ESR-Series. Release notes. Firmware version 1.13.0
Версия 1.13.0
Revisions:
- Support fo ESR-1511 and ESR-3100 routers
- Support for Content-Filter functionality for HTTP traffic
- Support for Anti-Spam functionality for HTTP traffic
- Routing:
- BGP:
- Increased BGP RIB ESR-10/12V/12VF/14VF to 1M routes
- increased BGP RIB ESR-20/21/100/200 to 2.5M routes
- Increased BGP RIB ESR-1000/1200/1500/1510 to 5M routes
- BGP:
Version 1.12.0
Revisions:
- IDS/IPS:
- Supported interaction with Eltex Distribution Manager for licensed content — a set of rules provided by Kaspersky SafeStream II
IPsec:
Added possibility to view debug information for IPsec
MPLS:
- Added support for VPLS Kompella Mode
- Added commands to output operational information for L2VPN
- USB-Modem:
- Support for modems with HILINK firmware
Routing:
- IS-IS:
- Added possibility of 3way handshake neighborhood establishment
- IS-IS:
Monitoring and management:
- CLI:
- Removed the possibility to authenticate as root
- CLI:
Tunneling:
- Added possibility to set AAA authentication lists for OpenVPN clients
- Filtering:
- HTTP proxy
- Added possibility to log filtering events
- HTTP proxy
Version 1.11.2
Revisions:
BRAS:
Supported BRAS operation in VRF for L3 switching scheme
Supported adding Option 82 from client DHCP packets in accounting
Supported getting the number of services and BRAS sessions via SNMP
- SNMP:
- Supported breaking softgre tunnels
Monitoring and management:
- CLI:
Added the merge command, which merges the downloaded configuration with candidate-config
- Added possibility to view information about the configuration of a particular Bridge
- Added possibility to view the configuration of a certain object-groups by specifying the type
- Added possibility to view the configuration of a certain tunnel
- Added possibility to view the configuration of a specific route-maps
- Added saving user login to configuration name when reserving configuration locally
- Added possibility to view the difference between the archived configurations
- Added the clear vrrp-state command, which stops VRRP execution for 3* Advertisement_Interval+1 time. This enables the router in the backup state to perform a master hijacking
- SLA:
Supported IP SLA in ICMP-ECHO mode
- CLI:
- Tunneling:
Supported synchronization of wireless-controller tunnels between routers with different firmware versions
Version 1.11.1
Revisions:
IPsec:
Implemented possibility to disable Mobility and Multihoming Protocol (MOBIKE) for IKEv2
- Support for certificate IPsec authentication
- Support for CRL and filtering by attribute field Subject-name
Version 1.11.0
Revisions:
CLI:
Implemented TCP/UDP port filtering when displaying and cleaning firewall/NAT sessions
Implemented possibility to view mDNS configuration
IPsec:
Implemented modes of reconnecting XAUTH clients with one login/password
Implemented possibility to disable Subject attribute field validation of local and remote XAUTH certificate
Routing:
Implemented possibility to use Multiwan on pppoe, l2tp, openvpn, pptp and vti-tunnels
Tunneling:
GRE
Implemented possibility to use as local interface for GRE tunnels: USB-modem, pptp, l2tp, pppoe-tunnel and e1, multilink-interfaces
- Implemented possibility to build GRE tunnels from IP-interfaces of a great VRF
- Implemented possibility to provide L2 connectivity between clients from different tunnels within one location in the scheme with wireless-controller
PPPoE
Added possibility to use ",", "/" and "\" symbols in username
Limited file system support for USB sticks and SD/MMC cards. Only FAT is supported
Version 1.10.0
Revisions:
- Routing:
- Added support for IS-IS routing protocol
- Added support for RIP NG routing protocol
- Reworked BGP configuration
- BGP:
- Added support for BGP Graceful restart
- Added support for BGP Weight attribute
- OSPF:
- Added support for OSPF Graceful restart
- Monitoring and management:
- Added possibility to enable monopoly access to the configuration
- Added possibility to reset CLI sessions
- Added possibility to clear the alarm list
- Tunneling:
- Added user authentication method selection for L2TP and PPTP servers
- Added possibility to use private key and certificate for OpenVPN client
- MPLS:
- Added support for LDP
- Added support for L2VPN VPWS
- Added support for L2VPN VPLS Martini mode
- Added support for L3VPN MP-BGP
Version 1.8.7
Revisions:
- USB-Modem:
- Added the «no compression» command to disable Van Jacobson TCP/IP header compression method
- Monitoring and management:
- Added possibility to execute SSH commands in non-interactive command line sessions (CLI)
Version 1.8.5
Revisions:
- Security:
- Added possibility to use demo licenses for IDS/IPS
- SLA:
- Updated Wellink SLA agent on ESR-10/12V/12VF
- USB-Modem:
- Added possibility to use '_', '@', '.', '-' characters for user field in cellular profile configuration mode
- Monitoring:
- Added Zabbix-proxy functionality
Version 1.8.3
Revisions:
- IPSEC:
- Fixed problem of unstable IPsec operation with DMVPN and L2TPv3
- Multilink:
- Fixed problem of routing traffic from multilink
- Fixed problem with adding the second and subsequent interfaces in multilink
- OSPF:
- Fixed problem with route information update
Version 1.8.2
Revisions:
- Support for ESR-20/21/1500/1510 routers
- OpenVPN server:
- Increased the number of users to 64
- ACL:
- ESR-1X: increased the number of rules to 255
Version 1.8.1
Revisions:
- OpenVPN server:
- Added possibility to assign a static IP address to an OpenVPN user
- Added possibility to authorize multiple OpenVPN users with one certificate
Version 1.8.0
Revisions:
- Tunneling:
- Support for DMVPN
- BGP:
- Increased BGP RIB ESR-20/21/100/200 to 2M routes
- Increased BGP RIB ESR-1000/1200/1500/1510 to 3M routes
- SNMP:
- Support for LLDP-MIB
Version 1.7.0
Revisions:
- Filtering:
- Support for IDS/IPS
- HTTP proxy: added redirect port configuration
- CLI:
- ESR-1700: Increased the maximum number of object-group networks to 1024
- Added possibility to specify prefix 0.0.0.0/0 in Prefix List, route-map
- Added possibility to specify links in object-group url as regular expressions
- Added possibility to change MAC-address of physical and aggregated interfaces
- Transfer port commands ip http proxy redirect-port, ip http proxy redirect-port from BRAS to HTTP(S) Proxy
- NAT:
- ESR-1700: Increased the maximum number of NAT pool to 1024
Version 1.6.6
Revisions:
- Tunneling:
- Support for the new keepalive mechanism for softgre tunnels. The tunnels are
checked by ping-probe from the client devices. The new operating mode is
enabled by the keepalive mode reactive command in the wireless-controller configuration
- Support for the new keepalive mechanism for softgre tunnels. The tunnels are
Version 1.6.5
Revisions:
- CLI:
- Added possibility to enable single-user configuration
mode - Added command to terminate CLI sessions
- Added notification of unapplied configuration changes when entering/exiting
configuration mode and CLI
- Added possibility to enable single-user configuration
- Tunneling::
- Added option to enable softgre sub-tunnel in Bridge, which is in
VRF
- Added option to enable softgre sub-tunnel in Bridge, which is in
Version 1.6.4
Revisions:
- BRAS:
- Added show subscriber-control sessions count command to count the number of BRAS sessions
- Added show subscriber-control services count command to count the number of BRAS services
- mDNS
- Added mDNS-reflector functionality
- Added mDNS service filtering functionality
- Added show ip mdns-reflector command to view found mDNS services
- Added clear ip mdns-reflector command to update the list of services
- Monitoring and management:
- CLI
- Added dynamic/static and tunnel softgre filters for show/clear mac address-table commands
- Tunneling:
- Added clear tunnels softgre remote-address <ip> command to remove softgre tunnel for a specific point
- Added clear tunnels softgre command to remove all softgre tunnels
- CLI
Version 1.6.2
Revisions:
- BRAS:
- Supported on ESR-1X/2X
- Added possibility to set the interface with dynamic IP addresses as nas-ip
- DHCP:
- Added possibility to clear DHCP server lease records
- Increased the number of static DHCP entries in the pool to 128
- QOS:
- Added classification on the outbound interface, which allows not to use ingress policies
- Added possibility to set multiple ACLs in a class
- Added the possibility to set a DSCP classification in a class
- VoIP:
- Added possibility to configure PBX
- Interfaces:
- Supported routerport/switchport/hybrid interface operation mode
- Supported E1 HDLC
- Supported Serial (RS-232):
- Organization of connections using analog modems in Dial up, leased line mode
- Controlling neighboring devices via console
- Routing
- BGP:
- Supported Flow Specification Rules
- Supported weight attribute
- Added possibility to set route-map default route, le/ge/eq
- Added all, nearest, replace options for remove-private-as option
- IP:
- Supported IP Unnumbered
- Added possibility to disable ICMP unreachable/redirect responses
- Supported IPv6 Router Advertisement
- Multiwan:
- Supported mechanism to clear NAT sessions after an unreachable target is detected
- BGP:
- Monitoring and management:
- AAA:
- Added possibility to set source IP address for TACACS/LDAP servers
- Added possibility to set interface as a source for RADIUS server
- Extended TACACS server key size to 60 characters
- Added possibility to disable console port authentication
- CLI:
- Added possibility to set command aliases
- Added possibility to view interface usage statistics
- Added possibility to view CPU usage statistics
- Added possibility to set a name for a static route
- Added possibility to calculate hash sums of files
- Added possibility to view the list of current crashes
- Added possibility to disable debugging with one command
- Added possibility to display messages when viewing logs for a certain period of time
- Added possibility to download bootloaders
- Added possibility to view rule description in output of show ip firewall counters command
- Added possibility to copy files via HTTP(S) protocol
- Added possibility to view the difference between configurations (running, candidate, factory)
- Added possibility to view the configuration with metadata
- Removed commit update command
- SNMP:
- Added possibility to set community for trap messages
- Added possibility to set source IP address for trap messages
- Added possibility to choose content of linkDown/linkUp traps between standard and cisco-like
- SSH:
- Added possibility to set source IP address for SSH client
- Supported Cisco SLA responder
- Supported Eltex SLA
- Supported SFTP server
- Filtering and translation
- Firewall:
- Added filtering by ICMP message type name
- HTTP (S) Proxy:
- Added filtering by content type: ActiveX, JS, Cookies
- Added possibility to filter/redirect by local/remote lists
- Added possibility to update remote URL lists via RADIUS CoA
- NAT:
- Added possibility to broadcast addresses from PPTP/PPPoE tunnel
- Firewall:
- Tunneling:
- IPSEC:
- Added possibility to use an IP address obtained by DHCP as a local gateway
- Added possibility to view extended information about tunnel authentication
- Supported XAuth client
- Support for PFS (perfect forward secrecy) using the DH group
- IPSEC:
Version 1.4.4
Revisions:
- PPPoE client:
- Added PAP, MS-CHAP, MS-CHAPv2, EAP authentication methods
Version 1.4.2
Revisions:
- Attack protection:
- Added the show ip firewall screens counters command, which allows you to view statistics on detected network attacks
- Implemented protection against XMAS and TCP all flags
- SNMP:
- Added possibility to set snmp-server contact and snmp-server location Added OIDs for these parameters
- Implemented SNMP View: allow or deny access to community and user by OID
- NTP:
- Expanded show ntp peers output: added stratum and synchronization status
- Firewall:
- Added ip firewall sessions tracking sip port command, allowing you to select TCP/UDP port for SIP session tracking
- Firewall:
- Added ip firewall sessions tracking sip port command, allowing you to select TCP/UDP port for SIP session tracking
- Tunneling:
- Implemented L2TP client with IPSec support
- IP SLA agent (Wellink):
- Added possibility to manage tests without portal participation
- Redesigned control and monitoring commands
- Added threshold management commands: setting thresholds for exceeding and normalizing test parameters, alerting in CLI, SYSLOG and SNMP about threshold crossing
Version 1.4.1
Revisions:
- Tunneling:
- GRE enhancement:
- Implemented keepalive mechanism for Ethernet over GRE tunnels
- Increased maximum number of SoftGRE tunnels to 8K (ESR-1200/ESR-1700)
- Added possibility to configure MTU on SUB-GRE tunnels
- IPsec enhancement:
- Added encryption algorithm null command in config-ipsec-proposal mode to disable encryption of ESP traffic
- Support for policy-based IPsec operation in VRF
- GRE enhancement:
- BRAS:
- Supports speed limit per subscriber session
- Added session ip-authentication command in config-subscriber-control configuration mode. When this option is enabled, user authentication is by IP address
- Added show subscriber-control radius-servers command to view information about RADIUS servers used
- SNMP:
- Added possibility to apply the configuration and reboot the device with commitConfirmAndReload SetRequest
- Support for the RMON agent, which allows to collect statistics about the nature of traffic on network interfaces
- Implemented management of VoIP services via SNMP
- Support for sending notifications when DoS attacks are detected
- Implemented sending SNMP traps when thresholds are reached:
- Network interfaces load
- GRE/SUB-GRE tunnel
- Number of tunnels included in the bridge-group
- BRAS sessions
- AAA:
- Added possibility to specify the source-address for requests to the authentication and authorization server in config-tacacs-server and config-ldap-server configuration modes
- Multiwan:
- Added wan load-balance commands in config-cellular-modem configuration mode to configure Multiwan using a USB modem
- L3 routing:
- Supported BFD technology for static routing
- BGP enhancement:
- Added commands: default-information originate in config-bgp-af configuration mode, default-originate in config-bgp-neighbor configuration mode to allow default route advertisement
- CLI:
- Added support for the Ctrl-P and Ctrl-N hotkeys to view the history of entered commands
- Added the ability to view the current state of tracking objects using the show tracking objects command
- LLDP:
- Added support for MED extension with support for announcing DSCP, VLAN, PRIORITY parameters for different device types. Through this extension the Voice VLAN transmission is realized
- Firewall:
- Implemented application traffic classification technology
- Added ip firewall logging screen command in config mode to log detected DoS attacks
- QOS:
- Implemented GRED (Generic RED) mechanism to manage queue overflow based on IP DSCP or IP Precedence
- VRRP:
- Supported operation in VRF
- Added VRRP track-ip
- Zabbix:
- Implemented Zabbix agent
- Configuration:
- Implemented automatic reading of the configuration from removable media when booting the device without configuration
Version 1.4.0
Revisions:
- Tunneling:
- Added PPTP client
- Added PPPoE client
- Support for Ethernet over GRE tunnel
- Support for creating subinterfaces for Ethernet over GRE tunnels
- Added possibility to increase MTU for tunnels up to 10000
- IPsec enhancement:
- Supported XAuth for dynamic IPsec tunnels
- OpenVPN enhancement:
- Extension of the list of encryption and authentication algorithms
- BRAS:
- Added possibility to broadcast the table USER IP - PROXY IP by NetFlow for proxied connections
- L2 switching:
- Added force-up command to config-vlan In this mode, the VLAN is always in the «Up» state
- L3 routing:
- Added possibility to optionally enable IPv6 stack on interfaces
- BGP enhancement:
- Increased the range of values for the local preference parameter
- Extended output of the show ip bgp neighbors command
- Implemented VRRP tracking: change MED and AS-path attributes based on VRRP state
- CLI:
- Added possibility to scale the size of the terminal to the size of the window on the PC when using the console connection. terminal resize command
- Extended the set of allowed characters in APN in config-cellular-profile Added characters: "@", ".", "-"
- Monitoring:
- Added possibility to filter traffic by source/destination MAC address
- Added possibility to view Firewall sessions
- Output interface status information when calling show ip interfaces
- DHCP:
- Added possibility to exclude IP address from DHCP server address pool
- Added possibility to set arbitrary option in IP-address, string, HEX-string format
- NAT:
- Support for Static NAT
- NTP:
- The ntp enable vrf <NAME> command outdated. Protocol time synchronization is enabled by the ntp enable command and will be allowed for all servers and peers in the configuration
- Added ntp logging command to log NTP events
- Added ntp source address <IP> command to set IP address for all NTP peers
- SNMP:
- The snmp-server vrf <NAME> command outdated. Protocol access is enabled with the snmp-server command and will be allowed for all communities and SNMPv3 users in the configuration
- Management:
- Support for copying firmware, configuration, certificates
- Support for configuration operations (commit, confirm, restore, rollback, etc.)
- Added possibility to create interfaces
- Added possibility to change the image of the active software
- Added possibility to reboot the device (only when snmp-server system-shutdown is enabled on esr)
- Added possibility to configure VRRP
- Monitoring:
- Added possibility to view the number of existing interfaces and tunnels of all types
- Added possibility to view the size of the ARP table
- SYSLOG:
- Added logging of stops/starts of system processes
- VRRP:
- Added the vrrp force-up In this VRRP mode, IP interface is always in the «Up» state
Version 1.3.0
Revisions:
- Attack protection:
- DoS attack protection:
- ICMP flood
- Land
- Limit-session-destination
- Limit-session-source
- Syn flood
- UDP flood
- Winnuke
- Blocking spy activity:
- Fin-no-ack
- ICMP type
- IP sweep
- Port scan
- Spoofing
- Syn-fin
- TCP-no-flag
- Blocking non-standard packets
- ICMP fragment
- IP fragment
- Large ICMP
- Syn fragment
- UDP fragment
- Unknown protocols
- DoS attack protection:
- Support for DNS name resolution. Caching DNS server
- Support for LLDP
- Support for 3G/4G USB modems
- AAA:
- Added possibility to adjust the number of failed authentication attempts
- Added possibility to set the password lifetime
- Added possibility to set the maximum number of passwords stored in the history for each local user
- Added reminder function of the initial password change
- Added possibility to set a timeout for the login session
- Added setting to allow/deny login as root when connecting via RS-232 (console)
- Requirement to change the password after it expires
- Added possibility to control password complexity
- BGP:
- Combining peers into groups with a set of attributes
- BRAS:
- Added Framed-IP-Address attribute containing subscriber IP address to Access-Request packets of RADIUS protocol
- Optimized performance of the Proxy server
- CLI:
- Supported SFTP for uploading/downloading firmware files, configurations and certificates
- Support for USB memory sticks, SD/MMC cards in firmware, configuration and certificate file copying operations
- Added possibility to view table sizes and routing protocol priorities
- Added possibility to view all routes belonging to a specified subnet
- DHCP:
- DHCP client. Manual IP address re-request
- Support for DHCP server in VRF
- Support for options 150 (tftp-server ip) and 61 (client-identifier HH:<MAC>) for DHCP server
- Firewall:
- Added possibility to control ALG modules
- Added possibility to disable drop packets related to the session with an invalid status (e.g., in asymmetric routing)
- IPSEC:
- Added possibility to set the local address to any when configuring the IKE gateway
- Support for certificates
- L2 switching:
- Added possibility to pass BPDU through the bridge on ESR-100/200
- Added possibility to include the physical port in the bridge on the ESR-100/200
- Multiwan:
- Implemented automatic switching to a backup channel if parameters of the current channel deteriorate (LOSS, jitter, RTT)
- Support for VRF operation
- Support for LT tunnels
- NTP:
- Authentication support
- Support for filtering by message type
- SNMP:
- Added possibility to disable SNMPv1
- Implemented access control lists
- Added possibility to control password complexity for snmp-server community
- SSH
- Added possibility to configure the maximum number of authentication attempts to connect via SSH
- Added possibility to set the waiting interval for SSH connection authentication
- Added possibility to set the key pair update interval for SSH
- Selectable SSH version
- Implemented authentication algorithms, encryption, key exchange configuration
- Variable length RSA key generation
- VLAN
- Operational VLAN status management (ESR-1000/ESR-1200)
- Support for MAC based VLAN
- Added possibility to automatically add ports to existing VLANs
- VRRP
- Added possibility to use VRRP IP as source IP address for GRE, IP4IP4, L2TPv3 tunnels and RADIUS client
- Listening to VRRP by L2TP/PPTP IP servers
- Support for VRRPv3
- Fixed incorrect order of virtual IP addresses in a packet
Version 1.2.0
Revisions:
- Tunneling:
- GRE Keepalive support
- L3 routing:
- BGP:
- Adding of neighbor description
- Possibility to enable/disable neighbors
- Increased total number of BGP peers to 1000
- View the total information on peers
- Multiwan:
- View operational information
- VRRP:
- Set a subnet mask for VRRP IP
- Port-Channel Operational Status Management (ESR-100/200)
- BGP:
- IPSEC:
- Support for Policy-based IPsec mode
- Flexible tunnel key renegotiation (margin seconds/packets/bytes, randomization)
- Closing the IPsec tunnel after a specified number of packets/bytes have been transmitted
- Specification of the time interval after which the connection is closed if no packets are received or transmitted through the SA
- SNMP:
- Display the current speed of the interfaces in the ifSpeed parameter of the IF-MIB
- SNMP Trap:
- Trap on exceeding the thresholds of CPU load and temperature, fan speed, free RAM and FLASH space
- CLI:
- Routing information filtering by protocol
- Filtering by interface, IP address and MAC address in ARP/ND table clear commands
- Storing log files in the non-volatile memory of the device
- Uploading log files from the device using the copy command
- View the contents of critlog with the show syslog command
- View the contents of the log files from the end. Added show syslog from-end command
- Configuration confirmation timer setting. Added system config-confirm timeout command
- Changes in the command interface:
- Cisco-like paths for files:
v1.2.0: system:..
esr# copy system:running-config
v1.1.0: fs://.../
esr# copy fs://running-config
- AAA:
- Added a mode in which the following methods will be used for authentication if the priority one is not available
- NTP:
- Authentication support
- Firewall:
- Increased the number of security zone pairs to 512
- Added possibility to pass packets that could not be identified as belonging to any known connection and that are not the start of a new connection. Added ip firewall sessions allow-unknown command
- QOS:
- Configuring the length of edge queues in Basic QoS
- BRAS:
- Shaping by SSID and offices
- Subscriber authentication by MAC-address
- Configuring active/reserve redundancy based on VRRP status
Version 1.1.0
Revisions:
- BRAS:
- User termination
- RADIUS CoA processing, interaction with AAA
- URL whitelists/blacklists
- Quoting by traffic volume and session time, or quoting by both
- HTTP proxy
- HTTP Redirect
- HTTPS Proxy
- HTTPS Redirect
- Getting URL lists from PCRF
- Session accounting via Netflow protocol
- Optional additional verification of authorized users by MAC-address
- Netflow:
- Netflow v10. Exporting statistics by URL
- VRF support
- Support for Domain Observation ID
- Information on NAT sessions
- HTTPS Host export
- Exporting information on L2/L3 location
- Active-timeout configuration
- Setting the source IP address for packets sent to the Netflow collector
- Configuring exports on an interface with the Firewall enabled
- VRRP:
- Tracking routes based on the state of the VRRP process
- CLI:
- Autocomplete and display the names of created objects in tooltips
- Display summary information by Firewall and NAT sessions
- View real-time information on running services/processes
- Informative tooltip in case of incorrect parameter entry
- SYSLOG:
- Added possibility to set source IP-address for interaction with SYSLOG servers
- L2 switching:
- Q-in-Q subinterfaces
- L3 routing:
- VRF enhancement:
- Virtual Ethernet Tunnel (tunnel linking VRF)
- BGP enhancement:
- Configuring the source IP address for routing information exchange (update-source)
- Support for BFD
- VRF enhancement:
- DHCP Relay:
- Support for Option 82
- VRF support
- Support for point-to-point interfaces (GRE, IP-IP, etc.)
- Management interfaces:
- SNMP:
- Support for MAU-MIB
- SNMP:
- QOS:
- Increasing the number of QoS policy-map to 1024 and class-map to 1024
- Wi-Fi Controller:
- Retrieve settings (tunnel-served SSID and shaping parameters) of DATA tunnels from RADIUS server
Version 1.0.8
Revisions:
- Improved health monitoring of network services
- AAA:
- Setting a source IP to communicate with RADIUS servers
- Deleting SSH host keys
- Support for legacy encryption protocols for SSH connections from third-party devices
- L3 routing:
- MultiWAN: per-flow routing
- Recursive static routing
- BGP support for setting blackhole/unreachable/prohibit as Nexthop
- VRF-lite enhancement:
- support for NTP
- Support for GRE tunnels
- CLI enhancement:
- Support for correct addition of partially entered parameters
- Display the network interfaces uptime in the show interfaces status command
- Replacing private data when logging entered commands with ***
- Added no nat { source | destination } commands to quickly remove the entire NAT configuration
- VRRP:
- Support for version 3
- Support for configuring GARP Master parameters
- Simultaneous configuration of up to 8 Virtual IPs per process
- Reservation of Firewall sessions is now configured independently of the Wi-Fi Controller
- Multiwan:
- Output messages about changes in route states
- ESR-100/ESR-200:
- Support for 100BASE-X transceivers on combo ports
- ESR-1000:
- Bridge: Prohibit switching of unknown-unicast traffic
- Management interfaces:
- SNMP:
- SNMP Trap:
- Trap on high CPU load
- SNMP MIB:
- IP-MIB
- TUNNEL-MIB
- ELTEX-TUNNEL-MIB
- RL-PHYS-DESCRIPTION-MIB
- CISCO-MEMORY-POOL-MIB
- CISCO-PROCESS-MIB
- SNMP Trap:
- SNMP:
Version 1.0.7
Revisions:
- Device control: configuring the operation mode of the fans
- L3 routing:
- Automatically allocated VLAN (Internal Usage VLAN) do not change when the configuration is applied
- MultiWAN: unconditional target check
- Removed mutual crossing check for DirectConnect networks and static routes
- Changes in TCP MSS
- Changed restrictions on the maximum number of active routes (FIB)
- Limited maximum number of routes for each dynamic routing protocol (RIB)
- Added possibility to filter the default route in the Prefix List
- BGP support
- BGP ECMP
- Keepalive timer autocalculation
- Support for Policy-based routing (IPv4 only)
- Logging changes in the state of connections with peers in the OSPF and BGP
- Added possibility to use route-map for OSPF, RIP
- VRF-lite enhancement:
- BGP support
- Support for OSPF
- Поддержка QoS
- Router management (AAA, Telnet, SSH, SNMP, Syslog, copy command)
- IPv6 enhancement:
- BGP support
- Support for setting Nexthop in route-map
- Support for RADIUS/TACACS/LDAP
- Support for MultiWAN
- Tunneling:
- Authentication via RADIUS server for PPTP/L2TP servers
- OpenVPN
- Expiration of automatically raised Ethernet-over-GRE tunnels (Wi-Fi controller)
- IPsec enhancement:
- Support for DES protocol
- Obtain operational information
- ARP/ND:
- Configuring the lifetime of entries
- DHCP Server:
- Configuring the netbios-name-server option in the DHCP address pool
- CLI enhancement:
- Viewing load on network interfaces
- Extended list of protocols in ACL
- The untagged/tagged parameter is made optional when removing a VLAN with the switchport general allowed vlan remove command
- Viewing traffic on network interfaces
- VRRP:
- Preempt delay configuration
- Simultaneous configuration of multiple Virtual IP
- Multiwan:
- Verification of all targets on the target list
- ESR-100/ESR-200:
- Policy-based QoS
- ACL
- ESR-1000:
- Automatic SFP transceiver detection for 10G ports
- Bridge: Isolation of tunnels or sub-interfaces in the bridge
- Integration of third-party software:
- IP SLA agent (Wellink)
- SYSLOG: Added timezone setting before displaying messages
- Management interfaces:
- SNMP:
- SNMP Trap
- SNMP MIB:
- ENTITY-MIB
- IANA-ENTITY-MIB
- SNMP:
Version 1.0.6
Revisions:
- Management and monitoirng:
- Automatic configuration redundancy
- Statistics collection:
- Netflow v5/v9/v10(IPFIX)
- sFlow
- MAC table:
- Added possibility to limit the MAC-addresses being learnt
- Added possibility to adjust the storage time of MAC-addresses
- Syslog enhancement:
- Logging critical commands
- Logging routing protocols operation
- CLI enhancement:
- Command trace filtering by | include/exclude/begin/count
- Improvement of the page view mode of commands
- Switching syslog file browsing to page mode
- Support for entering the port on which the TFTP/SSH/FTP service on the remote server works in the copy command
- Added age display of ARP/IPv6 entries and self entries in show arp and show ipv6 neighbors commands
- Changes in the command interface:
- Added ip path-mtu-discovery command
- DHCP: The ip address dhcp enable command changed to ip address dhcp
- Changes in the command interface:
v.1.0.6:(config)# interface gigabitethernet 1/0/1
(config-if-gi)# ip address dhcp
v.1.0.5:(config)# interface gi 1/0/15
(config-if)# ip address dhcp enable
- DHCP: Theip address dhcp server <IP> command changed to ip dhcp server address <IP>
v.1.0.6: (config)# interface gigabitethernet 1/0/1
(config-if)# ip dhcp server address 10.10.0.1
v.1.0.5: (config)# interface gigabitethernet 1/0/1
(config-if)# ip address dhcp server 10.10.0.1
- DHCP: The ip address dhcp {<Ignore, lease-time, reboot, set reboot time, retry, select-timeout, timeout, vendor-class-id>} command changed to ip dhcp client {<Ignore, lease-time, reboot, set reboot time, retry, select-timeout, timeout, vendor-class-id>}
v.1.0.6: (config)# interface gigabitethernet 1/0/1
(config-if)# ip dhcp client timeout 60
v.1.0.5: (config)# interface gigabitethernet 1/0/1
(config-if)# ip address dhcp timeout 60
- Firewall: The show security zone-pair counters command changed to show ip firewall counters
v.1.0.6: # show ip firewall counters
v.1.0.5: # show security zone-pair counters
- Firewall: The clear security zone-pair command changed to clear ip firewall counters
v.1.0.6: # clear ip firewall counters
v.1.0.5: # clear security zone-pair
- sNAT: The service nat source command changed to nat source
v.1.0.6: (config)# nat source
v.1.0.5: (config)# service nat source
- dNAT: The service nat destination command changed to nat destination
v.1.0.6: (config)# nat destination
v.1.0.5: (config)# service nat destination
- NTP: The service ntp {< broadcast-client, dscp, enable, peer, server>} command changed to ntp {< broadcast-client, dscp, enable, peer, server>}
v.1.0.6: (config)# ntp peer 10.10.10.10
v.1.0.5: (config)# service ntp peer 10.10.10.10
- MULTIWAN: The target <IP> command changed to ip address <IP>
v.1.0.6: (config)# wan load-balance target-list eltex
(config-wan-target-list)# target 3
(config-wan-target)# ip address 10.10.0.1
v.1.0.5: (config)# wan load-balance target-list eltex
(config-wan-target-list)# target 3
(config-wan-target)# target 10.10.0.1
- IPsec: The ipsec authentication method psk command changed to ipsec authentication method pre-shared-key
v.1.0.6: (config)# remote-access l2tp elt
(config)# ipsec authentication method pre-shared-key
v.1.0.5: (config)# remote-access l2tp elt
(config)# ipsec authentication method psk
- QoS enhancement:
- Prioritizing control traffic
- Firewall enhancement:
- Managing timers and number of sessions
- SSH enhancement:
- RSA, DSA, ECDSA, Ed25519 key generation
- NAT enhancement:
- Added possibility to run NAT when Firewall is disabled
- Using bridge in the command to limit the scope of a rule group
- MultiWAN enhancement:
- Specifying SUB-interfaces as a gateway
- SNMP enhancement:
- Support for ifXTable
- SNMP IPv6
- Enable/disable user for low-level technical support access
- Arbitrary MAC address settings on the network bridge
- L3 routing:
- BGP enhancement:
- ExtCommunity
- Private AS deletion mode
- Mode of default-route announcement along with other routes
- Filtering and assigning parameters to routes in redistribution
Version 1.0.5
Revisions:
- CLI enhancement:
- Deleting entities of the same type with one command via the 'all' option
- Interfaces:
- Support for Jumbo Frame (MTU up to 10000 bytes)
- Assigning /32 prefixes to Loopback interfaces
- Firewall:
- Added possibility to interrupt/clean up established sessions
- Disabling Firewall function
- QOS:
- Marking/remarking traffic
- DSCP code mutation
- Hierarchic QoS (HQoS)
- Bandwidth management (shaping), 1 kbit/s step
- Bandwidth reservation by traffic class (shaping per queue)
- RED, GRED queue overload management
- SFQ queue management
- Policy-based QoS
- Network services:
- Access control list (ACL)
- Support for issuing IP addresses by DHCP-server according to client's MAC-address
- Support for filtering by MAC-addresses in Firewall
- Support for simultaneous operation of DHCP server and Relay agent
- Telnet, SSH clients
- Support for E1 interfaces:
- CHAP
- PPP
- MLPPP (Multilink PPP)
- AAA:
- Authentication and authorization by local user base, RADIUS, TACACS+, LDAP
- Command accounting via the TACACS+ protocol
- Session accounting: SYSLOG, RADIUS, TACACS+
- Managing command privilege levels
- L3 routing:
- BGP enhancement:
- Attribute filtering and attribute modification (local preference, AS-path, community, nexthop, origin, metric, subnet)
- Support for Route-Reflector feature
- Configuration of authentication options for a specific neighbor
- Support for 32-bit numbers of autonomous systems
- Added possibility to view prefixes received from neighbor and announced to neighbor
- Added possibility to view information by specific prefix
- RIP enhancement:
- Summation of advertised subnets
- Static neighborhood
- OSPF enhancement:
- Summation of advertised subnets
- Support for the eligible parameter for NBMA interfaces
- Route propagation management (prefix lists with the ability to specify valid prefixes using eq, le, ge rules)
- Static routes with blackhole/prohibit/unreachable destination
- VRF Lite:
- Operation of network functions in the context of VRF:
- IPv4/IPv6 addressing
- Static routing
- NAT
- Firewall
- Operation of network functions in the context of VRF:
- System resource monitoring:
- Connection/flow monitoring
- Routing table monitoring
- Improvements in Syslog operation
- Router redundancy:
- Firewall session redundancy
- DHCP server lease redundancy
- SoftGRE tunnel redundancy for Wi-Fi access points
- Support for IPv6 addressing in the following network services:
- Addressing
- Static routing
- Firewall
- OSPFv3
- Prefix-List
- NTP
- Syslog
- Ping, traceroute utilities
- Telnet client/server
- SSH client/server
- DHCP Server/Relay/Client
- SNMP:
- Added support for SNMPv3
- Added SNMP MIB (monitoring) for QoS
Version 1.0.4
Revisions:
- CLI:
- Added possibility to import and export files using FTP, SCP
- Viewing configurations by section
- Added possibility to update u-boot from the system command interface
- Changes in the command interface:
- NAT: The proxy-arp interface command changed to ip nat proxy-arp
v.1.0.4: (config)# service nat source
(config-snat)# proxy-arp interface gigabitethernet 1/0/15 SPOOL
v.1.0.3: (config)# interface gigabitethernet 1/0/15
(config-if)# ip nat proxy-arp SPOOL
- IKE: The policy command changed to ike-policy
v.1.0.4: (config)# security ike gateway gw1
(config-ike-gw)# policy ik_pol1
v.1.0.3: (config)# security ike gateway gw1
(config-ike-gw)# ike-policy ik_pol1
- IPSec: The vpn-enable command changed to enable
v.1.0.4: (config)# security ipsec vpn vpn1
(config-ipsec-vpn)# vpn-enable
v.1.0.3: (config)# security ipsec vpn vpn1
(config-ipsec-vpn)# enable
- VTI: The interface vti command changed to tunnel vti
v.1.0.4: (config)# tunnel vti 1
v.1.0.3: (config)# interface vti 1
- DHCP: The service dhcp-server command changed to ip dhcp-server
v.1.0.4: (config)# ip dhcp-server
v.1.0.3: (config)# service dhcp-server
- SNMP:
- Added support for SNMP monitoring
- Supported standard SNMP MIB (monitoring)
- Routing features:
- Authentication key-chain
- OSPF:
- NSSA
- Stub Area
- MD5 Authentication
- MTU Ignore mode
- RIP:
- MD5 Authentication
- BGP:
- Support for EBGP Multihop
- Support for next-hop-self attribute
- Static routing:
- Support for configuring multiple default routes
- Configurable preference for routing protocols
- Redundancy features:
- Support for VRRP
- Support for DualHoming redundancy
- Control and redundancy of WAN (Wide Area Network) connections
- Load balancing on WAN interfaces
- DHCP:
- Support for DHCP relay
- QOS:
- Traffic prioritization
- L3 priority processing (DSCP)
- Support for 8 priority queues
- SP, WRR queue processing algorithms
- Setting interface bandwidth limits for incoming and outgoing traffic
- Interfaces:
- Support for loopback interfaces
- NAT/Firewall:
- Support for renumbering rules
- Viewing information about established sessions
- Improved session monitoring for a number of protocols (H.323, GRE, FTP, SIP, SNMP)
- Activating and deactivating session traffic counters
- Change in the command interface: improved commands autocompletion
- Mirroring:
- Support for traffic mirroring
Version 1.0.3
Revisions:
- Switching:
- VLAN configuration
- LAG (static and LACP)
- STP/RSTP/MSTP
- Port isolation
- Bridge groups
- Routing:
- OSFP
- BGP
- RIP
- NAT:
- Proxy ARP for Source NAT
- Remote access:
- L2TPv3
- IPv4-over-IPv4
- GRE
- Syslog:
- Added possibility to configure logging in remote sessions (SSH and Telnet)
- The message format is in accordance with RFC5424
- Entered commands logging
- CLI:
- Added possibility to update the software via the CLI
- Added possibility to view the operational status of interfaces
- Support for port utilization
- Support for viewing the ARP table
- Command to view the serial number
- View hardware version command
- Support for ARP table cleaning
- System:
- Support for licensing
- Support for Flash button
- Implemented automatic load balancing between router cores
- Security:
- Support for group SHA-2 authentication methods in IKE IPsec
Version 1.0.2
Revisions:
- Configuration:
- Added possibility to copy configuration to (c) TFTP server(s)
- Hostname
- System time (manual)
- Interface description
- Added possibility for the firewall to filter the traffic broadcast or non-broadcast DNAT service
- Added possibility to ignore certain options in the DHCP client
- Changes in IPSec commands related to authentication and encryption
- Checking for duplicate information in object-group service/network
- Added possibility to reset to factory configuration
- Added possibility to set time zones
- Operative information:
- System environment parameters
- Active user sessions
- Load on physical interfaces
- Status of logical interfaces
- Counters of logical interfaces
- Remote access:
- PPTP
- L2TP/IPSec
- NTP:
- Server, peer, client modes
- 10G port indication
- Utilities:
- Ping
Version 1.0.1
Revisions:
- Address translation:
- Source NAT
- Destination NAT
- Static NAT
- Virtualization, VPN:
- IKE
- Tunnelling (IPsec)
- Connection encryption (3DES, AES)
- Message authentication by MD5, SHA1, SHA256, SHA384, SHA512
- Network services:
- DHCP Server
- DHCP Client
- DNS
- L3 routing:
- Static routes
- Network security:
- Firewall
- Management:
- Management interfaces:
- CLI
- Telnet, SSH
- Access control (local user base)
- Сonfiguration management
- Automatic configuration restore
- Updating the firmware (u-boot)
- Management interfaces:
- Monitoring:
- Syslog
Performance:
Firewall performance (large packets) | 5.9 Gbps |
NAT performance (large packets) | 5.9 Gbps |
IPsec VPN performance (large packets) | 3.7 Gbps (AES128bit / SHA1) |
Number of VPN tunnels | 100 |
Quantity of static routes | 100 |
Number of competitive sessions | 512,000 |
Version restrictions:
- Bandwidth is limited (500Mbit/s per IPsec tunnel)
- CPU load balancing is supported with limitations
- Policy-based VPN is not supported
- Updating firmware only by means of u-boot
- Static switch control
- No hardware bridging acceleration
- No VLAN configuration (bridging)
- No support for SNMP, Webs
- No timezone configuration
- No NTP