FIRMWARE CHANGE HISTORY ----------------------- Lenovo RackSwitch G8272 Version 8.2.5.0 (Released February 2016) ** changes since 8.2.4.0 ** Enhancements: - This enhancement allows VRRP to work in two ways under vLAG topology Full Active-Active: both vLAGs perform L3 traffic routing for the related VRRP domain. Half Active-Active: one vLAG performs L3 traffic routing while the second one manages L2 forwarding for the related VRRP domain. (42955) Changes: none Fixes: - When the reset button is pressed, it could interrupt an I2C transaction and lock up the I2C bus leading to a hang in the desired switch reset. A fix was added to prevent this sequence of events occurring. (43168) - The hwMTM variable is added to the SNMP MIB to allow reading of the Machine Type Model of the switch. (44107) - Switch could crash when the server is configured with more than 4 UFP vNIC functions per port (switch only supports 4 vPorts). The switch will now shut down the vPorts when the mismatch occurs. (40296) - Using Cisco ACS, version 5.5 and above, to authenticate users with TACACS protocol, could lead to the User Interface thread (SSHD,AGR,TNET,CONS) to be suspended forever, thereby denying any further authentication with the TACACS protocol. (LV307694/7383) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-3194,CVE-2015-3195. (46801) - Applying switch configuration having OSPF commands, could fail with the message “Routed Port Interface corresponding area (index) 0 is not enabled”, when pasting from a serial session. (7071) ================================================================================ Lenovo RackSwitch G8272 Version 8.2.4.0 (Released October 2015) ** changes since release 8.2.3.0 ** Enhancements: none Changes: - The Protocols SSH and SLP (Service Layer Protocol) are enabled by default on the switch. (38987,10224) - The command "show flash-dump-uuencode" in the isCLI menu and its equivalent "/maint/uudmp" from the IBMNOS-CLI menu have been deprecated. The reference to use this command has been removed from the help tip that is posted upon user login if a flash-dump exists on the switch. (XB282980) - Extended the ability to support Dual Speed 1/10G MMF SFP+ Transceivers. (LV311542,LV311078,LV312616) Fixes: - The user is incorrectly prompted for "setup configuration" upon login even though configuration had been applied and saved, and the startup configuration block was set to active. (39158) - When configuring “qos bandwidth min” on an UFP port, the switch would incorrectly allow the sum of the minimum bandwidth to be less than 100%. (40181,40295) - The output of “show tech-support” now includes the isCLI commands as headers before their respective output. (38125) - If the serial number of the switch was changed, the user was prevented from successfully installing a new image, and the message “image contains invalid signature” would be displayed. (40638) - Multicast DA (Directory Agent) Advertisements received on the Management ports are accounted as Unicast Advertisements. (41080) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-1788 (BN_GF2m_mod_inv),CVE-2015-1789 (X509_cmp_time) and CVE-2015-1792 (do_free_upto). (39415) - Fixed security vulnerabilities as reported in CVE Advisories CVE-2015-4000(Logjam, TLS protocol) // red releases only (LV311132) ================================================================================ Lenovo RackSwitch G8272 Version 8.2.3.0 (Released July 2015) ** changes since release 8.2.2.0 ** Enhancemnets: none Changes: - SNMP Traps for the VLAG feature were now included in the Enterprise MIB. (LV310110) - A new command ‘no update-internal’ has been added to stop sending VSIDB updates. (LV310500) Fixes: - A crash could occur when a user tries to add more than the allowed number of members supported to a zone on the switch via BBI. (LV304441) - The SNMP Object entPhysicalMfgName (1.3.6.1.2.1.47.1.1.1.1.12) returned the string “IBM”. It has been fixed to return “Lenovo”. (LV310182) - The port numbering scheme in the commands "show transceiver" and "show interface traceiver" is inconsistent after configuring an interface in breakout (4x10G) mode. (LV310036) - Spanning Tree Protocol could flap and virtual ports could go down when CEE is enabled and heavy traffic is directed from the uplink ports to the virtual ports. (LV310135) - A TFTP copy of an invalid running-config to the switch that contained reserved VLANs of a vmgroup was not producing any error message to the user. (LV302258) ================================================================================ Lenovo RackSwitch G8272 Version 8.2.2.0 (Released May 2015) ** changes since release 8.2.1.0 ** Enhancemnets: none Fixes: - Switch fails to add/remove VLANs from a port via SNMP using objects vlanNewCfgAddPortIndex (.1.3.6.1.4.1.19046.2.7.24.2.1.1.3.1.5) and vlanNewCfgRemovePortIndex (.1.3.6.1.4.1.19046.2.7.24.2.1.1.3.1.6) (LV307631/LV307641) - Switch could fail to install an ARP Entry for the static route or gateway leading to ARP packets getting flooded in the network. (LV301211) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-2808 (BarMitzvah),CVE-2015-0286 (ASN1_TYPE_cmp) (LV308595, LV307463) Changes: - New objects hwPowerSupplyState (.1.3.6.1.4.1.19046.2.7.24.1.3.1.41.0), hwSerialNumber (.1.3.6.1.4.1.19046.2.7.24.1.3.1.18.0) and hwManufacturingDate (.1.3.6.1.4.1.19046.2.7.24.1.3.1.19.0) have been added to the enterprise MIB. The Description clauses for the objects hwFanSpeed (.1.3.6.1.4.1.19046.2.7.24.1.3.1.13.0) and hwTempSesnors (.1.3.6.1.4.1.19046.2.7.24.1.3.1.14.0) have been changed. (LV307604) ================================================================================ Lenovo RackSwitch G8272 Version 8.2.1.0 (Released March 2015) Initial Release.