TOI Author :: Noah Tinker

Security policies occasionally prevent the download of PCAP files from packet queries. The integrated Wireshark web interface enables PCAP analysis within the DMF environment and requires authentication for access. This integration provides full Wireshark functionality while keeping the PCAP file on the Controller to maintain adherence to security requirements.

Link Aggregation Group (LAG) or port channel interfaces comprise multiple member interfaces. Network devices typically distribute packets across the member interfaces using a hash computed from packet header fields. The Round-Robin LAG Distribution feature introduces a new packet distribution method: the round-robin method. A round-robin LAG configuration balances packets evenly across all member interfaces in a sequential, round-robin fashion.

As of DMF-8.9.0, when several IP addresses are used in a single policy (whether via an address group or individually across match rules with otherwise identical conditions), the controller groups the addresses together and programs them as a field set on supported switches. This field set has a label that can be directly referenced by TCAM, which allows that TCAM entry to match against packets with any of the IP prefixes in that field set. This optimization dramatically reduces the TCAM consumption for policies that reference many addresses, allowing significantly more policies or addresses to be programmed without exceeding switch TCAM capacity limits. For example, on a switch incapable of performing this optimization, a policy matching traffic from a 100-entry source address group to a 100-entry destination address group would require 100x100=10,000 individual entries. With this optimization, the controller programs two field sets and a single match rule that references both field sets, reducing TCAM consumption from 10,000 entries to just 1 entry for that policy.

The AES-256 Support for SNMPv3 feature implements 256-bit encryption for SNMPv3 interactions on the DMF Controller and managed devices. Configuring the AES-256 privacy protocol option enhances the User-based Security Model (USM) by enforcing 256-bit encryption standards.

The SHA-256 Support for SNMPv3 feature implements 256-bit encryption for SNMPv3 interactions on the DMF Controller and managed devices. Configuring the SHA-256 authentication protocol option enhances the User-based Security Model (USM) by enforcing 256-bit encryption standards.