|| DeviceType | Wireless access controllers |
|| DeviceName1 | WLC-15, WLC-30, WLC-3200 |
|| DeviceType2 | ESR series service routers |
|| DeviceName2 | ESR-15, ESR-30, ESR-3100, ESR-3200 |
|| DocTitleAdditional | Release notes |
|| fwversion | 1.30.6 | |
|
Version 1.30.6
Revisions:
- Monitoring and management:
- CLI:
- snmp-server enable traps wlc-wids command to enable sending SNMP traps for WIDS events
- Functionality of converting 43 DHCP options from ASCII to hex has been implemented (format dhcp option-43 in the debug section)
- WEB:
- UI interface has been improved
- Monitoring
- WIDS log
- Sorting of configuration files by date has been improved
- Displaying the hostname on AP monitoring pages
- Date format in filters in the “Event Log” section has been changed
- Displaying the utilization and interference parameters in AP radio interfaces monitoring
- Configuration
- RADIUS server settings section
- VLAN settings section
- The configuration for portal authorization on AP has been implemented
- ARP suppression configuration in the radio profile (not supported for WEP/WOP-2ac, WEP-3ax, WEP-550K)
- WLC:
- Support for WEP-550K, WEP-30L-NB, WOP-3L-EX AP
- Synchronization of WLC logs during redundancy
- Support for portal authorization with Eltex-NAICE (for WEP-30L/WEP-30L-NB/30L-Z and WOP-30L/30LI/30LS)
- Support for redirecting CoA requests to radius-server local for portal authorization
- Monitoring
- Displaying the utilization and interference parameters in extended AP monitoring
- Unified format for displaying AP firmware in the show wlc ap firmware command
- show wlc journal info command for viewing summary information about WLC logs
- Units of measurement for speed in the show wlc ap interfaces <mac> output
- Configuration
- disconnect-on-reject command in portal-profile to disconnect the user upon Reject from RADIUS during MAB authentication (supported for WEP-30L/WEP-30L-NB/30L-Z and WOP-30L/30LI/30LS)
- http-auth-disable command in portal-profile to disable portal interaction with the AP via HTTP/HTTPS during user authorization
- neighbor-scan command in ap-profile to configure passive scanning has been extended for WEP-200L, WOP-20L, and WEP-3ax
- captive-adaptive command in ap-profile to enable portal authorization compatibility mode for iOS devices
- redirect-url-format command in portal-profile to specify the format of the user's MAC address and the format of the NAS ID in the redirect address when configuring portal authorization
- description command for user in radius-server local
- Configuring url-acl-profile and ipv4-acl in ap-profile and portal-profile to configure domain and IP address lists on the AP. The lists are used for unauthorized portal users
- Block of commands in ap-profile for configuring DAS parameters on the AP
- Block of commands in radius-server local for configuring DAS parameters used when redirecting CoA requests
- Ability to add a location name (location=<AP_LOCATION>) to redirect-url-custom in portal-profile
- Ability to redirect AAA RADIUS requests for different SSID to different servers
- The default value for the load-balance command in airtune-profile has been changed from “enabled” to “disabled”
- SNMP:
- OID eltWlcApInfoByMacTable (1.3.6.1.4.1.35265.1.224.1.3.2.7) is added to ELTEX-WLC-MIB which contains information about the AP indexed by MAC address
- OID eltWlcRadioRxUtilization (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.14) is added to ELTEX-WLC-MIB to view the RX disposal on the AP
- OID eltWlcRadioTxUtilization (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.15) is added to ELTEX-WLC-MIB to view the disposal TXT on the AP
- OID eltWlcRadioApInterferenceRatio (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.17) is added to ELTEX-WLC-MIB to view interference between Wi-Fi devices that operate on close but not completely independent channels
- OID eltWlcRadioCoChannelInterference (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.18) is added to ELTEX-WLC-MIB to view interference between Wi-Fi devices that operate on the same channel
- OID eltWlcRadioNoiseLevel (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.19) is added to ELTEX-WLC-MIB to view the noise level on the radio channel
- OID eltWlcRadioPacketErrorRate (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.20) is added to ELTEX-WLC-MIB to view the percentage of packets corrupted due to interference, weak signal, or collisions
- WIDS ladders are added to ELTEX-WLC-MIB
- OID eltexEnvMemoryAvailable (OID .1.3.6.1.4.1.35265.38.40.40.11) is added to ELTEX-GENERIC-MIB to view available memory
- Syslog:
- match process-name web command to filter WEB server events
- Security:
- Increased license lifetime when ELM is unavailable
Fixed:
- Erroneous termination of the lic-mgr service
- Bootloaders are not updated when updating firmware via the WEB
- After deleting radio-5g-profile, APs switch to Cfg failed status
- In ldap-profile, it is not possible to set ldap-server via a domain name
- Not all AirTune sessions are displayed
Version 1.30.4
Revisions:
- Implemented synchronization of AP firmware in the backup scheme
- Monitoring and management:
- Addedcritlog directory to show tech-support command output
- WEB:
- Full audit of administrator actions in the WEB interface via TACACS+ / RADIUS
- Optimized operation of WEB server when operating with clients and AP
- Improved adaptation of the WEB interface to different screen resolution
- Monitoring
- Filtering on the "Access points" and "Clients" pages
- Pagination when displaying data on the "Access points", "Clients", "Event log" pages
- CPU load graph
- Client IP address on client monitoring pages
- "VLAN number" column in the virtual access points table
- "Range" column in the clients table
- Monitoring of the 802.11v parameter on the "Roaming data" page
- Client IP address changed check-box in the client log
- Unified pop-up windows and snack bars when operating with tables
- Configuration
- Portal authorization settings
- Ability to limit the traffic speed (clients, VAP, broadcast, multicast)
- Configuring the 82 DHCP option on AP in radio profile
- Configuring the 802.11v in the AirTune profile
- Configuring the "Country code" in the AP profile to comply with local restrictions on channels and transmitter power corresponding to the selected country
- Changed order of settings in the SSID profile
- Configuring the IEEE 802.11 n/ac, a/n/ac modes for 5 GHz radio interface in the individual AP settings
- WLC:
- wlc-journal storage command to transfer WLC logs to HDD
- Optimized AP connection speed
- Optimized AP connection stability
- Monitoring
- Display the "VLAN" in the show wlc ap vap command output
- Display the range in which the client operates in the show wlc clients command output
- Display the ap-location in the AP log(show wlc journal ap)
- Display the band in the AP log (show wlc journal client)
- Configuration
- country-code command in the ap-profile to comply with local restrictions on channels and transmitter power corresponding to the selected country
- The maximum size of WLC logs is limited to 90 days. When updating to 1.30.4 firmware version, the size of existing logs will be automatically reduced
- Configuring the MQTT positioning for WEP-1L, WEP-2L, WOP-2L, WEP-3L
- Configuring the WIDS/WIPS for WEP-200L and WOP-20L
- neighbour-scan command in the ap-profile for configuring passive scanning on WOP/WEP-30L, WEP-30L-Z, WOP-30LS, WOP-30LI
- show wlc statistics command block for displaying statistics on clients and AP events
- arp suppression command for configuring ARP conversion
- lldp-server command block in ap-profile/services for configuring LLDP
- lldp command block in ap-profile/trace for configuring LLDP logging
- Ability to add NAS IP to the redirect address when configuring portal authorization via RADIUS
- Processing of deauth-attack in WIDS
- load-balance roaming clients max/min commands in airtune-profile for configuring the maximum/minimum number of users during balancing
- 802.11r cross-location-roaming command in AirTune settings to enable 802.11r roaming between locations
- Syslog:
- syslog web-commands for logging actions on WEB
- logging wlc-events/logging wlc-journal command for enabling WLC logs to syslog server
- SNMP:
- Optimization of WLC tables
Fixed:
Duplication of wireless client sessions in the WEB
- Incorrect status when ending a session in the WEB
- Error "RRM:rrm request for start optimization, location '<location name>' failed, reason: 'failure from airtune api'" when starting AirTune optimization for location
- Reason for the "RRM:Cannot backup domains info: 'malformed answer from airtune api'" log
- AP status change to the "Cfg failed" after deleting radio-2g-profile/radio-5g-profile
- AP status change to the "Failed" due to: "CoA timeout expired" when switching to the backup controller
- Service wlc_gre error termination
- Problem with obtaining an IP address via DHCP for clients using Broadcast check-box in the tunneling scheme
Reason for the "IS_NE check failed: stat_map->entry_sz (170 != 8) !!! on WLC-3200" log
Error when entering the path of external media for storing IPS rules
Error "PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1" due to the use of uppercase letters in the OpenVPN server configuration
Traffic classification by match access-group and DSCP
- show mac address-table command output when WLC is operating in a client traffic tunneling scheme
Allowed to specify the user name as a MAC address in the access profile
IPsec tunneling with XAuth authorization
Speed of SoftGRE tunnel establishment with LLDP enabled
- Error in the show wlc ap detailed command output when using 40 MHz radio channel width
- Error ESRinfo_wlc_service_activator_aps_MAX when requesting VAP
Version 1.30.2
Revisions:
- Monitoring and management:
- CLI:
- Added logging radius command to enable RADIUS server logs
- Added alarm enable journal command block for independent configuration of trap sending and alarm logging
- WEB:
- Configuration
- NAS ID configuration in radius-profile
- MAC authorization configuration in ssid-profile
- Syslog:
- Syslog messages filtering for RADIUS servver (match process-name radius-server)
- SNMP:
- eltWlcApVapTable (OID .1.3.6.1.4.1.35265.1.224.1.3.2.6) table in ELTEX-WLC-MIB, which contains information about enabled VAPs on AP
- OID eltWlcRadioUtilization (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.13) is added to ELTEX-WLC-MIB to get the value of the current radio channel utilization
Version 1.30.1
Revisions:
- Active-Standby clustering functionality for WLC
- Integration with ECCM
- Monitoring and management:
- Syslog:
- Syslog messages filtering for WLC services (match process-name wlc)
- SNMP:
- eltWlcApSaTable (OID .1.3.6.1.4.1.35265.1.224.1.3.2.5) table in ELTEX-WLC-MIB, which consists information about unregistered AP
- eltWlcClientInfoTable (OID .1.3.6.1.4.1.35265.1.224.1.3.3.4) table in ELTEX-WLC-MIB, which contains information about clients connected to the WLC
- WEB:
- WEB server transfer to VRF
- Security:
- WLC:
- Monitoring:
- Displaying the frequency range in thе show wlc clients command output
- Configuration:
- session password auth-password command to use RADIUS key as a password for mach-auth for portal authorization
- session password mac <MAC FORMAT> command to use client MAC address in the selected format as a password for mac-auth for portal authorization
- Time zone setting on AP. Time zone is taken from the device configuration if it is not set in the location
- proxy-https command to enable encrypted exchange between client and AP for portal authorization
- crypto cert and crypto private-key-password commands to select a certificate in portal authorization and to specify the certificate password
- radar command block in ap-profile to configure positioning by MQTT protocol
Version 1.30.0
Revisions:
- Monitoring and management:
- Support for vWLC
- Support for HDD
- CLI:
- show storage-devices hdd smart command to view the disk state
- unmount storage-device HDD/USB command to disconnect a disk or USB drive
- clear storage-device HDD/USB command to format a dick or USB drive
- show running-config/candidate-config wlc without-ap command to output wlc section confiuration without ap block
- show running-config/candidate-config without-wlc-ap command to output the device configuration without ap blcok in the wlc section
- WEB:
- UI optimization
- Monitoring
- VAP output
- Cleaning the event log of AP and clients
- Creating individual profile of AP from monitoring
- Manual firmware update on AP
- Sorting in tables
- Clients deauthentication
- Checking the configuration change
- Advanced filtering in the event log of AP and clients
- Configuration
- Individual AP configuration page
- Configuring AP updatr scheduler
- Profile copying
- Viewing profile bindings
- Automatic binding of AirTune (default_airtune) when creating a location
- Administration
- Downloading licenses to extend functionality
- Uploading/downloading the device configuration
- Resetting device configuration to factory settings
- Downloading the AP firmware
- Downloading and updating the device firmware
- Working with archived configurations
- Comparing the configurations
- Rebooting and delayed rebooting of the device
- SNMP:
- eltWlcApLocationTable (OID .1.3.6.1.4.1.35265.1.224.1.3.1.2) table in ELTEX-WLC-MIB, which consists AP Location configuration
- eltWlcApRadioTable (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4) table in ELTEX-WLC-MIB, which contains data on radio parameters of the AP
- OID eltWlcApHostname (OID .1.3.6.1.4.1.35265.1.224.1.3.2.3.1.11) is added to ELTEX-WLC-MIB to get AP hostname
- OID eltWlcApLocation (OID .1.3.6.1.4.1.35265.1.224.1.3.2.3.1.12) is added to ELTEX-WLC-MIB to get AP Location
- WLC:
- Support for WOP-30LI access point (AP)
- Maximum number for WCL-3200 is incresed to 3000
- Optimization of WLC work, work with AP sessions is spread over several cores
- Optimization of work of AP update manager, sliding schedule is implemented
- Ability to increse the number of AP using ELM
- Monitoring
- show wlc ap firmware command to display information about supported AP and firmware for them
- Extended AP event log, added information about the connection process
- Client IP address is added to the input of show wlc clients command
- Added 802.11v status outputs to AirTune monitoring commands show wlc airtune roaming statistics <ap location> and show wlc airtune <ap mac>
- Display of the average and maximum utilization of the radio channel on which the AP is operating in the show wlc ap <mac> detailed command output
- RADIUS server logging on client connection
- Configuration
- AP configuration to operate with the portal according to Cisco-like scheme for WEP-3ax
- Speed limitation setting for clients/SSID/broadcast/multicast traffic
- IP address ranges configuration for the whitelist in the external portal settings
- rates-basic and rates-supported commands to configure Supported/Basic rates in radio-2g/5g-profile and individual AP settings (ap <mac>)
- 802.11v configuration in AirTune
- Loosening of validation for individual AP settings (ap <mac>). Model and location are not always to be filled in
- Increased number of WLC profiles (radio-2g/5g-profile, radio-5g-profile, ssid-profile, ap-location, radius-profile) up to 80 % of the maximum number of AP
- ip dhcp information option <> commands to manage DHCP Option 82 settings on AP
- WIDS/WIPS
- Ability to configure WIDS/WIPS, the functionality is activated by license
- WIDS/WIPS event log
- Tunneling:
- tunnel-isolation command to enable isolation in softgre-controller when operating in data-tunnel configuration wlc mode
Version 1.26.1
Revisions:
Version 1.23.6
Revisions:
Version 1.23.3
Revisions:
Version 1.20.4
Revisions:
Version 1.20.3
Revisions:
Version 1.19.2
Revisions:
Version 1.19.1
Revisions:
- Support for
- Added crypto-sync service for certificate synchronization
- CLI:
- Added possibility to generate certificates and private key
- Added ip http server and ip https server commands to enable WEB server
- Added sync crypto force command to synchronize certificates manually
- WEB:
- Added acccess points monitoring
- Tunneling:
- Added possibility to allocate softgre-controller management by source addresses/networks
- Added possibility to selectively enable VLAN in softgre-controller for WLC mode
- WLC:
- Support for WOP-30L access point
- Implemented WLC redundancy via VRRP
- Added WPA2/WPA3, WPA3 Enterprise security modes
- Support for EAP-TLS operation in local RADIUS server
- Added show wlc clients command to view connected Wi-Fi clients list
- Added possibility to configure PMKSA caching
- Added possibility to configure NAS IP in RADIUS server when proxing
- Added output of common number of clients on an access point radio interface
- Added user name, location name, connection status client log
- Added possibility to set ssh/telnet/web/snmp services on an access point
Version 1.19.0
Revisions:
Version 1.18.1
Revisions:
- Support for ESR-15/30/3200 routers
- Implemented TFTP server functionality
- IPsec:
IDS/IPS:
Monitoring and management:
- CLI:
Implemented possibility to set the number of terminal rows and columns using terminal resize command
Added format mtdpartition data command to reformat flash:syslog, flash:data and flash:backup partitions in accordance with firmware versions 1.13.0 and later ones (for ESR-10/12V/12VF/14VF/100/200/1000/1200/1500/1511 routers)
Added clear mtd-partition data command to delete files from flash:syslog, flash:data and flash:backup partitions (for ESR-10/12V/12VF/14VF/100/200/1000/1200/1500/1511 routers)
Added no interface command to delete the physical interface configuration
Added checks when executing the copy command, preventing incorrect combinations of copy source and destination from being specified
- Added system cpu load-balance overload-threshold command to control session balancing between CPU cores
Added show ip firewall session failover and show ip nat translations failover commands to display firewall-failover cache
- SNMP:
- Implemented possibility to obtain SFP transceiver information via SNMP
- SYSLOG:
- Added possibility to filter syslog messages of individual processes when outputting to snmp/telnet/ssh and console sessions
- Added setting to the factory configuration
- Implemented possibility to add of the user that changed the configuration when automatically archiving the configuration by commit
- Implemented possibility to assign static IP address to the cellular modem interface
- Implemented support for four path-mtu-discovery modes:
- disable
- default
- icmp-discard
- secure
- Implemented possibility to control fragmentation of GRE packets using ip dont-fragment-bit ignore and ip path-mtu-discovery discovery disable
- MPLS:
- Implemented MPLS over GRE functionality
- Implemented BGP Inter-AS Option B functionality
- Implemented possibility to select bridge in LDP configuration
- Routing:
- Implemented possibility to specify an interface as a router-id for RIP, OSPF, ISIS, BGP, LDP
- Implemented possibility to specify an interface as an update-source for RIP, OSPF, ISIS, BGP, LDP
- BGP:
use static router-id
use the lowest IP address of the loopback interface
use the lowest IP address of the physical interface
- NTP:
Event tracking mechanism (track):
AAA:
DHCP:
Remote-access:
Corrected restrictions on maximum number of active routes (FIB):
ESR-1700: 3000000
ESR-1000/1200/1500/1511/3100/3200: 1700000
ESR-100/200/20/21/30, WLC-30: 1400000
ESR10/12V/12VF/14VF/15: 1000000
Version 1.17.3
Revisions:
- Monitoring and management:
- SNMP:
- Implemented possibility to monitor OSPF/BGP state via SNMP
- FTP-client:
- Implemented possibility to configure client IP address (ip ftp sourceaddress)
- Tunneling:
- Implemented possibility to announce group attributes with DMVPN-SPOKE
- IPsec:
Renamed rsa-public-key authentication method to public-key
Added support for PKCS1 and PKCS12 formats
Added support for ECDSA key type
Version 1.17.0
Revisions:
- Monitoring and management:
- CLI:
Implemented possibility to specify a comment when entering the commit command
Implemented possibility to specify a configuration confirmation timeout when entering the commit command
Implemented support for the delayed reboot function
Increased the number of prefixes and IP address ranges in the object-group network up to 1024
Implemented possibility to configure a tunnel group
Implemented possibility to calculate a checksum for files in the flash:backup/ partition
Added a 'Date of last modification' column to the dir command output
SSH:
Security:
BRAS:
DHCP:
Routing:
Version 1.15.3
Revisions:
- WLC:
- Support for WEP-200L access point
- Board-profile:
SSID:
Airtune:
Increased size of the event log for clients and access points
Added serial number, board version, and uptime to extended information on access point
Added information on connected clients to WLC status output (show wlc)
Supported SNMP monitoring of WLC
Hidden passwords in
Log-filter:
Ap-profile:
AP:
Service-activator:
Version 1.14.5
Revisions:
- QOS:
- Added possibility to specify bandwidth limitations in percent for complex-qos
- Routing:
- Added possibility to set Policy-Based Routing for local traffic
- Monitoring and management:
- Added possibility to update firmwware automatically with use of DHCP options
- SYSLOG:
- Added possibility to filter syslog messages of separate processes when recording local syslog file or remote syslog server
- Added possibility to log traffic flows processed by IPS/IDS to remote syslog server
- Redundancy:
- Support for STP/RSTP in bridge for all the models
- Support for STP/RSTP for physical interfaces in switchport mode for ESR-1x/2x
- Remote-access:
- Added possibility to limit authentication and encryption methods of IKE and IPsec protocols encryption for L2TP server and L2TP client
Version 1.14.0
Revisions:
- AAA:
- Added possibility to use TLS/SSL secured connection for LDAP
- DPI:
- Added detection of the following applications: bittorrent-networking, ms-netlogon, ms-rpc, ms-sms, rtp audio, secure-http, secure-smtp, vmware-vsphere
- IDS/IPS:
- Support for specific commands filtering for HTTP and FTP
- IPsec:
- Support for mode transport
- QoS:
- Added classification by URL
- Added classification by applications
- Track:
- Added possibility to track VRRP or SLA test state
- Added possibility to manage VRRP, PBR parameters, interface administrative status, static route, AS-PATH attribute and preference in route-map
- Monitoring and management:
- CLI:
- Added possibility to display device configuration with default parameters
- Added possibility to specify in command ping IPv4/IPv6/DNS host without
- Added possibility to set passwords of less than 8 symbols
- Added possibility to check external storage devices using the verify storage-device command
- Added possibility to format external storage devices using the clear storage-device command
- SSH:
Presence of host keys is checked at device start and if they are absent, generation occurs. Each device has unique ssh host keys
Removed obsolete rsa1 key type
Removed crypto key generate command from configure mode, and instead of it, the update ssh-host-key command is added to the root configuration mode
Collecting statistics:
Version 1.13.0
Revisions:
- Support for ESR-1511 and ESR-3100 routers
- Support for Content-Filter functionality for HTTP traffic
- Support for Anti-Spam functionality for HTTP traffic
- Routing:
- BGP:
- Increased BGP RIB ESR-10/12V/12VF/14VF to 1M routes
- Increased BGP RIB ESR-20/21/100/200 to 2.5M routes
- Increased BGP RIB ESR-1000/1200/1500/1510 to 5M routes
Version 1.12.0
Revisions:
Version 1.11.2
Revisions:
Version 1.11.1
Revisions:
Version 1.11.0
Revisions:
Version 1.10.0
Revisions:
- Routing:
- Added support for IS-IS routing protocol
- Added support for RIP NG routing protocol
- Reworked BGP configuration
- BGP:
- Added support for BGP Graceful restart
- Added support for BGP Weight attribute
- OSPF:
- Added support for OSPF Graceful restart
- Monitoring and management:
- Added possibility to enable monopoly access to the configuration
- Added possibility to reset CLI sessions
- Added possibility to clear the alarm list
- Tunneling:
- Added user authentication method selection for L2TP and PPTP servers
- Added possibility to use private key and certificate for OpenVPN client
- MPLS:
- Added support for LDP
- Added support for L2VPN VPWS
- Added support for L2VPN VPLS Martini mode
- Added support for L3VPN MP-BGP
Version 1.8.7
Revisions:
- USB-Modem:
- Added the 'no compression' command to disable Van Jacobson TCP/IP header compression method
- Monitoring and management:
- Added possibility to execute SSH commands in non-interactive command line sessions (CLI)
Version 1.8.5
Revisions:
- Security:
- Added possibility to use demo licenses for IDS/IPS
- SLA:
- Updated Wellink SLA agent on ESR-10/12V/12VF
- USB-Modem:
- Added possibility to use '_', '@', '.', '-' characters for user field in cellular profile configuration mode
- Monitoring:
- Added Zabbix-proxy functionality
Version 1.8.3
Revisions:
- IPSEC:
- Fixed problem of unstable IPsec operation with DMVPN and L2TPv3
- Multilink:
- Fixed problem of routing traffic from multilink
- Fixed problem with adding the second and subsequent interfaces in multilink
- OSPF:
- Fixed problem with route information update
Version 1.8.2
Revisions:
- Support for ESR-20/21/1500/1510 routers
- OpenVPN server:
- Increased the number of users to 64
- ACL:
- ESR-1X: increased the number of rules to 255
Version 1.8.1
Revisions:
- OpenVPN server:
- Added possibility to assign a static IP address to an OpenVPN user
- Added possibility to authorize multiple OpenVPN users with one certificate
Version 1.8.0
Revisions:
- Tunneling:
- BGP:
- Increased BGP RIB ESR-20/21/100/200 to 2M routes
- Increased BGP RIB ESR-1000/1200/1500/1510 to 3M routes
- SNMP:
Version 1.7.0
Revisions:
- Filtering:
- Support for IDS/IPS
- HTTP proxy: added redirect port configuration
- CLI:
- ESR-1700: Increased the maximum number of object-group networks to 1024
- Added possibility to specify prefix 0.0.0.0/0 in Prefix List, route-map
- Added possibility to specify links in object-group url as regular expressions
- Added possibility to change MAC-address of physical and aggregated interfaces
- Transfer port commands ip http proxy redirect-port, ip http proxy redirect-port from BRAS to HTTP(S) Proxy
- NAT:
- ESR-1700: Increased the maximum number of NAT pool to 1024
Version 1.6.6
Revisions:
- Tunneling:
- Support for the new keepalive mechanism for softgre tunnels. The tunnels are
checked by ping-probe from the client devices. The new operating mode is
enabled by the keepalive mode reactive command in the wireless-controller configuration
Version 1.6.5
Revisions:
- CLI:
- Added possibility to enable single-user configuration
mode - Added command to terminate CLI sessions
- Added notification of unapplied configuration changes when entering/exiting
configuration mode and CLI
- Tunneling:
- Added option to enable softgre sub-tunnel in Bridge, which is in
VRF
Version 1.6.4
Revisions:
- BRAS:
- Added show subscriber-control sessions count command to count the number of BRAS sessions
- Added show subscriber-control services count command to count the number of BRAS services
- mDNS
- Added mDNS-reflector functionality
- Added mDNS service filtering functionality
- Added show ip mdns-reflector command to view found mDNS services
- Added clear ip mdns-reflector command to update the list of services
- Monitoring and management:
- CLI
- Added dynamic/static and tunnel softgre filters for show/clear mac address-table commands
- Tunneling:
- Added clear tunnels softgre remote-address <ip> command to remove softgre tunnel for a specific point
- Added clear tunnels softgre command to remove all softgre tunnels
Version 1.6.2
Revisions:
- BRAS:
- Supported on ESR-1X/2X
- Added possibility to set the interface with dynamic IP addresses as nas-ip
- DHCP:
- Added possibility to clear DHCP server lease records
- Increased the number of static DHCP entries in the pool to 128
- QOS:
- Added classification on the outbound interface, which allows not to use ingress policies
- Added possibility to set multiple ACLs in a class
- Added the possibility to set a DSCP classification in a class
- VoIP:
- Added possibility to configure PBX
- Interfaces:
- Supported routerport/switchport/hybrid interface operation mode
- Supported E1 HDLC
- Supported Serial (RS-232):
- Organization of connections using analog modems in Dial up, leased line mode
- Controlling neighboring devices via console
- Routing
- BGP:
- Supported Flow Specification Rules
- Supported weight attribute
- Added possibility to set route-map default route, le/ge/eq
- Added all, nearest, replace options for remove-private-as option
- IP:
- Supported IP Unnumbered
- Added possibility to disable ICMP unreachable/redirect responses
- Supported IPv6 Router Advertisement
- Multiwan:
- Supported mechanism to clear NAT sessions after an unreachable target is detected
- Monitoring and management:
- AAA:
- Added possibility to set source IP address for TACACS/LDAP servers
- Added possibility to set interface as a source for RADIUS server
- Extended TACACS server key size to 60 characters
- Added possibility to disable console port authentication
- CLI:
- Added possibility to set command aliases
- Added possibility to view interface usage statistics
- Added possibility to view CPU usage statistics
- Added possibility to set a name for a static route
- Added possibility to calculate hash sums of files
- Added possibility to view the list of current crashes
- Added possibility to disable debugging with one command
- Added possibility to display messages when viewing logs for a certain period of time
- Added possibility to download bootloaders
- Added possibility to view rule description in output of show ip firewall counters command
- Added possibility to copy files via HTTP(S) protocol
- Added possibility to view the difference between configurations (running, candidate, factory)
- Added possibility to view the configuration with metadata
- Removed commit update command
- SNMP:
- Added possibility to set community for trap messages
- Added possibility to set source IP address for trap messages
- Added possibility to choose content of linkDown/linkUp traps between standard and cisco-like
- SSH:
- Added possibility to set source IP address for SSH client
- Supported Cisco SLA responder
- Supported Eltex SLA
- Supported SFTP server
- Filtering and translation
- Firewall:
- Added filtering by ICMP message type name
- HTTP (S) Proxy:
- Added filtering by content type: ActiveX, JS, Cookies
- Added possibility to filter/redirect by local/remote lists
- Added possibility to update remote URL lists via RADIUS CoA
- NAT:
- Added possibility to broadcast addresses from PPTP/PPPoE tunnel
- Tunneling:
- IPSEC:
- Added possibility to use an IP address obtained by DHCP as a local gateway
- Added possibility to view extended information about tunnel authentication
- Supported XAuth client
- Support for PFS (perfect forward secrecy) using the DH group
Version 1.4.4
Revisions:
- PPPoE client:
- Added PAP, MS-CHAP, MS-CHAPv2, EAP authentication methods
Version 1.4.2
Revisions:
- Attack protection:
- Added the show ip firewall screens counters command, which allows you to view statistics on detected network attacks
- Implemented protection against XMAS and TCP all flags
- SNMP:
- Added possibility to set snmp-server contact and snmp-server location Added OIDs for these parameters
- Implemented SNMP View: allow or deny access to community and user by OID
- NTP:
- Expanded show ntp peers output: added stratum and synchronization status
- Firewall:
- Added ip firewall sessions tracking sip port command, allowing you to select TCP/UDP port for SIP session tracking
- Firewall:
- Added ip firewall sessions tracking sip port command, allowing you to select TCP/UDP port for SIP session tracking
- Tunneling:
- Implemented L2TP client with IPSec support
- IP SLA agent (Wellink):
- Added possibility to manage tests without portal participation
- Redesigned control and monitoring commands
- Added threshold management commands: setting thresholds for exceeding and normalizing test parameters, alerting in CLI, SYSLOG and SNMP about threshold crossing
Version 1.4.1
Revisions:
- Tunneling:
- GRE enhancement:
- Implemented keepalive mechanism for Ethernet over GRE tunnels
- Increased maximum number of SoftGRE tunnels to 8K (ESR-1200/ESR-1700)
- Added possibility to configure MTU on SUB-GRE tunnels
- IPsec enhancement:
- Added encryption algorithm null command in config-ipsec-proposal mode to disable encryption of ESP traffic
- Support for policy-based IPsec operation in VRF
- BRAS:
- Supports speed limit per subscriber session
- Added session ip-authentication command in config-subscriber-control configuration mode. When this option is enabled, user authentication is by IP address
- Added show subscriber-control radius-servers command to view information about RADIUS servers used
- SNMP:
- Added possibility to apply the configuration and reboot the device with commitConfirmAndReload SetRequest
- Support for the RMON agent, which allows to collect statistics about the nature of traffic on network interfaces
- Implemented management of VoIP services via SNMP
- Support for sending notifications when DoS attacks are detected
- Implemented sending SNMP traps when thresholds are reached:
- Network interfaces load
- GRE/SUB-GRE tunnel
- Number of tunnels included in the bridge-group
- BRAS sessions
- AAA:
- Added possibility to specify the source-address for requests to the authentication and authorization server in config-tacacs-server and config-ldap-server configuration modes
- Multiwan:
- Added wan load-balance commands in config-cellular-modem configuration mode to configure Multiwan using a USB modem
- L3 routing:
- Supported BFD technology for static routing
- BGP enhancement:
- Added commands: default-information originate in config-bgp-af configuration mode, default-originate in config-bgp-neighbor configuration mode to allow default route advertisement
- CLI:
- Added support for the Ctrl-P and Ctrl-N hotkeys to view the history of entered commands
- Added possibility to view the current state of tracking objects using the show tracking objects command
- LLDP:
- Added support for MED extension with support for announcing DSCP, VLAN, PRIORITY parameters for different device types. Through this extension the Voice VLAN transmission is realized
- Firewall:
- Implemented application traffic classification technology
- Added ip firewall logging screen command in config mode to log detected DoS attacks
- QOS:
- Implemented GRED (Generic RED) mechanism to manage queue overflow based on IP DSCP or IP Precedence
- VRRP:
- Supported operation in VRF
- Added VRRP track-ip
- Zabbix:
- Configuration:
- Implemented automatic reading of the configuration from removable media when booting the device without configuration
Version 1.4.0
Revisions:
- Tunneling:
- Added PPTP client
- Added PPPoE client
- Support for Ethernet over GRE tunnel
- Support for creating subinterfaces for Ethernet over GRE tunnels
- Added possibility to increase MTU for tunnels up to 10000
- IPsec enhancement:
- Supported XAuth for dynamic IPsec tunnels
- OpenVPN enhancement:
- Extension of the list of encryption and authentication algorithms
- BRAS:
- Added possibility to broadcast the table USER IP - PROXY IP by NetFlow for proxied connections
- L2 switching:
- Added force-up command to config-vlan In this mode, the VLAN is always in the 'Up' state
- L3 routing:
- Added possibility to optionally enable IPv6 stack on interfaces
- BGP enhancement:
- Increased the range of values for the local preference parameter
- Extended output of the show ip bgp neighbors command
- Implemented VRRP tracking: change MED and AS-path attributes based on VRRP state
- CLI:
- Added possibility to scale the size of the terminal to the size of the window on the PC when using the console connection. terminal resize command
- Extended the set of allowed characters in APN in config-cellular-profile Added characters: '@', '.', '-'
- Monitoring:
- Added possibility to filter traffic by source/destination MAC address
- Added possibility to view Firewall sessions
- Output interface status information when calling show ip interfaces
- DHCP:
- Added possibility to exclude IP address from DHCP server address pool
- Added possibility to set arbitrary option in IP-address, string, HEX-string format
- NAT:
- NTP:
- The ntp enable vrf <NAME> command outdated. Protocol time synchronization is enabled by the ntp enable command and will be allowed for all servers and peers in the configuration
- Added ntp logging command to log NTP events
- Added ntp source address <IP> command to set IP address for all NTP peers
- SNMP:
- The snmp-server vrf <NAME> command outdated. Protocol access is enabled with the snmp-server command and will be allowed for all communities and SNMPv3 users in the configuration
- Management:
- Support for copying firmware, configuration, certificates
- Support for configuration operations (commit, confirm, restore, rollback, etc.)
- Added possibility to create interfaces
- Added possibility to change the image of the active software
- Added possibility to reboot the device (only when snmp-server system-shutdown is enabled on esr)
- Added possibility to configure VRRP
- Monitoring:
- Added possibility to view the number of existing interfaces and tunnels of all types
- Added possibility to view the size of the ARP table
- SYSLOG:
- Added logging of stops/starts of system processes
- VRRP:
- Added the vrrp force-up In this VRRP mode, IP interface is always in the 'Up' state
Version 1.3.0
Revisions:
- Attack protection:
- DoS attack protection:
- ICMP flood
- Land
- Limit-session-destination
- Limit-session-source
- Syn flood
- UDP flood
- Winnuke
- Blocking spy activity:
- Fin-no-ack
- ICMP type
- IP sweep
- Port scan
- Spoofing
- Syn-fin
- TCP-no-flag
- Blocking non-standard packets
- ICMP fragment
- IP fragment
- Large ICMP
- Syn fragment
- UDP fragment
- Unknown protocols
- Support for DNS name resolution. Caching DNS server
- Support for LLDP
- Support for 3G/4G USB modems
- AAA:
- Added possibility to adjust the number of failed authentication attempts
- Added possibility to set the password lifetime
- Added possibility to set the maximum number of passwords stored in the history for each local user
- Added reminder function of the initial password change
- Added possibility to set a timeout for the login session
- Added setting to allow/deny login as root when connecting via RS-232 (console)
- Requirement to change the password after it expires
- Added possibility to control password complexity
- BGP:
- Combining peers into groups with a set of attributes
- BRAS:
- Added Framed-IP-Address attribute containing subscriber IP address to Access-Request packets of RADIUS protocol
- Optimized performance of the Proxy server
- CLI:
- Supported SFTP for uploading/downloading firmware files, configurations and certificates
- Support for USB memory sticks, SD/MMC cards in firmware, configuration and certificate file copying operations
- Added possibility to view table sizes and routing protocol priorities
- Added possibility to view all routes belonging to a specified subnet
- DHCP:
- DHCP client. Manual IP address re-request
- Support for DHCP server in VRF
- Support for options 150 (tftp-server ip) and 61 (client-identifier HH:<MAC>) for DHCP server
- Firewall:
- Added possibility to control ALG modules
- Added possibility to disable drop packets related to the session with an invalid status (e.g., in asymmetric routing)
- IPSEC:
- Added possibility to set the local address to any when configuring the IKE gateway
- Support for certificates
- L2 switching:
- Added possibility to pass BPDU through the bridge on ESR-100/200
- Added possibility to include the physical port in the bridge on the ESR-100/200
- Multiwan:
- Implemented automatic switching to a backup channel if parameters of the current channel deteriorate (LOSS, jitter, RTT)
- Support for VRF operation
- Support for LT tunnels
- NTP:
- Authentication support
- Support for filtering by message type
- SNMP:
- Added possibility to disable SNMPv1
- Implemented access control lists
- Added possibility to control password complexity for snmp-server community
- SSH
- Added possibility to configure the maximum number of authentication attempts to connect via SSH
- Added possibility to set the waiting interval for SSH connection authentication
- Added possibility to set the key pair update interval for SSH
- Selectable SSH version
- Implemented authentication algorithms, encryption, key exchange configuration
- Variable length RSA key generation
- VLAN
- Operational VLAN status management (ESR-1000/ESR-1200)
- Support for MAC based VLAN
- Added possibility to automatically add ports to existing VLANs
- VRRP
- Added possibility to use VRRP IP as source IP address for GRE, IP4IP4, L2TPv3 tunnels and RADIUS client
- Listening to VRRP by L2TP/PPTP IP servers
- Support for VRRPv3
- Fixed incorrect order of virtual IP addresses in a packet
Version 1.2.0
Revisions:
- Tunneling:
- L3 routing:
- BGP:
- Adding of neighbor description
- Possibility to enable/disable neighbors
- Increased total number of BGP peers to 1000
- View the total information on peers
- Multiwan:
- View operational information
- VRRP:
- Set a subnet mask for VRRP IP
- Port-Channel Operational Status Management (ESR-100/200)
- IPSEC:
- Support for Policy-based IPsec mode
- Flexible tunnel key renegotiation (margin seconds/packets/bytes, randomization)
- Closing the IPsec tunnel after a specified number of packets/bytes have been transmitted
- Specification of the time interval after which the connection is closed if no packets are received or transmitted through the SA
- SNMP:
- Display the current speed of the interfaces in the ifSpeed parameter of the IF-MIB
- SNMP Trap:
- Trap on exceeding the thresholds of CPU load and temperature, fan speed, free RAM and FLASH space
- CLI:
- Routing information filtering by protocol
- Filtering by interface, IP address and MAC address in ARP/ND table clear commands
- Storing log files in the non-volatile memory of the device
- Uploading log files from the device using the copy command
- View the contents of critlog with the show syslog command
- View the contents of the log files from the end. Added show syslog from-end command
- Configuration confirmation timer setting. Added system config-confirm timeout command
- Changes in the command interface:
- Cisco-like paths for files:
v1.2.0: system:..
esr# copy system:running-config
v1.1.0: fs://.../
esr# copy fs://running-config
- AAA:
- Added a mode in which the following methods will be used for authentication if the priority one is not available
- NTP:
- Firewall:
- Increased the number of security zone pairs to 512
- Added possibility to pass packets that could not be identified as belonging to any known connection and that are not the start of a new connection. Added ip firewall sessions allow-unknown command
- QOS:
- Configuring the length of edge queues in Basic QoS
- BRAS:
- Shaping by SSID and offices
- Subscriber authentication by MAC-address
- Configuring active/reserve redundancy based on VRRP status
Version 1.1.0
Revisions:
- BRAS:
- User termination
- RADIUS CoA processing, interaction with AAA
- URL whitelists/blacklists
- Quoting by traffic volume and session time, or quoting by both
- HTTP proxy
- HTTP Redirect
- HTTPS Proxy
- HTTPS Redirect
- Getting URL lists from PCRF
- Session accounting via Netflow protocol
- Optional additional verification of authorized users by MAC-address
- Netflow:
- Netflow v10. Exporting statistics by URL
- VRF support
- Support for Domain Observation ID
- Information on NAT sessions
- HTTPS Host export
- Exporting information on L2/L3 location
- Active-timeout configuration
- Setting the source IP address for packets sent to the Netflow collector
- Configuring exports on an interface with the Firewall enabled
- VRRP:
- Tracking routes based on the state of the VRRP process
- CLI:
- Autocomplete and display the names of created objects in tooltips
- Display summary information by Firewall and NAT sessions
- View real-time information on running services/processes
- Informative tooltip in case of incorrect parameter entry
- SYSLOG:
- Added possibility to set source IP-address for interaction with SYSLOG servers
- L2 switching:
- L3 routing:
- VRF enhancement:
- Virtual Ethernet Tunnel (tunnel linking VRF)
- BGP enhancement:
- Configuring the source IP address for routing information exchange (update-source)
- Support for BFD
- DHCP Relay:
- Support for Option 82
- VRF support
- Support for point-to-point interfaces (GRE, IP-IP, etc.)
- Management interfaces:
- QOS:
- Increasing the number of QoS policy-map to 1024 and class-map to 1024
- Wi-Fi Controller:
- Retrieve settings (tunnel-served SSID and shaping parameters) of DATA tunnels from RADIUS server
Version 1.0.8
Revisions:
- Improved health monitoring of network services
- AAA:
- Setting a source IP to communicate with RADIUS servers
- Deleting SSH host keys
- Support for legacy encryption protocols for SSH connections from third-party devices
- L3 routing:
- MultiWAN: per-flow routing
- Recursive static routing
- BGP support for setting blackhole/unreachable/prohibit as Nexthop
- VRF-lite enhancement:
- support for NTP
- Support for GRE tunnels
- CLI enhancement:
- Support for correct addition of partially entered parameters
- Display the network interfaces uptime in the show interfaces status command
- Replacing private data when logging entered commands with ***
- Added no nat { source | destination } commands to quickly remove the entire NAT configuration
- VRRP:
- Support for version 3
- Support for configuring GARP Master parameters
- Simultaneous configuration of up to 8 Virtual IPs per process
- Reservation of Firewall sessions is now configured independently of the Wi-Fi Controller
- Multiwan:
- Output messages about changes in route states
- ESR-100/ESR-200:
- Support for 100BASE-X transceivers on combo ports
- ESR-1000:
- Bridge: Prohibit switching of unknown-unicast traffic
- Management interfaces:
- SNMP:
- SNMP Trap:
- SNMP MIB:
- IP-MIB
- TUNNEL-MIB
- ELTEX-TUNNEL-MIB
- RL-PHYS-DESCRIPTION-MIB
- CISCO-MEMORY-POOL-MIB
- CISCO-PROCESS-MIB
Version 1.0.7
Revisions:
- Device control: configuring the operation mode of the fans
- L3 routing:
- Automatically allocated VLAN (Internal Usage VLAN) do not change when the configuration is applied
- MultiWAN: unconditional target check
- Removed mutual crossing check for DirectConnect networks and static routes
- Changes in TCP MSS
- Changed restrictions on the maximum number of active routes (FIB)
- Limited maximum number of routes for each dynamic routing protocol (RIB)
- Added possibility to filter the default route in the Prefix List
- BGP support
- BGP ECMP
- Keepalive timer autocalculation
- Support for Policy-based routing (IPv4 only)
- Logging changes in the state of connections with peers in the OSPF and BGP
- Added possibility to use route-map for OSPF, RIP
- VRF-lite enhancement:
- BGP support
- Support for OSPF
- Поддержка QoS
- Router management (AAA, Telnet, SSH, SNMP, Syslog, copy command)
- IPv6 enhancement:
- BGP support
- Support for setting Nexthop in route-map
- Support for RADIUS/TACACS/LDAP
- Support for MultiWAN
- Tunneling:
- Authentication via RADIUS server for PPTP/L2TP servers
- OpenVPN
- Expiration of automatically raised Ethernet-over-GRE tunnels (Wi-Fi controller)
- IPsec enhancement:
- Support for DES protocol
- Obtain operational information
- ARP/ND:
- Configuring the lifetime of entries
- DHCP Server:
- Configuring the netbios-name-server option in the DHCP address pool
- CLI enhancement:
- Viewing load on network interfaces
- Extended list of protocols in ACL
- The untagged/tagged parameter is made optional when removing a VLAN with the switchport general allowed vlan remove command
- Viewing traffic on network interfaces
- VRRP:
- Preempt delay configuration
- Simultaneous configuration of multiple Virtual IP
- Multiwan:
- Verification of all targets on the target list
- ESR-100/ESR-200:
- ESR-1000:
- Automatic SFP transceiver detection for 10G ports
- Bridge: Isolation of tunnels or sub-interfaces in the bridge
- Integration of third-party software:
- SYSLOG: Added timezone setting before displaying messages
- Management interfaces:
- SNMP:
- SNMP Trap
- SNMP MIB:
- ENTITY-MIB
- IANA-ENTITY-MIB
Version 1.0.6
Revisions:
- Management and monitoirng:
- Automatic configuration redundancy
- Statistics collection:
- Netflow v5/v9/v10(IPFIX)
- sFlow
- MAC table:
- Added possibility to limit the MAC-addresses being learnt
- Added possibility to adjust the storage time of MAC-addresses
- Syslog enhancement:
- Logging critical commands
- Logging routing protocols operation
- CLI enhancement:
- Command trace filtering by | include/exclude/begin/count
- Improvement of the page view mode of commands
- Switching syslog file browsing to page mode
- Support for entering the port on which the TFTP/SSH/FTP service on the remote server works in the copy command
- Added age display of ARP/IPv6 entries and self entries in show arp and show ipv6 neighbors commands
- Changes in the command interface:
- Added ip path-mtu-discovery command
- DHCP: The ip address dhcp enable command changed to ip address dhcp
v.1.0.6:(config)# interface gigabitethernet 1/0/1
(config-if-gi)# ip address dhcp
v.1.0.5:(config)# interface gi 1/0/15
(config-if)# ip address dhcp enable
- DHCP: Theip address dhcp server <IP> command changed to ip dhcp server address <IP>
v.1.0.6: (config)# interface gigabitethernet 1/0/1
(config-if)# ip dhcp server address 10.10.0.1
v.1.0.5: (config)# interface gigabitethernet 1/0/1
(config-if)# ip address dhcp server 10.10.0.1
- DHCP: The ip address dhcp {<Ignore, lease-time, reboot, set reboot time, retry, select-timeout, timeout, vendor-class-id>} command changed to ip dhcp client {<Ignore, lease-time, reboot, set reboot time, retry, select-timeout, timeout, vendor-class-id>}
v.1.0.6: (config)# interface gigabitethernet 1/0/1
(config-if)# ip dhcp client timeout 60
v.1.0.5: (config)# interface gigabitethernet 1/0/1
(config-if)# ip address dhcp timeout 60
- Firewall: The show security zone-pair counters command changed to show ip firewall counters
v.1.0.6: # show ip firewall counters
v.1.0.5: # show security zone-pair counters
- Firewall: The clear security zone-pair command changed to clear ip firewall counters
v.1.0.6: # clear ip firewall counters
v.1.0.5: # clear security zone-pair
- sNAT: The service nat source command changed to nat source
v.1.0.6: (config)# nat source
v.1.0.5: (config)# service nat source
- dNAT: The service nat destination command changed to nat destination
v.1.0.6: (config)# nat destination
v.1.0.5: (config)# service nat destination
- NTP: The service ntp {< broadcast-client, dscp, enable, peer, server>} command changed to ntp {< broadcast-client, dscp, enable, peer, server>}
v.1.0.6: (config)# ntp peer 10.10.10.10
v.1.0.5: (config)# service ntp peer 10.10.10.10
- MULTIWAN: The target <IP> command changed to ip address <IP>
v.1.0.6: (config)# wan load-balance target-list eltex
(config-wan-target-list)# target 3
(config-wan-target)# ip address 10.10.0.1
v.1.0.5: (config)# wan load-balance target-list eltex
(config-wan-target-list)# target 3
(config-wan-target)# target 10.10.0.1
- IPsec: The ipsec authentication method psk command changed to ipsec authentication method pre-shared-key
v.1.0.6: (config)# remote-access l2tp elt
(config)# ipsec authentication method pre-shared-key
v.1.0.5: (config)# remote-access l2tp elt
(config)# ipsec authentication method psk
- QoS enhancement:
- Prioritizing control traffic
- Firewall enhancement:
- Managing timers and number of sessions
- SSH enhancement:
- RSA, DSA, ECDSA, Ed25519 key generation
- NAT enhancement:
- Added possibility to run NAT when Firewall is disabled
- Using bridge in the command to limit the scope of a rule group
- MultiWAN enhancement:
- Specifying SUB-interfaces as a gateway
- SNMP enhancement:
- Support for ifXTable
- SNMP IPv6
- Enable/disable user for low-level technical support access
- Arbitrary MAC address settings on the network bridge
- L3 routing:
- BGP enhancement:
- ExtCommunity
- Private AS deletion mode
- Mode of default-route announcement along with other routes
- Filtering and assigning parameters to routes in redistribution
Version 1.0.5
Revisions:
- CLI enhancement:
- Deleting entities of the same type with one command via the 'all' option
- Interfaces:
- Support for Jumbo Frame (MTU up to 10000 bytes)
- Assigning /32 prefixes to Loopback interfaces
- Firewall:
- Added possibility to interrupt/clean up established sessions
- Disabling Firewall function
- QOS:
- Marking/remarking traffic
- DSCP code mutation
- Hierarchic QoS (HQoS)
- Bandwidth management (shaping), 1 kbit/s step
- Bandwidth reservation by traffic class (shaping per queue)
- RED, GRED queue overload management
- SFQ queue management
- Policy-based QoS
- Network services:
- Access control list (ACL)
- Support for issuing IP addresses by DHCP-server according to client's MAC-address
- Support for filtering by MAC-addresses in Firewall
- Support for simultaneous operation of DHCP server and Relay agent
- Telnet, SSH clients
- Support for E1 interfaces:
- CHAP
- PPP
- MLPPP (Multilink PPP)
- AAA:
- Authentication and authorization by local user base, RADIUS, TACACS+, LDAP
- Command accounting via the TACACS+ protocol
- Session accounting: SYSLOG, RADIUS, TACACS+
- Managing command privilege levels
- L3 routing:
- BGP enhancement:
- Attribute filtering and attribute modification (local preference, AS-path, community, nexthop, origin, metric, subnet)
- Support for Route-Reflector feature
- Configuration of authentication options for a specific neighbor
- Support for 32-bit numbers of autonomous systems
- Added possibility to view prefixes received from neighbor and announced to neighbor
- Added possibility to view information by specific prefix
- RIP enhancement:
- Summation of advertised subnets
- Static neighborhood
- OSPF enhancement:
- Summation of advertised subnets
- Support for the eligible parameter for NBMA interfaces
- Route propagation management (prefix lists with the ability to specify valid prefixes using eq, le, ge rules)
- Static routes with blackhole/prohibit/unreachable destination
- VRF Lite:
- Operation of network functions in the context of VRF:
- IPv4/IPv6 addressing
- Static routing
- NAT
- Firewall
- System resource monitoring:
- Connection/flow monitoring
- Routing table monitoring
- Improvements in Syslog operation
- Router redundancy:
- Firewall session redundancy
- DHCP server lease redundancy
- SoftGRE tunnel redundancy for Wi-Fi access points
- Support for IPv6 addressing in the following network services:
- Addressing
- Static routing
- Firewall
- OSPFv3
- Prefix-List
- NTP
- Syslog
- Ping, traceroute utilities
- Telnet client/server
- SSH client/server
- DHCP Server/Relay/Client
- SNMP:
- Added support for SNMPv3
- Added SNMP MIB (monitoring) for QoS
Version 1.0.4
Revisions:
- CLI:
- Added possibility to import and export files using FTP, SCP
- Viewing configurations by section
- Added possibility to update u-boot from the system command interface
- Changes in the command interface:
- NAT: The proxy-arp interface command changed to ip nat proxy-arp
v.1.0.4: (config)# service nat source
(config-snat)# proxy-arp interface gigabitethernet 1/0/15 SPOOL
v.1.0.3: (config)# interface gigabitethernet 1/0/15
(config-if)# ip nat proxy-arp SPOOL
- IKE: The policy command changed to ike-policy
v.1.0.4: (config)# security ike gateway gw1
(config-ike-gw)# policy ik_pol1
v.1.0.3: (config)# security ike gateway gw1
(config-ike-gw)# ike-policy ik_pol1
- IPSec: The vpn-enable command changed to enable
v.1.0.4: (config)# security ipsec vpn vpn1
(config-ipsec-vpn)# vpn-enable
v.1.0.3: (config)# security ipsec vpn vpn1
(config-ipsec-vpn)# enable
- VTI: The interface vti command changed to tunnel vti
v.1.0.4: (config)# tunnel vti 1
v.1.0.3: (config)# interface vti 1
- DHCP: The service dhcp-server command changed to ip dhcp-server
v.1.0.4: (config)# ip dhcp-server
v.1.0.3: (config)# service dhcp-server
- SNMP:
- Added support for SNMP monitoring
- Supported standard SNMP MIB (monitoring)
- Routing features:
- Authentication key-chain
- OSPF:
- NSSA
- Stub Area
- MD5 Authentication
- MTU Ignore mode
- RIP:
- BGP:
- Support for EBGP Multihop
- Support for next-hop-self attribute
- Static routing:
- Support for configuring multiple default routes
- Configurable preference for routing protocols
- Redundancy features:
- Support for VRRP
- Support for DualHoming redundancy
- Control and redundancy of WAN (Wide Area Network) connections
- Load balancing on WAN interfaces
- DHCP:
- QOS:
- Traffic prioritization
- L3 priority processing (DSCP)
- Support for 8 priority queues
- SP, WRR queue processing algorithms
- Setting interface bandwidth limits for incoming and outgoing traffic
- Interfaces:
- Support for loopback interfaces
- NAT/Firewall:
- Support for renumbering rules
- Viewing information about established sessions
- Improved session monitoring for a number of protocols (H.323, GRE, FTP, SIP, SNMP)
- Activating and deactivating session traffic counters
- Change in the command interface: improved commands autocompletion
- Mirroring:
- Support for traffic mirroring
Version 1.0.3
Revisions:
- Switching:
- VLAN configuration
- LAG (static and LACP)
- STP/RSTP/MSTP
- Port isolation
- Bridge groups
- Routing:
- NAT:
- Remote access:
- Syslog:
- Added possibility to configure logging in remote sessions (SSH and Telnet)
- The message format is in accordance with RFC5424
- Entered commands logging
- CLI:
- Added possibility to update the software via the CLI
- Added possibility to view the operational status of interfaces
- Support for port utilization
- Support for viewing the ARP table
- Command to view the serial number
- View hardware version command
- Support for ARP table cleaning
- System:
- Support for licensing
- Support for Flash button
- Implemented automatic load balancing between router cores
- Security:
- Support for group SHA-2 authentication methods in IKE IPsec
Version 1.0.2
Revisions:
- Configuration:
- Added possibility to copy configuration to (c) TFTP server(s)
- Hostname
- System time (manual)
- Interface description
- Added possibility for the firewall to filter the traffic broadcast or non-broadcast DNAT service
- Added possibility to ignore certain options in the DHCP client
- Changes in IPSec commands related to authentication and encryption
- Checking for duplicate information in object-group service/network
- Added possibility to reset to factory configuration
- Added possibility to set time zones
- Operative information:
- System environment parameters
- Active user sessions
- Load on physical interfaces
- Status of logical interfaces
- Counters of logical interfaces
- Remote access:
- NTP:
- Server, peer, client modes
- 10G port indication
- Utilities:
Version 1.0.1
Revisions:
- Address translation:
- Source NAT
- Destination NAT
- Static NAT
- Virtualization, VPN:
- IKE
- Tunnelling (IPsec)
- Connection encryption (3DES, AES)
- Message authentication by MD5, SHA1, SHA256, SHA384, SHA512
- Network services:
- DHCP Server
- DHCP Client
- DNS
- L3 routing:
- Network security:
- Management:
- Management interfaces:
- Access control (local user base)
- Сonfiguration management
- Automatic configuration restore
- Updating the firmware (u-boot)
- Monitoring:
Performance:
Firewall performance (large packets) | 5.9 Gbps |
NAT performance (large packets) | 5.9 Gbps |
IPsec VPN performance (large packets) | 3.7 Gbps (AES128bit / SHA1) |
Number of VPN tunnels | 100 |
Quantity of static routes | 100 |
Number of competitive sessions | 512,000 |
Version restrictions:
- Bandwidth is limited (500Mbit/s per IPsec tunnel)
- CPU load balancing is supported with limitations
- Policy-based VPN is not supported
- Updating firmware only by means of u-boot
- Static switch control
- No hardware bridging acceleration
- No VLAN configuration (bridging)
- No support for SNMP, Webs
- No timezone configuration
- No NTP