Версия 1.13.0

Revisions:

  • Support fo ESR-1511 and ESR-3100 routers
  • Support for Content-Filter functionality for HTTP traffic
  • Support for Anti-Spam functionality for HTTP traffic
  • Routing:
    • BGP:
      • Increased BGP RIB ESR-10/12V/12VF/14VF to 1M routes
      • increased BGP RIB ESR-20/21/100/200 to 2.5M routes
      • Increased BGP RIB ESR-1000/1200/1500/1510 to 5M routes

Version 1.12.0

Revisions:

  • IDS/IPS:
    • Supported interaction with Eltex Distribution Manager for licensed content — a set of rules provided by Kaspersky SafeStream II
  • IPsec:

    • Added possibility to view debug information for IPsec

  • MPLS:

    • Added support for VPLS Kompella Mode
    • Added commands to output operational information for L2VPN
  • USB-Modem:
    • Support for modems with HILINK firmware
  • Routing:

    •  IS-IS:
      • Added possibility of 3way handshake neighborhood establishment
  • Monitoring and management:

    •  CLI:
      • Removed the possibility to authenticate as root
  • Tunneling:

    • Added possibility to set AAA authentication lists for OpenVPN clients
  • Filtering:
    • HTTP proxy
      • Added possibility to log filtering events

Version 1.11.2

Revisions:

  • BRAS:

    • Supported BRAS operation in VRF for L3 switching scheme

    • Supported adding Option 82 from client DHCP packets in accounting

    • Supported getting the number of services and BRAS sessions via SNMP

  • SNMP:
    • Supported breaking softgre tunnels
  • Monitoring and management:

    •  CLI:
      • Added the merge command, which merges the downloaded configuration with candidate-config

      • Added possibility to view information about the configuration of a particular Bridge
      • Added possibility to view the configuration of a certain object-groups by specifying the type
      • Added possibility to view the configuration of a certain tunnel
      • Added possibility to view the configuration of a specific route-maps
      • Added saving user login to configuration name when reserving configuration locally
      • Added possibility to view the difference between the archived configurations
      • Added the clear vrrp-state command, which stops VRRP execution for 3* Advertisement_Interval+1 time. This enables the router in the backup state to perform a master hijacking
    • SLA:
      • Supported IP SLA in ICMP-ECHO mode

  • Tunneling:
    • Supported synchronization of wireless-controller tunnels between routers with different firmware versions

Version 1.11.1

Revisions:

  • IPsec:

    • Implemented possibility to disable Mobility and Multihoming Protocol (MOBIKE) for IKEv2

    • Support for certificate IPsec authentication
    • Support for CRL and filtering by attribute field Subject-name

Version 1.11.0

Revisions:

  •  CLI:

    • Implemented TCP/UDP port filtering when displaying and cleaning firewall/NAT sessions

    • Implemented possibility to view mDNS configuration

  • IPsec:

    • Implemented modes of reconnecting XAUTH clients with one login/password

    • Implemented possibility to disable Subject attribute field validation of local and remote XAUTH certificate

  • Routing:

    • Implemented possibility to use Multiwan on pppoe, l2tp, openvpn, pptp and vti-tunnels

  • Tunneling:

    •  GRE

      • Implemented possibility to use as local interface for GRE tunnels: USB-modem, pptp, l2tp, pppoe-tunnel and e1, multilink-interfaces

      • Implemented possibility to build GRE tunnels from IP-interfaces of a great VRF
      • Implemented possibility to provide L2 connectivity between clients from different tunnels within one location in the scheme with wireless-controller
    • PPPoE

      • Added possibility to use ",", "/" and "\" symbols in username

  • Limited file system support for USB sticks and SD/MMC cards. Only FAT is supported

Version 1.10.0

Revisions:

  • Routing:
    • Added support for IS-IS routing protocol
    • Added support for RIP NG routing protocol
    • Reworked BGP configuration
    • BGP:
      • Added support for BGP Graceful restart
      • Added support for BGP Weight attribute
    • OSPF:
      • Added support for OSPF Graceful restart
  • Monitoring and management:
    • Added possibility to enable monopoly access to the configuration
    • Added possibility to reset CLI sessions
    • Added possibility to clear the alarm list
  • Tunneling:
    • Added user authentication method selection for L2TP and PPTP servers
    • Added possibility to use private key and certificate for OpenVPN client
  • MPLS:
    • Added support for LDP
    • Added support for L2VPN VPWS
    • Added support for L2VPN VPLS Martini mode
    • Added support for L3VPN MP-BGP

Version 1.8.7

Revisions:

  • USB-Modem:
    • Added the «no compression» command to disable Van Jacobson TCP/IP header compression method
  • Monitoring and management:
    • Added possibility to execute SSH commands in non-interactive command line sessions (CLI)

Version 1.8.5

Revisions:

  • Security:
    • Added possibility to use demo licenses for IDS/IPS
  • SLA:
    • Updated Wellink SLA agent on ESR-10/12V/12VF
  • USB-Modem:
    • Added possibility to use '_', '@', '.', '-' characters for user field in cellular profile configuration mode
  • Monitoring:
    • Added Zabbix-proxy functionality

Version 1.8.3

Revisions:

  • IPSEC:
    • Fixed problem of unstable IPsec operation with DMVPN and L2TPv3
  • Multilink:
    • Fixed problem of routing traffic from multilink
    • Fixed problem with adding the second and subsequent interfaces in multilink
  • OSPF:
    • Fixed problem with route information update

Version 1.8.2

Revisions:

  • Support for ESR-20/21/1500/1510 routers
  • OpenVPN server:
    • Increased the number of users to 64
  • ACL:
    • ESR-1X: increased the number of rules to 255

Version 1.8.1

Revisions:

  • OpenVPN server:
    • Added possibility to assign a static IP address to an OpenVPN user
    • Added possibility to authorize multiple OpenVPN users with one certificate

Version 1.8.0

Revisions:

  • Tunneling:
    • Support for DMVPN
  • BGP:
    • Increased BGP RIB ESR-20/21/100/200 to 2M routes
    • Increased BGP RIB ESR-1000/1200/1500/1510 to 3M routes
  • SNMP:
    • Support for LLDP-MIB

Version 1.7.0

Revisions:

  • Filtering:
    • Support for IDS/IPS
    • HTTP proxy: added redirect port configuration
  • CLI:
    • ESR-1700: Increased the maximum number of object-group networks to 1024
    • Added possibility to specify prefix 0.0.0.0/0 in Prefix List, route-map
    • Added possibility to specify links in object-group url as regular expressions
    • Added possibility to change MAC-address of physical and aggregated interfaces
    • Transfer port commands ip http proxy redirect-port, ip http proxy redirect-port from BRAS to HTTP(S) Proxy
  • NAT:
    • ESR-1700: Increased the maximum number of NAT pool to 1024

Version 1.6.6

Revisions:

  • Tunneling:
    • Support for the new keepalive mechanism for softgre tunnels. The tunnels are
      checked by ping-probe from the client devices. The new operating mode is
      enabled by the keepalive mode reactive command in the wireless-controller configuration

Version 1.6.5

Revisions:

  • CLI:
    • Added possibility to enable single-user configuration
      mode
    • Added command to terminate CLI sessions
    • Added notification of unapplied configuration changes when entering/exiting
      configuration mode and CLI
  • Tunneling::
    • Added option to enable softgre sub-tunnel in Bridge, which is in
      VRF

Version 1.6.4

Revisions:

  • BRAS:
    • Added show subscriber-control sessions count command to count the number of BRAS sessions
    • Added show subscriber-control services count command to count the number of BRAS services
  • mDNS
    • Added mDNS-reflector functionality
    • Added mDNS service filtering functionality
    • Added show ip mdns-reflector command to view found mDNS services
    • Added clear ip mdns-reflector command to update the list of services
  • Monitoring and management:
    • CLI
      • Added dynamic/static and tunnel softgre filters for show/clear mac address-table commands
    • Tunneling:
      • Added clear tunnels softgre remote-address <ip> command to remove softgre tunnel for a specific point
      • Added clear tunnels softgre command to remove all softgre tunnels

Version 1.6.2

Revisions:

  • BRAS:
    • Supported on ESR-1X/2X
    • Added possibility to set the interface with dynamic IP addresses as nas-ip
  • DHCP:
    • Added possibility to clear DHCP server lease records
    • Increased the number of static DHCP entries in the pool to 128
  • QOS:
    • Added classification on the outbound interface, which allows not to use ingress policies
    • Added possibility to set multiple ACLs in a class
    • Added the possibility to set a DSCP classification in a class
  • VoIP:
    • Added possibility to configure PBX
  • Interfaces:
    • Supported routerport/switchport/hybrid interface operation mode
    • Supported E1 HDLC
    • Supported Serial (RS-232):
    • Organization of connections using analog modems in Dial up, leased line mode
    • Controlling neighboring devices via console
  • Routing
    • BGP:
      • Supported Flow Specification Rules
      • Supported weight attribute
      • Added possibility to set route-map default route, le/ge/eq
      • Added all, nearest, replace options for remove-private-as option
    • IP:
      • Supported IP Unnumbered
      • Added possibility to disable ICMP unreachable/redirect responses
      • Supported IPv6 Router Advertisement
    • Multiwan:
      • Supported mechanism to clear NAT sessions after an unreachable target is detected
  • Monitoring and management:
    • AAA:
      • Added possibility to set source IP address for TACACS/LDAP servers
      • Added possibility to set interface as a source for RADIUS server
      • Extended TACACS server key size to 60 characters
      • Added possibility to disable console port authentication
    • CLI:
      • Added possibility to set command aliases
      • Added possibility to view interface usage statistics
      • Added possibility to view CPU usage statistics
      • Added possibility to set a name for a static route
      • Added possibility to calculate hash sums of files
      • Added possibility to view the list of current crashes
      • Added possibility to disable debugging with one command
      • Added possibility to display messages when viewing logs for a certain period of time
      • Added possibility to download bootloaders
      • Added possibility to view rule description in output of show ip firewall counters command
      • Added possibility to copy files via HTTP(S) protocol
      • Added possibility to view the difference between configurations (running, candidate, factory)
      • Added possibility to view the configuration with metadata
      • Removed commit update command
    • SNMP:
      • Added possibility to set community for trap messages
      • Added possibility to set source IP address for trap messages
      • Added possibility to choose content of linkDown/linkUp traps between standard and cisco-like
    • SSH:
      • Added possibility to set source IP address for SSH client
    • Supported Cisco SLA responder
    • Supported Eltex SLA
    • Supported SFTP server
  • Filtering and translation
    • Firewall:
      • Added filtering by ICMP message type name
    • HTTP (S) Proxy:
      • Added filtering by content type: ActiveX, JS, Cookies
      • Added possibility to filter/redirect by local/remote lists
      • Added possibility to update remote URL lists via RADIUS CoA
    • NAT:
      • Added possibility to broadcast addresses from PPTP/PPPoE tunnel
  • Tunneling:
    • IPSEC:
      • Added possibility to use an IP address obtained by DHCP as a local gateway
      • Added possibility to view extended information about tunnel authentication
      • Supported XAuth client
      • Support for PFS (perfect forward secrecy) using the DH group

Version 1.4.4

Revisions:

  • PPPoE client:
    • Added PAP, MS-CHAP, MS-CHAPv2, EAP authentication methods

Version 1.4.2

Revisions:

  • Attack protection:
    • Added the show ip firewall screens counters command, which allows you to view statistics on detected network attacks
    • Implemented protection against XMAS and TCP all flags
  • SNMP:
    • Added possibility to set snmp-server contact and snmp-server location Added OIDs for these parameters
    • Implemented SNMP View: allow or deny access to community and user by OID
  • NTP:
    • Expanded show ntp peers output: added stratum and synchronization status
  • Firewall:
    • Added ip firewall sessions tracking sip port command, allowing you to select TCP/UDP port for SIP session tracking
  • Firewall:
    • Added ip firewall sessions tracking sip port command, allowing you to select TCP/UDP port for SIP session tracking
  • Tunneling:
    • Implemented L2TP client with IPSec support
  • IP SLA agent (Wellink):
    • Added possibility to manage tests without portal participation
    • Redesigned control and monitoring commands
    • Added threshold management commands: setting thresholds for exceeding and normalizing test parameters, alerting in CLI, SYSLOG and SNMP about threshold crossing

Version 1.4.1

Revisions:

  • Tunneling:
    • GRE enhancement:
      • Implemented keepalive mechanism for Ethernet over GRE tunnels
      • Increased maximum number of SoftGRE tunnels to 8K (ESR-1200/ESR-1700)
      • Added possibility to configure MTU on SUB-GRE tunnels
    • IPsec enhancement:
      • Added encryption algorithm null command in config-ipsec-proposal mode to disable encryption of ESP traffic
      • Support for policy-based IPsec operation in VRF
  • BRAS:
    • Supports speed limit per subscriber session
    • Added session ip-authentication command in config-subscriber-control configuration mode. When this option is enabled, user authentication is by IP address
    • Added show subscriber-control radius-servers command to view information about RADIUS servers used
  • SNMP:
    • Added possibility to apply the configuration and reboot the device with commitConfirmAndReload SetRequest
    • Support for the RMON agent, which allows to collect statistics about the nature of traffic on network interfaces
    • Implemented management of VoIP services via SNMP
    • Support for sending notifications when DoS attacks are detected
    • Implemented sending SNMP traps when thresholds are reached:
      • Network interfaces load
      • GRE/SUB-GRE tunnel
      • Number of tunnels included in the bridge-group
      • BRAS sessions
  • AAA:
    • Added possibility to specify the source-address for requests to the authentication and authorization server in config-tacacs-server and config-ldap-server configuration modes
  • Multiwan:
    • Added wan load-balance commands in config-cellular-modem configuration mode to configure Multiwan using a USB modem
  • L3 routing:
    • Supported BFD technology for static routing
    • BGP enhancement:
      • Added commands: default-information originate in config-bgp-af configuration mode, default-originate in config-bgp-neighbor configuration mode to allow default route advertisement
  • CLI:
    • Added support for the Ctrl-P and Ctrl-N hotkeys to view the history of entered commands
    • Added the ability to view the current state of tracking objects using the show tracking objects command
  • LLDP:
    • Added support for MED extension with support for announcing DSCP, VLAN, PRIORITY parameters for different device types. Through this extension the Voice VLAN transmission is realized
  • Firewall:
    • Implemented application traffic classification technology
    • Added ip firewall logging screen command in config mode to log detected DoS attacks
  • QOS:
    • Implemented GRED (Generic RED) mechanism to manage queue overflow based on IP DSCP or IP Precedence
  • VRRP:
    • Supported operation in VRF
    • Added VRRP track-ip
  • Zabbix:
    • Implemented Zabbix agent
  • Configuration:
    • Implemented automatic reading of the configuration from removable media when booting the device without configuration

Version 1.4.0

Revisions:

  • Tunneling:
    • Added PPTP client
    • Added PPPoE client
    • Support for Ethernet over GRE tunnel
    • Support for creating subinterfaces for Ethernet over GRE tunnels
    • Added possibility to increase MTU for tunnels up to 10000
    • IPsec enhancement:
      • Supported XAuth for dynamic IPsec tunnels
    • OpenVPN enhancement:
      • Extension of the list of encryption and authentication algorithms
  • BRAS:
    • Added possibility to broadcast the table USER IP - PROXY IP by NetFlow for proxied connections
  • L2 switching:
    • Added force-up command to config-vlan In this mode, the VLAN is always in the «Up» state
  • L3 routing:
    • Added possibility to optionally enable IPv6 stack on interfaces
    • BGP enhancement:
      • Increased the range of values for the local preference parameter
      • Extended output of the show ip bgp neighbors command
      • Implemented VRRP tracking: change MED and AS-path attributes based on VRRP state
  • CLI:
    • Added possibility to scale the size of the terminal to the size of the window on the PC when using the console connection. terminal resize command
    • Extended the set of allowed characters in APN in config-cellular-profile Added characters: "@", ".", "-"
    • Monitoring:
      • Added possibility to filter traffic by source/destination MAC address
      • Added possibility to view Firewall sessions
      • Output interface status information when calling show ip interfaces
  • DHCP:
    • Added possibility to exclude IP address from DHCP server address pool
    • Added possibility to set arbitrary option in IP-address, string, HEX-string format
  • NAT:
    • Support for Static NAT
  • NTP:
    • The ntp enable vrf <NAME> command outdated. Protocol time synchronization is enabled by the ntp enable command and will be allowed for all servers and peers in the configuration
    • Added ntp logging command to log NTP events
    • Added ntp source address <IP> command to set IP address for all NTP peers
  • SNMP:
    • The snmp-server vrf <NAME> command outdated. Protocol access is enabled with the snmp-server command and will be allowed for all communities and SNMPv3 users in the configuration
    • Management:
      • Support for copying firmware, configuration, certificates
      • Support for configuration operations (commit, confirm, restore, rollback, etc.)
      • Added possibility to create interfaces
      • Added possibility to change the image of the active software
      • Added possibility to reboot the device (only when snmp-server system-shutdown is enabled on esr)
      • Added possibility to configure VRRP
    • Monitoring:
      • Added possibility to view the number of existing interfaces and tunnels of all types
      • Added possibility to view the size of the ARP table
  • SYSLOG:
    • Added logging of stops/starts of system processes
  • VRRP:
    • Added the vrrp force-up In this VRRP mode, IP interface is always in the «Up» state

Version 1.3.0

Revisions:

  • Attack protection:
    • DoS attack protection:
      • ICMP flood
      • Land
      • Limit-session-destination
      • Limit-session-source
      • Syn flood
      • UDP flood
      • Winnuke
    • Blocking spy activity:
      • Fin-no-ack
      • ICMP type
      • IP sweep
      • Port scan
      • Spoofing
      • Syn-fin
      • TCP-no-flag
    • Blocking non-standard packets
      • ICMP fragment
      • IP fragment
      • Large ICMP
      • Syn fragment
      • UDP fragment
      • Unknown protocols
  • Support for DNS name resolution. Caching DNS server
  • Support for LLDP
  • Support for 3G/4G USB modems
  • AAA:
    • Added possibility to adjust the number of failed authentication attempts
    • Added possibility to set the password lifetime
    • Added possibility to set the maximum number of passwords stored in the history for each local user
    • Added reminder function of the initial password change
    • Added possibility to set a timeout for the login session
    • Added setting to allow/deny login as root when connecting via RS-232 (console)
    • Requirement to change the password after it expires
    • Added possibility to control password complexity
  • BGP:
    • Combining peers into groups with a set of attributes
  • BRAS:
    • Added Framed-IP-Address attribute containing subscriber IP address to Access-Request packets of RADIUS protocol
    • Optimized performance of the Proxy server
  • CLI:
    • Supported SFTP for uploading/downloading firmware files, configurations and certificates
    • Support for USB memory sticks, SD/MMC cards in firmware, configuration and certificate file copying operations
    • Added possibility to view table sizes and routing protocol priorities
    • Added possibility to view all routes belonging to a specified subnet
  • DHCP:
    • DHCP client. Manual IP address re-request
    • Support for DHCP server in VRF
    • Support for options 150 (tftp-server ip) and 61 (client-identifier HH:<MAC>) for DHCP server
  • Firewall:
    • Added possibility to control ALG modules
    • Added possibility to disable drop packets related to the session with an invalid status (e.g., in asymmetric routing)
  • IPSEC:
    • Added possibility to set the local address to any when configuring the IKE gateway
    • Support for certificates
  • L2 switching:
    • Added possibility to pass BPDU through the bridge on ESR-100/200
    • Added possibility to include the physical port in the bridge on the ESR-100/200
  • Multiwan:
    • Implemented automatic switching to a backup channel if parameters of the current channel deteriorate (LOSS, jitter, RTT)
    • Support for VRF operation
    • Support for LT tunnels
  • NTP:
    • Authentication support
    • Support for filtering by message type
  • SNMP:
    • Added possibility to disable SNMPv1
    • Implemented access control lists
    • Added possibility to control password complexity for snmp-server community
  • SSH
    • Added possibility to configure the maximum number of authentication attempts to connect via SSH
    • Added possibility to set the waiting interval for SSH connection authentication
    • Added possibility to set the key pair update interval for SSH
    • Selectable SSH version
    • Implemented authentication algorithms, encryption, key exchange configuration
    • Variable length RSA key generation
  • VLAN
    • Operational VLAN status management (ESR-1000/ESR-1200)
    • Support for MAC based VLAN
    • Added possibility to automatically add ports to existing VLANs
  • VRRP
    • Added possibility to use VRRP IP as source IP address for GRE, IP4IP4, L2TPv3 tunnels and RADIUS client
    • Listening to VRRP by L2TP/PPTP IP servers
    • Support for VRRPv3
    • Fixed incorrect order of virtual IP addresses in a packet

Version 1.2.0

Revisions:

  • Tunneling:
    • GRE Keepalive support
  • L3 routing:
    • BGP:
      • Adding of neighbor description
      • Possibility to enable/disable neighbors
      • Increased total number of BGP peers to 1000
      • View the total information on peers
    • Multiwan:
      • View operational information
    • VRRP:
      • Set a subnet mask for VRRP IP
    • Port-Channel Operational Status Management (ESR-100/200)
  • IPSEC:
    • Support for Policy-based IPsec mode
    • Flexible tunnel key renegotiation (margin seconds/packets/bytes, randomization)
    • Closing the IPsec tunnel after a specified number of packets/bytes have been transmitted
    • Specification of the time interval after which the connection is closed if no packets are received or transmitted through the SA
  • SNMP:
    • Display the current speed of the interfaces in the ifSpeed parameter of the IF-MIB
    • SNMP Trap:
      • Trap on exceeding the thresholds of CPU load and temperature, fan speed, free RAM and FLASH space
  • CLI:
    • Routing information filtering by protocol
    • Filtering by interface, IP address and MAC address in ARP/ND table clear commands
    • Storing log files in the non-volatile memory of the device
    • Uploading log files from the device using the copy command
    • View the contents of critlog with the show syslog command
    • View the contents of the log files from the end. Added show syslog from-end command
    • Configuration confirmation timer setting. Added system config-confirm timeout command
    • Changes in the command interface:
      • Cisco-like paths for files:

v1.2.0: system:..
esr# copy system:running-config
v1.1.0: fs://.../
esr# copy fs://running-config

  • AAA:
    • Added a mode in which the following methods will be used for authentication if the priority one is not available
  • NTP:
    • Authentication support
  • Firewall:
    • Increased the number of security zone pairs to 512
    • Added possibility to pass packets that could not be identified as belonging to any known connection and that are not the start of a new connection. Added ip firewall sessions allow-unknown command
  • QOS:
    • Configuring the length of edge queues in Basic QoS
  • BRAS:
    • Shaping by SSID and offices
    • Subscriber authentication by MAC-address
    • Configuring active/reserve redundancy based on VRRP status

Version 1.1.0

Revisions:

  • BRAS:
    • User termination
    • RADIUS CoA processing, interaction with AAA
    • URL whitelists/blacklists
    • Quoting by traffic volume and session time, or quoting by both
    • HTTP proxy
    • HTTP Redirect
    • HTTPS Proxy
    • HTTPS Redirect
    • Getting URL lists from PCRF
    • Session accounting via Netflow protocol
    • Optional additional verification of authorized users by MAC-address
  • Netflow:
    • Netflow v10. Exporting statistics by URL
    • VRF support
    • Support for Domain Observation ID
    • Information on NAT sessions
    • HTTPS Host export
    • Exporting information on L2/L3 location
    • Active-timeout configuration
    • Setting the source IP address for packets sent to the Netflow collector
    • Configuring exports on an interface with the Firewall enabled
  • VRRP:
    • Tracking routes based on the state of the VRRP process
  • CLI:
    • Autocomplete and display the names of created objects in tooltips
    • Display summary information by Firewall and NAT sessions
    • View real-time information on running services/processes
    • Informative tooltip in case of incorrect parameter entry
  • SYSLOG:
    • Added possibility to set source IP-address for interaction with SYSLOG servers
  • L2 switching:
    • Q-in-Q subinterfaces
  • L3 routing:
    • VRF enhancement:
      • Virtual Ethernet Tunnel (tunnel linking VRF)
    • BGP enhancement:
      • Configuring the source IP address for routing information exchange (update-source)
      • Support for BFD
  • DHCP Relay:
    • Support for Option 82
    • VRF support
    • Support for point-to-point interfaces (GRE, IP-IP, etc.)
  • Management interfaces:
    • SNMP:
      • Support for MAU-MIB
  • QOS:
    • Increasing the number of QoS policy-map to 1024 and class-map to 1024
  • Wi-Fi Controller:
    • Retrieve settings (tunnel-served SSID and shaping parameters) of DATA tunnels from RADIUS server

Version 1.0.8

Revisions:

  • Improved health monitoring of network services
  • AAA:
    • Setting a source IP to communicate with RADIUS servers
    • Deleting SSH host keys
    • Support for legacy encryption protocols for SSH connections from third-party devices
  • L3 routing:
    • MultiWAN: per-flow routing
    • Recursive static routing
    • BGP support for setting blackhole/unreachable/prohibit as Nexthop
    • VRF-lite enhancement:
      • support for NTP
      • Support for GRE tunnels
  • CLI enhancement:
    • Support for correct addition of partially entered parameters
    • Display the network interfaces uptime in the show interfaces status command
    • Replacing private data when logging entered commands with ***
    • Added no nat { source | destination } commands to quickly remove the entire NAT configuration
  • VRRP:
    • Support for version 3
    • Support for configuring GARP Master parameters
    • Simultaneous configuration of up to 8 Virtual IPs per process
  • Reservation of Firewall sessions is now configured independently of the Wi-Fi Controller
  • Multiwan:
    • Output messages about changes in route states
  • ESR-100/ESR-200:
    • Support for 100BASE-X transceivers on combo ports
  • ESR-1000:
    • Bridge: Prohibit switching of unknown-unicast traffic
  • Management interfaces:
    • SNMP:
      • SNMP Trap:
        • Trap on high CPU load
      • SNMP MIB:
        • IP-MIB
        • TUNNEL-MIB
        • ELTEX-TUNNEL-MIB
        • RL-PHYS-DESCRIPTION-MIB
        • CISCO-MEMORY-POOL-MIB
        • CISCO-PROCESS-MIB

Version 1.0.7

Revisions:

  • Device control: configuring the operation mode of the fans
  • L3 routing:
    • Automatically allocated VLAN (Internal Usage VLAN) do not change when the configuration is applied
    • MultiWAN: unconditional target check
    • Removed mutual crossing check for DirectConnect networks and static routes
    • Changes in TCP MSS
    • Changed restrictions on the maximum number of active routes (FIB)
    • Limited maximum number of routes for each dynamic routing protocol (RIB)
    • Added possibility to filter the default route in the Prefix List
    • BGP support
    • BGP ECMP
    • Keepalive timer autocalculation
    • Support for Policy-based routing (IPv4 only)
    • Logging changes in the state of connections with peers in the OSPF and BGP
    • Added possibility to use route-map for OSPF, RIP
    • VRF-lite enhancement:
      • BGP support
      • Support for OSPF
      • Поддержка QoS
      • Router management (AAA, Telnet, SSH, SNMP, Syslog, copy command)
    • IPv6 enhancement:
      • BGP support
      • Support for setting Nexthop in route-map
      • Support for RADIUS/TACACS/LDAP
      • Support for MultiWAN
  • Tunneling:
    • Authentication via RADIUS server for PPTP/L2TP servers
    • OpenVPN
    • Expiration of automatically raised Ethernet-over-GRE tunnels (Wi-Fi controller)
    • IPsec enhancement:
      • Support for DES protocol
      • Obtain operational information
  • ARP/ND:
    • Configuring the lifetime of entries
  • DHCP Server:
    • Configuring the netbios-name-server option in the DHCP address pool
  • CLI enhancement:
    • Viewing load on network interfaces
    • Extended list of protocols in ACL
    • The untagged/tagged parameter is made optional when removing a VLAN with the switchport general allowed vlan remove command
    • Viewing traffic on network interfaces
  • VRRP:
    • Preempt delay configuration
    • Simultaneous configuration of multiple Virtual IP
  • Multiwan:
    • Verification of all targets on the target list
  • ESR-100/ESR-200:
    • Policy-based QoS
    • ACL
  • ESR-1000:
    • Automatic SFP transceiver detection for 10G ports
    • Bridge: Isolation of tunnels or sub-interfaces in the bridge
    • Integration of third-party software:
      • IP SLA agent (Wellink)
  • SYSLOG: Added timezone setting before displaying messages
  • Management interfaces:
    • SNMP:
      • SNMP Trap
      • SNMP MIB:
        • ENTITY-MIB
        • IANA-ENTITY-MIB

Version 1.0.6

Revisions:

  • Management and monitoirng:
    • Automatic configuration redundancy
    • Statistics collection:
      • Netflow v5/v9/v10(IPFIX)
      • sFlow
  • MAC table:
    • Added possibility to limit the MAC-addresses being learnt
    • Added possibility to adjust the storage time of MAC-addresses
  • Syslog enhancement:
    • Logging critical commands
    • Logging routing protocols operation
  • CLI enhancement:
  • Command trace filtering by | include/exclude/begin/count
  • Improvement of the page view mode of commands
  • Switching syslog file browsing to page mode
  • Support for entering the port on which the TFTP/SSH/FTP service on the remote server works in the copy command
  • Added age display of ARP/IPv6 entries and self entries in show arp and show ipv6 neighbors commands
    • Changes in the command interface:
      • Added ip path-mtu-discovery command
      • DHCP: The ip address dhcp enable command changed to ip address dhcp

v.1.0.6:(config)# interface gigabitethernet 1/0/1
(config-if-gi)# ip address dhcp
v.1.0.5:(config)# interface gi 1/0/15
(config-if)# ip address dhcp enable

  • DHCP: Theip address dhcp server <IP> command changed to ip dhcp server address <IP>

v.1.0.6: (config)# interface gigabitethernet 1/0/1
(config-if)# ip dhcp server address 10.10.0.1
v.1.0.5: (config)# interface gigabitethernet 1/0/1
(config-if)# ip address dhcp server 10.10.0.1

  • DHCP: The ip address dhcp {<Ignore, lease-time, reboot, set reboot time, retry, select-timeout, timeout, vendor-class-id>} command changed to ip dhcp client {<Ignore, lease-time, reboot, set reboot time, retry, select-timeout, timeout, vendor-class-id>}

v.1.0.6: (config)# interface gigabitethernet 1/0/1
(config-if)# ip dhcp client timeout 60
v.1.0.5: (config)# interface gigabitethernet 1/0/1
(config-if)# ip address dhcp timeout 60

  • Firewall: The show security zone-pair counters command changed to show ip firewall counters

v.1.0.6: # show ip firewall counters
v.1.0.5: # show security zone-pair counters

  • Firewall: The clear security zone-pair command changed to clear ip firewall counters

v.1.0.6: # clear ip firewall counters
v.1.0.5: # clear security zone-pair

  • sNAT: The service nat source command changed to nat source

v.1.0.6: (config)# nat source
v.1.0.5: (config)# service nat source

  • dNAT: The service nat destination command changed to nat destination

v.1.0.6: (config)# nat destination
v.1.0.5: (config)# service nat destination

  • NTP: The service ntp {< broadcast-client, dscp, enable, peer, server>} command changed to ntp {< broadcast-client, dscp, enable, peer, server>}

v.1.0.6: (config)# ntp peer 10.10.10.10
v.1.0.5: (config)# service ntp peer 10.10.10.10

  • MULTIWAN: The target <IP> command changed to ip address <IP>

v.1.0.6: (config)# wan load-balance target-list eltex
(config-wan-target-list)# target 3
(config-wan-target)# ip address 10.10.0.1
v.1.0.5: (config)# wan load-balance target-list eltex
(config-wan-target-list)# target 3
(config-wan-target)# target 10.10.0.1

  • IPsec: The ipsec authentication method psk command changed to ipsec authentication method pre-shared-key

v.1.0.6: (config)# remote-access l2tp elt
(config)# ipsec authentication method pre-shared-key
v.1.0.5: (config)# remote-access l2tp elt
(config)# ipsec authentication method psk

  • QoS enhancement:
  • Prioritizing control traffic
  • Firewall enhancement:
  • Managing timers and number of sessions
  • SSH enhancement:
  • RSA, DSA, ECDSA, Ed25519 key generation
  • NAT enhancement:
  • Added possibility to run NAT when Firewall is disabled
  • Using bridge in the command to limit the scope of a rule group
  • MultiWAN enhancement:
  • Specifying SUB-interfaces as a gateway
  • SNMP enhancement:
  • Support for ifXTable
  • SNMP IPv6
  • Enable/disable user for low-level technical support access
  • Arbitrary MAC address settings on the network bridge
  • L3 routing:
  • BGP enhancement:
    • ExtCommunity
    • Private AS deletion mode
    • Mode of default-route announcement along with other routes
  • Filtering and assigning parameters to routes in redistribution

Version 1.0.5

Revisions:

  • CLI enhancement:
  • Deleting entities of the same type with one command via the 'all' option
  • Interfaces:
  • Support for Jumbo Frame (MTU up to 10000 bytes)
  • Assigning /32 prefixes to Loopback interfaces
  • Firewall:
  • Added possibility to interrupt/clean up established sessions
  • Disabling Firewall function
  • QOS:
  • Marking/remarking traffic
  • DSCP code mutation
  • Hierarchic QoS (HQoS)
  • Bandwidth management (shaping), 1 kbit/s step
  • Bandwidth reservation by traffic class (shaping per queue)
  • RED, GRED queue overload management
  • SFQ queue management
  • Policy-based QoS
  • Network services:
  • Access control list (ACL)
  • Support for issuing IP addresses by DHCP-server according to client's MAC-address
  • Support for filtering by MAC-addresses in Firewall
  • Support for simultaneous operation of DHCP server and Relay agent
  • Telnet, SSH clients
  • Support for E1 interfaces:
  • CHAP
  • PPP
  • MLPPP (Multilink PPP)
  • AAA:
  • Authentication and authorization by local user base, RADIUS, TACACS+, LDAP
  • Command accounting via the TACACS+ protocol
  • Session accounting: SYSLOG, RADIUS, TACACS+
  • Managing command privilege levels
  • L3 routing:
  • BGP enhancement:
    • Attribute filtering and attribute modification (local preference, AS-path, community, nexthop, origin, metric, subnet)
    • Support for Route-Reflector feature
    • Configuration of authentication options for a specific neighbor
    • Support for 32-bit numbers of autonomous systems
    • Added possibility to view prefixes received from neighbor and announced to neighbor
    • Added possibility to view information by specific prefix
  • RIP enhancement:
    • Summation of advertised subnets
    • Static neighborhood
  • OSPF enhancement:
    • Summation of advertised subnets
    • Support for the eligible parameter for NBMA interfaces
  • Route propagation management (prefix lists with the ability to specify valid prefixes using eq, le, ge rules)
  • Static routes with blackhole/prohibit/unreachable destination
  • VRF Lite:
    • Operation of network functions in the context of VRF:
      • IPv4/IPv6 addressing
      • Static routing
      • NAT
      • Firewall
  • System resource monitoring:
    • Connection/flow monitoring
    • Routing table monitoring
  • Improvements in Syslog operation
  • Router redundancy:
    • Firewall session redundancy
    • DHCP server lease redundancy
    • SoftGRE tunnel redundancy for Wi-Fi access points
  • Support for IPv6 addressing in the following network services:
    • Addressing
    • Static routing
    • Firewall
    • OSPFv3
    • Prefix-List
    • NTP
    • Syslog
    • Ping, traceroute utilities
    • Telnet client/server
    • SSH client/server
    • DHCP Server/Relay/Client
  • SNMP:
    • Added support for SNMPv3
    • Added SNMP MIB (monitoring) for QoS

Version 1.0.4

Revisions:

  • CLI:
    • Added possibility to import and export files using FTP, SCP
    • Viewing configurations by section
    • Added possibility to update u-boot from the system command interface
    • Changes in the command interface:
      • NAT: The proxy-arp interface command changed to ip nat proxy-arp

v.1.0.4: (config)# service nat source
(config-snat)# proxy-arp interface gigabitethernet 1/0/15 SPOOL
v.1.0.3: (config)# interface gigabitethernet 1/0/15
(config-if)# ip nat proxy-arp SPOOL

  • IKE: The policy command changed to ike-policy

v.1.0.4: (config)# security ike gateway gw1
(config-ike-gw)# policy ik_pol1
v.1.0.3: (config)# security ike gateway gw1
(config-ike-gw)# ike-policy ik_pol1

  • IPSec: The vpn-enable command changed to enable

v.1.0.4: (config)# security ipsec vpn vpn1
(config-ipsec-vpn)# vpn-enable
v.1.0.3: (config)# security ipsec vpn vpn1
(config-ipsec-vpn)# enable

  • VTI: The interface vti command changed to tunnel vti

v.1.0.4: (config)# tunnel vti 1
v.1.0.3: (config)# interface vti 1

  • DHCP: The service dhcp-server command changed to ip dhcp-server

v.1.0.4: (config)# ip dhcp-server
v.1.0.3: (config)# service dhcp-server

  • SNMP:
    • Added support for SNMP monitoring
    • Supported standard SNMP MIB (monitoring)
  • Routing features:
    • Authentication key-chain
    • OSPF:
      • NSSA
      • Stub Area
      • MD5 Authentication
      • MTU Ignore mode
    • RIP:
      • MD5 Authentication
    • BGP:
      • Support for EBGP Multihop
      • Support for next-hop-self attribute
    • Static routing:
      • Support for configuring multiple default routes
    • Configurable preference for routing protocols
  • Redundancy features:
    • Support for VRRP
    • Support for DualHoming redundancy
    • Control and redundancy of WAN (Wide Area Network) connections
    • Load balancing on WAN interfaces
  • DHCP:
    • Support for DHCP relay
  • QOS:
    • Traffic prioritization
    • L3 priority processing (DSCP)
    • Support for 8 priority queues
    • SP, WRR queue processing algorithms
    • Setting interface bandwidth limits for incoming and outgoing traffic
  • Interfaces:
    • Support for loopback interfaces
  • NAT/Firewall:
    • Support for renumbering rules
    • Viewing information about established sessions
    • Improved session monitoring for a number of protocols (H.323, GRE, FTP, SIP, SNMP)
    • Activating and deactivating session traffic counters
    • Change in the command interface: improved commands autocompletion
  • Mirroring:
    • Support for traffic mirroring

Version 1.0.3

Revisions:

  • Switching:
    • VLAN configuration
    • LAG (static and LACP)
    • STP/RSTP/MSTP
    • Port isolation
    • Bridge groups
  • Routing:
    • OSFP
    • BGP
    • RIP
  • NAT:
    • Proxy ARP for Source NAT
  • Remote access:
    • L2TPv3
    • IPv4-over-IPv4
    • GRE
  • Syslog:
    • Added possibility to configure logging in remote sessions (SSH and Telnet)
    • The message format is in accordance with RFC5424
    • Entered commands logging
  • CLI:
    • Added possibility to update the software via the CLI
    • Added possibility to view the operational status of interfaces
    • Support for port utilization
    • Support for viewing the ARP table
    • Command to view the serial number
    • View hardware version command
    • Support for ARP table cleaning
  • System:
    • Support for licensing
    • Support for Flash button
    • Implemented automatic load balancing between router cores
  • Security:
    • Support for group SHA-2 authentication methods in IKE IPsec

Version 1.0.2

Revisions:

  • Configuration:
    • Added possibility to copy configuration to (c) TFTP server(s)
    • Hostname
    • System time (manual)
    • Interface description
    • Added possibility for the firewall to filter the traffic broadcast or non-broadcast DNAT service
    • Added possibility to ignore certain options in the DHCP client
    • Changes in IPSec commands related to authentication and encryption
    • Checking for duplicate information in object-group service/network
    • Added possibility to reset to factory configuration
    • Added possibility to set time zones
  • Operative information:
    • System environment parameters
    • Active user sessions
    • Load on physical interfaces
    • Status of logical interfaces
    • Counters of logical interfaces
  • Remote access:
    • PPTP
    • L2TP/IPSec
  • NTP:
    • Server, peer, client modes
  • 10G port indication
  • Utilities:
    • Ping

Version 1.0.1

Revisions:

  • Address translation:
    • Source NAT
    • Destination NAT
    • Static NAT
  • Virtualization, VPN:
    • IKE
    • Tunnelling (IPsec)
    • Connection encryption (3DES, AES)
    • Message authentication by MD5, SHA1, SHA256, SHA384, SHA512
  • Network services:
    • DHCP Server
    • DHCP Client
    • DNS
  • L3 routing:
    • Static routes
  • Network security:
    • Firewall
  • Management:
    • Management interfaces:
      • CLI
      • Telnet, SSH
    • Access control (local user base)
    • Сonfiguration management
    • Automatic configuration restore
    • Updating the firmware (u-boot)
  • Monitoring:
    • Syslog


Performance:

Firewall performance (large packets)

5.9 Gbps

NAT performance (large packets)

5.9 Gbps

IPsec VPN performance (large packets)

3.7 Gbps (AES128bit / SHA1)

Number of VPN tunnels

100

Quantity of static routes

100

Number of competitive sessions

512,000

Version restrictions:

  • Bandwidth is limited (500Mbit/s per IPsec tunnel)
  • CPU load balancing is supported with limitations
  • Policy-based VPN is not supported
  • Updating firmware only by means of u-boot
  • Static switch control
  • No hardware bridging acceleration
  • No VLAN configuration (bridging)
  • No support for SNMP, Webs
  • No timezone configuration
  • No NTP