FIRMWARE CHANGE HISTORY ----------------------- Lenovo RackSwitch G8332 Version 8.3.4.0 (Released February 2016) ** Changes since the 8.3.3.0 release ** Enhancements: - This enhancement allows VRRP to work in two ways under vLAG topology Full Active-Active: both vLAGs perform L3 traffic routing for the related VRRP domain. Half Active-Active: one vLAG performs L3 traffic routing while the second one manages L2 forwarding for the related VRRP domain. (42955) Changes: none Fixes: - When the reset button is pressed, it could interrupt an I2C transaction and lock up the I2C bus leading to a hang in the desired switch reset. A fix was added to prevent this sequence of events occurring. (43168) - The hwMTM variable is added to the SNMP MIB to allow reading of the Machine Type Model of the switch. (44107) - Using Cisco ACS, version 5.5 and above, to authenticate users with TACACS protocol, could lead to the User Interface thread (SSHD,AGR,TNET,CONS) to be suspended forever, thereby denying any further authentication with the TACACS protocol. (LV307694/7383) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-3194,CVE-2015-3195. (46801) - Applying switch configuration having OSPF commands, could fail with the message “Routed Port Interface corresponding area (index) 0 is not enabled”, when pasting from a serial session. (7071) ===================================================================================== Lenovo RackSwitch G8332 Version 8.3.3.0 (Released October 2015) ** Changes since the 8.3.2.0 release ** Enhancements: - Extended the ability to support Dual Speed 1/10G MMF SFP+ Transceivers. (LV311542,LV311078,LV312616) Changes: - The Protocols, SSH and SLP (Service Layer Protocol) is enabled by default on the switch. (38987,10224) - The output of “show tech-support” now includes the isCLI commands as headers before their respective output. (38125) - The command "show flash-dump-uuencode" in the isCLI menu and its equivalent "/maint/uudmp" from the IBMNOS-CLI menu have been deprecated. The reference to use this command has been removed from the help tip that is posted upon user login if a flash-dump exists on the switch. (XB282980) Fixes: - The user is incorrectly prompted for "setup configuration" upon login even though configuration had been applied and saved, and the startup configuration block was set to active. (39158) - If the serial number of the switch was changed, the user was prevented from successfully installing a new image, and the message “image contains invalid signature” would be displayed. (40638) - Multicast DA (Directory Agent) Advertisements received on the Management ports are accounted as Unicast Advertisements. (41080) - The switch would fail to send ICMP TTL Exceeded messages back to the source when the incoming ICMP packet had a TTL of 1 with a destination address of the VRRP IP of the switch. As a side effect, Traceroute between devices would fail if the VRRP IP of the switch were one of th hops in the path. (LV311922) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-1788 (BN_GF2m_mod_inv), CVE-2015-1789 (X509_cmp_time) and CVE-2015-1792 (do_free_upto). (39415) ===================================================================================== Lenovo RackSwitch G8332 Version 8.3.2.0 (Released July 2015) ** Changes since the 8.3.1.0 release ** Enhancements: none Changes: none Fixes: - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-0286 (ASN1_TYPE_cmp). ===================================================================================== Lenovo RackSwitch G8332 Version 8.3.1.0 (Released May 2015) Second release of G8332 New and Updated Features: ------------------------- Rebranding ----------- The product is rebranded from IBM to Lenovo Secure Image Signing ------------------------ Ensure the customer safety by preventing the loading of unsigned firmwares. Static lacp ----------------------------- In previous release, the same LACP key ports maybe negotiate multiple LAG(Trunk). To avoid loop for some scenario, the user need negotiate only one LAG(Trunk) for the same LACP key ports, so this release support Static LACP. After configure a LAG(Trunk) ID with the LACP key, all the same LACP key ports can only form to this LAG(Trunk) ID. LACP Individual Mode ----------------------------- When this feature is enabled on an LACP port-channel, if a member port of the port-channel does not receive any LACPDU over a period of time, it will be treated as a normal port which may forward data traffic according to its STP state. Private VLAN ----------------------------- This feature makes Private VLAN configurations as described in RFC 5517. VLAG-MSTP Enhancement --------------------- This enhancement removes STP configuration restrictions, such as changing the MSTP instance and VLAN associations, that were enforced in previous releases when vLAG and MSTP are both enabled. The vLAG interswitch link ports are no longer error-disabled when there's an MSTP region mismatch between the vLAG switches, instead a recurring warning message is generated during the duration of the configuration mismatch. STP Range enhancement ----------------------------- This feature is an enhancement for existing STP commands to support configuration of a range of STP groups at a time. Interrupt mode enable ----------------------------- This feature changes the way how FDB learns. And new HASH mechanism is enabled to enhance the capability for FDB learning. BGP preappend AS Path ----------------------- BGP Pre Append AS Path is an enhancement to route maps. With this feature, the switch can influence the BGP route selection so that one path is preferred over another. This is especially useful when customers are dual home to two different Internet Service Providers (ISPs) and they want to have a primary path to one ISP and use the other ISP as a backup path. Dynamic ARP Inspection ----------------------- Dynamic ARP Inspection is a security feature that enables the device to intercept and examine all ARP request and response packets in a subnet and discard those packets with invalid IP to MAC address bindings. This capability protects the network from some man-in-the-middle attacks. Increase MAX ARPs to 16K ------------------------- Ehnhancement to support 16K ARP entries on the platforms that use the Trident+ and T2 chipsets. SNSC - No terminal prompting (aka Add 'terminal don’t-ask' for SNSC) ------------------------------------ Add option to disable terminal prompting in SNSC Fixes: ------ XB217293: Display ARP entries for VLAN 4095 XB266555: Increase NAT static unidirectional entries from 1024 to 2048 Enhancement to NAT feature to support up to 2048 unidirectional entries. LV301211 - Under intense ARP packet processing, the switch may fail to update the local Gateway Next Hop which will trigger it to continuously send ARP Requests. The ARP will not be installed even if the Reply is received from the Gateway. Enhancements: ------------- NONE Changes: -------- NONE ================================ IBM RackSwitch G8332 Version 7.7.15.0 (Released May 2014) Second release of G8332 New and Updated Features: ------------------------- - NIST 131A: compliant with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131A. - Open Flow 1.3.1 The following key feature where added: • Static LAG • MAC address/IP address masking • Flexible Table Miss and Fail Secure • 40Gb support • Static CLI for Flow Programming • OpenFlow 1.0 backward - Distributed Overlay Virtual Ethernet (DOVE) provides network virtualization by implementing an overlay network for virtual machines on top of an underlying IPv4 network. - FCoE BB5 FCF Support: Full Fabric FCoE Switch - NAT: Network Address Translation Fixes: ------ - MLD groups are not deleted properly when shut/no shut command is performed on a port from a static trunk; in this case some traffic is still flooded. (XB263055) - Part of the IPMC traffic for IGMP groups learned on a port-channel is still forwarded after flapping the port-channel. (XB266229) - Switch crashes when enabling "debug spanning-tree bpdu" from cli. (XB266534) - Switch crashes in VLAG setup with IGMP traffic. (XB263030) - The switch is continuously crashing after using "mda shutdown" and "no mda shutdown" commands several times. (XB262540) - MDA board insertions and removals are now logged by the SysLog server. (XB266532) - Openflow 1.0: Switch is crashing when pushing untagged FDB based flow. (XB271510) Enhancements: ------------- NONE Changes: -------- NONE ================================ IBM RackSwitch G8332 Version 7.7.13.0 (Released March 2014) - Initial release ================================