RackSwitch G8052 Version 6.8.10.0 (Released July 2012) ** Changes since the 6.8.9.0 release ** Enhancements: None. Changes: None. Fixes: - A Security vulnerability existed in the OSPFv2 Routing Protocol that is used in IBM System Networking Ethernet Switches (CVE-2013-0149). ===================================================================== RackSwitch G8052 Version 6.8.9.0 (Released June 2012) ** Changes since the 6.8.2.0 release ** Enhancements: - Added the ability to configure the BBI refresh rate. (59008) Changes: - The LLDP "Port and Protocol VLAN ID" and "VLAN Name" optional TLVs are now disabled by default. (56041) - Previously when a PIM Rendezvous Point became unreachable, a PIM Join message would be sent on the alternate path after a 10-second timeout. To improve the failover time, PIM will now send a Join on the alternate path immediately after being notified of the lost route by the Unicast Routing Table. (CR 56265) - Syslogs are now displayed most-recent first in the BBI. (59008) Fixes: - Some multicast packets would be lost by existing IGMP receivers if a new receiver registered for the same Group and VLAN, or a receiver already registered for the same Group and Vlan would leave (due to a Leave or a port-down event). (44857) - The SNMP "swTempReturnThreshold" trap would not be generated when returning to the normal operating range after previously exceeding the temperature-warning threshold. (50510) - The "show ip route counters" command could display more than the actual number of ECMP routes after performing the "interface enable/disable" command sequence in a topology with indirect next hop routes. (52271) - BGP peer connections would be lost when receiving update packets with the community attribute containing transitive temporary flags. (52595) - A crash could occur after receiving an STP BPDU with an invalid STG instance number. (52947) - In a multi-ECMP configuration, only one non-best ECMP route would be displayed in the routing table after adding a static route to the same destination. (54641) - Static Multicast routes were not removed from the IP Multicast table after deleting them from the running configuration. (54901) - The switch would erroneously allow the configuration of a TACACS+ password greater than the maximum length of 32 characters. (55007) - Ping requests would not be sent on a port which had previously been removed from an LACP Trunk. (55234) - A crash would occur if the "show running-config" command was issued after a login notice greater than 1024 characters was previously configured (55417) - The SNMP and TACACS+ CoPP queue priorities were not being respected when PIM was enabled. (55642) - High CPU utilization could occur if IGMP packets were received while IGMP was not configured and VLAN flooding was disabled. (55647) - A crash would occur when using the Nmap/Zenmap port-scanning tools with the "intense udp scan" option. (55771) - IP Multicast traffic in groups that had been learned via IGMPv3 Reports was no longer forwarded after a General Query was received on the same port and the multicast groups had expired. (55923) - The switch was not being recognized as a Remote Device by Juniper MX480 Routers when LLDP was enabled. (56041) - Momentary packet discards would occur within a VLAN when removing ports from that VLAN. (56304) - The "Object Identifier" field in the output of the "/i/l2/lldp/remodev" command could sometimes appear garbled. (56426) - STP flapping could occur if receiving unregistered multicast traffic for a VLAN configured with Flooding disabled, or Optimized Flooding enabled. (56489, 56970) - The "Total entries" parameter displayed via the "show ip igmp mrouter" command was being double-counted if static multicast routers were configured on Trunks. (56788) - Using either of the "include", "exclude", "section", or "begin" CLI filtering options with commands that require user confirmation to proceed (e.g., "show tech" and "show counters") would result in a hang of the terminal session (56840) - Enabling the sFLow feature could lead to a CPU packet-buffer leak that over a prolonged period of time would eventually lead to a loss of control-plane protocols that are dependent on the CPU, and an inability to manage the switch (via Telnet, SSH, SNMP, etc.). (57045) - Multicast routers previously learned via PIM Hello packets would not expire after receiving PIM Hello packets updated with a new multicast-router source-IP address. (57249, 55588) - The SNMP 'altTeamingTriggerUp' and 'altTeamingTriggerDownTraps' were not included in the Enterprise MIB, resulting in the traps being unrecognized by SNMP Management software. (57311) - A memory leak existed when receiving LLDP DCBX v1 packets, such that over time could lead to complete memory exhaustion and eventual reset by the Switch's Memory Monitor. (57389) - A crash could occur while processing invalid or unsupported LLDP DUs. (57438) - Enabling the sFLow feature could lead to a crash. (58016) - After 4 failed SSH login attempts when the user-authentication server (TACACS or RADIUS) is unreachable, memory exhaustion could occur if continuous connection attempts were made in rapid succession from an SSH client before the configured authentication timeout is reached. (58263) - The "operational-enable" option for the "no system service-led" configuration command was missing, making it impossible to disable the Service LED from isCLI mode. (58485) - Attempting to configure an IPsec 3DES key beginning with "00" would fail. (55362) - User-configured IPv6 interfaces could fail to initialize during reboot. (58970) - the IPv6 Conformance Test For Path MTU Discovery would fail after rebooting the switch. (53604) - The ARP database was not being updated upon Station Moves, resulting in Layer-3 traffic not being re-routed to the new switch port. (56437) - Routed traffic would not resume after performing the "shut/no shut" command sequence on active links (56438) - Syslog events would not be generated after downloading a configuration file via the "copy tftp running-config" command. (58841) - IGMP Reports would be lost if unregistered IP Multicast traffic was simultaneously being received at a rate greater then 500Mbps. (58984) - When traffic was mirrored to multiple Mirror ports, some packets would be lost if the traffic being received on the Monitor ports was a mix of Broadcast and Unicast. (59168) - Stack traces produced by Memory-Monitor resets were inaccurate. (59210) - Instances of the escape character '\' in the System Notice were not explicitly being stored in the configuration file, leading to an "Invalid input detected" error during reboot, and the user-configured message missing from the running configuration. (59926) - After changing the LACP mode from "active" to "off", MAC addresses previously learned on that trunk were not being flushed from the FDB. (60094) - When receiving frames with the Broadcast destination address at a rate greater than 100Mbps, DNS Resolution Requests would fail. (60537) - Reserved IP Multicast packets would not be forwarded if flooding and and IP routing were disabled. (60563) - A user could inadvertently configure more Multicast groups than are supported. (60770) - In a case where more than 2000 IGMP groups are installed, if multiple IGMP Query packets are received simultaneously on two ports in the same VLAN, some may not be processed. (60855) - A loopback interface configured as the Source Address of an NTP server could inadvertently be deleted. (60936) - UDLD PDUs received on an port which is a member of LACP trunk and for which UDLD was disabled would errantly accept the PDUs, leading to the port being set to the "Error Disabled" state. (60945) - After disabling MAC Learning via the "no learning" command, MAC addresses previously learned on an LACP trunk would not be flushed from the FDB. (61026) - If two LLDP PDUs were received from the same source on two different ports within the time specified by the TTL TLV of the first PDU to arrive, 4KB of CPU memory would be lost (i.e., not returned to the global memory pool) while processing the second PDU. Over time, this condition could lead to CPU memory exhaustion, and a reset by the switch's Memory Monitor. (61108) - After changing the SSH port number via the "ssh port " command, active SSH sessions were not being terminated as expected. (61140) - If during reboot, a timezone other than default was explicitly configured, the time reflected in the "Booting complete" message would not use the configured timezone, resulting in an inaccurate boot-complete time being displayed (and possibly earlier than the prior "Resetting at" time). (61266) - After adding a static IP Multicast entry to a Port/VLAN, multicast traffic that was previously being forwarded to Mrouter ports in the same VLAN would no longer be forwarded. (61487) - If an LACP trunk had ports in multiple Spanning Tree groups, and two or more ports in the trunk were not in the same forwarding state (e.g., during boot-up, or after issuing the "shut/no shut" command sequence), any static Mrouter configuration for that trunk would "error out" and be lost (i.e., the Mrouter entries would not be installed). (61529) - If a user had logged in with a TACACS user ID of the maximum allowable length then disabled TACACS, a crash would occur upon logging out. (61691) - Repetitive use of the isCLI "pipe" option would result in a memory leak. Over time, this could lead to CPU memory exhaustion, and a reset by the switch's Memory Monitor. (61623) - When displaying the IGMP table simultaneously via Telnet and Console sessions, the Telnet session would be disconnected. (61747) - The "terminal-length 0" setting would not be respected when using the isCLI "pipe" option. (61751)