ESR-Series. Release notes. Firmware version 1.13.0

Версия 1.13.0

Revisions:

Support fo ESR-1511 and ESR-3100 routers
Support for Content-Filter functionality for HTTP traffic
Support for Anti-Spam functionality for HTTP traffic
Routing:
- BGP:
  - Increased BGP RIB ESR-10/12V/12VF/14VF to 1M routes
  - increased BGP RIB ESR-20/21/100/200 to 2.5M routes
  - Increased BGP RIB ESR-1000/1200/1500/1510 to 5M routes

Version 1.12.0

Revisions:

IDS/IPS:
- Supported interaction with Eltex Distribution Manager for licensed content — a set of rules provided by Kaspersky SafeStream II
IPsec:
- Added possibility to view debug information for IPsec
MPLS:
- Added support for VPLS Kompella Mode
- Added commands to output operational information for L2VPN
USB-Modem:
- Support for modems with HILINK firmware
Routing:
- IS-IS:
  - Added possibility of 3way handshake neighborhood establishment
Monitoring and management:
- CLI:
  - Removed the possibility to authenticate as root
Tunneling:
- Added possibility to set AAA authentication lists for OpenVPN clients
Filtering:
- HTTP proxy
  - Added possibility to log filtering events

Version 1.11.2

Revisions:

BRAS:
- Supported BRAS operation in VRF for L3 switching scheme
- Supported adding Option 82 from client DHCP packets in accounting
- Supported getting the number of services and BRAS sessions via SNMP
SNMP:
- Supported breaking softgre tunnels
Monitoring and management:
- CLI:
  - Added the merge command, which merges the downloaded configuration with candidate-config
  - Added possibility to view information about the configuration of a particular Bridge
  - Added possibility to view the configuration of a certain object-groups by specifying the type
  - Added possibility to view the configuration of a certain tunnel
  - Added possibility to view the configuration of a specific route-maps
  - Added saving user login to configuration name when reserving configuration locally
  - Added possibility to view the difference between the archived configurations
  - Added the clear vrrp-state command, which stops VRRP execution for 3* Advertisement_Interval+1 time. This enables the router in the backup state to perform a master hijacking
- SLA:
  - Supported IP SLA in ICMP-ECHO mode
Tunneling:
- Supported synchronization of wireless-controller tunnels between routers with different firmware versions

Version 1.11.1

Revisions:

IPsec:
- Implemented possibility to disable Mobility and Multihoming Protocol (MOBIKE) for IKEv2
- Support for certificate IPsec authentication
- Support for CRL and filtering by attribute field Subject-name

Version 1.11.0

Revisions:

CLI:
- Implemented TCP/UDP port filtering when displaying and cleaning firewall/NAT sessions
- Implemented possibility to view mDNS configuration
IPsec:
- Implemented modes of reconnecting XAUTH clients with one login/password
- Implemented possibility to disable Subject attribute field validation of local and remote XAUTH certificate
Routing:
- Implemented possibility to use Multiwan on pppoe, l2tp, openvpn, pptp and vti-tunnels
Tunneling:
- GRE
  - Implemented possibility to use as local interface for GRE tunnels: USB-modem, pptp, l2tp, pppoe-tunnel and e1, multilink-interfaces
  - Implemented possibility to build GRE tunnels from IP-interfaces of a great VRF
  - Implemented possibility to provide L2 connectivity between clients from different tunnels within one location in the scheme with wireless-controller
- PPPoE
  - Added possibility to use ",", "/" and "\" symbols in username
Limited file system support for USB sticks and SD/MMC cards. Only FAT is supported

Version 1.10.0

Revisions:

Routing:
- Added support for IS-IS routing protocol
- Added support for RIP NG routing protocol
- Reworked BGP configuration
- BGP:
  - Added support for BGP Graceful restart
  - Added support for BGP Weight attribute
- OSPF:
  - Added support for OSPF Graceful restart
Monitoring and management:
- Added possibility to enable monopoly access to the configuration
- Added possibility to reset CLI sessions
- Added possibility to clear the alarm list
Tunneling:
- Added user authentication method selection for L2TP and PPTP servers
- Added possibility to use private key and certificate for OpenVPN client
MPLS:
- Added support for LDP
- Added support for L2VPN VPWS
- Added support for L2VPN VPLS Martini mode
- Added support for L3VPN MP-BGP

Version 1.8.7

Revisions:

USB-Modem:
- Added the «no compression» command to disable Van Jacobson TCP/IP header compression method
Monitoring and management:
- Added possibility to execute SSH commands in non-interactive command line sessions (CLI)

Version 1.8.5

Revisions:

Security:
- Added possibility to use demo licenses for IDS/IPS
SLA:
- Updated Wellink SLA agent on ESR-10/12V/12VF
USB-Modem:
- Added possibility to use '_', '@', '.', '-' characters for user field in cellular profile configuration mode
Monitoring:
- Added Zabbix-proxy functionality

Version 1.8.3

Revisions:

IPSEC:
- Fixed problem of unstable IPsec operation with DMVPN and L2TPv3
Multilink:
- Fixed problem of routing traffic from multilink
- Fixed problem with adding the second and subsequent interfaces in multilink
OSPF:
- Fixed problem with route information update

Version 1.8.2

Revisions:

Support for ESR-20/21/1500/1510 routers
OpenVPN server:
- Increased the number of users to 64
ACL:
- ESR-1X: increased the number of rules to 255

Version 1.8.1

Revisions:

OpenVPN server:
- Added possibility to assign a static IP address to an OpenVPN user
- Added possibility to authorize multiple OpenVPN users with one certificate

Version 1.8.0

Revisions:

Tunneling:
- Support for DMVPN
BGP:
- Increased BGP RIB ESR-20/21/100/200 to 2M routes
- Increased BGP RIB ESR-1000/1200/1500/1510 to 3M routes
SNMP:
- Support for LLDP-MIB

Version 1.7.0

Revisions:

Filtering:
- Support for IDS/IPS
- HTTP proxy: added redirect port configuration
CLI:
- ESR-1700: Increased the maximum number of object-group networks to 1024
- Added possibility to specify prefix 0.0.0.0/0 in Prefix List, route-map
- Added possibility to specify links in object-group url as regular expressions
- Added possibility to change MAC-address of physical and aggregated interfaces
- Transfer port commands ip http proxy redirect-port, ip http proxy redirect-port from BRAS to HTTP(S) Proxy
NAT:
- ESR-1700: Increased the maximum number of NAT pool to 1024

Version 1.6.6

Revisions:

Tunneling:
- Support for the new keepalive mechanism for softgre tunnels. The tunnels are
  checked by ping-probe from the client devices. The new operating mode is
  enabled by the keepalive mode reactive command in the wireless-controller configuration

Version 1.6.5

Revisions:

CLI:
- Added possibility to enable single-user configuration
  mode
- Added command to terminate CLI sessions
- Added notification of unapplied configuration changes when entering/exiting
  configuration mode and CLI
Tunneling::
- Added option to enable softgre sub-tunnel in Bridge, which is in
  VRF

Version 1.6.4

Revisions:

BRAS:
- Added show subscriber-control sessions count command to count the number of BRAS sessions
- Added show subscriber-control services count command to count the number of BRAS services
mDNS
- Added mDNS-reflector functionality
- Added mDNS service filtering functionality
- Added show ip mdns-reflector command to view found mDNS services
- Added clear ip mdns-reflector command to update the list of services
Monitoring and management:
- CLI
  - Added dynamic/static and tunnel softgre filters for show/clear mac address-table commands
- Tunneling:
  - Added clear tunnels softgre remote-address <ip> command to remove softgre tunnel for a specific point
  - Added clear tunnels softgre command to remove all softgre tunnels

Version 1.6.2

Revisions:

BRAS:
- Supported on ESR-1X/2X
- Added possibility to set the interface with dynamic IP addresses as nas-ip
DHCP:
- Added possibility to clear DHCP server lease records
- Increased the number of static DHCP entries in the pool to 128
QOS:
- Added classification on the outbound interface, which allows not to use ingress policies
- Added possibility to set multiple ACLs in a class
- Added the possibility to set a DSCP classification in a class
VoIP:
- Added possibility to configure PBX
Interfaces:
- Supported routerport/switchport/hybrid interface operation mode
- Supported E1 HDLC
- Supported Serial (RS-232):
- Organization of connections using analog modems in Dial up, leased line mode
- Controlling neighboring devices via console
Routing
- BGP:
  - Supported Flow Specification Rules
  - Supported weight attribute
  - Added possibility to set route-map default route, le/ge/eq
  - Added all, nearest, replace options for remove-private-as option
- IP:
  - Supported IP Unnumbered
  - Added possibility to disable ICMP unreachable/redirect responses
  - Supported IPv6 Router Advertisement
- Multiwan:
  - Supported mechanism to clear NAT sessions after an unreachable target is detected
Monitoring and management:

AAA:
- Added possibility to set source IP address for TACACS/LDAP servers
- Added possibility to set interface as a source for RADIUS server
- Extended TACACS server key size to 60 characters
- Added possibility to disable console port authentication
CLI:
- Added possibility to set command aliases
- Added possibility to view interface usage statistics
- Added possibility to view CPU usage statistics
- Added possibility to set a name for a static route
- Added possibility to calculate hash sums of files
- Added possibility to view the list of current crashes
- Added possibility to disable debugging with one command
- Added possibility to display messages when viewing logs for a certain period of time
- Added possibility to download bootloaders
- Added possibility to view rule description in output of show ip firewall counters command
- Added possibility to copy files via HTTP(S) protocol
- Added possibility to view the difference between configurations (running, candidate, factory)
- Added possibility to view the configuration with metadata
- Removed commit update command
SNMP:
- Added possibility to set community for trap messages
- Added possibility to set source IP address for trap messages
- Added possibility to choose content of linkDown/linkUp traps between standard and cisco-like
SSH:
- Added possibility to set source IP address for SSH client
Supported Cisco SLA responder
Supported Eltex SLA
Supported SFTP server

Filtering and translation
- Firewall:
  - Added filtering by ICMP message type name
- HTTP (S) Proxy:
  - Added filtering by content type: ActiveX, JS, Cookies
  - Added possibility to filter/redirect by local/remote lists
  - Added possibility to update remote URL lists via RADIUS CoA
- NAT:
  - Added possibility to broadcast addresses from PPTP/PPPoE tunnel
Tunneling:
- IPSEC:
  - Added possibility to use an IP address obtained by DHCP as a local gateway
  - Added possibility to view extended information about tunnel authentication
  - Supported XAuth client
  - Support for PFS (perfect forward secrecy) using the DH group

Version 1.4.4

Revisions:

PPPoE client:
- Added PAP, MS-CHAP, MS-CHAPv2, EAP authentication methods

Version 1.4.2

Revisions:

Attack protection:
- Added the show ip firewall screens counters command, which allows you to view statistics on detected network attacks
- Implemented protection against XMAS and TCP all flags
SNMP:
- Added possibility to set snmp-server contact and snmp-server location Added OIDs for these parameters
- Implemented SNMP View: allow or deny access to community and user by OID
NTP:
- Expanded show ntp peers output: added stratum and synchronization status
Firewall:
- Added ip firewall sessions tracking sip port command, allowing you to select TCP/UDP port for SIP session tracking
Firewall:
- Added ip firewall sessions tracking sip port command, allowing you to select TCP/UDP port for SIP session tracking
Tunneling:
- Implemented L2TP client with IPSec support
IP SLA agent (Wellink):
- Added possibility to manage tests without portal participation
- Redesigned control and monitoring commands
- Added threshold management commands: setting thresholds for exceeding and normalizing test parameters, alerting in CLI, SYSLOG and SNMP about threshold crossing

Version 1.4.1

Revisions:

Tunneling:
- GRE enhancement:
  - Implemented keepalive mechanism for Ethernet over GRE tunnels
  - Increased maximum number of SoftGRE tunnels to 8K (ESR-1200/ESR-1700)
  - Added possibility to configure MTU on SUB-GRE tunnels
- IPsec enhancement:
  - Added encryption algorithm null command in config-ipsec-proposal mode to disable encryption of ESP traffic
  - Support for policy-based IPsec operation in VRF
BRAS:

Supports speed limit per subscriber session
Added session ip-authentication command in config-subscriber-control configuration mode. When this option is enabled, user authentication is by IP address
Added show subscriber-control radius-servers command to view information about RADIUS servers used

SNMP:
- Added possibility to apply the configuration and reboot the device with commitConfirmAndReload SetRequest
- Support for the RMON agent, which allows to collect statistics about the nature of traffic on network interfaces
- Implemented management of VoIP services via SNMP
- Support for sending notifications when DoS attacks are detected
- Implemented sending SNMP traps when thresholds are reached:
  - Network interfaces load
  - GRE/SUB-GRE tunnel
  - Number of tunnels included in the bridge-group
  - BRAS sessions
AAA:

Added possibility to specify the source-address for requests to the authentication and authorization server in config-tacacs-server and config-ldap-server configuration modes

Multiwan:
- Added wan load-balance commands in config-cellular-modem configuration mode to configure Multiwan using a USB modem
L3 routing:
- Supported BFD technology for static routing
- BGP enhancement:
  - Added commands: default-information originate in config-bgp-af configuration mode, default-originate in config-bgp-neighbor configuration mode to allow default route advertisement
CLI:

Added support for the Ctrl-P and Ctrl-N hotkeys to view the history of entered commands
Added the ability to view the current state of tracking objects using the show tracking objects command

LLDP:
- Added support for MED extension with support for announcing DSCP, VLAN, PRIORITY parameters for different device types. Through this extension the Voice VLAN transmission is realized
Firewall:
- Implemented application traffic classification technology
- Added ip firewall logging screen command in config mode to log detected DoS attacks
QOS:
- Implemented GRED (Generic RED) mechanism to manage queue overflow based on IP DSCP or IP Precedence
VRRP:
- Supported operation in VRF
- Added VRRP track-ip
Zabbix:
- Implemented Zabbix agent
Configuration:
- Implemented automatic reading of the configuration from removable media when booting the device without configuration

Version 1.4.0

Revisions:

Tunneling:
- Added PPTP client
- Added PPPoE client
- Support for Ethernet over GRE tunnel
- Support for creating subinterfaces for Ethernet over GRE tunnels
- Added possibility to increase MTU for tunnels up to 10000
- IPsec enhancement:
  - Supported XAuth for dynamic IPsec tunnels
- OpenVPN enhancement:
  - Extension of the list of encryption and authentication algorithms
BRAS:

Added possibility to broadcast the table USER IP - PROXY IP by NetFlow for proxied connections

L2 switching:
- Added force-up command to config-vlan In this mode, the VLAN is always in the «Up» state
L3 routing:
- Added possibility to optionally enable IPv6 stack on interfaces
- BGP enhancement:
  - Increased the range of values for the local preference parameter
  - Extended output of the show ip bgp neighbors command
  - Implemented VRRP tracking: change MED and AS-path attributes based on VRRP state
CLI:
- Added possibility to scale the size of the terminal to the size of the window on the PC when using the console connection. terminal resize command
- Extended the set of allowed characters in APN in config-cellular-profile Added characters: "@", ".", "-"
- Monitoring:
  - Added possibility to filter traffic by source/destination MAC address
  - Added possibility to view Firewall sessions
  - Output interface status information when calling show ip interfaces
DHCP:

Added possibility to exclude IP address from DHCP server address pool
Added possibility to set arbitrary option in IP-address, string, HEX-string format

NAT:
- Support for Static NAT
NTP:
- The ntp enable vrf <NAME> command outdated. Protocol time synchronization is enabled by the ntp enable command and will be allowed for all servers and peers in the configuration
- Added ntp logging command to log NTP events
- Added ntp source address <IP> command to set IP address for all NTP peers
SNMP:
- The snmp-server vrf <NAME> command outdated. Protocol access is enabled with the snmp-server command and will be allowed for all communities and SNMPv3 users in the configuration
- Management:
  - Support for copying firmware, configuration, certificates
  - Support for configuration operations (commit, confirm, restore, rollback, etc.)
  - Added possibility to create interfaces
  - Added possibility to change the image of the active software
  - Added possibility to reboot the device (only when snmp-server system-shutdown is enabled on esr)
  - Added possibility to configure VRRP
- Monitoring:
  - Added possibility to view the number of existing interfaces and tunnels of all types
  - Added possibility to view the size of the ARP table
SYSLOG:

Added logging of stops/starts of system processes

VRRP:
- Added the vrrp force-up In this VRRP mode, IP interface is always in the «Up» state

Version 1.3.0

Revisions:

Attack protection:
- DoS attack protection:
  - ICMP flood
  - Land
  - Limit-session-destination
  - Limit-session-source
  - Syn flood
  - UDP flood
  - Winnuke
- Blocking spy activity:
  - Fin-no-ack
  - ICMP type
  - IP sweep
  - Port scan
  - Spoofing
  - Syn-fin
  - TCP-no-flag
- Blocking non-standard packets
  - ICMP fragment
  - IP fragment
  - Large ICMP
  - Syn fragment
  - UDP fragment
  - Unknown protocols
Support for DNS name resolution. Caching DNS server
Support for LLDP
Support for 3G/4G USB modems
AAA:
- Added possibility to adjust the number of failed authentication attempts
- Added possibility to set the password lifetime
- Added possibility to set the maximum number of passwords stored in the history for each local user
- Added reminder function of the initial password change
- Added possibility to set a timeout for the login session
- Added setting to allow/deny login as root when connecting via RS-232 (console)
- Requirement to change the password after it expires
- Added possibility to control password complexity
BGP:
- Combining peers into groups with a set of attributes
BRAS:
- Added Framed-IP-Address attribute containing subscriber IP address to Access-Request packets of RADIUS protocol
- Optimized performance of the Proxy server
CLI:
- Supported SFTP for uploading/downloading firmware files, configurations and certificates
- Support for USB memory sticks, SD/MMC cards in firmware, configuration and certificate file copying operations
- Added possibility to view table sizes and routing protocol priorities
- Added possibility to view all routes belonging to a specified subnet
DHCP:
- DHCP client. Manual IP address re-request
- Support for DHCP server in VRF
- Support for options 150 (tftp-server ip) and 61 (client-identifier HH:<MAC>) for DHCP server
Firewall:
- Added possibility to control ALG modules
- Added possibility to disable drop packets related to the session with an invalid status (e.g., in asymmetric routing)
IPSEC:
- Added possibility to set the local address to any when configuring the IKE gateway
- Support for certificates
L2 switching:
- Added possibility to pass BPDU through the bridge on ESR-100/200
- Added possibility to include the physical port in the bridge on the ESR-100/200
Multiwan:
- Implemented automatic switching to a backup channel if parameters of the current channel deteriorate (LOSS, jitter, RTT)
- Support for VRF operation
- Support for LT tunnels
NTP:
- Authentication support
- Support for filtering by message type
SNMP:
- Added possibility to disable SNMPv1
- Implemented access control lists
- Added possibility to control password complexity for snmp-server community
SSH
- Added possibility to configure the maximum number of authentication attempts to connect via SSH
- Added possibility to set the waiting interval for SSH connection authentication
- Added possibility to set the key pair update interval for SSH
- Selectable SSH version
- Implemented authentication algorithms, encryption, key exchange configuration
- Variable length RSA key generation
VLAN
- Operational VLAN status management (ESR-1000/ESR-1200)
- Support for MAC based VLAN
- Added possibility to automatically add ports to existing VLANs
VRRP
- Added possibility to use VRRP IP as source IP address for GRE, IP4IP4, L2TPv3 tunnels and RADIUS client
- Listening to VRRP by L2TP/PPTP IP servers
- Support for VRRPv3
- Fixed incorrect order of virtual IP addresses in a packet

Version 1.2.0

Revisions:

Tunneling:
- GRE Keepalive support
L3 routing:
- BGP:
  - Adding of neighbor description
  - Possibility to enable/disable neighbors
  - Increased total number of BGP peers to 1000
  - View the total information on peers
- Multiwan:
  - View operational information
- VRRP:
  - Set a subnet mask for VRRP IP
- Port-Channel Operational Status Management (ESR-100/200)
IPSEC:
- Support for Policy-based IPsec mode
- Flexible tunnel key renegotiation (margin seconds/packets/bytes, randomization)
- Closing the IPsec tunnel after a specified number of packets/bytes have been transmitted
- Specification of the time interval after which the connection is closed if no packets are received or transmitted through the SA
SNMP:
- Display the current speed of the interfaces in the ifSpeed parameter of the IF-MIB
- SNMP Trap:
  - Trap on exceeding the thresholds of CPU load and temperature, fan speed, free RAM and FLASH space
CLI:
- Routing information filtering by protocol
- Filtering by interface, IP address and MAC address in ARP/ND table clear commands
- Storing log files in the non-volatile memory of the device
- Uploading log files from the device using the copy command
- View the contents of critlog with the show syslog command
- View the contents of the log files from the end. Added show syslog from-end command
- Configuration confirmation timer setting. Added system config-confirm timeout command
- Changes in the command interface:
  - Cisco-like paths for files:

v1.2.0: system:..
esr# copy system:running-config
v1.1.0: fs://.../
esr# copy fs://running-config

AAA:
- Added a mode in which the following methods will be used for authentication if the priority one is not available
NTP:
- Authentication support
Firewall:
- Increased the number of security zone pairs to 512
- Added possibility to pass packets that could not be identified as belonging to any known connection and that are not the start of a new connection. Added ip firewall sessions allow-unknown command
QOS:
- Configuring the length of edge queues in Basic QoS
BRAS:
- Shaping by SSID and offices
- Subscriber authentication by MAC-address
- Configuring active/reserve redundancy based on VRRP status

Version 1.1.0

Revisions:

BRAS:
- User termination
- RADIUS CoA processing, interaction with AAA
- URL whitelists/blacklists
- Quoting by traffic volume and session time, or quoting by both
- HTTP proxy
- HTTP Redirect
- HTTPS Proxy
- HTTPS Redirect
- Getting URL lists from PCRF
- Session accounting via Netflow protocol
- Optional additional verification of authorized users by MAC-address
Netflow:
- Netflow v10. Exporting statistics by URL
- VRF support
- Support for Domain Observation ID
- Information on NAT sessions
- HTTPS Host export
- Exporting information on L2/L3 location
- Active-timeout configuration
- Setting the source IP address for packets sent to the Netflow collector
- Configuring exports on an interface with the Firewall enabled
VRRP:
- Tracking routes based on the state of the VRRP process
CLI:
- Autocomplete and display the names of created objects in tooltips
- Display summary information by Firewall and NAT sessions
- View real-time information on running services/processes
- Informative tooltip in case of incorrect parameter entry
SYSLOG:
- Added possibility to set source IP-address for interaction with SYSLOG servers
L2 switching:
- Q-in-Q subinterfaces
L3 routing:
- VRF enhancement:
  - Virtual Ethernet Tunnel (tunnel linking VRF)
- BGP enhancement:
  - Configuring the source IP address for routing information exchange (update-source)
  - Support for BFD
DHCP Relay:

Support for Option 82
VRF support
Support for point-to-point interfaces (GRE, IP-IP, etc.)

Management interfaces:
- SNMP:
  - Support for MAU-MIB
QOS:

Increasing the number of QoS policy-map to 1024 and class-map to 1024

Wi-Fi Controller:
- Retrieve settings (tunnel-served SSID and shaping parameters) of DATA tunnels from RADIUS server

Version 1.0.8

Revisions:

Improved health monitoring of network services
AAA:
- Setting a source IP to communicate with RADIUS servers
- Deleting SSH host keys
- Support for legacy encryption protocols for SSH connections from third-party devices
L3 routing:
- MultiWAN: per-flow routing
- Recursive static routing
- BGP support for setting blackhole/unreachable/prohibit as Nexthop
- VRF-lite enhancement:
  - support for NTP
  - Support for GRE tunnels
CLI enhancement:

Support for correct addition of partially entered parameters
Display the network interfaces uptime in the show interfaces status command
Replacing private data when logging entered commands with ***
Added no nat { source | destination } commands to quickly remove the entire NAT configuration

VRRP:
- Support for version 3
- Support for configuring GARP Master parameters
- Simultaneous configuration of up to 8 Virtual IPs per process
Reservation of Firewall sessions is now configured independently of the Wi-Fi Controller
Multiwan:
- Output messages about changes in route states
ESR-100/ESR-200:
- Support for 100BASE-X transceivers on combo ports
ESR-1000:
- Bridge: Prohibit switching of unknown-unicast traffic
Management interfaces:
- SNMP:
  - SNMP Trap:
    - Trap on high CPU load
  - SNMP MIB:
    - IP-MIB
    - TUNNEL-MIB
    - ELTEX-TUNNEL-MIB
    - RL-PHYS-DESCRIPTION-MIB
    - CISCO-MEMORY-POOL-MIB
    - CISCO-PROCESS-MIB

Version 1.0.7

Revisions:

Device control: configuring the operation mode of the fans
L3 routing:
- Automatically allocated VLAN (Internal Usage VLAN) do not change when the configuration is applied
- MultiWAN: unconditional target check
- Removed mutual crossing check for DirectConnect networks and static routes
- Changes in TCP MSS
- Changed restrictions on the maximum number of active routes (FIB)
- Limited maximum number of routes for each dynamic routing protocol (RIB)
- Added possibility to filter the default route in the Prefix List
- BGP support
- BGP ECMP
- Keepalive timer autocalculation
- Support for Policy-based routing (IPv4 only)
- Logging changes in the state of connections with peers in the OSPF and BGP
- Added possibility to use route-map for OSPF, RIP
- VRF-lite enhancement:
  - BGP support
  - Support for OSPF
  - Поддержка QoS
  - Router management (AAA, Telnet, SSH, SNMP, Syslog, copy command)
- IPv6 enhancement:
  - BGP support
  - Support for setting Nexthop in route-map
  - Support for RADIUS/TACACS/LDAP
  - Support for MultiWAN
Tunneling:
- Authentication via RADIUS server for PPTP/L2TP servers
- OpenVPN
- Expiration of automatically raised Ethernet-over-GRE tunnels (Wi-Fi controller)
- IPsec enhancement:
  - Support for DES protocol
  - Obtain operational information
ARP/ND:

Configuring the lifetime of entries

DHCP Server:
- Configuring the netbios-name-server option in the DHCP address pool
CLI enhancement:
- Viewing load on network interfaces
- Extended list of protocols in ACL
- The untagged/tagged parameter is made optional when removing a VLAN with the switchport general allowed vlan remove command
- Viewing traffic on network interfaces
VRRP:
- Preempt delay configuration
- Simultaneous configuration of multiple Virtual IP
Multiwan:
- Verification of all targets on the target list
ESR-100/ESR-200:
- Policy-based QoS
- ACL
ESR-1000:
- Automatic SFP transceiver detection for 10G ports
- Bridge: Isolation of tunnels or sub-interfaces in the bridge
- Integration of third-party software:
  - IP SLA agent (Wellink)
SYSLOG: Added timezone setting before displaying messages
Management interfaces:
- SNMP:
  - SNMP Trap
  - SNMP MIB:
    - ENTITY-MIB
    - IANA-ENTITY-MIB

Version 1.0.6

Revisions:

Management and monitoirng:
- Automatic configuration redundancy
- Statistics collection:
  - Netflow v5/v9/v10(IPFIX)
  - sFlow
MAC table:

Added possibility to limit the MAC-addresses being learnt
Added possibility to adjust the storage time of MAC-addresses

Syslog enhancement:
- Logging critical commands
- Logging routing protocols operation
CLI enhancement:
Command trace filtering by | include/exclude/begin/count
Improvement of the page view mode of commands
Switching syslog file browsing to page mode
Support for entering the port on which the TFTP/SSH/FTP service on the remote server works in the copy command
Added age display of ARP/IPv6 entries and self entries in show arp and show ipv6 neighbors commands
- Changes in the command interface:
  - Added ip path-mtu-discovery command
  - DHCP: The ip address dhcp enable command changed to ip address dhcp

v.1.0.6:(config)# interface gigabitethernet 1/0/1
(config-if-gi)# ip address dhcp
v.1.0.5:(config)# interface gi 1/0/15
(config-if)# ip address dhcp enable

DHCP: Theip address dhcp server <IP> command changed to ip dhcp server address <IP>

v.1.0.6: (config)# interface gigabitethernet 1/0/1
(config-if)# ip dhcp server address 10.10.0.1
v.1.0.5: (config)# interface gigabitethernet 1/0/1
(config-if)# ip address dhcp server 10.10.0.1

DHCP: The ip address dhcp {<Ignore, lease-time, reboot, set reboot time, retry, select-timeout, timeout, vendor-class-id>} command changed to ip dhcp client {<Ignore, lease-time, reboot, set reboot time, retry, select-timeout, timeout, vendor-class-id>}

v.1.0.6: (config)# interface gigabitethernet 1/0/1
(config-if)# ip dhcp client timeout 60
v.1.0.5: (config)# interface gigabitethernet 1/0/1
(config-if)# ip address dhcp timeout 60

Firewall: The show security zone-pair counters command changed to show ip firewall counters

v.1.0.6: # show ip firewall counters
v.1.0.5: # show security zone-pair counters

Firewall: The clear security zone-pair command changed to clear ip firewall counters

v.1.0.6: # clear ip firewall counters
v.1.0.5: # clear security zone-pair

sNAT: The service nat source command changed to nat source

v.1.0.6: (config)# nat source
v.1.0.5: (config)# service nat source

dNAT: The service nat destination command changed to nat destination

v.1.0.6: (config)# nat destination
v.1.0.5: (config)# service nat destination

NTP: The service ntp {< broadcast-client, dscp, enable, peer, server>} command changed to ntp {< broadcast-client, dscp, enable, peer, server>}

v.1.0.6: (config)# ntp peer 10.10.10.10
v.1.0.5: (config)# service ntp peer 10.10.10.10

MULTIWAN: The target <IP> command changed to ip address <IP>

v.1.0.6: (config)# wan load-balance target-list eltex
(config-wan-target-list)# target 3
(config-wan-target)# ip address 10.10.0.1
v.1.0.5: (config)# wan load-balance target-list eltex
(config-wan-target-list)# target 3
(config-wan-target)# target 10.10.0.1

IPsec: The ipsec authentication method psk command changed to ipsec authentication method pre-shared-key

v.1.0.6: (config)# remote-access l2tp elt
(config)# ipsec authentication method pre-shared-key
v.1.0.5: (config)# remote-access l2tp elt
(config)# ipsec authentication method psk

QoS enhancement:
Prioritizing control traffic
Firewall enhancement:
Managing timers and number of sessions
SSH enhancement:
RSA, DSA, ECDSA, Ed25519 key generation
NAT enhancement:
Added possibility to run NAT when Firewall is disabled
Using bridge in the command to limit the scope of a rule group
MultiWAN enhancement:
Specifying SUB-interfaces as a gateway
SNMP enhancement:
Support for ifXTable
SNMP IPv6
Enable/disable user for low-level technical support access
Arbitrary MAC address settings on the network bridge
L3 routing:
BGP enhancement:
- ExtCommunity
- Private AS deletion mode
- Mode of default-route announcement along with other routes
Filtering and assigning parameters to routes in redistribution

Version 1.0.5

Revisions:

CLI enhancement:
Deleting entities of the same type with one command via the 'all' option
Interfaces:
Support for Jumbo Frame (MTU up to 10000 bytes)
Assigning /32 prefixes to Loopback interfaces
Firewall:
Added possibility to interrupt/clean up established sessions
Disabling Firewall function
QOS:
Marking/remarking traffic
DSCP code mutation
Hierarchic QoS (HQoS)
Bandwidth management (shaping), 1 kbit/s step
Bandwidth reservation by traffic class (shaping per queue)
RED, GRED queue overload management
SFQ queue management
Policy-based QoS
Network services:
Access control list (ACL)
Support for issuing IP addresses by DHCP-server according to client's MAC-address
Support for filtering by MAC-addresses in Firewall
Support for simultaneous operation of DHCP server and Relay agent
Telnet, SSH clients
Support for E1 interfaces:
CHAP
PPP
MLPPP (Multilink PPP)
AAA:
Authentication and authorization by local user base, RADIUS, TACACS+, LDAP
Command accounting via the TACACS+ protocol
Session accounting: SYSLOG, RADIUS, TACACS+
Managing command privilege levels
L3 routing:
BGP enhancement:
- Attribute filtering and attribute modification (local preference, AS-path, community, nexthop, origin, metric, subnet)
- Support for Route-Reflector feature
- Configuration of authentication options for a specific neighbor
- Support for 32-bit numbers of autonomous systems
- Added possibility to view prefixes received from neighbor and announced to neighbor
- Added possibility to view information by specific prefix
RIP enhancement:
- Summation of advertised subnets
- Static neighborhood
OSPF enhancement:
- Summation of advertised subnets
- Support for the eligible parameter for NBMA interfaces
Route propagation management (prefix lists with the ability to specify valid prefixes using eq, le, ge rules)
Static routes with blackhole/prohibit/unreachable destination

VRF Lite:
- Operation of network functions in the context of VRF:
  - IPv4/IPv6 addressing
  - Static routing
  - NAT
  - Firewall
System resource monitoring:

Connection/flow monitoring
Routing table monitoring

Improvements in Syslog operation
Router redundancy:
- Firewall session redundancy
- DHCP server lease redundancy
- SoftGRE tunnel redundancy for Wi-Fi access points
Support for IPv6 addressing in the following network services:
- Addressing
- Static routing
- Firewall
- OSPFv3
- Prefix-List
- NTP
- Syslog
- Ping, traceroute utilities
- Telnet client/server
- SSH client/server
- DHCP Server/Relay/Client
SNMP:
- Added support for SNMPv3
- Added SNMP MIB (monitoring) for QoS

Version 1.0.4

Revisions:

CLI:
- Added possibility to import and export files using FTP, SCP
- Viewing configurations by section
- Added possibility to update u-boot from the system command interface
- Changes in the command interface:
  - NAT: The proxy-arp interface command changed to ip nat proxy-arp

v.1.0.4: (config)# service nat source
(config-snat)# proxy-arp interface gigabitethernet 1/0/15 SPOOL
v.1.0.3: (config)# interface gigabitethernet 1/0/15
(config-if)# ip nat proxy-arp SPOOL

IKE: The policy command changed to ike-policy

v.1.0.4: (config)# security ike gateway gw1
(config-ike-gw)# policy ik_pol1
v.1.0.3: (config)# security ike gateway gw1
(config-ike-gw)# ike-policy ik_pol1

IPSec: The vpn-enable command changed to enable

v.1.0.4: (config)# security ipsec vpn vpn1
(config-ipsec-vpn)# vpn-enable
v.1.0.3: (config)# security ipsec vpn vpn1
(config-ipsec-vpn)# enable

VTI: The interface vti command changed to tunnel vti

v.1.0.4: (config)# tunnel vti 1
v.1.0.3: (config)# interface vti 1

DHCP: The service dhcp-server command changed to ip dhcp-server

v.1.0.4: (config)# ip dhcp-server
v.1.0.3: (config)# service dhcp-server

SNMP:
- Added support for SNMP monitoring
- Supported standard SNMP MIB (monitoring)
Routing features:
- Authentication key-chain
- OSPF:
  - NSSA
  - Stub Area
  - MD5 Authentication
  - MTU Ignore mode
- RIP:
  - MD5 Authentication
- BGP:
  - Support for EBGP Multihop
  - Support for next-hop-self attribute
- Static routing:
  - Support for configuring multiple default routes
- Configurable preference for routing protocols
Redundancy features:
- Support for VRRP
- Support for DualHoming redundancy
- Control and redundancy of WAN (Wide Area Network) connections
- Load balancing on WAN interfaces
DHCP:
- Support for DHCP relay
QOS:
- Traffic prioritization
- L3 priority processing (DSCP)
- Support for 8 priority queues
- SP, WRR queue processing algorithms
- Setting interface bandwidth limits for incoming and outgoing traffic
Interfaces:
- Support for loopback interfaces
NAT/Firewall:
- Support for renumbering rules
- Viewing information about established sessions
- Improved session monitoring for a number of protocols (H.323, GRE, FTP, SIP, SNMP)
- Activating and deactivating session traffic counters
- Change in the command interface: improved commands autocompletion
Mirroring:
- Support for traffic mirroring

Version 1.0.3

Revisions:

Switching:
- VLAN configuration
- LAG (static and LACP)
- STP/RSTP/MSTP
- Port isolation
- Bridge groups
Routing:
- OSFP
- BGP
- RIP
NAT:
- Proxy ARP for Source NAT
Remote access:
- L2TPv3
- IPv4-over-IPv4
- GRE
Syslog:
- Added possibility to configure logging in remote sessions (SSH and Telnet)
- The message format is in accordance with RFC5424
- Entered commands logging
CLI:
- Added possibility to update the software via the CLI
- Added possibility to view the operational status of interfaces
- Support for port utilization
- Support for viewing the ARP table
- Command to view the serial number
- View hardware version command
- Support for ARP table cleaning
System:
- Support for licensing
- Support for Flash button
- Implemented automatic load balancing between router cores
Security:
- Support for group SHA-2 authentication methods in IKE IPsec

Version 1.0.2

Revisions:

Configuration:
- Added possibility to copy configuration to (c) TFTP server(s)
- Hostname
- System time (manual)
- Interface description
- Added possibility for the firewall to filter the traffic broadcast or non-broadcast DNAT service
- Added possibility to ignore certain options in the DHCP client
- Changes in IPSec commands related to authentication and encryption
- Checking for duplicate information in object-group service/network
- Added possibility to reset to factory configuration
- Added possibility to set time zones
Operative information:
- System environment parameters
- Active user sessions
- Load on physical interfaces
- Status of logical interfaces
- Counters of logical interfaces
Remote access:
- PPTP
- L2TP/IPSec
NTP:
- Server, peer, client modes
10G port indication
Utilities:
- Ping

Version 1.0.1

Revisions:

Address translation:
- Source NAT
- Destination NAT
- Static NAT
Virtualization, VPN:
- IKE
- Tunnelling (IPsec)
- Connection encryption (3DES, AES)
- Message authentication by MD5, SHA1, SHA256, SHA384, SHA512
Network services:
- DHCP Server
- DHCP Client
- DNS
L3 routing:
- Static routes
Network security:
- Firewall
Management:
- Management interfaces:
  - CLI
  - Telnet, SSH
- Access control (local user base)
- Сonfiguration management
- Automatic configuration restore
- Updating the firmware (u-boot)
Monitoring:
- Syslog

Performance:

Firewall performance (large packets)	5.9 Gbps
NAT performance (large packets)	5.9 Gbps
IPsec VPN performance (large packets)	3.7 Gbps (AES128bit / SHA1)
Number of VPN tunnels	100
Quantity of static routes	100
Number of competitive sessions	512,000

Version restrictions:

Bandwidth is limited (500Mbit/s per IPsec tunnel)
CPU load balancing is supported with limitations
Policy-based VPN is not supported
Updating firmware only by means of u-boot
Static switch control
No hardware bridging acceleration
No VLAN configuration (bridging)
No support for SNMP, Webs
No timezone configuration
No NTP