ExtremeCloud IQ Site Engine
25.08.11 Release Notes
A PDF copy of these release notes can be found here.
ExtremeCloud IQ Site Engine includes all the features and functionality of Extreme Management Center as well as issues that have been resolved and configuration changes for this release.
If you are an existing Extreme Management Center customer, contact your representative to have your Extreme Management Center license migrated to an ExtremeCloud IQ Site Engine license. The ExtremeCloud IQ Site Engine license also includes licensing for ExtremeAnalytics.
| IMPORTANT: |
|
For information regarding the features supported by specific devices, see the Firmware Support Matrix. Version 25.08.11 of ExtremeCloud IQ Site Engine supports the devices listed in the matrix.
Devices that do not have serial numbers or MAC addresses in Extreme Management Center must be rediscovered after you upgrade to ExtremeCloud IQ Site Engine before they can be onboarded to ExtremeCloud IQ.
Connected mode only - If your number of devices exceeds your licenses available, ExtremeCloud IQ Site Engine transitions to a license violation state and your access to ExtremeCloud IQ Site Engine is locked. To resolve the license shortage you need to access the Extreme Networks portal or ExtremeCloud IQ to evaluate the quantities of available Pilot and Navigator licenses versus the number of licenses required by ExtremeCloud IQ Site Engine.
Licensing Changes
The following sections describe licensing changes in ExtremeCloud IQ Site Engine software releases.
Version 25.02.10
Starting in ExtremeCloud IQ Site Engine version 25.02.10 the new Extreme Platform ONE subscriptions are recognized if ExtremeCloud IQ Site Engine is onboarded to ExtremeCloud IQ or Extreme Platform ONE.
Version 23.02.10
Starting in ExtremeCloud IQ Site Engine version 23.02.10 each stack member consumes a license in connected mode. In connected mode, ExtremeCloud IQ Site Engine now reports stack members to ExtremeCloud IQ. If you use stacks in connected mode, ensure that enough ExtremeCloud IQ Pilot licenses are in the license pool before upgrading to ExtremeCloud IQ Site Engine 23.02.10 or later.
Version 21.09.10
For users upgrading from Extreme Management Center to ExtremeCloud IQ Site Engine, note that the XIQ-NAC subscription must be used instead of IA-ES- license. For new users that complete an initial install of ExtremeCloud IQ Site Engine, ExtremeControl licensing does not include end-system capabilities.
Version 21.04.10
Starting in ExtremeCloud IQ Site Engine version 21.04.10, your ExtremeAnalytics license is included as part of your ExtremeCloud IQ Pilot license. Separate licenses are no longer required.
End of Software Maintenance
In ExtremeCloud IQ Site Engine version 24.10.12 and after, the following components and features are deprecated and removed:
-
Microsoft Azure Connect module (for multi-cloud integration)
-
Ekahau map import
In ExtremeCloud IQ Site Engine version 24.07.10 and after, the following components and features are deprecated and removed:
-
ExtremeCompliance, also known as Information Governance Engine
-
Public Cloud Dashboard
The following components and features reached end-of-software-maintenance on 30th September 2023:
-
Guest and IoT Manager - last version is 23.07.11.6 (not compatible with ExtremeCloud IQ Site Engine version 24.07.10 and after)
-
Fabric Manager - last version is 22.09.13.5
-
Posture Assessment (both the agent-based and agent-less)
The mobile application "ExtremeManagement ZTP+" was removed from the Google Play store in August 2024.
Onboarding ExtremeCloud IQ Site Engine to ExtremeCloud IQ in Connected Deployment Mode
After installing or upgrading to ExtremeCloud IQ Site Engine, you need to onboard ExtremeCloud IQ Site Engine to ExtremeCloud IQ. When the onboarding is complete, you can then access ExtremeCloud IQ Site Engine.
Entering your ExtremeCloud IQ name and password are required during the first-time login to ExtremeCloud IQ Site Engine.
| NOTE: | If Extreme Management Center is onboarded to ExtremeCloud IQ, when you upgrade to ExtremeCloud IQ Site Engine, you need to remove Extreme Management Center from ExtremeCloud IQ before onboarding ExtremeCloud IQ Site Engine. |
Enhancements
The following enhancements were made to ExtremeCloud IQ Site Engine in this release. For additional information about each of the enhancements listed in the release notes, see ExtremeCloud IQ Site Engine Documentation .
| Added support for AP4020X. |
| Added support for AP4020FX. |
| Added the license tier mapping for Summit X620, X670, X670V, X770. If you have Extreme Platform ONE Standard Networking licenses, check if you have enough licenses of correct tier before upgrading. |
Customer Found Defects and Known Issues
Customer Found Defects Addressed 25.08.11
| ExtremeControl CFDs Addressed | ID |
|---|---|
| Addressed an issue where Access Control was assigning an end-system group while registering a device (with sponsor group). | 03157727 CFD-14890 |
| Addressed an issue of a PSQLException ERROR when enabling captive portal with a customer database that had the nac_rule data in an abnormal state. | 03094240 CFD-14780 |
| Addressed an issue with IP address / Gateway IP address on Control interface being mis-calculated for host address use. | 03147952 CFD-14704 |
| Addressed an issue where Message-Authenticator setting was not persisted during switch configuration save. | 03161312 03166136 03166738 CFD-14977 |
| Addressed an issue with the delete button in Control Switches tab not working and always grayed out. | 03161312 03166738 03166136 CFD-14976 |
| ExtremeManagement CFDs Addressed | ID |
|---|---|
| Addressed an issue with vulnerable openssh packages. Upgraded openssh in local installer to version 1:8.9p1-3ubuntu0.13 to address cve-2025-32728. | 03128335 CFD-14773 |
| Addressed an issue with VPEX modules (V300 and V400) not being counted in the license calculation. | 03161191 CFD-14963 |
| Addressed an issue where an SNMP Contact Lost event was not triggering the Device Down alarm. | 03147808 03146871 03145229 CFD-14741 |
| Addressed an issue causing a server.log exception when the value for the IPADDRESS column of INVSCHEDULEENTRIES table is larger than 80 characters. | 03141442 CFD-14580 |
| Addressed an issue causing a server.log exception when the values for the chassid ID are very long and exceeded 32 characters. "Error writing out ExtDevice Info Entry to InvDatabase". | 03158641 CFD-14879 |
|
Addressed an issue with NBI API returning incomplete data when run inside workflows. The following NBI calls documentation has been adjusted: CosDataInput.fromDatabase |
03128394 CFD-14435 |
| Addressed an issue with ZTP+ process repeating daily and causing firmware downgrade and already discovered devices to appear in Discovered tab. Now the Switch Engine stacks will be matching on base MAC as well as serial number and IP during Extreme Platform ONE licensing checking. | 03084380 CFD-14193 |
| Addressed an issue with a failure to Edit/Copy Scheduled Tasks if the task creator is in the DOMAIN\USER format. | 03147642 CFD-14808 |
| Addressed an issue with Switch Engine and Fabric Engine channelized ports not importing correctly for the device configure mode VLAN details. | 03157405 CFD-15036 |
| Addressed an issue with EXOS firmware upgrades failing with a CLI error when running shell scripts and then using the scp2 command. |
03149747 03150559 03153969 03155320 03157709 03163677 CFD-15093 |
| Addressed an issue with ExtremeCloud IQ Site Engine large Hyper-V virtual appliance default only allocating 16 CPU cores. The large Hyper-V virtual appliance default is now configured with 24 CPU cores. | 03167093 CFD-15045 |
Customer Found Defects Addressed 25.08.10
| ExtremeAnalytics CFDs Addressed | ID |
|---|---|
| Addressed an issue with the search in "Analytics > Reports > Most Use Application for User Name" being case sensitive and difficult to obtain valid search results. | 03085838 CFD-13872 |
| ExtremeControl CFDs Addressed | ID |
|---|---|
| Addressed an issue of failing captive portal authentication with a password longer than 16 characters. |
03060132 |
| Addressed an issue with moving a MAC OUI entry from one end-system group to another. | 03082002 CFD-13617 |
| Addressed an issue with Entra memberOf group limit of 100 items. ExtremeControl now retrieves the memberOf groups up to 999 items. | 03082001 CFD-13638 |
| Addressed an issue with disconnected end-systems onboarding to ExtremeCloud IQ. | 03033066 CFD-13803 |
| Addressed an issue with the FreeRADIUS daemon process crashing due to unavailable proxy servers. | 03088115 CFD-13895 |
| Addressed an issue with a null pointer exception causing abnormal behavior sending NAC notification when the NBI API was used to perform Add/Remove options to end-system groups. | 03063045 CFD-13914 |
| Addressed an issue with an ExtremeCloud IQ Site Engine restart could cause thousands of NAC reauthentications for end-systems that were queued to authenticate while system was down. | 03091771 CFD-13958 |
| Addressed an issue with permissions of group read/write access not allowing move of end-users. | 03101659 CFD-14049 |
| Addressed an issue with end-system group names that contains an en dash character not being found when importing from CSV. | 03104024 CFD-14082 |
| Addressed an issue with the warning message text shown when changing the Web Server HTTP / HTTPS port. The warning text now includes a statement that a separate enforce in ExtremeControl is required before restarting the ExtremeCloud IQ Site Engine. | 03102916 CFD-14214 |
| Addressed an issue with ExtremeControl not resolving to the most recent IP address when multiple IP addresses are found in the MIB. | 03128385 CFD-14625 |
| Addressed an issue with slow performance to show an Access Control configuration rules table when there are multiple configurations. | 03133119 CFD-14446 |
| Addressed an issue with an error "Could Not Load Report" when configuring multiple switches. | 03147900 CFD-14726 |
| ExtremeManagement CFDs Addressed | ID |
|---|---|
| Addressed an issue with Site Engine crashing silently and restarting. This issue was fixed in the 25.05.12 July 2025 release. | 03014106 CFD-14310 |
| Addressed an issue with Site Engine crashing silently and restarting. This issue was fixed in the 25.05.12 July 2025 release. | 03110132 CFD-14244 |
| Addressed an issue with CLI command password prompt handling failure. Updated password prompt detection for Fabric Engine and Switch Engine when part of a CLI command. | 03082775 CFD-13736 |
| Addressed an issue with nsalarms / nsalarmhistory information column not converting to text schema if you performed a .bin based upgrade and migrated your data before version 25.02.10. | 03011688 CFD-13769 |
| Addressed an issue with alarm table hidden columns being reset by a browser refresh. | 03088755 CFD-13785 |
| Addressed an issue there the Fabric Connect field "ISIS Source Address" was not enforced to the system under specific conditions. | 03081441 CFD-14012 |
| Addressed an issue with Port Name Cache not updating with a device interface name change. | 03096752 CFD-14013 |
| Addressed an issue with saveonconfigexit for nsscript and nsscripttasks being type char instead of boolean. | 03109207 CFD-14081 |
| Addressed an issue with the VLAN tab not displaying in maps after adding a third party device that uses the DOT1Q VLAN table. | 03068346 CFD-14087 |
| Addressed an issue with alarm TEST email triggered from within an alarm using generic unknown trigger subject and body. Now the alarm TEST email contains the devicelp (if provided), alarmName, and alarmSeverity. |
03109346 |
| Addressed an issue with ExtremeCloud IQ Site Engine managed ISW switches not onboarding to ExtremeCloud IQ due to "Invalid SN or MAC". | 03061288 CFD-14264 |
| Addressed an issue with onboarding a 4220 48P unable to perform an automatic upgrade of Switch Engine. The NOS Persona Change was showing as Fabric Engine which is incorrect and unsupported on that device. | 03125058 CFD-14375 |
| Addressed an issue with a nullPointerException when checking if the network RADIUS server is the same as the primary engine with load balancing enabled for an engine group. | 03126337 CFD-14545 |
| Addressed an issue with the Compare Configuration option being allowed when restricted. The Compare/View archive is now disabled if the user is associated with an Authorized Group without appropriate access. | 03146985 CFD-14729 |
| Addressed an issue with rediscover not updating the device sysLocation. | 03147366 CFD-14738 |
| Addressed an issue with the Custom Monthly Average Report not showing every month's data. Now the code is modified to always retrieve and display the data for the first month of monthly data. | 03087389 CFD-13995 |
| Addressed an issue with a non-partitioned nsalarmhistory table in the database after migration. | 03101688 CFD-13972 |
| Addressed an issue with custom monthly reports missing the first month data. | 03087389 CFD-13995 |
| Addressed an issue with missing map images after a database restore in versions 24.07.10. to 25.05.12. The map images are now stored the database backup of version 25.08.10 and later. You must generate a new backup with 25.08.10 and later to retain map images after a database restore. | 03123138 CFD-14285 |
| Addressed an issue when deleting an in use SMTP email list could trigger an exception error in server.log | 03132293 CFD-14424 |
| Addressed an issue with a database error due to incorrect syntax for DELETE FROM WORKFLOW_ACT_HIST,WORKFLOW_HIST USING WORKFLOW_HIST INNER JOIN WORKFLOW_ACT_HIST. | 03141048 CFD-14568 |
Known Issues Addressed in 25.08.11
| Addressed an issue when the stack device could be onboarded to multiple ExtremeCloud IQ Site Engines (in connected mode), and all would own the configuration. |
| Addressed an issue with an error "Could not load report" when an Admin tries to generate CSR from Administration > Certificates. |
Known Issues Addressed in 25.08.10
| Addressed an issue with the top of the device grid showing empty after navigating from a device grid with many devices to a grid with a few devices. |
Addressed Vulnerabilities
This section presents the vulnerabilities reported by vulnerability scanners in previous versions. The following components received updates in 25.08 regardless of whether the vulnerability could have been exploited or not. If you need more information on vulnerability testing, see Security and Vulnerability Testing.
25.08.11 ExtremeAnalytics, and Application Analytics Traffic Sensor images:
CVE-2023-4039, CVE-2024-27407, CVE-2024-57996, CVE-2025-1215, CVE-2025-24014, CVE-2025-26603, CVE-2025-37752, CVE-2025-38003, CVE-2025-38004, CVE-2025-38031, CVE-2025-38034, CVE-2025-38035, CVE-2025-38037, CVE-2025-38043, CVE-2025-38044, CVE-2025-38048, CVE-2025-38051, CVE-2025-38052, CVE-2025-38058, CVE-2025-38061, CVE-2025-38065, CVE-2025-38066, CVE-2025-38068, CVE-2025-38072, CVE-2025-38075, CVE-2025-38077, CVE-2025-38078, CVE-2025-38079, CVE-2025-38350, CVE-2025-40909, CVE-2025-4373, CVE-2025-4598, CVE-2025-49794, CVE-2025-49796, CVE-2025-50077, CVE-2025-50078, CVE-2025-50079, CVE-2025-50080, CVE-2025-50081, CVE-2025-50082, CVE-2025-50083, CVE-2025-50084, CVE-2025-50085, CVE-2025-50086, CVE-2025-50087, CVE-2025-50091, CVE-2025-50092, CVE-2025-50093, CVE-2025-50094, CVE-2025-50096, CVE-2025-50097, CVE-2025-50098, CVE-2025-50099, CVE-2025-50100, CVE-2025-50101, CVE-2025-50102, CVE-2025-50104, CVE-2025-53023, CVE-2025-54389, CVE-2025-54409, CVE-2025-6021, CVE-2025-6069, CVE-2025-6170, CVE-2025-8067, CVE-2025-8176, CVE-2025-8177, CVE-2025-8194, CVE-2025-8534, CVE-2025-8851
25.08.11 ExtremeControl images:
CVE-2023-4039, CVE-2024-27407, CVE-2024-57996, CVE-2025-1215, CVE-2025-24014, CVE-2025-26603, CVE-2025-37752, CVE-2025-38003, CVE-2025-38004, CVE-2025-38031, CVE-2025-38034, CVE-2025-38035, CVE-2025-38037, CVE-2025-38043, CVE-2025-38044, CVE-2025-38048, CVE-2025-38051, CVE-2025-38052, CVE-2025-38058, CVE-2025-38061, CVE-2025-38065, CVE-2025-38066, CVE-2025-38068, CVE-2025-38072, CVE-2025-38075, CVE-2025-38077, CVE-2025-38078, CVE-2025-38079, CVE-2025-38350, CVE-2025-40909, CVE-2025-4373, CVE-2025-4598, CVE-2025-49794, CVE-2025-49796, CVE-2025-50077, CVE-2025-50078, CVE-2025-50079, CVE-2025-50080, CVE-2025-50081, CVE-2025-50082, CVE-2025-50083, CVE-2025-50084, CVE-2025-50085, CVE-2025-50086, CVE-2025-50087, CVE-2025-50091, CVE-2025-50092, CVE-2025-50093, CVE-2025-50094, CVE-2025-50096, CVE-2025-50097, CVE-2025-50098, CVE-2025-50099, CVE-2025-50100, CVE-2025-50101, CVE-2025-50102, CVE-2025-50104, CVE-2025-53023, CVE-2025-54389, CVE-2025-54409, CVE-2025-6021, CVE-2025-6069, CVE-2025-6170, CVE-2025-8067, CVE-2025-8176, CVE-2025-8177, CVE-2025-8194, CVE-2025-8534, CVE-2025-8851, CVE-2025-6442
25.08.11 ExtremeCloud IQ Site Engine images:
CVE-2023-4039, CVE-2024-27407, CVE-2024-57996, CVE-2025-1215, CVE-2025-24014, CVE-2025-26603, CVE-2025-37752, CVE-2025-38003, CVE-2025-38004, CVE-2025-38031, CVE-2025-38034, CVE-2025-38035, CVE-2025-38037, CVE-2025-38043, CVE-2025-38044, CVE-2025-38048, CVE-2025-38051, CVE-2025-38052, CVE-2025-38058, CVE-2025-38061, CVE-2025-38065, CVE-2025-38066, CVE-2025-38068, CVE-2025-38072, CVE-2025-38075, CVE-2025-38077, CVE-2025-38078, CVE-2025-38079, CVE-2025-38350, CVE-2025-40909, CVE-2025-4373, CVE-2025-4598, CVE-2025-49794, CVE-2025-49796, CVE-2025-50077, CVE-2025-50078, CVE-2025-50079, CVE-2025-50080, CVE-2025-50081, CVE-2025-50082, CVE-2025-50083, CVE-2025-50084, CVE-2025-50085, CVE-2025-50086, CVE-2025-50087, CVE-2025-50091, CVE-2025-50092, CVE-2025-50093, CVE-2025-50094, CVE-2025-50096, CVE-2025-50097, CVE-2025-50098, CVE-2025-50099, CVE-2025-50100, CVE-2025-50101, CVE-2025-50102, CVE-2025-50104, CVE-2025-53023, CVE-2025-54389, CVE-2025-54409, CVE-2025-6021, CVE-2025-6069, CVE-2025-6170, CVE-2025-8067, CVE-2025-8176, CVE-2025-8177, CVE-2025-8194, CVE-2025-8534, CVE-2025-8851
25.08.10 ExtremeAnalytics, and Application Analytics Traffic Sensor images:
CVE-2025-30749, CVE-2025-50106, CVE-2025-30761, CVE-2025-30754, CVE-2025-38009, CVE-2025-37989, CVE-2025-37768, CVE-2025-37940, CVE-2025-37840, CVE-2025-37867, CVE-2025-37739, CVE-2025-37911, CVE-2025-37766, CVE-2024-36908, CVE-2025-23144, CVE-2025-37830, CVE-2025-37913, CVE-2024-46742, CVE-2025-37844, CVE-2025-37850, CVE-2025-37964, CVE-2025-38024, CVE-2024-27402, CVE-2025-37892, CVE-2025-37994, CVE-2025-37810, CVE-2025-37857, CVE-2024-35943, CVE-2025-37742, CVE-2025-37811, CVE-2025-37967, CVE-2024-38540, CVE-2025-23146, CVE-2025-37780, CVE-2025-37823, CVE-2025-23145, CVE-2025-37909, CVE-2025-37794, CVE-2024-26686, CVE-2024-35866, CVE-2025-37914, CVE-2025-37819, CVE-2025-23142, CVE-2022-49168, CVE-2022-48893, CVE-2025-37969, CVE-2024-49989, CVE-2025-37738, CVE-2024-35867, CVE-2022-21546, CVE-2025-37836, CVE-2025-37949, CVE-2025-22062, CVE-2025-37787, CVE-2024-53128, CVE-2025-37991, CVE-2024-26739, CVE-2025-37858, CVE-2022-49535, CVE-2025-37803, CVE-2023-52572, CVE-2025-37773, CVE-2025-37789, CVE-2025-37905, CVE-2025-23147, CVE-2025-23150, CVE-2025-23157, CVE-2025-37841, CVE-2025-37875, CVE-2025-37756, CVE-2024-50258, CVE-2025-23159, CVE-2025-37796, CVE-2025-37998, CVE-2024-54458, CVE-2025-23140, CVE-2025-37982, CVE-2024-38541, CVE-2025-38023, CVE-2025-23151, CVE-2025-37881, CVE-2025-37985, CVE-2025-23161, CVE-2025-37781, CVE-2025-37995, CVE-2025-37838, CVE-2023-52757, CVE-2024-53203, CVE-2025-37859, CVE-2025-21839, CVE-2025-37740, CVE-2025-37992, CVE-2024-49960, CVE-2025-37912, CVE-2025-37765, CVE-2025-37862, CVE-2022-49063, CVE-2025-21853, CVE-2024-46816, CVE-2024-50125, CVE-2025-37771, CVE-2025-37790, CVE-2025-37983, CVE-2025-37805, CVE-2025-23156, CVE-2025-37970, CVE-2025-37829, CVE-2025-38005, CVE-2025-37812, CVE-2025-37770, CVE-2025-37839, CVE-2025-37797, CVE-2025-37792, CVE-2025-37923, CVE-2025-37927, CVE-2025-37788, CVE-2025-37817, CVE-2024-50280, CVE-2025-37767, CVE-2025-22027, CVE-2025-37749, CVE-2025-37808, CVE-2025-23158, CVE-2025-37758, CVE-2025-37824, CVE-2025-37930, CVE-2024-46751, CVE-2025-37883, CVE-2024-35790, CVE-2024-56751, CVE-2025-32463, CVE-2025-32462, CVE-2025-46835, CVE-2025-48386, CVE-2025-48385, CVE-2025-27614, CVE-2025-27613, CVE-2025-48384, CVE-2025-6965, CVE-2025-50182, CVE-2025-50181, CVE-2023-40403, CVE-2025-5351, CVE-2025-5372, CVE-2025-4877, CVE-2025-5318, CVE-2025-5987, CVE-2025-4878, CVE-2025-5449, CVE-2025-32990, CVE-2025-6395, CVE-2025-32988, CVE-2025-32989, CVE-2025-48964, CVE-2025-47268, CVE-2025-49125, CVE-2025-49124, CVE-2025-52520, CVE-2025-53506, CVE-2025-48988, CVE-2025-48976
25.08.10 ExtremeControl images:
CVE-2025-30749, CVE-2025-50106, CVE-2025-30761, CVE-2025-30754, CVE-2025-38009, CVE-2025-37989, CVE-2025-37768, CVE-2025-37940, CVE-2025-37840, CVE-2025-37867, CVE-2025-37739, CVE-2025-37911, CVE-2025-37766, CVE-2024-36908, CVE-2025-23144, CVE-2025-37830, CVE-2025-37913, CVE-2024-46742, CVE-2025-37844, CVE-2025-37850, CVE-2025-37964, CVE-2025-38024, CVE-2024-27402, CVE-2025-37892, CVE-2025-37994, CVE-2025-37810, CVE-2025-37857, CVE-2024-35943, CVE-2025-37742, CVE-2025-37811, CVE-2025-37967, CVE-2024-38540, CVE-2025-23146, CVE-2025-37780, CVE-2025-37823, CVE-2025-23145, CVE-2025-37909, CVE-2025-37794, CVE-2024-26686, CVE-2024-35866, CVE-2025-37914, CVE-2025-37819, CVE-2025-23142, CVE-2022-49168, CVE-2022-48893, CVE-2025-37969, CVE-2024-49989, CVE-2025-37738, CVE-2024-35867, CVE-2022-21546, CVE-2025-37836, CVE-2025-37949, CVE-2025-22062, CVE-2025-37787, CVE-2024-53128, CVE-2025-37991, CVE-2024-26739, CVE-2025-37858, CVE-2022-49535, CVE-2025-37803, CVE-2023-52572, CVE-2025-37773, CVE-2025-37789, CVE-2025-37905, CVE-2025-23147, CVE-2025-23150, CVE-2025-23157, CVE-2025-37841, CVE-2025-37875, CVE-2025-37756, CVE-2024-50258, CVE-2025-23159, CVE-2025-37796, CVE-2025-37998, CVE-2024-54458, CVE-2025-23140, CVE-2025-37982, CVE-2024-38541, CVE-2025-38023, CVE-2025-23151, CVE-2025-37881, CVE-2025-37985, CVE-2025-23161, CVE-2025-37781, CVE-2025-37995, CVE-2025-37838, CVE-2023-52757, CVE-2024-53203, CVE-2025-37859, CVE-2025-21839, CVE-2025-37740, CVE-2025-37992, CVE-2024-49960, CVE-2025-37912, CVE-2025-37765, CVE-2025-37862, CVE-2022-49063, CVE-2025-21853, CVE-2024-46816, CVE-2024-50125, CVE-2025-37771, CVE-2025-37790, CVE-2025-37983, CVE-2025-37805, CVE-2025-23156, CVE-2025-37970, CVE-2025-37829, CVE-2025-38005, CVE-2025-37812, CVE-2025-37770, CVE-2025-37839, CVE-2025-37797, CVE-2025-37792, CVE-2025-37923, CVE-2025-37927, CVE-2025-37788, CVE-2025-37817, CVE-2024-50280, CVE-2025-37767, CVE-2025-22027, CVE-2025-37749, CVE-2025-37808, CVE-2025-23158, CVE-2025-37758, CVE-2025-37824, CVE-2025-37930, CVE-2024-46751, CVE-2025-37883, CVE-2024-35790, CVE-2024-56751, CVE-2025-32463, CVE-2025-32462, CVE-2025-46835, CVE-2025-48386, CVE-2025-48385, CVE-2025-27614, CVE-2025-27613, CVE-2025-48384, CVE-2025-6965, CVE-2025-50182, CVE-2025-50181, CVE-2023-40403, CVE-2025-5351, CVE-2025-5372, CVE-2025-4877, CVE-2025-5318, CVE-2025-5987, CVE-2025-4878, CVE-2025-5449, CVE-2025-32990, CVE-2025-6395, CVE-2025-32988, CVE-2025-32989, CVE-2025-48964, CVE-2025-47268, CVE-2025-1735, CVE-2025-6491, CVE-2025-1220, CVE-2025-49125, CVE-2025-49124, CVE-2025-52520, CVE-2025-53506, CVE-2025-48988, CVE-2025-48976
25.08.10 ExtremeCloud IQ Site Engine images:
CVE-2025-30749, CVE-2025-50106, CVE-2025-30761, CVE-2025-30754, CVE-2025-38009, CVE-2025-37989, CVE-2025-37768, CVE-2025-37940, CVE-2025-37840, CVE-2025-37867, CVE-2025-37739, CVE-2025-37911, CVE-2025-37766, CVE-2024-36908, CVE-2025-23144, CVE-2025-37830, CVE-2025-37913, CVE-2024-46742, CVE-2025-37844, CVE-2025-37850, CVE-2025-37964, CVE-2025-38024, CVE-2024-27402, CVE-2025-37892, CVE-2025-37994, CVE-2025-37810, CVE-2025-37857, CVE-2024-35943, CVE-2025-37742, CVE-2025-37811, CVE-2025-37967, CVE-2024-38540, CVE-2025-23146, CVE-2025-37780, CVE-2025-37823, CVE-2025-23145, CVE-2025-37909, CVE-2025-37794, CVE-2024-26686, CVE-2024-35866, CVE-2025-37914, CVE-2025-37819, CVE-2025-23142, CVE-2022-49168, CVE-2022-48893, CVE-2025-37969, CVE-2024-49989, CVE-2025-37738, CVE-2024-35867, CVE-2022-21546, CVE-2025-37836, CVE-2025-37949, CVE-2025-22062, CVE-2025-37787, CVE-2024-53128, CVE-2025-37991, CVE-2024-26739, CVE-2025-37858, CVE-2022-49535, CVE-2025-37803, CVE-2023-52572, CVE-2025-37773, CVE-2025-37789, CVE-2025-37905, CVE-2025-23147, CVE-2025-23150, CVE-2025-23157, CVE-2025-37841, CVE-2025-37875, CVE-2025-37756, CVE-2024-50258, CVE-2025-23159, CVE-2025-37796, CVE-2025-37998, CVE-2024-54458, CVE-2025-23140, CVE-2025-37982, CVE-2024-38541, CVE-2025-38023, CVE-2025-23151, CVE-2025-37881, CVE-2025-37985, CVE-2025-23161, CVE-2025-37781, CVE-2025-37995, CVE-2025-37838, CVE-2023-52757, CVE-2024-53203, CVE-2025-37859, CVE-2025-21839, CVE-2025-37740, CVE-2025-37992, CVE-2024-49960, CVE-2025-37912, CVE-2025-37765, CVE-2025-37862, CVE-2022-49063, CVE-2025-21853, CVE-2024-46816, CVE-2024-50125, CVE-2025-37771, CVE-2025-37790, CVE-2025-37983, CVE-2025-37805, CVE-2025-23156, CVE-2025-37970, CVE-2025-37829, CVE-2025-38005, CVE-2025-37812, CVE-2025-37770, CVE-2025-37839, CVE-2025-37797, CVE-2025-37792, CVE-2025-37923, CVE-2025-37927, CVE-2025-37788, CVE-2025-37817, CVE-2024-50280, CVE-2025-37767, CVE-2025-22027, CVE-2025-37749, CVE-2025-37808, CVE-2025-23158, CVE-2025-37758, CVE-2025-37824, CVE-2025-37930, CVE-2024-46751, CVE-2025-37883, CVE-2024-35790, CVE-2024-56751, CVE-2025-32463, CVE-2025-32462, CVE-2025-46835, CVE-2025-48386, CVE-2025-48385, CVE-2025-27614, CVE-2025-27613, CVE-2025-48384, CVE-2025-6965, CVE-2025-50182, CVE-2025-50181, CVE-2023-40403, CVE-2025-5351, CVE-2025-5372, CVE-2025-4877, CVE-2025-5318, CVE-2025-5987, CVE-2025-4878, CVE-2025-5449, CVE-2025-32990, CVE-2025-6395, CVE-2025-32988, CVE-2025-32989, CVE-2025-48964, CVE-2025-47268
Installation, Upgrade, and Configuration Changes
Installation Information
For license requirements for ExtremeCloud IQ Site Engine and devices, see Licensing.
For complete installation instructions, see ExtremeCloud IQ Site Engine Suite Installation.
Upgrading Without an Internet Connection
!!! ATTENTION !!!
We can attempt to upgrade the OS without using the internet if there were no extra Ubuntu packages installed. If there were extraneous packages installed, the upgrade will fail with this method.
Do you want to attempt a local in-place upgrade of the OS and reboot when complete? (Y/n)Custom FlexViews
When reinstalling ExtremeCloud IQ Site Engine Console, the installation program saves copies of any FlexViews you created or modified in the <install directory>\.installer\backup\current\appdata\System\FlexViews folder.
If you are deploying FlexViews via the ExtremeCloud IQ Site Engine server, save them in the appdata\VendorProfiles\Stage\MyVendorProfile\FlexViews\My FlexViews folder.
Custom MIBs and Images
If you are deploying MIBs via the ExtremeCloud IQ Site Engine server, they are saved in the appdata\VendorProfiles\Stage\MyVendorProfile\MIBs\ folder.
If you are deploying device images (pictures) via the ExtremeCloud IQ Site Engine server, they are saved in the appdata\VendorProfiles\Stage\MyVendorProfile\Images\ folder.
Important Upgrade Information
A special MySQL to PostgreSQL Data Migration (For Upgrades from ExtremeCloud IQ Site Engine 24.2 to 24.7 and later) is required to upgrade ExtremeCloud IQ Site Engine from versions older than 24.07. The minimum version to upgrade Analytics Engines and Access Control Engines is 24.02.13.
| NOTE: |
ExtremeCloud IQ Site Engine Version 25.08.11 contains an OS upgrade. Internet connectivity is required to download custom packages. The installer prompts "Do you want to use the Internet to perform the OS upgrade?". The offline upgrade path is supported when no custom packages are installed (answer N). The online upgrade is required when custom packages are manually installed (answer Y). An online upgrade is recommended when an online upgrade was used previously, however there is a risk of session timeout due to 15 minutes of screen inactivity. To upgrade Access Control Engines and Application Analytics Engines you can use the directive --keepalive to decrease the chance of a session expiry timeout from 15 minutes of no screen activity. |
| From Version (currently running) | To Version (next step in upgrade path) |
|---|---|
| ExtremeCloud IQ Site Engine 24.07.x, 24.10.x. 25.02.x, 25.05.x | ExtremeCloud IQ Site Engine 25.08 |
| ExtremeCloud IQ Site Engine 24.02.x | Fresh installation of ExtremeCloud IQ Site Engine 25.08 and follow the MySQL to PostgreSQL Data Migration (For Upgrades from ExtremeCloud IQ Site Engine 24.2 to 24.7 and later) |
| Application Analytics Engine, Access Control Engine 24.02.15 | Application Analytics Engine, Access Control Engine 25.08 |
| ExtremeCloud IQ Site Engine 23.04.12, 23.07.x, 23.11.x, 24.02.x | ExtremeCloud IQ Site Engine 24.02.15 |
| ExtremeCloud IQ Site Engine 21.x, 22.x, 23.2.x 23.04.10, 23.04.11 | ExtremeCloud IQ Site Engine 23.04.12 |
| Extreme Management Center version 8.5.7 | ExtremeCloud IQ Site Engine 24.02.15 |
| Extreme Management Center version 8.2.x to 8.5.6 | Extreme Management Center 8.5.7 |
| Extreme Management Center version 8.0.x to 8.1.x | Extreme Management Center 8.3.3.11 |
| NetSight version 7.1.4.1 | Extreme Management Center 8.3.3.11 |
| NetSight version 7.x | NetSight 7.1.4.1 |
| NetSight version 6.3.0.186 | NetSight 7.1.4.1 |
| NetSight version 6.x | NetSight 6.3.0.186 |
| IMPORTANT: | A backup (Administration > Backup/Restore) of the database must be performed prior to the upgrade and saved to a safe location. |
|---|
If you use LDAPS with a Fully Qualified Domain Name (FQDN) in the URL to authorize a user to the OneView, then ExtremeCloud IQ Site Engine presents the Server Certificate (located in Administration > Certificates > Server Certificate Information) to the LDAPS server. If the LDAPS server presents a certificate that does not match the LDAPS URL, then the certificate is rejected with the error “Certificate Unknown”.
The best practice is to use a trusted certificate if the LDAPS URL is defined with FQDN, otherwise the LDAPS server might not accept the LDAPs connection. The alternative option is to use an IP address in the LDAPS URL instead of FQDN.
Important Upgrade Considerations
- If your network is using ExtremeAnalytics or ExtremeControl engines, or another add-on feature, you must first perform the ExtremeCloud IQ Site Engine upgrade to version 25.08.11 and then upgrade the feature.
- To upgrade Traffic Sensor from version 21.x, a fresh installation is recommended. If the fresh installation cannot be used, then please check Knowledge Base for a special procedure.
- If the online upgrade fails due to an Internet connectivity issue, fix the connectivity issue and rerun the upgrade.
| IMPORTANT: | When performing an upgrade, be sure to back up the database prior to performing the upgrade, and save it to a safe location. Use the Administration > Backup/Restore tab to perform the backup. |
- When upgrading the ExtremeCloud IQ Site Engine server, ExtremeAnalyticsengine, or ExtremeControlengine to version 25.08.11, ensure the DNS server IP address is correctly configured.
-
When upgrading to ExtremeCloud IQ Site Engine version 25.08.11, if you adjusted the ExtremeCloud IQ Site Engine memory settings and want them to be saved on upgrade, a flag (
-DcustomMemory) needs to be added to the/usr/local/Extreme_Networks/NetSight/services/nsserver.cfgfile.
For example:-Xms12g -Xmx24g -XX:HeapDumpPath=../../nsdump.hprof -XX:+HeapDumpOnOutOfMemoryError -XX:MetaspaceSize=128m -DcustomMemory
License Renewal
Upgrading to ExtremeCloud IQ Site Engine version 25.08.11 requires you to transition from perpetual to subscription-based license model. Existing NMS licenses do not provide access to ExtremeCloud IQ Site Engine. If your perpetual licenses were not transitioned to subscription-based licenses, contact your Extreme Networks Representative for assistance.
Free Space Consideration
When upgrading to ExtremeCloud IQ Site Engine version 25.08.11, a minimum of 15 GB of free disk space is required on the ExtremeCloud IQ Site Engine server
To increase the amount of free disk space on the ExtremeCloud IQ Site Engine server, perform the following:
- Decrease the number of ExtremeCloud IQ Site Engine backups (by default, saved in the
/usr/local/Extreme_Networks/NetSight/backupdirectory). - Decrease the Data Persistence settings (Administration > Options > Access Control > Data Persistence).
- Remove unnecessary archives (Network > Archives).
-
Delete the files in the
<installation directory>/NetSight/.installerdirectory.
Site Discover Consideration
Discovering devices via the Site tab using a Range, Subnet, or Seed discover might not successfully add all expected devices. To correct the issue, increase the Length of SNMP Timeout value on the Administration > Options > Site tab in the Discover First SNMP Request section.
ExtremeAnalytics Upgrade Information
Enabling or disabling the disk flow export feature might cause enforce operations to time out. Enforcing again resolves the issue.
When you delete an ExtremeXOS/Switch Engine device that is configured as a flow source via the Flow Sources table of the
Analytics > Configuration > Engines > Configuration tab from the Devices list on the Network > Devices tab, an error message is generated in the server.log. The message does not warn you that the device is in use as a flow source. Adding the device back in the Devices list on the Network > Devices tab or removing the device from the Flow Source table fixes the issue.
The Flow Sources table on the Analytics > Configuration > engine > Configuration tab may take a few minutes to load.
ExtremeControl Version 8.0 and later
Beginning in version 8.0, ExtremeControl may fail to join Active Directory when accessing as a Standard Domain User with Descendant Computer Objects ("Reset password" permissions only) group member.
To allow this functionality, add the following permissions:
- Reset Password
- Validated write to DNS host name
- Validated write to service principal
- Read and write account restrictions
- Read and write DNS host name attributes
- Write servicePrincipalName
Other Upgrade Information
Immediately after you install version 25.08.11 on the ExtremeControlengine, the date and time does not properly synchronize and the following error message displays:
WARNING: Unable to synchronize to a NTP server. The time might not be correctly set on this device.
Ignore the error message and the date and time automatically synchronize after a short delay.
Additionally, the following message might display during the ExtremeControl upgrade to version 25.08.11:
No domain specified
To stop domain-specific winbindd process, run /etc/init.d/winbindd stop {example-domain.com}
Upgrading ExtremeControl Engine to Version 25.08.11
General Upgrade Information
The EAP-TLS Certificates with SHA1 are considered weak and are not accepted anymore. The radius server fails to start with the SHA1 certificate. You can use a more secure certificate, such as SHA256.
You are not required to upgrade your ExtremeControl engine version to 25.08.11 when upgrading to ExtremeCloud IQ Site Engine version 25.08.11. However, both ExtremeCloud IQ Site Engine and ExtremeControl engine must be at version 25.08.11 in order to take advantage of the new ExtremeControl version 25.08.11 features. ExtremeCloud IQ Site Engine version 25.08.11 supports managing ExtremeControl engine versions 23.x and up to 25.08.11.
In addition, if your ExtremeControl solution utilizes a Nessus assessment server, you should also upgrade your assessment agent adapter to version 25.08.11 if you upgrade to ExtremeControl version 25.08.11.
You can download the latest ExtremeControl engine version at the Extreme Portal.
LDAPS servers with FQDN
If the LDAPS server URL uses a Fully Qualified Domain Name (FQDN), then the LDAPS client of Access Control Engine presents the internal Communication Certificate to the LDAPS server. If the LDAPS server URL uses a FQDN then the LDAPS client of ExtremeCloud IQ Site Engine presents the Server Certificate (located in Administration > Certificates > Server Certificate Information) to the LDAPS server. If the LDAPS server presents a certificate that does not match the LDAPS URL, then the certificate is rejected with the error “Certificate Unknown”
The best practice is to use trusted certificates if the LDAPS URL is defined with FQDN, otherwise the LDAPS server might not accept the LDAPS connection. If the LDAPS server URL uses an IP address then the LDAPS client (of both Access Control Engine and ExtremeCloud IQ Site Engine) does not present the Certificate to the LDAPS server.
Upgrading to Policy Manager 25.08.11
- Policy Manager 25.08.11 only supports ExtremeWireless Controller version 8.01.03 and higher. If you upgrade to ExtremeCloud IQ Site Engine 25.08.11 prior to upgrading your controllers, then Policy Manager does not allow you to open a domain where the controllers already exist or add them to a domain. A dialog is displayed indicating your controllers do not meet minimum version requirements and that they must be upgraded before they can be in a domain.
- Following an upgrade to Wireless Controller version 8.31 and higher, a Policy Manager enforce fails if it includes changes to the default access control or any rules that are set to contain. To allow Policy Manager to modify the default access control or set rules to contain, you must disable the "Allow" action in policy rules contains to the VLAN assigned by the role checkbox accessed from the Wireless Controller's web interface on the Roles > Policy Rules tab. This will allow the enforce operation to succeed.
Fabric Configuration Information
Certificate
Fabric Manager might be unavailable via ExtremeCloud IQ Site Engine after upgrading if the certificate is missing in ExtremeCloud IQ Site Engine Trust store.
To ensure Fabric Manager is available, enter the Fabric Manager certificate in the ExtremeCloud IQ Site Engine Trust store using Generate Certificate option. See Add Fabric Manager Certificate for the certificate procedure.
Authentication Key
When you provision authentication keys for Fabric Attach, the key cannot be read back for security reasons. When the key is read from the device, it always shows "****". For this reason, it might seem that there is a configuration mismatch when one does not exist.
Service Configuration Change
If you change a configured service via the Configure Device window that references one of the following, and then enforce those changes to the device, the configuration on the device might change unexpectedly:
- MLT
- SMLT
- Port-specific settings to a port belonging to an MLT or SMLT
To prevent this merge, change rows in the Enforce Preview window where MLT or SMLT are in use from Current to Desired.
To correct the issue after enforcement, modify the service on the device via the CLI.
CLIP Addresses
Using the CLIP Addresses table in the Configure Device window, you can enter addresses in both IPv4 and IPv6 formats. However, ExtremeCloud IQ Site Engine version 25.08.11 only supports applying a single address (either IPv4 or IPv6) to a Loopback Interface.
Upgrading VSP-8600
When upgrading from Extreme Management Center version 8.2 to version 8.3. manually reload previously discovered VSP-8600 devices to gain access to Fabric Connect features.
Removing Fabric Connect Configuration
Removing a device's Fabric Connect configuration by setting the Topology Definition to <None> may fail if the device has Logical Interfaces assigned to ISIS.
Password Configuration
Fabric Manager fails to onboard in ExtremeCloud IQ Site Engine if the root password includes an ampersand (&) character. Additionally, if the Administration > Inventory Manager > SCP tab contains a password that includes an ampersand (&) in ExtremeCloud IQ Site Engine, the Fabric Manager firmware does not download successfully.
Ensure you use a password without an ampersand (&) character.
VRF Configuration
Fabric Engine SNMP performance is adversely affected as the number of VRF configurations increases. This issue can be resolved by upgrading toFabric Engine release 8.1.1 or later or VSP-8600 series version 6.3.3 or later.
Device Configuration Information
VDX Device Configuration
To properly discover interfaces and links for VDX devices in ExtremeCloud IQ Site Engine, enable three-tuple-if on the device.
| NOTE: | To enable three-tuple-if on the device in ExtremeCloud IQ Site Engine:
|
Additionally, for ExtremeCloud IQ Site Engine to display VCS fabric , the NOS version must be 7.2.0a or later.
Rediscover VDX devices after upgrading to ExtremeCloud IQ Site Engine.
Fabric Engine Device Configuration
Topology links from Fabric Engine devices to other Fabric Engine or ERS devices might not display in a topology map (or might display inconsistently). To ensure topology map links display correctly, verify that the Fabric Engine device is configured to publish its management IP address in the autotopology (SONMP) data.
Ensure that the output of show sys setting command shows:
autotopology : on
ForceTopologyIpFlag : true
clipId-topology-ip : 0
If the output values displayed are different, configure the Fabric Engine device to publish management IP address in SONMP data by executing the following CLI commands:
(config)# autotopology
(config)# sys force-topology-ip-flag enable
(config)# default sys clipId-topology-ip
The Status of LAG links in maps will start working after the next polling following an upgrade to ExtremeCloud IQ Site Engine. You can initiate the polling of a device by performing a refresh/rediscovery of the device.
ERS Device Configuration
ERS devices might automatically change VLAN configurations you define in ExtremeCloud IQ Site Engine. To disable this, change the vlan configcontrol setting for ERS devices you add to ExtremeCloud IQ Site Engine by entering the following in the device command line:
CLI commands
enable
config term
vlan configcontrol flexible
Additionally, configure all VLANs on the port for an ERS device with the same tag status (tagged or untagged). If enforcing to an ERS device on which a port has at least one VLAN as tagged, ExtremeCloud IQ Site Engine adds all untagged VLANs to the tagged VLAN list and clears the untagged VLAN list.
Creating an archive for ERS devices using the Network > Archives tab does not complete successfully if Menu mode (cmd-interface menu) is used instead of CLI mode (cmd-interface cli). See
SLX Device Configuration
When creating a ZTP+ Configuration for an SLX 9240 on which firmware version 18s.01.01 or 18s.01.02 is installed, the ZTP+ process fails if the Administration Profile value uses SSH or Telnet CLI credentials. ExtremeCloud IQ Site Engine indicates that the SSH or CLI profile is not supported by the device.
To create a ZTP+ configuration for an SLX 9240:
- Create a new Device Profile with the CLI Credential set to < No Access >.
- Create the ZTP+ Configuration and select the new Device Profile you created in Step 1 as the Administration Profile.
- After the ZTP+ process successfully completes and the device is added to ExtremeCloud IQ Site Engine, select a Device Profile that uses the correct CLI credentials for the SLX device in the Administration Profile.
| NOTE: | The SLX ZTP+ Connector does NOT support configuring CLI credentials on the device. |
ExtremeXOS Device Configuration
ExtremeXOS/Switch Engine devices on which firmware version 30.3.1.6 is installed do not download and install new firmware versions successfully via the ZTP+ process. To correct the issue, access the Network > Firmware tab in ExtremeCloud IQ Site Engine, select the ExtremeXOS device you are updating via ZTP+, and change the Version field in the Details right-panel from builds/xos_30.3/30.3.1.6 to 30.3.1.6.
Firmware Upgrade Configuration Information
ExtremeCloud IQ Site Engine supports firmware downloads and uploads to devices using TFTP, FTP, SCP, and SFTP. However, before firmware images can be downloaded or uploaded from the server, ExtremeCloud IQ Site Engine needs the root path or directory for each of the protocols. The following default root paths for each protocol are configurable from the Administration > Options > Inventory Manager tab:
Protocol Root Path:
- TFTP: /tftpboot/firmware/images/
- FTP: /tftpboot/firmware/images/
- SCP: /root/firmware/images/
- SFTP: /root/firmware/images/
To upload firmware images that are 2 GB or less to the server, use the ExtremeCloud IQ Site EngineNetwork > Firmware tab. For files larger than 2 GB, use a third-party client (such as SCP, WinSCP, or FTP).
For example, to use SCP to upload a firmware image to the SCP root path on the server, enter the following:
scp <LOCAL_FIRMWARE_PATH> root@<ExtremeCloud IQ Site Engine_SERVER_IP>:/root/firmware/images- Where:
- <ExtremeCloud IQ Site Engine_SERVER_IP>= IP Address to ExtremeCloud IQ Site Engine Server
- <LOCAL_FIRMWARE_PATH>= fully qualified path to a firmware image on the client machine
Wireless Manager Upgrade Information
A High Availability pair cannot be added as a flow source if the WLAN(s) selected are not in common with both wireless controllers.
Server and Client System Requirements
| IMPORTANT: | Wireless event collection is disabled by default in version 25.08.11 due to the increase in disk space usage required. To enable event collection, select Enable Event CollectionEvent Analyze. Then select Administration > Options > Event Analyze. Internet Explorer is not supported in ExtremeCloud IQ Site Engine version 25.08.11. |
Operating System Requirements
ExtremeCloud IQ Site Engine Server Requirements
| Manufacturer | Operating System |
|---|---|
| Linux | Red Hat Enterprise Linux 9.4 |
| VMware® (ExtremeCloud IQ Site Engine Virtual Engine) |
VMware ESXi™ 6.0 server |
| Microsoft® Hyper-V (ExtremeCloud IQ Site Engine Virtual Engine) | Windows® Server 2019 Windows® Server 2022 |
| Nutanix (ExtremeCloud IQ Site Engine Virtual Engine) | AHV: 20230302.101026 AOS: 6.8.1 Prism Central: 2024.2 |
| Extreme Networks | Universal Compute Platform 2130C version 5.09.01 |
These are the operating system requirements for the ExtremeCloud IQ Site Engine server.
ExtremeCloud IQ Site Engine Client Requirements
These are the operating system requirements for remote ExtremeCloud IQ Site Engine client machines.
| Manufacturer | Operating System |
|---|---|
| Windows (qualified on the English version of the operating systems) | Windows® 10 and 11 |
| Linux | Red Hat Enterprise Linux 9.4 |
| Mac OS X® | Monterey, Sonoma |
ExtremeCloud IQ Site Engine Server and Client Hardware Requirements
These are the hardware requirements for the ExtremeCloud IQ Site Engine server and ExtremeCloud IQ Site Engine client machines.
| NOTES: | ExtremeControl and ExtremeAnalytics are not supported on Small ExtremeCloud IQ Site Engine servers. |
ExtremeCloud IQ Site Engine Server Requirements
| Small | Medium | Enterprise | Large Enterprise | |
|---|---|---|---|---|
| Total CPUs | 1 | 2 | 2 | 2 |
| Total CPU Cores | 8 | 16 | 24 | 24 |
| Memory | 16 GB | 32 GB | 64 GB | 64 GB |
| Disk Size | 240 GB | 480 GB | 960 GB | 1.92 TB |
| IOPS | 200 | 200 | 10,000 | 10,000 |
|
Recommended scale based on server configuration: |
||||
| Maximum APs | 250 | 2,500 | 25,000 | 25,000 |
| Maximum Wireless MUs | 2,500 | 25,000 | 100,000 | 100,000 |
| Maximum Managed Devices | 100 | 1,000 | 10,000 air gap 8,000 connected |
10,000 air gap 8,000 connected |
| Maximum Concurrent Management Sessions | 5 | 15 | 50 | 50 |
| ExtremeControl End-Systems | N/A | 50,000 | 200,000 | 200,000 |
| Statistics Retention (Days) | 90 | 180 | 180 | 360 |
| ExtremeAnalytics | No | Yes | Yes | Yes |
| MU Events | No | Yes | Yes | Yes |
| IMPORTANT: | For optimal performance the CPU and Memory needs to reserved in the ESX Client and the virtual machine needs to be deployed using Thick Disk provisioning. |
ExtremeCloud IQ Site Engine Client Requirements
| Requirements | |
|---|---|
| CPU Speed | Dual Core Processor |
| Memory | 8 GB |
| Disk Size | 300 MB (User's home directory requires 50 MB for file storage) |
| Java Runtime Environment (JRE) (Oracle Java only) | Version 8 (for FlexView Editor / MIB Tools) |
| Browser1 (Enable JavaScript and Cookies) | Microsoft Edge Mozilla Firefox Google Chrome |
1Browsers set to a zoom ratio of less than 100% might not display ExtremeCloud IQ Site Engine properly (for example, missing borders around windows). Setting your browser to a zoom ratio of 100% corrects this issue.
Virtual Engine Requirements
The ExtremeCloud IQ Site Engine, ExtremeControl, and ExtremeAnalytics virtual engines must be deployed on a VMware, Hyper-V server, Nutanix, or Extreme Networks Universal Compute Platform.
- ExtremeCloud IQ Site Engine and virtual engines are packaged in the .OVA file format for VMware deployment.
- ExtremeCloud IQ Site Engine and virtual engines are packaged in the .ZIP file format for Hyper-V deployment.
- ExtremeCloud IQ Site Engine and virtual engines are packaged in the .OVA file format for deployment to the Nutanix through Prism Central.
- ExtremeCloud IQ Site Engine and virtual engines are packaged in the .TAR file format for deployment to the Universal Compute Platform.
| IMPORTANT: | For ESX and Hyper-V servers configured with AMD processors, the ExtremeExtremeAnalytics virtual engine requires AMD processors with at least Bulldozer based Opterons. |
ExtremeCloud IQ Site Engine Virtual Engine Requirements
| Specifications | Small | Medium | Enterprise | UCP 2130C |
|---|---|---|---|---|
| Total CPU Cores | 8 | 16 | 24 | N/A |
| Memory | 16 GB | 32 GB | 64 GB | N/A |
| Disk Size | 240 GB | 480 GB | 960 GB | N/A |
| IOPS | 200 | 200 | 10,000 | N/A |
|
Recommended scale based on server configuration: |
||||
| Maximum APs | 250 | 2,500 | 25,000 | 25.000 |
| Maximum Wireless MUs | 2,500 | 25,000 | 100,000 | 100,000 |
| Maximum Managed Devices | 100 | 1,000 | 10,000 air gap 8,000 connected |
10,000 air gap 8,000 connected |
| Maximum Concurrent Management Sessions | 5 | 15 | 50 | 50 |
| ExtremeControl End-Systems | N/A | 50,000 | 200,000 | 200,000 |
| Statistics Retention (Days) | 90 | 180 | 180 | 180 |
| ExtremeAnalytics | No | Yes | Yes | Yes |
| MU Events | No | Yes | Yes | Yes |
| IMPORTANT: | For optimal performance the CPU and Memory needs to reserved in the ESX Client and the virtual machine needs to be deployed using Thick Disk provisioning. |
ExtremeControl Virtual Engine Requirements
| Specifications | Small | Medium | Enterprise | Large Enterprise | UCP 2130C |
|---|---|---|---|---|---|
| Total CPU Cores | 8 | 16 | 16 | 20 | N/A |
| Memory | 12 GB | 16 GB | 32 GB | 48 GB | N/A |
| Disk Size | 40 GB | 120 GB | 120 GB | 120 GB | N/A |
| IOPS | 200 | 200 | 200 | 200 | N/A |
|
Recommended scale based on server configuration: |
|||||
| ExtremeControl End-Systems | 3,000 | 6,000 | 9,000/12,0001 | 12,000/24,0002 | 12,000/24,0002 |
| Authentication | Yes | Yes | Yes | Yes | Yes |
| Captive Portal | No | Yes | Yes/No1 | Yes/No2 | Yes/No2 |
| Assessment | No | Yes | No | No | No |
1 The Enterprise ExtremeControlengine configuration supports two different scale options:
|
|||||
2 The Large Enterprise ExtremeControlengine configuration supports two different scale options:
|
|||||
| IMPORTANT: | For optimal performance the CPU and Memory needs to reserved in the ESX Client and the virtual machine needs to be deployed using Thick Disk provisioning. |
ExtremeAnalytics Virtual Engine Requirements
| Specifications | Small | Medium | Enterprise | UCP 2130C |
|---|---|---|---|---|
| Total CPU Cores | 8 | 16 | 16 | N/A |
| Memory | 12 GB | 32 GB | 64 GB | N/A |
| Disk Size | 40 GB | 480 GB | 960 GB | N/A |
| IOPS | 200 | 10,000 | 10,000 | N/A |
|
Recommended scale based on server configuration: |
||||
| Flows Per Minute | 250,000 | 500,000 | 750,000 | 750,000 |
| End-Systems | 10,000 | 20,000 | 30,000 | 30,000 |
| Raw Flow Retention (Days) | 3.5 | 3.5 | 7 | 7 |
| IMPORTANT: |
The ESXi free license supports a maximum of 8 CPU cores, and the medium and enterprise ExtremeAnalytics virtual engine installations require 16 CPU cores. Sixteen CPU cores are only available by purchasing a permanent license. To use the ExtremeAnalytics virtual engine with an ESXi free license, adjust the number of CPU cores to 8. To reduce the possibility of impaired functionality, ensure at least 4 GB of swap space is available for flow storage on the ExtremeAnalytics virtual engine. To verify the amount of
available RAM on your Linux system, use the |
Fabric Manager Requirements
| Specifications | Requirements |
|---|---|
| Total CPU Cores | 4 |
| Memory | 9 GB |
| Memory allocated to Java: -Xms -Xmx |
4 GB 6 GB |
| Disk Size | 60 GB |
ExtremeControl Captive Portal Supported End-System Browsers
The following table outlines the supported desktop and mobile end-system browsers connecting to the network through the Mobile Captive Portal of Extreme NetworksExtremeControl.
| Medium | Browser |
|---|---|
| Desktop | Microsoft Edge Microsoft Internet Explorer Mozilla Firefox Google Chrome |
| Mobile | Internet Explorer Mobile Microsoft Edge Microsoft Windows 10 Touch Screen Native (Surface Tablet) iOS Native Android Chrome Android Native Dolphin Opera |
| NOTES: | A native browser indicates the default, system-installed browser. Although this might be Chrome (Android), this also includes the default, system-controlled browser used for a device’s Captive Network Detection for a device. Typically, this is a non-configurable option for Wi-Fi Captive Network Detection, but default Android, Microsoft and iOS devices are tested for compatibility with the Mobile Captive Portal. A mobile device can access the standard (non-mobile) version of the Captive Portal using any desktop-supported browsers available on a mobile device. |
For other browsers, the Mobile Captive Portal requires the browser on the mobile device to be compatible with Webkit or Sencha Touch.
To confirm compatibility with Webkit or Sencha Touch, open http://<ExtremeControlEngine IP>/mobile_screen_preview using your mobile web browser.
- If the browser is compatible, the page displays properly.
- If the browser is not compatible with the Mobile Captive Portal, the following error displays:
ExtremeControl Engine Version Requirements
For complete information on ExtremeControl engine version requirements, see Important Upgrade Information.
ExtremeControl VPN Integration Requirements
VPN concentrators are supported for use in ExtremeControl VPN deployment scenarios.
- Supported Functionality: Authentication and Authorization (policy enforcement)
Cisco ASA
Enterasys XSR - Supported Functionality: Authentication
Juniper SA (requires an S-Series Stand Alone (SSA) system in order to provide access control)
| NOTE: | For all ExtremeControl VPN Deployment scenarios, an S-Series Stand Alone (SSA) system is required to change authorization levels beyond the initial authorization, such as when using assessment. |
ExtremeControl SMS Gateway Requirements
The following SMS Gateways have been tested for interoperability with ExtremeControl:
- Clickatell
- Mobile Pronto
ExtremeControl SMS Text Messaging Requirements
The following mobile service providers are supported by default for SMS text messaging in an ExtremeControl deployment. Additional service providers can be added:
| AT&T | Sprint PCS |
| Alltel | SunCom |
| Bell Mobility (Canada) | T-Mobile |
| Cingular | US Cellular |
| Metro PCS | Verizon |
| Rogers (Canada) | Virgin Mobile (US and Canada) |
ExtremeAnalytics Requirements
To use an ExtremeSwitching X440-G2 switch as an Application Telemetry source for ExtremeAnalytics, install firmware version 22.4.1.4-patch2-5 or higher.
- Extreme Portal
- Search the GTAC (Global Technical Assistance Center) knowledge base, manage support cases and service contracts, download software, and obtain product licensing, training, and certifications.
- The Hub
- Connect with other Extreme customers, ask or answer questions, and share ideas and feedback. This community is monitored by Extreme Networks employees, but is not intended to replace specific guidance from GTAC.
- GTAC
- For immediate support, call 1-800-998-2408 (toll-free in U.S. and Canada) or 1-603-952-5000.
Before contacting Extreme Networks for technical support, have the following information ready:
- Your Extreme Networks service contract number and/or serial numbers for all involved Extreme Networks products
- A description of the failure
- A description of any action already taken to resolve the problem
- A description of your network environment (such as layout, cable type, other relevant environmental information)
- Network load at the time of trouble (if known)
- The device history (for example, if you have returned the device before, or if this is a recurring problem)
- Any related Return Material Authorization (RMA) numbers
