
Dest Port
Service
Remark
Access TCP/UDP Any
22
Point
SSH
Remote AP login (if enabled)
Access TCP/UDP Any 445 Point
Microsoft CIFS
LDAP support
Access TCP/UDP Any 137,
Point
138,
139
NetBIOS
LDAP support
Ports for Appliance Management
Appliance TCP/UDP Any
22
SSH
Appliance CLI access
Appliance TCP/UDP Any 5825
HTTPS
Appliance GUI access
Appliance TCP/UDP Any 161
SNMP
Appliance SNMP access
Appliance TCP/UDP Any
162 SNMP Trap Appliance SNMP access
Appliance
TCP
Any
80
HTTP
Appliance SNMP access ICP Self
Registration
Appliance
TCP
Any 443
HTTPS
ICP Self Registration
Appliance UDP
500 500
IKE
IKE phase 1
Appliance TCP/UDP Any
69
TFTP
TFTP support
Appliance UDP
Any 4500
IPSec
IPSec NAT traversal
Appliance UDP
Any 13907 Discovery Used by Discovery
Appliance UDP
Any 13910 WASSP
Used by L3 WASSP
Ports for Inter Controller Mobility1 and Availability
Appliance UDP
Any 13911 WASSP
Mobility and Availability Tunnel
Appliance
TCP
Any 427
SLP
SLP Directory
Appliance
TCP
Any 20506 Langley
Remote Langley Secure
Appliance
TCP
Any 60606 Mobility
VN MGR
Open Firewall Req'd Optional Optional Optional
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes Yes
Yes Yes Yes Yes
1For extension of ExtremeWireless deployment via Inter Controller Mobility.
1/6/2025 P/N: 9038937-03
Subject to Change Without Notice
F0615-O
Page: 16 of 22
ExtremeCloud IQ Controller Customer Release Notes
Comp. Source
Comp. Dest
Appliance Appliance
Appliance
DHCP Server
DHCP Server
Appliance
Appliance Appliance
Appliance Appliance
DNS Server
Syslog Server
Appliance RADIUS Server
Appliance Appliance
RADIUS Server
RADIUS server
Appliance
Dynamic Auth. Server (NAC)
Appliance
RADIUS server
Appliance
AeroScout Server
AeroScout Appliance Server
Protocol (TCP/UDP)
TCP
Src Port
Any
Dest Port
123
UDP
Any
67
UDP
Any
68
Service NTP SLP SLP
TCP
Any 6380
REDIS
Core Back-End Communication
UDP
Any
53
DNS
UDP
Any 514
Syslog
UDP
UDP UDP
UDP UDP
Any 1812 RADIUS Authenticatio n and Authorization
Any 1813 RADIUS Accounting
Any 1814 RADIUS Authenticatio n and Authorization
Any 1815 RADIUS Accounting
Any 3799
DAS
UDP UDP
1144 12092 12092 1144
Location Based Service Proxy
Location Based
Remark
Availability time sync
Asking DHCP Server for SLP DA RespoECA from DHCP Server for
SLP DA request High Availability
(HA) Pair Configuration Synchronization
If using DNS
If Appliance logs to external syslog server If using RADIUS AAA
If enabled RADIUS accounting
If using RADIUS AAA
If enabled RADIUS Accounting
Request from DAS client to disconnect
a specific client
Aeroscout Location-Based
Service
Aeroscout Location-Based
Service
Open Firewall Req'd
Yes Yes Yes Yes
Optional Optional Optional
Optional Optional
Optional Optional
Optional
Optional
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 17 of 22
ExtremeCloud IQ Controller Customer Release Notes
Comp. Source
Comp. Dest
Protocol Src (TCP/UDP) Port
Dest Port
Appliance Extreme Cloud IQ
TCP
Any 443
Service
Service Proxy NSight
Remark
Open Firewall Req'd
Statistics Report
Yes
into ExtremeCloud
IQ
IETF STANDARDS MIB SUPPORT:
RFC No. Draft version of 802.11 1213 1573 1907 1493 2674 2674
Title IEEE802dot11-MIB RFC1213-MIB IF-MIB SNMPv2-MIB BRIDGE-MIB P-BRIDGE-MIB Q-BRIDGE-MIB
Groups Supported
Most of the objects supported ifTable and interface scalar supported System scalars supported EWC supports relevant subset of the MIB EWC supports relevant subset of the MIB EWC supports relevant subset of the MIB
EXTREME NETWORKS PRIVATE ENTERPRISE MIB SUPPORT
Extreme Networks Private Enterprise MIBs are available in ASN.1 format from the Extreme Networks website at: https://extremeportal.force.com/.
Standard MIBs
Title IEEE802dot11-MIB RFC1213-MIB.my IF-MIB SNMPv2-MIB BRIDGE-MIB P-BRIDGE-MIB Q-BRIDGE-MIB
Description Standard MIB for wireless devices Standard MIB for system information Interface MIB Standard MIB for system information VLAN configuration information that pertains to EWC VLAN configuration information that pertains to EWC VLAN configuration information that pertains to EWC
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 18 of 22
Siemens Proprietary MIB
Title HIPATH-WIRELESS-HWC-MIB.my
HIPATH-WIRELESS-PRODUCTS-MIB.my HIPATH-WIRELESS-DOT11-EXTNS-MIB.my
HIPATH-WIRELESS-SMI.my
ExtremeCloud IQ Controller Customer Release Notes
Description Configuration and statistics related to EWC and associated objects Defines product classes Extension to IEEE802dot11-MIB that complements standard MIB Root for Chantry/Siemens MIB
802.11AC AND 802.11N CLIENTS
Please refer to the latest release notes for ExtremeWirelessTM 10.41.09 or later and/or ExtremeWireless WiNG 5.9.02 or later for the list of compatibility test devices.
RADIUS SERVERS AND SUPPLICANTS RADIUS Servers Used During Testing
Vendor FreeRADIUS
FreeRADIUS IAS
SBR50 NPS
1.1.6
Model OS
1.0.1
5.2.3790.3959
6.1.6 6.0.6002.18005
Version FreeRADIUS FreeRADIUS Microsoft Server 2003 IAS SBR Enterprise edition Microsoft Server 2008 NPS
802.1x Supplicants Supported Vendor
Model OS
Juniper Networks® / Funk Odyssey client
Microsoft®
1/6/2025 P/N: 9038937-03 F0615-O
Wireless Zero Configuration
Wireless Network Connection Configuration
Subject to Change Without Notice
Version Version 5.10.14353.0
Version 5.00.12709.0
Version 4.60.49335.0
Version Windows XP-4K891859-Beta1
Version Microsoft Window Server 2003, Enterprise Edition R2 SP2
Page: 19 of 22
ExtremeCloud IQ Controller Customer Release Notes
Vendor
Intel® Microsoft® Wireless Zero
Model OS
Version
Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services Information Element (WPS IE) update for Windows XP with Service Pack 2
Version WindowsXPKB893357-v2-x86-ENU.exe
Intel PRO Set/Wireless
Version 13.0.0.x (with Windows® Intel® driver version 13.0.0.x)
Windows 7, 8, 8.1 Pro, 10 Pro
Windows Phone 8.1, Windows Mobile Provided with Windows® 10
Appliance LAN Switch Verification
Vendor
Model OS
Version
Role
Extreme Extreme Extreme Extreme
Extreme Extreme Extreme Extreme Extreme Cisco
X-460-G2
12.5.4.5
X440G2-48p-10G4 21.1.1.4
Summit 300-48
7.6e1.4
VSP-4850GTS-PWR (6.0.1.1_B003) (PRIVATE) HW Base: ERS 4850
K6
08.63.02.0004
K6
08.42.03.0006
X440G2-48p-10GE4 21.1.5.2
X440-G2-12p
21.1.1.4
X460-48p
12.5.4.5
Catalyst 3550
12.1(19)EA1c
XIQC connection XIQC connectivity XIQC connection XIQC connection
XIQC connection XIQC connection XIQC connection XIQC connection XIQC connection XIQC connection
CERTIFICATION AUTHORITY
Server Vendor Microsoft CA Microsoft CA OpenSSL
Model OS
Version
Windows Server 2003 Enterprise Edition 5.2.3790.1830
Windows Server 2008 Enterprise Edition 6.0
Linux
1.1.1g
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 20 of 22
ExtremeCloud IQ Controller Customer Release Notes
RADIUS ATTRIBUTES SUPPORT
RADIUS Authentication and Authorization Attributes
Attribute Called-Station-Id Calling-Station-Id Class EAP-Message Event-Timestamp Filter-Id Framed-IPv6-Pool Framed-MTU Framed-Pool Idle-Timeout Message-Authenticator NAS-Identifier NAS-IP-Address NAS-IPv6-Address NAS-Port NAS-Port-Id NAS-Port-Type Password-Retry Service-Type Session-Timeout State Termination-Action Tunnel Attributes User-Name Vendor-Specific
RFC Source RFC 2865, RFC 3580 RFC 2865, RFC 3580 RFC 2865 RFC 3579 RFC 2869 RFC 2865, RFC 3580 RFC 3162 RFC 2865, RFC 3580 RFC 2869 RFC 2865, RFC 3580 RFC 3579 RFC 2865, RFC 3580 RFC 2865, RFC 3580 RFC 3162 RFC 2865, RFC 3580 RFC 2865, RFC 3580 RFC 2865, RFC 3580 RFC 2869 RFC 2865, RFC 3580 RFC 2865 RFC 2865 RFC 2865, RFC 3580 RFC 2867, RFC 2868, RFC 3580 RFC 2865, RFC 3580 RFC 2865
RADIUS Accounting Attributes
Attribute Acct-Authentic
RFC 2866
Acct-Delay-Time
RFC 2866
RFC Source
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 21 of 22
Acct-Input-Octets Acct-Input-Packets Acct-Interim-Interval Acct-Output-Octets Acct-Output-Packets Acct-Session-Id Acct-Session-Time Acct-Status-Type Acct-Terminate-Cause
RFC 2866 RFC 2866 RFC 2869 RFC 2866 RFC 2866 RFC 2866 RFC 2866 RFC 2866 RFC 2866
ExtremeCloud IQ Controller Customer Release Notes
GLOBAL SUPPORT:
By Phone: +1 800-998-2408 (toll-free in U.S. and Canada)
For the toll-free support number in your country: https://extremeportal.force.com/
By Email: support@extremenetworks.com
By Web: https://extremeportal.force.com/
For information regarding the latest software release, recent release note revisions and documentation, or if you require additional assistance, please visit the Extreme Networks Support website.
Copyright © 2025 Extreme Networks, Inc. - All Rights Reserved.
Legal Notice
Extreme Networks, Inc. reserves the right to make changes in specifications and other information contained in this document and its website without prior notice. The reader should in all cases consult representatives of Extreme Networks to determine whether any such changes have been made. The hardware, firmware, software or any specifications described or referred to in this document are subject to change without notice.
Trademarks
Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of Extreme Networks, Inc. in the United States and/or other countries. All other names (including any product names) mentioned in this document are the property of their respective owners and may be trademarks or registered trademarks of their respective companies/owners. Extreme Networks IPS includes software whose copyright is licensed from MySQL AB. For additional information on Extreme Networks trademarks, please see: www.extremenetworks.com/company/legal/trademarks/
For additional information on Extreme Networks trademarks, please see: www.extremenetworks.com/company/legal/trademarks/
1/6/2025 P/N: 9038937-03 F0615-O
Subject to Change Without Notice
Page: 22 of 22
InfoDev Adobe PDF Library 24.5.96