IBM RackSwitch G8264 Version 7.7.8.0 (Released December 2013) ** Changes since the 7.7.5.0 release ** Enhancements: None Changes: - A security vulnerability existed in the TLS protocol versions TLS1.0 and earlier, in that an attacker could potentially discover the TLS session key. To prevent this, a configurable CLI option was added to restrict the minimum allowable protocol version of TLS, from SSLv3 through TLS1.2. (CVE-2011-3389) Fixes: - A crash would occur when routing packets to an unreachable IPv6 gateway. (68081) - A crash would occur during TACACS+ authentication when receiving optional attributes (during the authorization stage). (68473) - With Layer-2 Failover configured, data traffic would momentarily be interrupted while transitioning from the active port to the standby port during a failover. (XB172186, XB222079) - The ACL logging feature would not report incoming packets that matched an ACL qualified by a TCP or UDP destination port. (XB208108) - Valid LLC frames received would erroneously be reported as ingress errors if they included a 802.1Q VLAN tag. (XB208414, XB227573) - A crash would occur if a data port was used to upload a file to an FTP server, if the file already existed on the server and had read-only access permissions. (XB209257) - A crash would occur if the traceroute command was executed with an IPv6 address specified, and no IPv6 management interfaces were configured. (XB215717) - Connecting to a Secure FTP server using a human-readable hostname would fail(would only work when an IP address was explicitly specified). (XB216488) - A crash would occur if a ping was issued to a random host name, and an IPv6 DNS server was unreachable or non-existent (XB216882) - A crash would occur during a second attempt to authenticate a user via an unreachable or non-existent LDAP server. (XB217674) - In a VRRP topology, when the Nessus security-scanning tool performed the "failed login" test via SSH, the VRRP process on the backup switch could fail to receive advertisement packets from the VRRP master within the specified threshold, leading to an oscillation between master and back-up states. (XB217716) - A crash would occur if a TFTP upload or download was attempted, and no IPv6 interfaces were configured. (XB218041) - The switch's Browser-based Interface (BBI) was vulnerable to attacks by Web scanning tools, potentially resulting in crashes. (XB218795) - Invalid TCP packets (e.g., having both SYN and FIN flags set) received by the switch would not be discarded, resulting in a potential security vulnerability. (XB220985) - A crash would occur when performing an SNMP Get operation upon index 128 of the stpInfoPortTable object. (XB249428) ======================================================================================== IBM RackSwitch G8264 Version 7.7.5.0 (Released August 2013) ** Changes since the 7.7.3.0 release ** Enhancements: None Changes: - Dynamic link aggregation (LACP) ports that are not able to converge with peer ports will now result in a link-down state. This will occur when ports configured as members of an LACP trunk are connected to non-LACP ports. This is expected behavior. When connecting different IBMNOS products using LACP ports, it is recommended to install complimentary firmware versions (e.g., 7.7.5) on each device to ensure matching LACP behavior. Fixes: - Inefficiencies in the SNMP-processing code could result in high CPU utilization, SNMP client time-outs, protocol flaps, or a switch reset by the Hardware Watchdog. (66769, 70649) - User-configured ACL Deny rules were not being respected for packets with a Layer-4 (TCP) port of 22 or 23 (i.e., SSH and Telnet, respectively). (69126 / XB202484) - A prolonged period of high CPU utilization can lead to protocol-thread starvation. In one such case, LACP PDUs were not being sent by the CPU, leading to the break down of the LACP trunk forming the ISL in a vLAG topology. The ISL trunk ports that had previously been in the STP Discarding state would then errantly go into the Forwarding state, resulting in flooding of STP BPDUs into the network, and the inevitable network loop. (70887) - The SNMP dot1qVlanCurrentEntry OID was not being populated, resulting in SNMP Walks being stuck indefinitely at that point. (71785) - Disabling LACP (from the peer device) on a member port of an LACP trunk that also has STP disabled would result in the port being errantly displayed as FORWARDING in the output of the "show spanning-tree stp" command (and via the BBI), when in fact the port would be in the BLOCKING state (as designed). (71805, 71822) - Deleting the LACP key (from the peer device) on a member port of an LACP trunk that also has STP disabled would result in the port errantly going into the FORWARDING state. (71841) - With STP in PVRST mode and with a high active-port/STG product, a memory leak could occur while processing BPDUs (this was demonstrable with 47 ports active and more than 127 STGs configured per port). Over time, the memory leak could lead to a reset of the switch by the Memory Monitor. (71844) - A crash would occur when issuing the "show ufp info vport" command without explicitly specifying a vport number. (71951) - A watchdog timeout could occur if an IGMPv3 Report packet was received with the invalid source-IP address of 0.0.0.0. (71749) - Attempting to set port speed via the CMM would fail. (XB171317) - If the CMMs had "Failover on Physical Network Link" enabled (default), and the network link of the Active CMM went down, ports INTB1 and INTB2 could get disabled when the Standby CMM became active. (XB172285) - An IP address could not simultaneously be configured as a global DHCP server address, and a broadcast-domain DHCP server address. (XB172381) - A crash would occur while handling an SNMP “Get” Request for the Object that contains UFP information pertaining the switch (OID 1.0.8802.1.1.2.1.4.1.1.12.2700.65.4). (XB194463, XB202919) - A crash could occur if an FCoE-related CLI command was issued while the external management port was being flooded with packets. (XB199890) - If in Stacking mode, the switch would no longer receive time-sync updates from NTP servers over IPv6 interfaces after a CMM failover. (XB200147) - NTPv3 authentication information was being added to outgoing NTP Client Requests, even when authentication was disabled on the Switch. The consequence was that NTP servers that do not support authentication would discard the requests (i.e,, not respond to the Client Requests). (XB204541) - A crash could occur while handling an HTTPS request if the connection to the client was suddenly terminated while handling the transaction. (XB205895) - If the switch's Hostname was used to access the switch via BBI (i.e., relying on DNS instead of inputting the raw IP address), attempting to perform an image upgrade would result in redirection to a blank page. (XB206876) ======================================================================================== RackSwitch G8264 Firmware Release Version 7.6.7.0 (Released October 2013) ** Changes since the 7.6.6.0 release ** Enhancements: None. Changes: None. Fixes: - Inefficiencies in the SNMP-processing code could result in high CPU utilization, SNMP client time-outs, protocol flaps, or a switch reset by the Hardware Watchdog. (66769, 70649) - A crash would occur when routing packets to an unreachable IPv6 gateway. (68081) - A watchdog timeout could occur if an IGMPv3 Report packet was received with the invalid source-IP address of 0.0.0.0. (71749) - BGP neighborship sessions would flap when receiving BGP route messages that contained community attributes (XB194426) - A crash could occur while handling an HTTPS request if the connection to the client was suddenly terminated while handling the transaction. (XB205895) - The ACL logging feature would not report incoming packets that matched an ACL qualified by a TCP or UDP destination port. (XB208108) - A crash would occur if a data port was used to upload a file to an FTP server, if the file already existed on the server and had read-only access permissions. (XB209257) - A crash would occur if the traceroute command was executed with an IPv6 address specified, and no IPv6 management interfaces were configured. (XB215717) - A crash would occur if a ping was issued to a random host name, and an IPv6 DNS server was unreachable or non-existent (XB216882) - A crash would occur during a second attempt to authenticate a user via an unreachable or non-existent LDAP server. (XB217674) - A crash would occur if a TFTP upload or download was attempted, and no IPv6 interfaces were configured. (XB218041) - The switch's Browser-based Interface (BBI) was vulnerable to attacks by Web scanning tools, potentially resulting in crashes. (XB218795) - A crash would occur when receiving a random sequence of IGMPv3 reports that were interleaved from different Multicast receivers. (XB219263) - Invalid TCP packets (e.g., having both SYN and FIN flags set) received by the switch would not be discarded, resulting in a potential security vulnerability. (XB220985) ====================================================================== RackSwitch G8264 Firmware Release Version 7.6.6.0 (Released July 2013) ** Changes since the 7.6.5.0 release ** Enhancements: None. Changes: None. Fixes: - A Security vulnerability existed in the OSPFv2 Routing Protocol that is used in IBM System Networking Ethernet Switches (CVE-2013-0149). - A Security vulnerability existed in IBM Switches which support Fibre Channel over Ethernet (FCoE), in that data frames were being flooded out of every port if the destination address was not in the MAC table. (CVE-2013-0570). ====================================================================== RackSwitch G8264 Firmware Release Version 7.6.5.0 (Released July 2013) ** Changes since the 7.6.4.0 release ** Enhancements: None. Changes: None. Fixes: - In a Hotlinks topology, copying either the active or backup configuration to the running configuration could lead to the HotLinks standby interface being put into the forwarding state, resulting in a network loop. (68596) - A prolonged period of high CPU utilization can lead to protocol-thread starvation. In one such case, LACP PDUs were not being sent by the CPU, leading to the break down of the LACP trunk forming the ISL in a vLAG topology. The ISL trunk ports that had previously been in the STP Discarding state would then errantly go into the Forwarding state, resulting in flooding of STP BPDUs into the network, and the inevitable network loop. (70887) ======================================================================= RackSwitch G8264 Firmware Release Version 7.6.4.0 (Released April 2013) New and Updated Features: Local proxy ARP: - Local proxy ARP enables the switch to send ARP replies on configured interfaces for Layer-2 communication which normally would not need to acknowledge ARP requests. This feature is useful in secure-network designs where Layer-2 devices on the same logical subnet are physically disconnected. IBM NOS requires that the ICMP-Redirect function be disabled on the switch when Local Proxy ARP is enabled. The Local Proxy ARP feature is configurable on a per-interface basis. VRRP Next Hop: - Next-hop tracking provides a mechanism that allows VRRP failover decisions to be based on the availability of a remote device. The device's availability is determined by its replies to ping or ARP requests. Up to four addresses can be configured per virtual-router. Tracking based on next-hop, and the associated priority-increment value are configurable via the VRRP menu. Changes: None. Fixes: - With Putty SSH client version v0.61 or later, if the amount of data being transferred is larger than the Putty Channel Window (16KB), the client will send an SSH channel request to the server. The issue was that the switch would misinterpret this request and erroneously close the session, and display the "ERROR in processing the SSH message(payload too large)" message at the terminal. (65974) - Polling the Forwarding Database via SNMP would result in prolonged high CPU utilization if the same MAC addresses were learned in multiple VLANs. This would make it difficult for the CPU to process BPDUs in a timely manner, possibly resulting in an STP topology change. (66621) - A crash would occur when booting if the "logging synchronous" command was in the startup configuration. (66885) - FTP sessions established over an IPv6 interface could close unexpectedly during data transfer. (67076) - A crash would occur during reboot if the "no tacacs-server enable-bypass" command was present the start-up configuration, but the "tacacas-server enable" command was not. (67376) - A crash could occur when polling the Forwarding Database via SNMP. (67410) - With Hotlinks configured, the STP configuration would be lost when the mode was changed from RSTP to MSTP. (67522) - During boot-up with a large OpenFlow configuration, if "fdb-timeout" was configured and the value was set to less than the time it took to apply the configuration, the boot process would not complete (i.e., the login prompt would never be presented). (67611) - After disabling the Virtual Router group, the "show running" command would erroneously display the factory default information for the group. (67667) - A Watchdog timeout could occur in a Stacking configuration with Teaming enabled. (68142) - If the LACP member port for which the PBR next-hop ARP entry was associated went down, traffic destined for the next-hop router would temporarily be lost. (68150) - After a VRRP fail-over (i.e., the Master switch goes down), the route to the PBR next-hop Router would not always be reestablished after the Backup switch became the Master, and traffic would not resume. (68352) - In a Hotlinks topology, copying either the active or backup configuration to the running configuration could lead to the HotLinks standby interface being put into the forwarding state, resulting in a network loop. (68596) =============================================================================== Version 7.6.3.0 (Released February 2013) ** Changes since the 7.6.1.0 release ** New and Updated Features: None. Changes: - Added support for power supplies that meet the new China Compulsory Certificate (CCC) requirements for altitude and humidity. (68355) Fixes: None =============================================================================== Version 7.6.1.0 (Released December 2012) New and Updated Features: ======================== BGP Route Reflection: --------------------- Route Reflection is a technique to avoid a large number of sessions between IBGP peers. In this release, support for RFC4456 (BGP Route Reflection - An Alternative to Full Mesh Internal BGP (IBGP)) has been added. SNMP: Support for 8 Read-Only and Read-Write communities: --------------------------------------------------------- This release adds support for 8 read-community names(Read-Only), and 8 write-community names(Read-Write) with SNMPv1 and SNMPv2. RFC5340: OSPF For IPv6: ----------------------- The switch was previously compliant with RFC2740. Starting with this release, the switch is compliant with RFC5340, which supersedes RFC2740. VLAG and PIM Support: --------------------- Previous releases supported IP Multicast routing through the PIM protocol. Also previously supported was the VLAG (Virtual Link Aggregation) protocol. This release adds support for PIM over a vLAG topology, so that the most efficient multicast routing can be achieved in a vLAG topology. NTP Client Display Improvements: --------------------------------- The Network Time Protocol (NTP) is widely used to synchronize computer clocks in the Internet. With the NTP service enabled, the switch can accurately update its internal clock to be consistent with other devices on the network. In this release, the "show ntp" command has been updated with such details as clock offset, stratum, and reference clock. Also in this release is a dampening of the number of syslog messages generated when the system clock is updated or if NTP synchronization fails. Cisco-like CLI: --------------- As part of this change, some existing ISCLI commands have been modified to look more like those in Cisco's IOS. The commands chosen for modification in this release are ones frequently used for VLAN, Port, and STP configuration. With these changes, those familiar with Cisco-IOS CLI can more readily configure the IBM-NOS VLAN, Port, and STP modules. Openflow Phase3: ---------------- Openflow enhancements including Hybrid mode, etc., have been added in this release. VMReady Distributed Vswitch support and VMCheck Stacking support: ----------------------------------------------------------------- Starting with this release, the VMReady Distributed Virtual Switch and VMCheck features are supported in Stacking mode. SNMP traps from members in stacking mode: ----------------------------------------- Added in this release is support for sending essential Traps like over-temperature conditions and hardware failures (e.g., fans and power supplies) for Member switches in a Stack. Support for 4K VLANS: --------------------- Increased the scalability of VLANS from 2K to 4K ======================================================================================== RackSwitch G8264 Version 7.2.4.0 (Released June 2012) ** Changes since the 7.2.3.0 release ** Enhancements: - Added the ability to monitor per-Port and per-QoS-queue, the number and rate of packets and octets transmitted and discarded. (57359) Changes: None. Fixes: - MAC synchronization would not complete successfully after reloading any of the switches in a multi-tier vLAG topology. (56939, 59727) - VLANs could not be added or deleted on vLAG ports without first disabling vLAG. This has been fixed in this release for PVRST mode only. This will be fixed for MSTP in a future release. (57336) - Early implementations of vLAG used TCP port 13000 to represent vLAG health-check packets. This would cause other applications that used this port (e.g., Traceroute) to fail, even in a non-vLAG topology. (57885) - False "L3 table is full" messages could be displayed when the Switch ASIC is adding ARP entries. (58480, 60362, 60481) - The 'intfInfoAddr' and 'intfInfoNetMask' SNMP MIB objects contained invalid data for IPv6 interfaces. (59132) - VM Association ACLs would become invalid if the "copy active-config running-config" command was run. (59328) - An "HTTP 405" error would occur when attempting to enable Layer-2 failover via the BBI. (59898) - QSFP+ transceivers would not be recognized after removal and reinsertion. (60067) - A CIST topology change could occur when uploading a tech-support file when over 2000 MSTP instances were configured. (60076) - SNMP traps were not being sent for NTP "clock updated", NTP "server unreachable", and 802.1x events. (60203) - On an forwarding LACP-member port for which is CIST disabled, the STP state in hardware would remain Blocking after recovering from a link flap (60375) - With static ECMP routes configured, disabling any of the associated IP interfaces would cause its routes to be removed from all other interfaces for which those routes were configured. (60430) - Performing an SNMP Walk on the IPv6 Routing table could lead to a corruption of CPU's packet-buffer pool, leading to an inability of the CPU to further receive IPv6 packets. (60486) - vLAG switches would errantly forward IGMP messages (Reports, Leaves, and Joins) across the ISL on VLANs for which IGMP snooping was disabled. (60545) - Reserved IP Multicast packets would not be forwarded if flooding and and IP routing were disabled. (60563) - The sequence of disabling then enabling vLAG (globally or per-instance) could lead to the the swapping of the Trunk IDs of LACP trunks, but with hardware FDB still reflecting the previous IDs. This could lead to the flooding of vLAG traffic to non-vLAG ports. (60673) - When a vLAG instance was removed from an underlying static trunk, all of the ports in the trunk would go into the STP Discarding state. (60736) - In a vLAG topology with the vLAG switches running in MSTP mode, and the corresponding Access switch running in PVRST mode, the sequence of disabling then enabling vLAG on the Primary switch would cause the vLAG ports of the Secondary switch to go into the STP Discarding state. (60837) - The NTP primary server IP address would be replaced with the word 'key' if the invalid command 'ntp primary-server key [x]' was invoked from ISCLI. (60900) - If two LLDP PDUs were received from the same source on two different ports within the time specified by the TTL TLV of the first PDU to arrive, 4KB of CPU memory would be lost (i.e., not returned to the global memory pool) while processing the second PDU. Over time, this condition could lead to CPU memory exhaustion, and a reset by the switch's Memory Monitor. (61108) - MAC synchronization would not complete successfully after a topology change occurred in a vLAG configuration. (61305) - Repetitive use of the isCLI "pipe" option would result in a memory leak. Over time, this could lead to CPU memory exhaustion, and a reset by the switch's Memory Monitor. (61623) - The "terminal-length 0" setting would not be respected when using the isCLI "pipe" option. (61751) - A crash could occur when receiving IP packets with the TCP port 11000. (61786) - The SNMP Traps 'swFanFailure' and 'swFanFailureFixed' were not included in the Enterprise MIB, resulting in the traps being unrecognized by SNMP Management applications. (62154) =================================================================================== RackSwitch G8264 Version 7.2.3.0 (Released May 2012) ** Changes since the 7.2.2.0 release ** Enhancements: None. Changes: None. Fixes: - In vLAG pair, if the vLAG port on the Primary switch was down while the Secondary switch was rebooted, the vLAG port on Secondary switch would remain in the DISC/DESG state after boot-up. (59735) =================================================================================== RackSwitch G8264 Version 7.2.2.0 (Released April 2012) ** Changes since the 7.2.1.0 release ** Enhancements: None. Changes: None. Fixes: - Stack traces produced by Memory-Monitor resets were inaccurate. (59210) - The Memory Monitor would not reset the switch when the point of total CPU memory exhaustion was reached. (59653) =================================================================================== RackSwitch G8264 Version 6.8.10.0 (Released July 2012) ** Changes since the 6.8.9.0 release ** ** Changes since the 6.8.9.0 release ** Enhancements: None. Changes: None. Fixes: - A Security vulnerability existed in the OSPFv2 Routing Protocol that is used in IBM System Networking Ethernet Switches (CVE-2013-0149). ===================================================================== RackSwitch G8264 Version 6.8.9.0 (Released June 2012) ** Changes since the 6.8.8.0 release ** Enhancements: None. Changes: None. Fixes: - Syslog events would not be generated after downloading a configuration file via the "copy tftp running-config" command. (58841) - IGMP Reports would be lost if unregistered IP Multicast traffic was simultaneously being received at a rate greater then 500Mbps. (58984) - When traffic was mirrored to multiple Mirror ports, some packets would be lost if the traffic being received on the Monitor ports was a mix of Broadcast and Unicast. (59168) - Stack traces produced by Memory-Monitor resets were inaccurate. (59210) - Instances of the escape character '\' in the System Notice were not explicitly being stored in the configuration file, leading to an "Invalid input detected" error during reboot, and the user-configured message missing from the running configuration. (59926) - After changing the LACP mode from "active" to "off", MAC addresses previously learned on that trunk were not being flushed from the FDB. (60094) - When receiving frames with the Broadcast destination address at a rate greater than 100Mbps, DNS Resolution Requests would fail. (60537) - Reserved IP Multicast packets would not be forwarded if flooding and and IP routing were disabled. (60563) - A user could inadvertently configure more Multicast groups than are supported. (60770) - In a case where more than 2000 IGMP groups are installed, if multiple IGMP Query packets are received simultaneously on two ports in the same VLAN, some may not be processed. (60855) - A loopback interface configured as the Source Address of an NTP server could inadvertently be deleted. (60936) - UDLD PDUs received on an port which is a member of LACP trunk and for which UDLD was disabled would errantly accept the PDUs, leading to the port being set to the "Error Disabled" state. (60945) - After disabling MAC Learning via the "no learning" command, MAC addresses previously learned on an LACP trunk would not be flushed from the FDB. (61026) - If two LLDP PDUs were received from the same source on two different ports within the time specified by the TTL TLV of the first PDU to arrive, 4KB of CPU memory would be lost (i.e., not returned to the global memory pool) while processing the second PDU. Over time, this condition could lead to CPU memory exhaustion, and a reset by the switch's Memory Monitor. (61108) - After changing the SSH port number via the "ssh port " command, active SSH sessions were not being terminated as expected. (61140) - If during reboot, a timezone other than default was explicitly configured, the time reflected in the "Booting complete" message would not use the configured timezone, resulting in an inaccurate boot-complete time being displayed (and possibly earlier than the prior "Resetting at" time). (61266) - After adding a static IP Multicast entry to a Port/VLAN, multicast traffic that was previously being forwarded to Mrouter ports in the same VLAN would no longer be forwarded. (61487) - If an LACP trunk had ports in multiple Spanning Tree groups, and two or more ports in the trunk were not in the same forwarding state (e.g., during boot-up, or after issuing the "shut/no shut" command sequence), any static Mrouter configuration for that trunk would "error out" and be lost (i.e., the Mrouter entries would not be installed). (61529) - The Memory Monitor would not reset the switch when the point of total CPU memory exhaustion was reached. (61681) - If a user had logged in with a TACACS user ID of the maximum allowable length then disabled TACACS, a crash would occur upon logging out. (61691) - Repetitive use of the isCLI "pipe" option would result in a memory leak. Over time, this could lead to CPU memory exhaustion, and a reset by the switch's Memory Monitor. (61623) - When displaying the IGMP table simultaneously via Telnet and Console sessions, the Telnet session would be disconnected. (61747) - The "terminal-length 0" setting would not be respected when using the isCLI "pipe" option. (61751) =================================================================================== RackSwitch G8264 Version 6.8.8.0 (Released April 2012) ** Changes since the 6.8.7.0 release ** Enhancements: - Added the ability to configure the switch ASIC to be in pure Store-and-Forward mode. (58792) - Added the ability to configure the BBI refresh rate. (59008) Changes: - Syslogs are now displayed most-recent first in the BBI. (59008) Fixes: - Attempting to configure an IPsec 3DES key beginning with "00" would fail. (55362) - User-configured IPv6 interfaces could fail to initialize during reboot. (58970) - the IPv6 Conformance Test For Path MTU Discovery would fail after rebooting the switch. (53604) =================================================================================== RackSwitch G8264 Version 6.8.7.0 (Released March 2012) ** Changes since the 6.8.2.0 release ** Enhancements: None Changes: - Added support for the SNMP P-Bridge and Q-Bridge MIBs in accordance with RFC 4363. (51920) - The LLDP "Port and Protocol VLAN ID" and "VLAN Name" optional TLVs are now disabled by default. (56041) - Previously when a PIM Rendezvous Point became unreachable, a PIM Join To improve the failover time, PIM will now send a Join on the message would be sent on the alternate path after a 10-second timeout. alternate path immediately after being notified of the lost route by the Unicast Routing Table. (CR 56265) Fixes: - Some multicast packets would be lost by existing IGMP receivers if a new receiver registered for the same Group and VLAN, or a receiver already registered for the same Group and Vlan would leave (due to a Leave or a port-down event). (44857) - The SNMP "swTempReturnThreshold" trap would not be generated when returning to the normal operating range after previously exceeding the temperature-warning threshold. (50510) - The "show ip route counters" command could display more than the actual number of ECMP routes after performing the "interface enable/disable" command sequence in a topology with indirect next hop routes. (52271) - BGP peer connections would be lost when receiving update packets with the community attribute containing transitive temporary flags. (52595) - A crash could occur after receiving an STP BPDU with an invalid STG instance number. (52947) - In a multi-ECMP configuration, only one non-best ECMP route would be displayed in the routing table after adding a static route to the same destination. (54641) - Static Multicast routes were not removed from the IP Multicast table after deleting them from the running configuration. (54901) - The switch would erroneously allow the configuration of a TACACS+ password greater than the maximum length of 32 characters. (55007) - IP Multicast traffic would be flooded even after disabling IGMP, even if IPMC flooding was disabled (55149) - Ping requests would not be sent on a port which had previously been removed from an LACP Trunk. (55234) - A crash would occur if the "show running-config" command was issued after a login notice greater than 1024 characters was previously configured (55417) - The SNMP and TACACS+ CoPP queue priorities were not being respected when PIM was enabled. (55642) - High CPU utilization could occur if IGMP packets were received while IGMP was not configured and VLAN flooding was disabled. (55647) - A crash would occur when using the Nmap/Zenmap port-scanning tools with the "intense udp scan" option. (55771) - IP Multicast traffic in groups that had been learned via IGMPv3 Reports was no longer forwarded after a General Query was received on the same port and the multicast groups had expired. (55923) - The switch was not being recognized as a Remote Device by Juniper MX480 Routers when LLDP was enabled. (56041) - Copying of the firmware "image 2" to/from a USB drive was not supported. (56260) - Momentary packet discards would occur within a VLAN when removing ports from that VLAN. (56304) - The "Object Identifier" field in the output of the "/i/l2/lldp/remodev" command could sometimes appear garbled. (56426) - The ARP database was not being updated upon Station Moves, resulting in Layer-3 traffic not being re-routed to the new switch port. (56437) - Routed traffic would not resume after performing the "shut/no shut" command sequence on active links (56438) - Frames greater than 768 bytes which were received with FCS errors were being forwarded via Cut-through Mode (as designed), but not counted as Transmit Errors on the Egress port(s). (56487) - STP flapping could occur if receiving unregistered multicast traffic for a VLAN configured with Flooding disabled, or Optimized Flooding enabled. (56489, 56970) - The "Total entries" parameter displayed via the "show ip igmp mrouter" command was being double-counted if static multicast routers were configured on Trunks. (56788) - Using either of the "include", "exclude", "section", or "begin" CLI filtering options with commands that require user confirmation to proceed (e.g., "show tech" and "show counters") would result in a hang of the terminal session (56840) - Enabling the sFLow feature could lead to a CPU packet-buffer leak that over a prolonged period of time would eventually lead to a loss of control-plane protocols that are dependent on the CPU, and an inability to manage the switch (via Telnet, SSH, SNMP, etc.). (57045) - Multicast routers previously learned via PIM Hello packets would not expire after receiving PIM Hello packets updated with a new multicast-router source-IP address. (57249, 55588) - The SNMP 'altTeamingTriggerUp' and 'altTeamingTriggerDownTraps' were not included in the Enterprise MIB, resulting in the traps being unrecognized by SNMP Management software. (57311) - A memory leak existed when receiving LLDP DCBX v1 packets, such that over time could lead to complete memory exhaustion and eventual reset by the Switch's Memory Monitor. (57389) - A crash could occur while processing invalid or unsupported LLDP DUs. (57438) - Enabling the sFLow feature could lead to a crash. (58016) - After 4 failed SSH login attempts when the user-authentication server (TACACS or RADIUS) is unreachable, memory exhaustion could occur if continuous connection attempts were made in rapid succession from an SSH client before the configured authentication timeout is reached. (58263) - The "operational-enable" option for the "no system service-led" configuration command was missing, making it impossible to disable the Service LED from isCLI mode. (58484)