DES-3800 series Firmware Release Note 
Firmware: 4.50.B12
Hardware: A1 & A2G for DES-3828 series / A1G for DES-3852
Date: August 1, 2008

Enhancements:
1. Extend the VLAN number learned by GVRP (Dynamic VLAN number) from 255 to 4K.
2. Support VLAN batch configuration – Can create/configure/delete multiple VLAN IDs by one single command.
3. Can remove all Trusted Hosts via Web, SNMP or one single command in CLI.
4. Support L3 Control Packet Filtering – Can filter DVMRP, PIM, IGMP Query, OSPF, RIP, or VRRP packets.
5. Support Radius attributes assignment - 1. Ingress/egress bandwidth attribute, 2. 802.1p priority attribute - to the port after successful 802.1X authentication.
6. Broadcast Segmentation – Can isolate layer 2 broadcast domains between ports while keep IP traffic being forwarded between ports without using cross-VLAN routing.
7. Support two more modes for Multicast Port Filtering Mode: Forward All Groups, Filter Unregistered Groups.
8. Can input IP address ranges of trusted hosts.
9. Show serial number on Web GUI and CLI. (Note: Only devices shipped with firmware version 4.50 onward will have S/N burned in the devices).
10. Support OSPF Default Information Originate - Advertise default route into OSPF routing domains.
11. Can enable/disable OSPF ECMP.
12. Can enable/disable response to traceroute (ICMP TTL=0) packets. (refer to 8. of Problem Resolved)
13. Extend the number of profiles and rules of CPU interface filtering from 5 to 10.
14. Can allow/disallow users to place ‘enable admin’ command after successful login to the switch. (Use ‘config authen enable_admin’ command to allow/disallow ‘enable admin’ for each login methods.)

Problems Resolved:
1. When using Net-SNMP to access DES-3852 and execute clear counters, the counters are successfully cleared, but the return value from the device is ‘failure’.
2. Correct spelling errors at the error message of the Bandwidth Control feature.
3. Create two IP interfaces and use two PCs at two VLANs to ping each other. If the PCs and DES-3800 do not have each others’ ARP entries, the first or two pings will be timeout.
4. After configuring command prompt in the CLI, saving it and rebooting the device, the command prompt setting is missing.
5. Forcing the port speed of the DES-3800 and DES-3000 will make the port on the DES-3800 not link with DES-3000.
6. The SNMP query to the switch does not get correct MAC addresses of IP interfaces when more than two IP interfaces are configured on the switch.
7. When a default route is statically configured, and another default route entry is derived from OSPF, the switch will always use the statically configured default route even OSPF is configured to have higher route preference.
8. Traceroute problem: The switch does not respond to an ICMP packet with TTL 0.


=============================================================
Firmware: 4.00.B55
Hardware: A1 & A2G for DES-3828 series / A1G for DES-3852
Date: February 12, 2008

Enhancements:
1. Support Loopback Detection v4.0 (a. STP independent, b. Per port or per VLAN shutdown option when there is a loop detected).
2. Support IEEE802.1v Protocol-based VLAN.
3. Support MLD snooping v1/v2.
4. Configurable RIP Timers: Update interval, Timeout interval, Garbage_collection interval.
5. Support OSPF Equal Cost Route:	Max. ECMP number of a route is 8.
6. Support Host-based IGMP Fast Leave: When enabling IGMP Fast Leave, the default behavior is Host-based and this is not changeable. 1K host table is supported.
7. Support 2nd default route: Primary/backup route is supported. ECMP is not supported.
8. Support IPv6 Awareness: IPv6 ACL, IPv6 Classification - DSCP Remarking.
9. Support Per Flow Bandwidth Control.
10. Safeguard Engine Enhancement: Limit the bandwidth for ARP Request/IP Broadcast instead of blocking them in previous releases.
11. Add logout timer for Web-based Access Control.
12. Support IP-MAC Port binding v3.3 (with DHCP Snooping).
13. Support DHCP Server.
14. Support Loopback IP Interface: Up to 2 Loopback IP Interfaces.
15. The number of terminal lines on the display is configurable.
16. Enhance the Web UI for finding a MAC Address in MAC Address Table. Before this release user must key in MAC address with "-", for example "12-23-34-45-56-67".
17. Display remaining ACL rules on Web/CLI.
18. Allow User level of accounts to execute “ping” command.
19. Stop contacting to TACAS+ server periodically before logging-in.
20. Rename "DLF" to "Unicast" in Traffic Control feature.
21. Enhancement for 3-Level User Access Right feature: Disallow user to execute "enable admin" command when authenticating using local or Radius database. TACAS/TACAS+/XTACAS users still can execute "enable admin" because TACAS/TACAS+/XTACAS do not support user level definition.
22. Add an OID to show port utilization.
23. Enhancement for per port limited IP multicast address range: Support up to 24 profiles and each profile can add up to 128 multicast groups. Max multicast group per port can join is configurable and the max number is 256.
24. Add a command “show access_profile current_config” to display the user-configured access profiles. (The existing “show access_profile” command displays all access profiles configured not only by users but switches.)
25. Change link of D-Link logo to www.dlink.com.tw. This web site will redirect HTTP requests to the regional D-Link web site of each country.
26. Enhancement for MAC-based Access Control, Web-based Access Control, and 802.1X: If a VLAN assigned from the Radius server does not exist on the switch, the switch will not assign this VLAN to the port.
27. New Web panel on Web UI.
28. Allow untag VLANs to overlap on a port.
29. Upgrade Bridge-MIB from rfc2674.mib to rfc4363.mib.
30. Combo port configuration: copper port and fiber port can be configured separately.
31. A private MIB that can clear ARP & Forwarding table.
32. A private MIB that can advertise tag when creating VLAN.

Problems Resolved:
1. Microsoft NAP integration: If 802.1X re-authentication is triggered on PC, the switch does not reassign attributes according to the policies defined on the RADIUS server.
2. When LACP is enabled, the loss of communication occurs after running a few minutes.
3. When multiple IP interfaces are configured, the switch responds to a SNMP request with wrong source IP interface.
4. When enabling the 802.1x and a VLAN is assigned to a user, if administrator execute "save" command, the assigned VLAN will be saved in the config file.
5. The OSPF external route is not propagated correctly when under an ECMP environment. 


=============================================================
Firmware: 3.00.B57
Hardware: A1 & A2G for DES-3828 series / A1G for DES-3852
Date: July 05, 2007
Enhancements:
1. Add a CLI command “show current_config access_profile” for showing current ACL configuration.
2. When connecting to the system’s CLI, it shows a blank screen first and will show username/password text after the user enters any key.
3. When the user enables Access Authentication Control and logon thru Console: After wrong passwords are supplied for 3 times and the console screen is locked, a message is shown up to indicate the time left before the user can enter the password again.
4. Support ISM-VLAN


Problems Resolved:
1. The SSH connection is lost and the switch does not answer to ping when setting up large number of ACL rules and manipulating them under SSH connection.
2. Cannot ping DES-3828 Interface when setting up several CPU interface filtering rules that consist permit & deny rules.
3. Once Exhausted Mode of Safeguard engine is activated, the switch cannot go back to Normal Mode while the CPU is busy at updating ACL rules.
4. The value format of RMON etherHistoryUtilization object is incorrect.
5. When using Web-based Access Control, the authentication page does not appear if the user goes to the configured Redirection Page URL with a file name (eg. http://xx.xx.xx.xx/index.html)
6. When DES-3800 is connected with DES-6500 in STP enabled looped connection, power cycling the DES3800 will make STP failed. 
7. Double VLAN member port cannot be successfully added via CLI.
8. The default route configured on DES3800 switch is not redistributed to others.
9. When using IGMP Snooping, multicast streams are flooded to some other non-joined ports.
10. The ‘new line’ symbol (0D0A) is inconsistent in config file.
11. When creating an IP interface on a VLAN via Web, a VLAN name longer than 20 characters is not allowed.
12. After changing DES-3828's ipif mask, the interface changes its state to down.
13. Cannot input a VLAN name longer than 10 characters when monitoring MAC address via Web.
14. When entering the command "config safeguard_engine" without any parameters, there is no error message.
15. The switch enters the exception mode periodically if OSPF is enabled in a large deployment environment.
16. Polish character "ó" entered into Web interface makes the switch not work properly. 
17. Cannot set default route using Web interface.
18. CPU utilization becomes 100% if enabling STP on a switch that has many (1000+) VLAN entries. 
19. When enabling AutoConfig, the switch can be assigned an IP address but doesn't download config file automatically.
20. VRRP virtual IP doesn’t reply to ping.
21. The switch enters exception mode and hangs up if using SSH without TERM parameter (eg. unset TERM) under Linux environment.
22. After supplying power via PoE for a long time and then unplug the cable from the port, the PoE Status LED is still on.
 
=============================================================
Firmware: 3.00.B29
Hardware: A1 & A2G for DES-3828 series / A1G for DES-3852
Date: November 13, 2006
Enhancements:
1. Support 3-Level User Account
2. Support Radius Accounting for management access
3. Support Per flow mirroring
4. Support PIM-SM
5. Support hardware-based multicast replication
6. Support IP MAC Port binding ACL mode
7. MAC-based Access Control (MAC)
8. Support telnet client
9. Support 0.0.0.0 for IP Setting to prevent from occupying IP address
10. Support log enhancement
11. When access violation (Port Security, IP-MAC-Port Binding), will record it to the Log
12. Send out SNMP Trap for IP-MAC-Port and Port Security violation
13. Support Password Recovery
14. Support SIM 1.6 (to attach to the system VLAN)
15. PVID =1 for ports removed from any VLAN
16. Support SSH 1.5
17. Support Proxy ARP
18. Add two MIB objects to clear FDB table and ARP table

Problems Resolved:
1. The “show packet ports” page will be overlaid after refreshing.
2. SSH v2 does not work properly with Putty software.
3. Can not create IP interface via web interface 
4. Can not configure the metric of default route via web interface
5. Can not configure the Secondary interface if the IP address is greater than the Primary interface.
6. After rebooting device, the static ARP entry will be lost
7. Device needs around 10 minutes to boot up even when there’re only few ACL configurations.
8. Configuring bandwidth control will fail if the LACP group is already created.
9. If the traffic matches the ACL rule first and the result is “permit”, the bandwidth control function will not work.
10. Safeguard engine can not return to the normal mode when the CPU is not busy any more.

Note:
For DES-3828P, after downloading the firmware, it will take about 5 minutes because the PoE firmware will be upgraded as well.
=============================================================
Firmware: 2.00.B30
Hardware: A1
Date: April 14, 2006
Enhancements:
1. Support Dual configuration 
2. Support STP Loopback Detection
3. Extends IP interface per VLAN from 2 to 10
4. Support Double VLAN
5. Support 802.1X Guest VLAN
6. Support IGMP V3
7. Support WRED congestion control
8. Support WAC (Web-based Access Control)
9. Support per port limit IP multicast address range
10. Rename the “CPU protection” with the “Safeguard Engine” feature.
11. Side fan and back fan (only for DES-3828P) log when failed or recovered.
12. RPS and main power supply log and trap
13. Support Route preference
14. Support per port shutdown function in the Broadcast storm control 
15. Remove supporting for legacy PD in PoE function

Problems Resolved:
1. The "zoom in" and " zoom out" functions were opposite in the SIM topology
2. Bandwidth Control doesn’t work from Web
3. SSHv2 can not work properly.
4. DES-3828P does not have the accuracy Power display, for example Power limit set to 15.4W, but the Current Power display is 16.7W.
5. When using D-View module to set ACL, ACL function fails
6. When using Tera Term SSH version 2.3.4, the program gives an error message saying "The program does not understand the servers version of protocol" and Devices will get into Exception mode.
7. Fix bugs of log with external power supply (DPS-200)
8. UDP Broadcast (attack tool) causes SIM fail and device reboot

Note:
Because the Dual configuration, the system setting will be cleared after the firmware updated to R2. It’s strongly recommended the user to backup the original configuration then to reload it after the upgrading.
=============================================================
Firmware: 1.00.B31
Hardware: A1
Date: Dec 27, 2005
Problems Resolved:
Fix the security issues recently reported for unauthorized system access.

Enhancements:
Limit the access by passwords generated by "D-Link PWD calculator".
Before, if customers forgot their configured passwords, D-Link could generate passwords based on the MAC addresses provided by customers via D-Link HQ maintained PWD calculator. Thus customers can use those "backdoor" passwords via telnet/ web/ console to logon to their switch again.
Now the access of those passwords generated by "D-Link PWD calculator" will be limited to console access only.
This is to minimize the security concern.

Note:
This is a recommended security patch for your customers.
=============================================================
Firmware: 1.00.B23
Hardware: A1
Date:Aug 17, 2005

DES-3828/3828DC/3828P first release.
For functions support and configurations please refer to product spec and manuals for detail.