FIRMWARE CHANGE HISTORY ----------------------- Rackswitch G8000 Firmware version 7.1.9.0 (Released April 2015) ** Changes since the 7.1.8.0 release ** Enhancements: none Changes: Fixes: - L2 Multicast traffic ( 01 00 5E __ __ __ Mac address) with Ether Type 0x0800, but without an IP payload, accounted as Discards by the switch, when they are indeed forwarded. (XB221189) - Fixed security vulnerabilities as reported in CVE Advisories CVE-2014-0191 (libXML2), CVE-2014-3660 (libXML2) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2015-2808 (BarMitzvah) ===================================================================== Rackswitch G8000 Firmware version 7.1.8.0 (Released October 2014) ** Changes since the 7.1.7.0 release ** Enhancements: none Changes: - SNMP Enterprise Trap swMmuParityError (.1.3.6.1.4.1.26543.2.7.1.7) is raised and a syslog message is generated when the switch detets parity errors in its hardware buffers. Fixes none ===================================================================== Rackswitch G8000 Firmware version 7.1.7.0 (Released July 2014) ** Changes since the 7.1.6.0 release ** Enhancements: None Changes: - Internal debug usernames have been removed from the firmware to prevent potential backdoor access. (XB282666) Fixes: None ===================================================================== Rackswitch G8000 Firmware version 7.1.6.0 (Released June 2014) ** Changes since the 7.1.5.0 release ** Enhancements: None Changes: None Fixes: - Switch could experience incorrect log messages indicating the "MAX TEMPERATURE" was flip flopping between above and below the warning threshold. (XB271973) - Maintenance counters for ports on the member switches of a stack were not included in the "show tech support". (XB251289) ===================================================================== Rackswitch G8000 Firmware version 7.1.5.0 (Released November 2013) ** Changes since the 7.1.4.0 release ** Enhancements: None Changes: - Added the ability to manually configure 802.3x Flow Control on BN-CKM-S-SX 1000BASE-SX transceivers. Fixes: None ===================================================================== Rackswitch G8000 Firmware version 7.1.4.0 (Released October 2013) ** Changes since the 7.1.3.0 release ** Enhancements: None Changes: None Fixes: - False over-temperature conditions would lead to invalid alarm notifications (i.e., Syslog messages and SNMP Traps), and possible switch resets. (XB206731) ===================================================================== Rackswitch G8000 Firmware version 7.1.3.0 (Released July 2013) ** Changes since the 7.1.2.0 release ** Enhancements: None Changes: None Fixes: - A Security vulnerability existed in the OSPFv2 Routing Protocol that is used in IBM System Networking Ethernet Switches (CVE-2013-0149). ===================================================================== Rackswitch G8000 Firmware version 7.1.2.0 (Released May 2013) ** Changes since the 7.1.1.0 release ** Enhancements: None Changes: None Fixes: - In a Stacking configuration, SNMP Traps would not be sent from Member switches for Power-supply failures, Fan failures, Temperature events, and Cold-start/Warm-start events. (55961) - During routine Forwarding Database (FDB) synchronization, a timing issue could lead to the switch losing the ability to transmit packets. In rare cases, the same underling issue could lead to a crash. This condition would be accompanied by "fdb_sync_handle_mac error" messages continuously being displayed on the serial console. (57461, 67120, 68895) - A crash could occur if a TCP reset was received from the client machine while handling an HTTP request from the BBI interface. (70400) - Accessing the "Packet Path Map" page under the Stacking menu of the Browser-based Interface (BBI) would cause the Master switch's stacking process to restart. After this, access via the BBI would no longer available, and issuing certain CLI commands would cause the console to become unresponsive. (70401) =================================================================================== Rackswitch G8000 Firmware version 7.1.1.0 (Released April 2012) ** Changes since the 6.8.12.0 release ** Enhancements: None Changes: - IBM maintains a common operating system (known as “MCP Linux”) across all Linux-based products to ensure compliance with software licensing laws, and to maintain consistent quality and the highest level of security. All Linux-based products are therefore required to ship with this standardized operating system from the factory. The 7.1.1 release brings the Rackswitch G8000 into compliance via an update of the operating-system kernel to MCP Linux version 2.6.16. Fixes: None =================================================================================== Rackswitch G8000 Firmware version 6.8.12.0 (Released November 2012) ** Changes since the 6.8.6.0 release ** Enhancements: - Added commands to disable/enable IGMP mrouter syslog messages: [no] logging log igmp-group [no] logging log igmp-mrouter [no] logging log igmp-querier (59573) - Added the ability to configure the BBI refresh rate. (59008) - Enhancements to CPU Packet Logging: - Added more granularity to distinguish amongst various types of IPv4 packets. - Added statistics and logging for packets sent from the CPU (previously only received packets were supported). - Added the ability to filter packet logs by packet type, protocol, VLAN, ingress port, VLAN, address, IP address, etc. - Added the ability to display the rate at which packets are received and sent by the CPU. Changes: - Syslogs are now displayed most-recent first in the BBI. (59008) - Changed the frequency of NTP logging from every time the system clock is updated, to only when a connection is established with an NTP server, or lost. (60467) Fixes: - Issuing any variant of the "show mac" command would sometimes display an inaccurate number for "Total number of FDB entries". (48561) - Attempting to configure an IPsec 3DES key beginning with "00" would fail. (55362) - OSPFv3 IPsec Security Associations would not be formed when using AH or ESP keys beginning with "00". (55738) - In an OSPF topology, deleting a static route would result in Type 5 LSAs being sent with an invalid Forwarding Address. (57334) - In Stacking mode, the the Master switch would crash when when clicking the "Put TS Dump" button under the "Switch Image and Configuration Management" BBI menu. (58195) - After 4 failed SSH login attempts when the user-authentication server (TACACS or RADIUS) is unreachable, memory exhaustion could occur if continuous connection attempts were made in rapid succession from an SSH client before the configured authentication timeout is reached. (58263) - Syslog events would not be generated after downloading a configuration file via the "copy tftp running-config" command. (58841) - The "ipv6 ospf encryption ipsec spi" command would be lost from the configuration upon reboot. (58930) - User-configured IPv6 interfaces could fail to initialize during reboot. (58970) - When traffic was mirrored to multiple Mirror ports, some packets would be lost if the traffic being received on the Monitor ports was a mix of Broadcast and Unicast. (59168) - With IP Routing disabled, ARP packets would not be sent out of ports 1-24, 51, and 52. (59169) - Stack traces produced by Memory-Monitor resets were inaccurate. (59210) - In a Stacking configuration, issuing the "show interface-rate" command for a port on a member switch would cause the console to hang. (59281) - Statically configuring an multicast router on LACP-trunk ports would fail if the mrouter table was full. (59451) - The "show ip igmp mrouter" command would not display mrouter entries correctly when more than one static mrouter was configured. (59461) - After using the "clear ip igmp mrouter" command, the "show ip igmp mrouter" command would display more entries than were actually programmed in hardware. (59462) - The Switch ASIC supports a maximum of 128 IGMP mrouters (either statically configured or dynamically learned), but afer globally disabling then re-enabling IGMP, only 127 minus the number of statically-configured mrouters could be dynamically learned. (59899) - Instances of the escape character '\' in the System Notice were not explicitly being stored in the configuration file, leading to an "Invalid input detected" error during reboot, and the user-configured message missing from the running configuration. (59926) - The number of available IGMP mrouter entries would sometimes not be updated after removing ports from a Trunk on which mrouters had previously been configured or learned. (59963, 60045) - IGMP mrouter entries statically configured on Trunk ports would sometimes not be applied upon reboot. (60039) - With a mixture of static and dynamic IGMP mrouter entries already installed, attempts to configure additional entries beyond the maximum supportable number would fail (as designed), but no error message would be generated. (60093) - After changing the LACP mode from "active" to "off", MAC addresses previously learned on that trunk were not being flushed from the FDB. (60094) - If the IP address of a switch for which IGMP Querier was enabled was changed to be numerically lower than the previously-elected querier, re-election would not be triggered. (60116) - If the first port of a Trunk on which IGMP mrouters were configured is subjected to a link flap, static mrouter entries would be deleted. (60186) - Disabling IGMP globally would result in unregistered IP multicast traffic being flooded on Trunks for which mrouters had been statically configured, even if flooding was disabled. (60235) - Unregistered IP multicast traffic would not be forwarded to statically-configured mrouter ports upon enabling IGMP globally, if the mrouter ports had been configured while IGMP was disabled globally. (60247) - Attempts to add a static IGMP group entry when the maximum supportable groups had already been reached would fail (as designed), but no error message would be generated. (60299) - When receiving frames with the Broadcast destination address at a rate greater than 100Mbps, DNS Resolution Requests would fail. (60537) - Reserved IP Multicast packets would not be forwarded if flooding and and IP routing were disabled. (60563) - A user could inadvertently configure more Multicast groups than are supported. (60770) - In a case where more than 2000 IGMP groups are installed, if multiple IGMP Query packets are received simultaneously on two ports in the same VLAN, some may not be processed. (60855) - A loopback interface configured as the Source Address of an NTP server could inadvertently be deleted. (60936) - UDLD PDUs received on an port which is a member of LACP trunk and for which UDLD was disabled would errantly accept the PDUs, leading to the port being set to the "Error Disabled" state. (60945) - After disabling MAC Learning via the "no learning" command, MAC addresses previously learned on an LACP trunk would not be flushed from the FDB. (61026) - If two LLDP PDUs were received from the same source on two different ports within the time specified by the TTL TLV of the first PDU to arrive, 4KB of CPU memory would be lost (i.e., not returned to the global memory pool) while processing the second PDU. Over time, this condition could lead to CPU memory exhaustion, and a reset by the switch's Memory Monitor. (61108) - After changing the SSH port number via the "ssh port " command, active SSH sessions were not being terminated as expected. (61140) - If during reboot, a timezone other than default was explicitly configured, the time reflected in the "Booting complete" message would not use the configured timezone, resulting in an inaccurate boot-complete time being displayed (and possibly earlier than the prior "Resetting at" time). (61266) - After a adding a static IP Multicast entry to a Port/VLAN, multicast traffic that was previously being forwarded to Mrouter ports in the same VLAN would no longer be forwarded. (61487) - If an LACP trunk had ports in multiple Spanning Tree groups, and two or more ports in the trunk were not in the same forwarding state (e.g., during boot-up, or after issuing the "shut/no shut" command sequence), any static Mrouter configuration for that trunk would "error out" and be lost (i.e., the Mrouter entries would not be installed). (61529) - Repetitive use of the isCLI "pipe" option would result in a memory leak. Over time, this could lead to CPU memory exhaustion, and a reset by the switch's Memory Monitor. (61623) - If a user had logged in with a TACACS user ID of the maximum allowable length then disabled TACACS, a crash would occur upon logging out. (61691) - When displaying the IGMP table simultaneously via Telnet and Console sessions, the Telnet session would be disconnected. (61747) - The "terminal-length 0" setting would not be respected when using the isCLI "pipe" option. (61751) - A crash would occur while trying to log in using TACACS+ authentication, if the designated TACACS server was unreachable. (62839) - A crash would occur when closing a Telnet or SSH session while a command-option prompt was pending. (64005) - Auto-negotiation would fail after disabling flowcontrol on ports 21-24 or 45-48. (64066) - Incoming IGMP protocol packets (i.e., Queries, Joins, and Leaves) could be lost if the switch was simultaneously receiving unregistered IP multicast packets a high rate. (64114) - Attempting to configure the SSH port number to one already used by another service (e.g., HTTP port 80) would not generate an error until attempting to enable SSH. (64987) - A crash would occur if an SSH client used the remote-execution option to run a local command (e.g., ping, traceroute, etc) upon login. (65557) - With IP routing disabled, after issuing the "clear mac-address-table" command, MAC addresses associated with configured IP interfaces would get reprogrammed incorrectly on ports 1-24, 53, and 54. resulting in the discard at these ports of all Broadcast, Multicast, and Unknown Unicast packets sent from the CPU. (65624) - In a Stacked configuration with IP routing disabled, after issuing the "clear mac-address-table" command, MAC addresses associated with configured IP interfaces would get reprogrammed incorrectly on the ports of Member switches, resulting in the discard at these ports of all Broadcast, Multicast, and Unknown Unicast packets sent from the Master's CPU. (65624) ====================================================================== RackSwitch G8000 Version 6.8.6.0 (Released February 2012) ** Changes since the 6.8.2.0 release ** Enhancements: None Changes: - Added support for the SNMP P-Bridge and Q-Bridge MIBs in accordance with RFC 4363. (51920) - The LLDP "Port and Protocol VLAN ID" and "VLAN Name" optional TLVs are now disabled by default. (56041) Fixes: - The SNMP Traps swPrimaryPowerSupplyFailure, swPrimaryPowerSupplyFixed, swFanFailure, and swFanFailureFixed were not included in the Enterprise MIB, resulting in the traps being unrecognized by SNMP Management software. (43646) - Some multicast packets would be lost by existing IGMP receivers if a new receiver registered for the same Group and VLAN, or a receiver already registered for the same Group and Vlan would leave (due to a Leave or a port-down event). (44857) - In Stacking mode, high CPU utilization could occur on the Master switch if IGMP Snooping was enabled, flooding was disabled, and a Member switch was receiving unregistered multicast packets at a high rate. (49750) - The SNMP "swTempReturnThreshold" trap would not be generated when returning to the normal operating range after previously exceeding the temperature-warning threshold. (50510) - The "show ip route counters" command could display more than the actual number of ECMP routes after performing the "interface enable/disable" command sequence in a topology with indirect next hop routes. (52271) - The system could randomly report "Failed to read Transceiver" messages during link-state changes. (52891) - BGP peer connections would be lost when receiving update packets with the community attribute containing transitive temporary flags. (52595) - A crash could occur after receiving an STP BPDU with an invalid STG instance number. (52947) - A crash would occur when configuring flowcontrol using the "interface range" command and specifying all ports in system. (53361) - Executing a SNMP Walk would result in high CPU utilization and potential flapping of the LACP protocol. (54402) - In a multi-ECMP configuration, only one non-best ECMP route would be displayed in the routing table after adding a static route to the same destination. (54641) - The "config successfully uploaded" Syslog message would not be sent after uploading a configuration file via TFTP. (54795) - In Stacking mode, the the Master switch could crash when the ARP table became full while receiving ARP packets at a high rate. (54863, 54868, 54878) - Static Multicast routes were not removed from the IP Multicast table after deleting them from the running configuration. (54901) - In a Stacking configuration, the ARP table would not get updated upon receiving a broadcast GARP reply. (53911) - The switch would erroneously allow the configuration of a TACACS+ password greater than the maximum length of 32 characters. (55007) - Ping requests would not be sent on a port which had previously been removed from an LACP Trunk. (55234) - A crash would occur if the "show running-config" command was issued after a login notice greater than 1024 characters was previously configured (55417) - The SNMP and TACACS+ CoPP queue priorities were not being respected when PIM was enabled. (55642) - High CPU utilization could occur if IGMP packets were received while IGMP was not configured and VLAN flooding was disabled. (55647) - The system uptime would errantly be displayed as less than actual over time. (55751) - In Stacking mode, the Master switch could crash during a reload after changing the configured Stacking VLAN. (55786) - In Stacking mode, members of the Stack could become unreachable via the AMM after a fail-over scenario. (55824) - In Stacking mode, the Master switch could crash after removing a member from the stack via the "no stack switch-number" command. (55836) - In the 2-chip architecture of the G8000, Layer-2 traffic learned between 2 ports of an ASIC would not be learned on the second ASIC, resulting in flooding to the first ASIC by the second ASIC of packets with destination MAC addresses previously learned on the first ASIC. (55844) - IP Multicast traffic in groups that had been learned via IGMPv3 Reports was no longer forwarded after a General Query was received on the same port and the multicast groups had expired. (55923) - The switch was not being recognized as a Remote Device by Juniper MX480 Routers when LLDP was enabled. (56041) - Momentary packet discards would occur within a VLAN when removing ports from that VLAN. (56304) - The "Object Identifier" field in the output of the "/i/l2/lldp/remodev" command could sometimes appear garbled. (56426) - The ARP database was not being updated upon Station Moves, resulting in Layer-3 traffic not being re-routed to the new switch port. (56437) - Routed traffic would not resume after performing the "shut/no shut" command sequence on active links (56438) - STP flapping could occur if receiving unregistered multicast traffic for a VLAN configured with Flooding disabled, or Optimized Flooding enabled. (56489, 56970) - The "Total entries" parameter displayed via the "show ip igmp mrouter" command was being double-counted if static multicast routers were configured on Trunks. (56788) - Using either of the "include", "exclude", "section", or "begin" CLI filtering options with commands that require user confirmation to proceed (e.g., "show tech" and "show counters") would result in a hang of the terminal session (56840) - In Stacking mode, any "interface port pvid" configuration commands with PVIDs greater than 1024 would not be retained on the new Master after a fail-over scenario. (56913) - Enabling the sFLow feature could lead to a CPU packet-buffer leak that over a prolonged period of time would eventually lead to a loss of control-plane protocols that are dependent on the CPU, and an inability to manage the switch (via Telnet, SSH, SNMP, etc.). (57045) - In Stacking mode, rebooting the Master switch or a Member switch could lead to incoherency between Layer-3 tables of the Master and the Member(s), and ultimately a failure to route traffic. (57179) - Multicast routers previously learned via PIM Hello packets would not expire after receiving PIM Hello packets updated with a new multicast-router source-IP address. (57249, 55588) - The SNMP 'altTeamingTriggerUp' and 'altTeamingTriggerDownTraps' were not included in the Enterprise MIB, resulting in the traps being unrecognized by SNMP Management software. (57311) - A memory leak existed when receiving LLDP DCBX v1 packets, such that over time could lead to complete memory exhaustion and eventual reset by the Switch's Memory Monitor. (57389) - In Stacking mode, downloading a configuration file via the "copy tftp active-config" command would fail silently, and the active configuration would be erased from flash. (57410) - A crash could occur while processing invalid or unsupported LLDP DUs. (57438) - Enabling the sFLow feature could lead to a crash. (58016) ====================================================================== RackSwitch G8000 Version 6.7.3.0 (Released August 2011) ** Changes since the 6.7.2.0 release ** - The "ifHCOut Discards" counter was not being incremented on egress ports during Head-of-Line Blocking (HoL) conditions. (43784) - Several port-level “maintenance” counters were displayed erroneously. (43951) - If the “ifOut Discards” counter was incrementing on the first port of the switch ASIC, the same counter would be aliased to all other ports in the ASIC. (48904) - Improved the "port interface-counters" command to display all possible reasons for Ingress and Egress packet discards. (49111) - The RMON etherStatsDataSource object was returning incorrect indices for physical ports. (49312) - Over a prolonged period of time, link flapping while the CPU is forwarding packets to switch ports could inevitably lead to a loss of control-plane protocols that are dependent on the CPU, and an inability to manage the switch (via Telnet, SSH, SNMP, etc.). (49996) - The "show interface-rate command" would intermittently yield inaccurate results. (50305) - SNMP "Fan Failure Cleared" traps were continuously being generated. - The switch’s "uptime" value would wrap back to zero after several weeks. (52013) =============================================================================== RackSwitch G8000 Version 6.5.4.0 (Released May 2011) Enhancements: None. Changes: - Converted the "stats/mp/pkt" command to a menu and added more options to display packet counters and logs. (37046) - Added the ability to disable SSHv1 support via CLI, BBI, and SNMP. Due to security concerns, SSHv1 is now disabled by default (the default is now v2). (43957) Fixes: - Applying any layer-3 configuration change could result in an alternate gateway becoming the active gateway. (42700) - If a router in a RIP domain became unreachable, the default route advertised by the unreachable router would still be propogated within the RIP domain. (43765) - The console would hang when continuous pings reached 65535 iterations. (43845) - In an OSPF topology, the preferred route for IGMP streams was via an interface directly connected to a Multicast Router (mrouter). In failover testing, the streams would be sent through an alternate path via an IGMP relay as designed. Depending on the circumstances, when the direct path to the mrouter was reestablished, the streams would not be forwarded via preferred interface as expected, but instead either continue to be forwarded via the alternate path, or both paths simultaneously. (43917, 43977) - The corruption of a buffer-management counter would result in the inability of the CPU to process Layer-3 packets. (44306) =============================================================================== BNT RackSwitch G8000 Version 6.5.2.3 (Released October 2010) Enhancements: - Added the ability to display the best route in the output of the "show ip route address" command even when the specified address does not already exist in the route table. (41386) Changes: - Added missing descriptions for LACP Informational Tables in the Enterprise MIB. (42203) Fixes: - Although invalid, gateways 5-32 were available via the "ip gateway" command (only 1-4 are valid). (43094) - OSPF Adjacencies were momentarily lost for all neighbors if the BGP AS number was changed via the "router bgp as" configuration command. (41670) - Static routes were lost after bringing link down/up multiple times. (42008) - When a BGP route was learned, and its next-hop matched a statically- configured route, an additional static route was displayed in the isCLI configuration dump. (42376) - The description of the ecmpGatewayUp and ecmpGatewayDown SNMP traps were inconsistent with the MIB, making the traps unrecognizable by the MIB browser. (42442) - SSH connections would hang if TACACS+ was enabled, "clog" or "cauth" were enabled, and the user logged via backdoor and executed a command. (42672) - Can not see a LACP trunk aggr by aggregation ID (43067) - SNMP walk/getnext was failing after the stackBootCurState object. (43161) - OSPF DRouters were not processing OSPF packets with DIP 224.0.0.6 (43333) - Crash would occur if more than 100 OSPF interfaces were enabled. (43570) - Crash would occur while learning 2K IGMP groups from all external ports and issuing the "show ipig g" CLI command. (43623) - SNMP MIB walks were failing on the agPortCurCfgUdld object. (43696) - The PortID and DeviceID TLVs in UDLD PDUs were being formatted incorrectly, causing the upstream Cisco router to falsely detect a unidirectional link then disable the port. (43699) - The Source-specific BGP packet filter was programmed with an incorrect rule, causing all TCP data packets to be sent to the CPU. (43757) =============================================================================== G8000 Version 6.3.3.0 (Released September 2010) Enhancements: None. Changes: - Added the "no prompting" option to isCLI (equivalent of "verbose 0" in BladeOS CLI). (40865) - Added the SNMP hwTemperatureSensor4 object to the MIB. (42279) Fixes: - OSPF adjacencies flapped when OSPF configuration changes were made. (40610) - Configuration validation of "ip route" and "ip gateway" commands could fail while upgrading from the 5.2.1.1 release to a 6.3.x release, resulting in loss of the startup configuration. (40617) - Telnet connections would not close completely when exiting a session from SecureCRT. (40669) - OSPF adjacencies would be lost on all areas when enabling and disabling authentication on an area where no interface is configured and no neighbor is learned. (40748) - 0.5-meter DAC cables are displayed as "LB" when issuing the "show interface transceiver" command. (40781) - OSPF host addresses were not being relearned from the second path when the first path failed. (40831) - With MSTP enabled and an interface associated with a VLAN that has just one port "up", disabling spanning-tree (CIST) on the port then shutting down the port would lead to a condition where the IP interface still appeared to be up. (40836) - Crash could occur in some instances when downloading a configuration file via SCP and using the PSCP client. (40900) - Static routes might not be updated in the Switch ASIC if the gateway became unreachable. (40947) - Configuring OSPF to redistribute fixed routes would not take effect without restarting OSPF. (40971) - When adding a mgmt network definition, existing Telnet/SSH users would be ejected, even if they had connected from a trusted network. (41075) - Terminal sessions could become unusable if an idle timeout occured while the CLI is waiting for user input. (41560) - Crash when receiving self-originated LSAs where the Advertising Router and Link State ID specified in the packet were different. (41734) - The ifHCInOctets and ifHCOutOctets 64-bit interface counters were wrapping after just 32 bits. (41780) - PVST can take up to 30 seconds to converge. (41899) - Crash when receiving LLDP packets with management-address TLV. (41998) - Time zones for Sweden, Switzerland, and Turkey were being set incorrectly. (42023) - Failure to flood BPDUs across the aggregator ISL reulted in a loop between the aggregators and upstream devices that went undetected. (42313) - The description of the ecmpGatewayUp and ecmpGatewayDown SNMP traps were inconsistent with the MIB, making the traps unrecognizable by the MIB browser. (42442) - Console could hang when issuing the "show counters" command. (42611)