DES-3500 Series Firmware Release Note Firmware: 5.01.B52 Hardware: DES-3526/26DC:A1/A2/A3/A4G DES-3550:A1/A2/A3/A4G /A5G Date: Oct.15, 2008 Problem Resolved : 1. CPU utilization remains high while the traffic storm is released. 2. DHCP client sometimes can not get IP address from DHCP server while enabling IP-MAC-Port binding feature. 3. When connecting DES-3550 Giga port to DGS-1224T Giga port and then reboot DGS-1224T, the link between the DES-3550 and DGS-1224T will down unless it must unplug and plug the UTP cable to recover. 4. Once the ACL is set to block contents from source IP to destination IP, after that if we configure DES-3526 Bandwidth control Rx rate from 1 to 99 Mbps, the ACL setting will fail. This is because the priority confliction between ACL and bandwidth control. The R5.1 FW adjusts the priority between the ACL and bandwidth control based on customer’s request. 5. When configuring both DES-3550’s Giga ports to 1000_Full and connect to each other (port49 connect port50). The Link status is always link down. 6. While connecting to DES-3526 via telnet and set the terminal line 20 ~80. Some problems occur in show ports description command: the "n" (next page) and "p" (previous page) can’t work correctly. 7. While executing DHCP auto configuration and reboot the device, the log-in screen shows up and all the auto configuration tasks will be held up until user press any key to continue the processes. 8. Fail in setting daylight saving time, user can’t set daylight saving time successfully. 9. The auto assign Access ID of the ACL rule can be configured via Web, but it can't be configured via CLI. 10. When there are dual image in the device, if user firstly select the image 2 as the boot up and delete the image 1, after switch reboot the device will change the original image 2 to be image 1. New features : 1. IP-MAC-Port Binding v3.3 2. DHCP Relay option 60/61 3. D-View Module support HP OV NNM v7.51 4. 802.1Q-2005(STP Root Restriction) 5. Configurable auto MDI/MDIX function 6. Gratuitous ARP 7. Cable Diagnostics 8. "Show tech support" command 9. 802.1x sesssion timeout attribute 10. VLAN batch configuration 11. Time-based ACL 12. Add RFC2869 RADIUS extension standard for two attribute "Acct-Input-Gigawords & Acct-Output-Gigawords" 13. Password encryption 14. 802.1X Port-Based Access Control with Target VLAN behavior (Add ingress/egress bandwidth attribute and 802.1p priority attribute) 15. Multicast router traffic control 16. BPDU restriction 17. S/N display on UI 18. Keep static VLAN setting and IPIF while resetting system 19. DHCP local relay 20. ARP Spoofing Prevention Note: 1. While upgrading FW from R5 to R5.1, the old user account existed in R5 FW can not be ported into configuration because R5 FW doesn’t support password encryption. In other words, user can not see old user account in configuration of R5.1. 2. While downloading R5.1 configuration file, the originally existed user account will still be kept and won’t be cleared. 3. While downgrading FW from R5.1 to previous release, all the configurations will be reset to default. 4. The code size of R5.1 is bigger than R5, while setting dual images (especially with 2 sets of R5.1 FW), the device may not boot up successfully. It’s because PROM waste more time to check FW in flash so it can not notify the Watch Dog to set its timer in time. In order to solve this issue, we’ve modified the prom code to extend the FW checking duration and embedded the prom code in R5.1 runtime FW to upgrade prom code automatically at next boot up. It’s strongly recommend that user should follow the R5.1 FW upgrade procedure SOP to download R5.1 FW, otherwise user maybe have a fatal damage that need to RMA. Firmware: 5.00.B28 Hardware: A1/A2/A3/A4G Date: Jan.29, 2008 Problem Resolved : Fix the save configuration failure problem which was reported recently that the DES-3500 series will randomly and temporarily hang-up while executing “save configuration” command by CLI. Please refer to known issue document “ KI016 ” for detail problem description. Firmware: 5.00.B27 Hardware: A1/A2/A3/A4G Date: Oct.1, 2007 New features : 1. IP-MAC-Port Binding v2.5 2. Ability to set terminal length 3. LBD ( Loopback Detection ) v4.0 4. Add "Delete ACL all" CLI command 5. DHCP Client Filtering 6. DHCP Server Screening 7. NetBIOS filtering 8. Log message for those shutdown ports caused by broadcast storm 9. Ability to display tagged ports One more line in CLI command "Show vlan" so it can, currently we need to use all "member ports" minus "untagged ports" to get the results 10. Remove the limitation when browse MAC of MAC table in Web UI, user must key in MAC address with "-", for example "12-23-34-45-56-67" 11. Expand per port limit IP multicast address range from 10 to 30 / per device max 256 entries. 12. " Auto recovery " on blocked port caused by IP-MAC-Port binding access violation 13. 802.1D v2004 14. Remove all trust host by one command in CLI, Web and SNMP 15. Extend trust host number to 10 16. Add subnet mask parameter on trusted host, for the ability to input not only one IP for trusted host 17. Host-based IGMP snooping 18. Add a SNMP MIB to support VLAN advertisement enable/disable function 19. Auto finish the commands which will pop up (Y/N) message with and extra parameter force_agree 20. Add a switch to enable/disable IP 0.0.0.0 checking on IP-MAC-Port binding ARP mode 21. 802.1x Guest VLAN 22. ISM VLAN Enhancement: The source address of the IGMP join/leave from the different hosts/subnet will be replaced with the pseudo IP address of the joining/leaving ISM VLAN before sent from server port. 23. Display remaining number of ACL rules on Web/CLI 24. Add ping command to user privilege 25. Stop contacting to TACAS+ server periodically before logging-in 26. Three-Level User Account 27. Recovery timer for broadcast storm shutdown port ( 5 minutes, fixed ) 28. Password Recovery v1.1 29. Rename " DLF " to " Unicast " in storm control feature 30. Remove the login screen on WEB 31. Add new command show acl config for user privilege 32. Change Download/Upload commands message 33. Change the hyperlink address of WEB’s DLINK LOGO. (from www.dlink.com to www.dlink.com.tw) 34. Change the behavior of “enable admin” command on RADIUS and local authentication: Under the structure of “ Three-level user account”, if the user is authenticated by RADIUS or Local, this user can not change its privilege to administrator level with “ enable admin” command 35. Support per flow bandwidth control by ACL 36. Add “Limited IP Multicast ranges” web page into Web UI. 37. The GVRP feature distributes the VLAN information to the networks even that VLAN does not have any link up port Problem Resolved : 1. DES-3526 enters exception mode while user connect to the device with SSH script. 2. Wrong NAS Port ID display on some ports in 802.1x authentication message. 3. “Forbidden router port” setting is missing after the device reboot. 4. The device enters exception mode while creating additional ACL Profile. 5. Can not create ACL Ethernet profile by using SNMPSet command. 6. Device keeps sending port security violation traps even the MAC has been learned in FDB table. 7. When type the password in the CLI interface, user should only see “*” instead of the characters. But if user move the cursor to the first “*” and delete it, the reset of “*” will reveal to the normal characters. (password will become plain text, not “*”). 8. Fail to use TFTP to upload/download configuration or firmware from WEB interface while uses IP address 10.255.10.5 and 10.255.255.1 9. Fail to close the browser windows (IE and Firefox) from WEB interface if user type the wrong user name and password. 10. If open the SIM member’s web from commander’s SIM web page, incorrectly two duplicated browser windows will be opened. 11. When configure the MSTP edge port as “True” via WEB, the device will show “False” at CLI. When user configures the MSTP edge port as “False” via WEB, the device will show “True” at CLI. 12. DES-3500 CLI incorrectly responds the success message for incompleted “safeguard engine” command. 13. The CLI command “show ports” will have wrong display when user executes “config ports all trap disable”. User will see there is a letter “d” in the right column of the screen. 14. When the device enters the exhausted mode, it can not go back to normal mode even the CPU utilization becomes normal. 15. When delete the IP-MAC-Port binding entry, the device only check the IP address as the index. If delete the correct IP with incorrect MAC, the entry remains removed successfully. 16. When the additional instance id is created for the MSTP, there will be influence on the original working MSTP instance. 17. If the port has been set with bandwidth control parameter, it can not be set as the LACP member port. 18. Change the configuration line feed from 0D 0A to 0A 0D. 19. The cold start trap has the wrong source IP address in the packet content. 20. Configuration of the edge port in STP can not take effect after user save and reboot the device. 21. Slow display of telnet client function 22. RSTP has long convergence time when topology event happens. 23. When the “port security trap” is enabled and access violation happens, the system hangs up. 24. The device enters exception mode when user executes “reset system” via CLI. 25. User account has the same privilege as the Administrator, user can delete/create the IP-MAC-Port binding setting. 26. High CPU utilization even there’re few ARP packets received while the IP-MAC-Port binding is enabled. 27. Change the management traffic(telnet) priority sent out from the switch itself from normal priority 0 to high priority 7 28. Can not identify the model name of DEM-310GT. 29. Change the PVID to 1 if the port is removed from default VLAN (Default PVID is 0 if the port is removed from default VLAN) 30. The CLI screen will be a mess when typing-in “show packet ports” and “show error ports” commands. 31. GVRP can not distribute the VLAN properly if there is a topology event happen when running RSTP. 32. The loop happens while running multicast traffic in the ring topology even with RSTP enabled. 33. When connecting to the DES-3526 with very old combo card (DE-528T), it only can connect at 10M Half duplex mode. Firmware: 4.01.B19 Hardware: A1/A2/A3/A4G Date: Jul. 21, 2006 Problems Resolved: 1. Can not apply created ACL rule via Web interface. 2. If configure port description contains more than 32 characters and use web browser to show it, the device will enter exception mode. 3. Device will enter exception mode when user delete SNMP user and try to get the mib OID1.3.6.1.6.3. 4. Fail to add Packet Content Mask if all "0" through SNMP 5. Can not display the long log messages completely. 6. Unable to save static ARP entries 7. The IfOctets and IfInOctets obtain the counter value from the same stastistics source. 8. IGMP_Snooping Router Time Out mechanism does not work correctly. 9. Can not leave IGMP Snooping group properly if there are more than one client in the same group. 10. Dynamic router port can not forward multicast data. 11. The "zoom in" and " zoom out" functions were opposite from SIM topology. 12. Correct typo "Enalbed" to “Enable” in Multicast router only setting. 13. Can not create the Access profile successfully via D-View. 14. Can not get parameter from some Bridge MIB tables via D-view 5.1. 15. Enabled igmp_snooping mutlicast configuration becomes disabled after rebooting 16. Port-based 802.1X problem: port is authorized, but ping failed. 17. Default VLAN can be deleted via web interface 18. Log bugs with RPS DPS-200. 19. Long convergency time when using 18 pcs devices to test RSTP function. New features : 1. Password recovery 2. CPU Interface filtering 3. SIM R1.6 4. IP MAC Port binding ACL mode 5. Log enhancement 6. Telnet Client 7. Broadcast storm control granularity down to 1 pps 8. SIM base on system VLAN, , previously SIM only works on default VLAN 9. Editable login banner 10. Send trap in SNMP /Add warning message in syslog while access violation happens for IP MAC Port binding and port security 11. Initial Caps on the login 12. Disable the page mode in CLI 13. Enhanced Broadcast storm control ( port shutdown ) 14. Forbid MC router or disable dynamic MC router 15. Safeguard engine includes broadcast storm filtering 16. Disable login banner 17. Hot-key to delete all the characters behind the cursor in CLI. 18. Max. port security learned address entries are enlarged from 20 to 64. 19. Change web panel for new xStack outlook ================================================================= Firmware: 3.06.B20 Hardware: A1/A2/A3 Date: Dec. 27, 2005 Problems Resolved: Fix the security issues recently reported for unauthorized system access. Enhancements: Limit the access by passwords generated by "D-Link PWD caculator". Before, if customers forgot their configured passwords, D-Link could generate passwords based on the MAC addresses provided by customers via D-Link HQ maintained PWD caculator. Thus customers can use those "backdoor" passwords via telnet/ web/ console to logon to their switch again. Now the access of those passwords generated by "D-Link PWD caculator" will be limited to console access only. This is to minimize the security concern. Note: This is a recommended security patch for your customers. ================================================================= Firmware: 3.06.B09 Hardware: A1/A2/A3 Date: Nov. 21, 2005 Problems Resolved: 1. Can not compile R3.5 MIB “dlkMSTP.mib” 2. Can not show TFTP server IP correctly with MIB browser after downloading config file by SNMP. 3. If setting TFTP server IP=0.0.0.0, Des3526 TFTP service hang-up. Need reboot to recover. 4. Unable to delete "swACLIpRuleTable" by using SNMP 5. Error message "System allocate memory fail!" appears while using "Show config" command in SNMP. 6. Cannot add SNMP Host through Web interface 7. RMON etherHistoryUtilization (1.3.6.1.2.1.16.2.2.1.15) of RMON always has the value "0", 8. Can not create the ACL packet_content _mask through D-view 5.1 9. Can not keep “packet_content_mask” setting after system reboot 10. DES-3526 enters EXCEPTION MODE when configuring SNTP and ACL from Web. 11. When DES-3526 flow control enabled port connects to an equipment which does not support flow control or disable flow control, the port still shows “100M/Full/802.3x”. The correct one should be “100M/Full/None”. 12. DES-3526 Gigabit UTP port Speed link was not displayed in Web interface 13. Can not set and display SIM group name through SNMP Enhancements: 1. IP Mac port binding 2. STP loopback prevention ================================================================= Firmware: 3.05.B09 Hardware: A1/A2 Date: Apr. 26, 2005 Problems Resolved: 1. The same ARP entry can’t be added as static if it has been learned already. 2. SSH connection can be formed by any IP even trusted host function is enabled. 3. The setting of ACL tcp destination port isn't written to the configuration in WEB UI, but okay in CLI. 4. The value of OID “dot1qTpFdbTable” is wrong after certain SNMP retrieving sequences. 5. Configuration file cannot be restored after backup in PC. (This problem was found in R2.00B19, and already fixed in R3.01B28) 6. Device crashed when enabling IGMP snooping and sending multicast traffic for a period of time. Enhancements: 1. Can configure IP address 127.0.0.1 as system interface for SIM use. 2. Per port limit IP multicast address range 3. DHCP relay option 82 4. RFC2925 PING MIB & TRACEROUTE MIB 5. ICMP ping by MIB 6. Port Security expands to 20 entries 7. IP-Mac binding (512 entries) 8. Support new CLI command to apply one ACL rule to more than one port (the port range command in R2) ================================================================= Firmware: 3.01.B28 Hardware: A2 Date: Mar. 25, 2005 Problems Resolved: 1. Clock time delays around 13 minutes a day. 2. From SNMP, the ACL mask containing Source IP Mask (or Dest. IP mask) cannot be created. 3 MSTP was found the issue while trying to implement 2 (or more) Spanning Trees on 2 (or more) physical links separately for load sharing and fault tolerance, only 1 physical link was active. 4. Cannot delete static fdb from telnet/cli (web OK). 5. Cannot use WEB login after operating a period of time. 6. MAC-based 802.1X WEB display of authenticated MAC error. 7. Security Risk on Member switch with SIM 8. Cannot add/remove member ports from default VLAN using MIB. 9. Entering debug mode 802.1x. 10. Improve SSL performance. 11. Exception dump when enable AsymVlan from Web (DUSA) 12. When upgraded from 1.xx, device (about 5% prob.) may dump exception. 13. Cannot configure ACL from web when select type=IP. 14. Rapid STP does not work, it acts like STP. 15. Solved the special version for CHT (3.01B23) Enhancements: 1. Enlarge static VLAN to 255. 2. Add show config only command. 3. Catagorize 3 level of logs, and can send syslog & trap based on configured levels of events. (The main reason is to save flash and bandwidth) 4. Enlarge static ARP to 255 5. Enlarge ACL entry to 500 6. DHCP Boot 7. SSL Preload 8. Enlarge IGMP Snooping group from 64 to 128. 9. Per-port BPDU packet filtering. 10. “Autoconfig” function is added: When autoconfig is enabled, the switch will be given a TFTP server address. The configuration file will be loaded upon booting up. Notice: Because of ACL format change in R3 (per-port ACL), when upgrading from R2 firmware, ACL configuration will lose, and need to re-configure. DES-3526 runtime code release history (updated: Oct. 11, 2004) Firmware 2.00.B19 Bug fixed. 1. Fixed SIM gets wrong copyright. 2. Fixed web gets wrong front panel. 3. Fixed port description "random characters" problem, which may result in configuration lost problem after reboot. 4. Fixed the "Login Method List setting" in "Access Authentication Settings" from WebUI problem. CLI/Telnet has no such problem. New features: None DES-3526 runtime code release history (updated: Aug. 30, 2004) Firmware 2.00.B15 Bug fixed. 1. Fix system hang issue while changing 1x mode from PAP to EAP. 2. Fix DES-3526 packet loss when disable/enable no-connection port 3. Fix Port STP configurations lose after load default and save root. a. Do not retrieve hello time parameter in 1d mode b. Cost would be changed as auto while STP version changed. 4. IGMP snooping cannot disable via CLI command, 5. STP configurations instance lose after system reboot 6. Fix Giga port cannot forwarding frames in the first link up after boot up. 7. Fix stop forwarding packet after a period of running problem. (for 6, 7, re-pluging any port can recover the symptom) 8. Fix web lacp page error message and incorrect lacp information New features: None DES-3526 runtime code release history (updated: Jun. 9, 2004) Firmware 2.00.B08 Bug fixed. 1. Fixed Device hangup when port 80 Web attack. New features: 1. Support SSH2 2. Support Radius Authentication on Switch Admin access 3. Support SSL. 4. Support 802.1s (MSTP, Multiple Spanning Tree Protocol) ============================================================= DES-3526 runtime code release history (updated: Apr.6, 2004) Firmware 1.00.B17 Bug fixed. 1. SIM member device firmware download problem at 32 member environment. 2. SIM 32 members re-config problem 3. SIM device hanging up problem. First Release DES-3526 runtime code release history (updated: Mar., 2004) Firmware 1.00.B15 New features: First release version. For the features, please refer to the datasheet. Bug fixed. N/A =======================================================================