Version 1.26.1
Revisions:
Monitoring and management:
- CLI:
- Optimized ip failover setting
- Added show crypto certificates pfx command to view detailed information on PKCS#12
- Added show crypto certificates crl command to view detailed information on CRL
- Added unmount storage-device command to correctly eject USB/SD drive
- Added possibility to specify configuration that the device will apply on the next start
- Optimized ip failover setting
- WEB:
Added configuration mode
Added WLC configuration block setting
Added access point hostname output on the 'Clients' page
Added possibility to download RRM reports
- CLI:
- WLC:
- Added support for WLC operation on ESR-30 under license
- Added support for access points: WEP-2ac, WEP-2ac Smart, WOP-2ac, WOP-2ac rev.B, WOP-2ac rev.C, WEP-30L-Z
- Added Airtune redundancy
- Added display of roaming events in client log
Added notification of WLC and RADIUS services when regenerating keys and certificates by default
Added configuration of an external portal on access point using Cisco-like scheme
Added possibility to save access point hostname, manually specified on the device
Added the description field to access point log
Optimized operation of access point update manager. Update is performed in sets of 50 access points, taking into account the location time zone
Cancelled automatic access point update after downloading firmware file
Added receiving access point hostname for monitoring
Added description field for airtune-profile
Supported client disconnection reason 'Death due to client DHCP fail'
Expanded log filtering capabilities
Added possibility to limit log size by days
Added possibility to configure a certificate and a key for service-activator
Added possibility to configure aliases for WLC commands
Added default profiles for radius-profile and airtune-profile
Added possibility to enable OWE security mode for SSID
Added set wlc indication command to enable access point status LED indication
Added possibility to configure mac-auth on access point
Added possibility to select dynamic parameters (client and access point MAC addresses) in monitoring mode
Added check of airtune optimization status at startup
RADIUS server:
Moved TLS mode enabling from global level to domain
AirTune:
Added 802.11v roaming setting for WEP-3ax
Version 1.23.6
Revisions:
Monitoring and management:
- SLA:
- Added possibility to manage the DF bit for SLA tests
- SLA:
- Routing:
Expanded number of route-maps for ESR-15
BGP:
Implemented BGP fall-over feature
Moved BFD protocol settings to BGP fall-over section
Added possibility to bind a route-map to subnet announced via BGP
Added possibility to increase/decrease metric by a certain value
Security:
Firewall:
Adjusted limits on the number of firewall sessions
Tunneling:
DMVPN:
Added support for assigning a dynamic IP address to DMVPN SPOKE
DHCP:
Increased number of ip helper-addresses on interface up to 6
Version 1.23.3
Revisions:
- Support for ESR-31/3200L/3300 routers
Monitoring and management:
- CLI:
Implemented repeated display of the banner displayed before user authentication on a router when pressing 'ctrl' + 'c' key combination
Implemented check of IP addresses specified as remote-address in syslog host for presence on a router
Increased number of loopback interfaces up to 32
Implemented possibility to record traffic dump to a file
Implemented possibility to filter output of show running-config and show candidate-config commands by 'syslog' key
Implemented separation of all configuration blocks
Implemented display of QSFP28 information in output of show interfaces sfp command
sFlow:
Implemented possibility to send sFlow statistics to VRF
Zabbix:
Implemented possibility to launch iperf3 using Zabbix-agent
SNMP:
Implemented sending SNMPv3-trap
SLA:
Implemented track triggering when SLA test fails
Expanded output of operational information on SLA tests
Implemented mechanism for changing SLA configuration without restarting all tests
Implemented binding of SLA test execution to interface state
- CLI:
Routing:
Added new NHRP Shortcut route type
Implemented possibility to filter routes using regular expressions
BGP:
Implemented local-as feature with no-prepend and replace-as suboptions
Implemented possibility to aggregate route information when announcement via BGP
Implemented possibility to filter routes by the BGP Next-Hop attribute
OSPF:
Implemented possibility to switch an interface to passive mode for OSPF protocol
Implemented possibility to configure the reference-bandwidth parameter interface
Implemented possibility to enable automatic calculation of OSPF-cost for interfaces
Implemented support for point-to-multipoint broadcast mode
Implemented support for ECMP feature for OSPF External routes (E1 and E2)
Multiwan:
Changed mechanism for checking multiwan parameters at the configuration stage
- MPLS:
- Implemented possibility to configure 'prefix' with the 'eq', 'ge' or 'le' keys in the advertise-labels command
- Expanded information output when viewing VPNv4 and VPLS records in detail
- Security:
- IPsec:
- Implemented possibility to use 'local interface' when configuring 'security ike gateway' to build IPsec from interfaces with dynamic addresses
- Implemented clear security ipsec vpn <VPN-NAME> command to reset one of the current VPN connections
- Implemented possibility to specify different PSKs for different remote-addresses (ike keyring)
- Added support for up to 31 Diffie-Hellman groups
- IPS:
- Expanded output of the show security ips counters command
Firewall:
Implemented possibility to specify a host/subnet in rules without using object-group network
Implemented possibility to filter broadcast packets for 'security zone-pair any self'
ACL:
Implemented possibility to use a range of tcp/udp ports in ACL rules
AAA:
Implemented possibility to authorize executed commands using a TACACS server
- IPsec:
QoS:
Implemented traffic policing feature
Implemented possibility to re-mark the CoS and DSCP fields on the output interface
Added support for peer-tunnel-QoS policies for DMVPN Spoke-to-Spoke tunnels
Tunneling:
Added support for WireGuard tunneling protocol
DMVPN:
Improved speed and stability
Improved the output of the show ip nhrp command
Increased limit of GRE tunnels for ESR-1700 up to 3200
Increased limit of connected mGRE SPOKE for ESR-1700 up to 2000 for each mGRE HUB
DHCP:
Implemented possibility to configure the next-server parameter for the DHCP-server pool
NTP:
Implemented possibility to configure the NTP-server specifying not only an IP address, but also a domain name
Version 1.20.4
Revisions:
Monitoring and management:
- CLI:
Implemented possibility to restrict access to a router's ssh server using the ip ssh access-addresses command
Implemented possibility to restrict access to a router's telnet server using the ip telnet access-addresses command
- CLI:
Version 1.20.3
Revisions:
Routing:
- BGP:
Implemented Dynamic Neighbors feature
Implemented community and extcommunity removal mechanisms in announcements
Implemented community and extcommunity replacement mechanisms in announcements
Added possibility to configure address-family in peer-group
Implemented display of Next Hop, Local Preference, MED, Community, EXT Community parameters in the show bgp command output for a specific route
OSPF:
Added possibility to redistribute routes with External Type-1
Added possibility to set a route metric during redistribution
MultiWan:
Added possibility to mark sessions for MultiWAN for sending response packets to a session via the same interface via which packets for this session are received
- BGP:
MPLS:
Implemented Inter-AS Option C feature
Added support for configuring route-target both for VPLS
Implemented MPLS over DMVPN operation
Added possibility to transmit L2 protocol frames via PW using the l2protocol forward command in l2vpn-eompls-view
- Monitoring and management:
CLI:
Added possibility to calculate checksums for certificates and licenses
Implemented display of detailed information on multilink status
Implemented show tech-support command to generate an archive of diagnostic information
Removed possibility to run monitor command for loopback interfaces
Implemented possibility to use uppercase characters in user name in ESR ssh/ftp/ssh/sftp clients
Changed output of the SSH connection error in host when the ssh key does not match ESR capabilities
Changed compatibility checks for commands in the ARCHIVE section
Unified hints for mail server configuration commands
Disabled starting a backup of the current configuration when starting the device
- Syslog:
Implemented filling the hostname and ip-address fields in syslog packets
Changed the format of logging service start-stop messages
Changed filling the APP-NAME field in syslog messages
Changed the format of logs generated on the VoIP chip (only for ESR-12V/12VF)
SNMP:
Created the eltexUtilizationIfTable table in ELTEX-GENERIC-MIB, containing interface utilization counters
Added support for OID cntpPeersVarTable (OID 1.3.6.1.4.1.9.9.168.1.2.1): the cntpPeersVarEntry sequence with all nested attributes from CISCO-NTP-MIB
Added support for OID hrSystemDate (OID 1.3.6.1.2.1.25.1.2) from HOST-RESOURCES-MIB
Added support for OIDs in ELTEX-ESR-BGP4V2-MIB: eltEsrBgp4V2PeerAdminStatus, eltEsrBgp4V2PeerRemoteAddrStr, eltEsrBgp4V2PeerRemoteaddrStr
Added support for OIDs to ELTEX-GENERIC-MIB for limits monitoring and FIB/RIB utilization for ipv4/ipv6: eltexRoutingFIBLimit, eltexRoutingFIBUsage, eltexRoutingFIB6Limit, eltexRoutingFIB6Usage, eltexRoutingRIBUsageBGP, eltexRoutingRIBUsageOSPF, eltexRoutingRIBUsageRIP, eltexRoutingRIBUsageISIS, eltexRoutingRIB6LimitsBGP, eltexRoutingRIB6LimitsOSPF, eltexRoutingRIB6LimitsRIP, eltexRoutingRIB6LimitsISIS, eltexRoutingRIB6UsageBGP, eltexRoutingRIB6UsageOSPF, eltexRoutingRIB6UsageRIP, eltexRoutingRIB6UsageISIS
Netflow:
Implemented netflow sending via OOB interface
Security:
- Firewall:
- Implemented possibility to limit the firewall sessions number for specified rules using the action session-limit command
- IDS/IPS:
Implemented clearing counters on reboot and by the clear security ips counters command
Implemented disabling interfaces with enabled IDS/IPS features after reboot before downloading and applying IDS/IPS signatures
Implemented possibility to specify number of rules for a category in percent (rules percent), all (rules all) and recommended (rules recommended)
Implemented possibility to store downloaded signatures on an external drive (SD/USB)
Implemented possibility to view the statuses of responses from the EDM server in debug mode
- IPsec:
Implemented display of PFS dh-group in the output of the show security ipsec proposal command
Implemented the DPD feature for IKEv2
- Firewall:
Tunneling:
Implemented possibility to operate with gre-keepalive when building a tunnel from an IP address in another VRF
Added a warning when executing the no ip nhrp ipsec command in the GRE tunnel settings
OpenVPN server client updated to version 2.5.3
QoS:
Implemented the Per-Tunnel QOS feature based on group attributes for DMVPN
Event tracking mechanism (track):
Reworked the mechanism for changing the BGP AS-path prepend parameter depending on the track state
Implemented the mechanism for changing the BGP metric parameter depending on the track state
VoIP (only for ESR-12V/12VF):
Increased the maximum length of the sip-domain address command parameter from 31 to 235 characters in sip-profile
Version 1.19.2
Revisions:
- Support for WLC-2300
- Tunneling:
- Added possibility to configure MTU for SoftGRE tunnels
- Added support for softgre-controller on ESR-15/30/3200
Monitoring and management:
- CLI:
- Added commit check command to check configuration without applying
- Added crypto generate pfx command to generate pkcs12 container
- CLI:
- WLC:
- Support for WOP-30LS access point
- Transfer to universal radio profiles
- Transfer to universal ssid-profile
- Added show wlc ap vap command to view enabled VAP list
- Added possibility to configure hostname of an access point
- Hostname of an access point added in the main monitoring outputs
- Added possibility to clear WLC logs
- Added possibility to increase maximum number of access points via license
- Added possibility to generate TLS certificates for Wi-Fi clients
- Added possibility to redefine parameters of access points radio interfaces via individual profiles
- Extended information on connected clients in show wlc clients output
- Optimized WLC operation in redundancy scheme
- RADIUS-server:
- Added possibility to authorize Wi-Fi clients via LDAP server
Version 1.19.1
Revisions:
- Support for WLC-15
Monitoring and management:
- Added crypto-sync service for certificate synchronization
- CLI:
- Added possibility to generate certificates and private key
- Added ip http server and ip https server commands to enable WEB server
- Added sync crypto force command to synchronize certificates manually
- Added possibility to generate certificates and private key
- WEB:
- Added acccess points monitoring
- Added acccess points monitoring
- Tunneling:
- Added possibility to allocate softgre-controller management tunnels by source addresses/networks
- Added possibility to selectively enable VLAN in softgre-controller for WLC mode
- Added possibility to allocate softgre-controller management tunnels by source addresses/networks
- WLC:
- Support for WOP-30L access point
- Implemented WLC redundancy via VRRP
- Added WPA2/WPA3, WPA3 Enterprise security modes
- Support for EAP-TLS operation in local RADIUS server
- Added show wlc clients command to view connected Wi-Fi clients list
- Added possibility to configure PMKSA caching
- Added possibility to configure NAS IP in RADIUS server when proxing
- Added output of common number of clients on an access point radio interface
- Added user name, location name, connection status to client log
- Added possibility to set ssh/telnet/web/snmp services on an access point
Version 1.19.0
Revisions:
- Support for WLC operation on ESR-15 under license
Monitoring and management:
- CLI:
- Renamed wireless-controller into softgre-controller
Simplified MAC address entry in object-group mac: no need to set standart netmask manually, default value is 'ff:ff:ff:ff:ff:ff'
- Added possibility to view configuration more conveniently: by categories
- CLI:
- Tunneling:
- Changed SoftGRE tunnels operation logic in wlc mode. Supported c-vlan usage in client traffic tunneling scheme. Vlan specified in the SSID settings gets into the WLC without terminating the sub-tunnel in the Bridge. For correct operation, vlan must be created in the WLC settings and must be a member of a bridge or an interface
- Changed SoftGRE tunnels operation logic in wlc mode. Supported c-vlan usage in client traffic tunneling scheme. Vlan specified in the SSID settings gets into the WLC without terminating the sub-tunnel in the Bridge. For correct operation, vlan must be created in the WLC settings and must be a member of a bridge or an interface
- WLC:
- Support for WEP-30L access point
- Added possibility to view WLC configuration by sections
- Added possibility to view radius-server configuration by sections
- Changed monitoring commands
- Added ap-location name in extended output of information on an access point
- Added division by locations in Airtune roaming statistics
- Added reload wlc ap <mac> command to reboot an access point
- Service-activator: added functionality for registering access points using certificates:
- Added join wlc ap <mac_ap> command to authorize all unauthorized access points in manual authorization mode
- Added show wlc service-activator aps command to view unauthorized access points
- Added clear wlc ap joined <mac_ap> command to revoke certificates from access points
- Added aps join auto command to configure automatic authorization mode of access points
Ap-location:
Added mode tunnel command to enable tunneling in location
Radius-server local:
Added possibility to configure vlan for a user
- Logging:
- Added uploading of clients and access points log into syslog server
Version 1.18.1
Revisions:
- Support for ESR-15/30/3200 routers
- Implemented TFTP server functionality
- IPsec:
Implemented possibility to configure route-based IPsec (VTI tunnel) in VRF
Fixed operation of the DPD mechanism for IKEv2
IDS/IPS:
Implemented possibility to configure packet queues for IPS
Monitoring and management:
- CLI:
Implemented possibility to set the number of terminal rows and columns using terminal resize command
Added format mtdpartition data command to reformat flash:syslog, flash:data and flash:backup partitions in accordance with firmware versions 1.13.0 and later ones (for ESR-10/12V/12VF/14VF/100/200/1000/1200/1500/1511 routers)
Added clear mtd-partition data command to delete files from flash:syslog, flash:data and flash:backup partitions (for ESR-10/12V/12VF/14VF/100/200/1000/1200/1500/1511 routers)
Added no interface command to delete the physical interface configuration
Added checks when executing the copy command, preventing incorrect combinations of copy source and destination from being specified
- Added system cpu load-balance overload-threshold command to control session balancing between CPU cores
Added show ip firewall session failover and show ip nat translations failover commands to display firewall-failover cache
- SNMP:
- Implemented possibility to obtain SFP transceiver information via SNMP
- SYSLOG:
- Added possibility to filter syslog messages of individual processes when outputting to snmp/telnet/ssh and console sessions
- Added 'domain lookup' setting to the factory configuration
- Implemented possibility to add a name of the user that changed the configuration when automatically archiving the configuration by commit
- Implemented possibility to assign static IP address to the cellular modem interface
- Implemented support for four path-mtu-discovery modes:
- disable
- default
- icmp-discard
- secure
- Implemented possibility to control fragmentation of GRE packets using ip dont-fragment-bit ignore and ip path-mtu-discovery discovery disable
- CLI:
- MPLS:
- Implemented MPLS over GRE functionality
- Implemented BGP Inter-AS Option B functionality
- Implemented possibility to select bridge in LDP configuration
- Routing:
- Implemented possibility to specify an interface as a router-id for RIP, OSPF, ISIS, BGP, LDP
- Implemented possibility to specify an interface as an update-source for RIP, OSPF, ISIS, BGP, LDP
- BGP:
- Changed router-id selection algorithm to the following order:
use static router-id
use the lowest IP address of the loopback interface
use the lowest IP address of the physical interface
Implemented possibility of recursive search for BGP routes
- Changed router-id selection algorithm to the following order:
OSPF:
Implemented possibility to set cost and metric type for advertised default routes
Implemented possibility to use OSPF protocol on VTI tunnels
- NTP:
Changed ranges for minpoll parameters: 1–6 and maxpoll: 4–17
Event tracking mechanism (track):
Implemented show tracks and show track commands to display track status
AAA:
Changed minimum key length for TACACS server to 1
DHCP:
Implemented DHCP failover mode: Active/Standby
Implemented ip helper-address gateway-ip command to specify giaddr field in DHCP packets
Remote-access:
Implemented possibility to transmit routing information via DHCP for PPTP/L2TP clients
Corrected restrictions on maximum number of active routes (FIB):
ESR-1700: 3000000
ESR-1000/1200/1500/1511/3100/3200: 1700000
ESR-100/200/20/21/30, WLC-30: 1400000
ESR10/12V/12VF/14VF/15: 1000000
Version 1.17.3
Revisions:
- Monitoring and management:
- SNMP:
- Implemented possibility to monitor OSPF/BGP state via SNMP
- FTP-client:
- Implemented possibility to configure FTP client IP address (ip ftp sourceaddress)
- SNMP:
- Tunneling:
- Implemented possibility to announce group attributes with DMVPN-SPOKE
- IPsec:
Renamed rsa-public-key authentication method to public-key
Added support for PKCS1 and PKCS12 formats
Added support for ECDSA key type
Version 1.17.0
Revisions:
- Monitoring and management:
- CLI:
Implemented possibility to specify a comment when entering the commit command
Implemented possibility to specify a configuration confirmation timeout when entering the commit command
Implemented support for the delayed reboot function
Increased the number of prefixes and IP address ranges in the object-group network up to 1024
Implemented possibility to configure a tunnel group
Implemented possibility to calculate a checksum for files in the flash:backup/ partition
Added a 'Date of last modification' column to the dir command output
SSH:
Implemented possibility to disable supported HOST algorithms in the SSH server
Netflow:
Implemented possibility to configure the ifindex value for self\dropped traffic
- CLI:
Security:
IDS/IPS:
Support for operating with mirrored traffic
BRAS:
Implemented possibility to set a user password when authorizing by IP and MAC
DHCP:
Server:
Implemented possibility to specify a description in the address command
Routing:
Implemented possibility to bidirectionally transmit routes between VRFs using the route-target both command
OSPF:
Implemented optional Opaque LSA support
Implemented possibility to set the maximum number of Nexthops for ECMP routes
BFD:
Implemented the output of information on BFD neighbors
Version 1.15.3
Revisions:
- WLC:
- Support for WEP-200L access point
- Board-profile:
Radio interface settings moved to the board-profile
Added possibility to configure only one radio interface
SSID:
Added parameter settings for 802.11r/kv roaming
Airtune:
Added Airtune service monitoring and management
Increased size of the event log for clients and access points
Added serial number, board version, and uptime to extended information on access point
Added information on connected clients to WLC status output (show wlc)
Supported SNMP monitoring of WLC
Hidden passwords in tracing
Log-filter:
Added functionality for filtering logs by MAC addresses of access points
Ap-profile:
Added possibility to configure logging for all services of access point
AP:
Added ap-model parameter to determine the type of access point
Service-activator:
Optimized algorithm for firmware update of access points
Version 1.14.5
Revisions:
- QOS:
- Added possibility to specify bandwidth limitations in percent for complex-qos
- Routing:
- Added possibility to set Policy-Based Routing for local traffic
- Monitoring and management:
- Added possibility to update firmwware automatically with use of DHCP options
- SYSLOG:
- Added possibility to filter syslog messages of separate processes when recording to local syslog file or remote syslog server
- Added possibility to log traffic flows processed by IPS/IDS to remote syslog server
- Redundancy:
- Support for STP/RSTP in bridge for all the models
- Support for STP/RSTP for physical interfaces in switchport mode for ESR-1x/2x
- Remote-access:
- Added possibility to limit authentication and encryption methods of IKE and IPsec protocols encryption for L2TP server and L2TP client
Version 1.14.0
Revisions:
- AAA:
- Added possibility to use TLS/SSL secured connection for LDAP
- DPI:
- Added detection of the following applications: bittorrent-networking, ms-netlogon, ms-rpc, ms-sms, rtp audio, secure-http, secure-smtp, vmware-vsphere
- IDS/IPS:
- Support for specific commands filtering for HTTP and FTP
- IPsec:
- Support for mode transport
- QoS:
- Added classification by URL
- Added classification by applications
- Track:
- Added possibility to track VRRP or SLA test state
- Added possibility to manage VRRP, PBR parameters, interface administrative status, static route, AS-PATH attribute and preference in route-map
- Monitoring and management:
- CLI:
- Added possibility to display device configuration with default parameters
- Added possibility to specify in command ping IPv4/IPv6/DNS host without ip/ipv6 prefixes
- Added possibility to set passwords of less than 8 symbols
- Added possibility to check external storage devices using the verify storage-device command
- Added possibility to format external storage devices using the clear storage-device command
- SSH:
Presence of host keys is checked at device start and if they are absent, generation occurs. Each device has unique ssh host keys
Removed obsolete rsa1 key type
Removed crypto key generate command from configure mode, and instead of it, the update ssh-host-key command is added to the root configuration mode
Collecting statistics:
Traffic counting in the Ingress and Egress directions for Netflow
- CLI:
Version 1.13.0
Revisions:
- Support for ESR-1511 and ESR-3100 routers
- Support for Content-Filter functionality for HTTP traffic
- Support for Anti-Spam functionality for HTTP traffic
- Routing:
- BGP:
- Increased BGP RIB ESR-10/12V/12VF/14VF to 1M routes
- Increased BGP RIB ESR-20/21/100/200 to 2.5M routes
- Increased BGP RIB ESR-1000/1200/1500/1510 to 5M routes
- BGP:
Version 1.12.0
Revisions:
- IDS/IPS:
- Supported interaction with Eltex Distribution Manager for licensed content — a set of rules provided by Kaspersky SafeStream II
IPsec:
Added possibility to view debug information for IPsec
MPLS:
- Added support for VPLS Kompella Mode
- Added commands to output operational information for L2VPN
- USB-Modem:
- Support for modems with HILINK firmware
Routing:
- IS-IS:
- Added possibility of 3way handshake neighborhood establishment
- IS-IS:
Monitoring and management:
- CLI:
- Removed the possibility to authenticate as root
- CLI:
Tunneling:
- Added possibility to set AAA authentication lists for OpenVPN clients
- Filtering:
- HTTP proxy
- Added possibility to log filtering events
- HTTP proxy
Version 1.11.2
Revisions:
BRAS:
Supported BRAS operation in VRF for L3 switching scheme
Supported adding Option 82 from client DHCP packets in accounting
Supported getting the number of services and BRAS sessions via SNMP
- SNMP:
- Supported breaking softgre tunnels
Monitoring and management:
- CLI:
Added the merge command, which merges the downloaded configuration with candidate-config
- Added possibility to view information about the configuration of a particular Bridge
- Added possibility to view the configuration of a certain object-groups by specifying the type
- Added possibility to view the configuration of a certain tunnel
- Added possibility to view the configuration of a specific route-maps
- Added saving user login to configuration name when reserving configuration locally
- Added possibility to view the difference between the archived configurations
- Added the clear vrrp-state command, which stops VRRP execution for 3* Advertisement_Interval+1 time. This enables the router in the backup state to perform a master hijacking
- SLA:
Supported IP SLA in ICMP-ECHO mode
- CLI:
- Tunneling:
Supported synchronization of wireless-controller tunnels between routers with different firmware versions
Version 1.11.1
Revisions:
IPsec:
Implemented possibility to disable Mobility and Multihoming Protocol (MOBIKE) for IKEv2
- Support for certificate IPsec authentication
- Support for CRL and filtering by attribute field Subject-name
Version 1.11.0
Revisions:
CLI:
Implemented TCP/UDP port filtering when displaying and cleaning firewall/NAT sessions
Implemented possibility to view mDNS configuration
IPsec:
Implemented modes of reconnecting XAUTH clients with one login/password
Implemented possibility to disable Subject attribute field validation of local and remote XAUTH certificate
Routing:
Implemented possibility to use Multiwan on pppoe, l2tp, openvpn, pptp and vti-tunnels
Tunneling:
GRE
Implemented possibility to use as local interface for GRE tunnels: USB-modem, pptp, l2tp, pppoe-tunnel and e1, multilink-interfaces
- Implemented possibility to build GRE tunnels from IP-interfaces of a great VRF
- Implemented possibility to provide L2 connectivity between clients from different tunnels within one location in the scheme with wireless-controller
PPPoE
Added possibility to use ',', '/' and '\' symbols in username
Limited file system support for USB sticks and SD/MMC cards. Only FAT is supported
Version 1.10.0
Revisions:
- Routing:
- Added support for IS-IS routing protocol
- Added support for RIP NG routing protocol
- Reworked BGP configuration
- BGP:
- Added support for BGP Graceful restart
- Added support for BGP Weight attribute
- OSPF:
- Added support for OSPF Graceful restart
- Monitoring and management:
- Added possibility to enable monopoly access to the configuration
- Added possibility to reset CLI sessions
- Added possibility to clear the alarm list
- Tunneling:
- Added user authentication method selection for L2TP and PPTP servers
- Added possibility to use private key and certificate for OpenVPN client
- MPLS:
- Added support for LDP
- Added support for L2VPN VPWS
- Added support for L2VPN VPLS Martini mode
- Added support for L3VPN MP-BGP
Version 1.8.7
Revisions:
- USB-Modem:
- Added the 'no compression' command to disable Van Jacobson TCP/IP header compression method
- Monitoring and management:
- Added possibility to execute SSH commands in non-interactive command line sessions (CLI)
Version 1.8.5
Revisions:
- Security:
- Added possibility to use demo licenses for IDS/IPS
- SLA:
- Updated Wellink SLA agent on ESR-10/12V/12VF
- USB-Modem:
- Added possibility to use '_', '@', '.', '-' characters for user field in cellular profile configuration mode
- Monitoring:
- Added Zabbix-proxy functionality
Version 1.8.3
Revisions:
- IPSEC:
- Fixed problem of unstable IPsec operation with DMVPN and L2TPv3
- Multilink:
- Fixed problem of routing traffic from multilink
- Fixed problem with adding the second and subsequent interfaces in multilink
- OSPF:
- Fixed problem with route information update
Version 1.8.2
Revisions:
- Support for ESR-20/21/1500/1510 routers
- OpenVPN server:
- Increased the number of users to 64
- ACL:
- ESR-1X: increased the number of rules to 255
Version 1.8.1
Revisions:
- OpenVPN server:
- Added possibility to assign a static IP address to an OpenVPN user
- Added possibility to authorize multiple OpenVPN users with one certificate
Version 1.8.0
Revisions:
- Tunneling:
- Support for DMVPN
- BGP:
- Increased BGP RIB ESR-20/21/100/200 to 2M routes
- Increased BGP RIB ESR-1000/1200/1500/1510 to 3M routes
- SNMP:
- Support for LLDP-MIB
Version 1.7.0
Revisions:
- Filtering:
- Support for IDS/IPS
- HTTP proxy: added redirect port configuration
- CLI:
- ESR-1700: Increased the maximum number of object-group networks to 1024
- Added possibility to specify prefix 0.0.0.0/0 in Prefix List, route-map
- Added possibility to specify links in object-group url as regular expressions
- Added possibility to change MAC-address of physical and aggregated interfaces
- Transfer port commands ip http proxy redirect-port, ip http proxy redirect-port from BRAS to HTTP(S) Proxy
- NAT:
- ESR-1700: Increased the maximum number of NAT pool to 1024
Version 1.6.6
Revisions:
- Tunneling:
- Support for the new keepalive mechanism for softgre tunnels. The tunnels are
checked by ping-probe from the client devices. The new operating mode is
enabled by the keepalive mode reactive command in the wireless-controller configuration
- Support for the new keepalive mechanism for softgre tunnels. The tunnels are
Version 1.6.5
Revisions:
- CLI:
- Added possibility to enable single-user configuration
mode - Added command to terminate CLI sessions
- Added notification of unapplied configuration changes when entering/exiting
configuration mode and CLI
- Added possibility to enable single-user configuration
- Tunneling:
- Added option to enable softgre sub-tunnel in Bridge, which is in
VRF
- Added option to enable softgre sub-tunnel in Bridge, which is in
Version 1.6.4
Revisions:
- BRAS:
- Added show subscriber-control sessions count command to count the number of BRAS sessions
- Added show subscriber-control services count command to count the number of BRAS services
- mDNS
- Added mDNS-reflector functionality
- Added mDNS service filtering functionality
- Added show ip mdns-reflector command to view found mDNS services
- Added clear ip mdns-reflector command to update the list of services
- Monitoring and management:
- CLI
- Added dynamic/static and tunnel softgre filters for show/clear mac address-table commands
- Tunneling:
- Added clear tunnels softgre remote-address <ip> command to remove softgre tunnel for a specific point
- Added clear tunnels softgre command to remove all softgre tunnels
- CLI
Version 1.6.2
Revisions:
- BRAS:
- Supported on ESR-1X/2X
- Added possibility to set the interface with dynamic IP addresses as nas-ip
- DHCP:
- Added possibility to clear DHCP server lease records
- Increased the number of static DHCP entries in the pool to 128
- QOS:
- Added classification on the outbound interface, which allows not to use ingress policies
- Added possibility to set multiple ACLs in a class
- Added the possibility to set a DSCP classification in a class
- VoIP:
- Added possibility to configure PBX
- Interfaces:
- Supported routerport/switchport/hybrid interface operation mode
- Supported E1 HDLC
- Supported Serial (RS-232):
- Organization of connections using analog modems in Dial up, leased line mode
- Controlling neighboring devices via console
- Routing
- BGP:
- Supported Flow Specification Rules
- Supported weight attribute
- Added possibility to set route-map default route, le/ge/eq
- Added all, nearest, replace options for remove-private-as option
- IP:
- Supported IP Unnumbered
- Added possibility to disable ICMP unreachable/redirect responses
- Supported IPv6 Router Advertisement
- Multiwan:
- Supported mechanism to clear NAT sessions after an unreachable target is detected
- BGP:
- Monitoring and management:
- AAA:
- Added possibility to set source IP address for TACACS/LDAP servers
- Added possibility to set interface as a source for RADIUS server
- Extended TACACS server key size to 60 characters
- Added possibility to disable console port authentication
- CLI:
- Added possibility to set command aliases
- Added possibility to view interface usage statistics
- Added possibility to view CPU usage statistics
- Added possibility to set a name for a static route
- Added possibility to calculate hash sums of files
- Added possibility to view the list of current crashes
- Added possibility to disable debugging with one command
- Added possibility to display messages when viewing logs for a certain period of time
- Added possibility to download bootloaders
- Added possibility to view rule description in output of show ip firewall counters command
- Added possibility to copy files via HTTP(S) protocol
- Added possibility to view the difference between configurations (running, candidate, factory)
- Added possibility to view the configuration with metadata
- Removed commit update command
- SNMP:
- Added possibility to set community for trap messages
- Added possibility to set source IP address for trap messages
- Added possibility to choose content of linkDown/linkUp traps between standard and cisco-like
- SSH:
- Added possibility to set source IP address for SSH client
- Supported Cisco SLA responder
- Supported Eltex SLA
- Supported SFTP server
- Filtering and translation
- Firewall:
- Added filtering by ICMP message type name
- HTTP (S) Proxy:
- Added filtering by content type: ActiveX, JS, Cookies
- Added possibility to filter/redirect by local/remote lists
- Added possibility to update remote URL lists via RADIUS CoA
- NAT:
- Added possibility to broadcast addresses from PPTP/PPPoE tunnel
- Firewall:
- Tunneling:
- IPSEC:
- Added possibility to use an IP address obtained by DHCP as a local gateway
- Added possibility to view extended information about tunnel authentication
- Supported XAuth client
- Support for PFS (perfect forward secrecy) using the DH group
- IPSEC:
Version 1.4.4
Revisions:
- PPPoE client:
- Added PAP, MS-CHAP, MS-CHAPv2, EAP authentication methods
Version 1.4.2
Revisions:
- Attack protection:
- Added the show ip firewall screens counters command, which allows you to view statistics on detected network attacks
- Implemented protection against XMAS and TCP all flags
- SNMP:
- Added possibility to set snmp-server contact and snmp-server location Added OIDs for these parameters
- Implemented SNMP View: allow or deny access to community and user by OID
- NTP:
- Expanded show ntp peers output: added stratum and synchronization status
- Firewall:
- Added ip firewall sessions tracking sip port command, allowing you to select TCP/UDP port for SIP session tracking
- Firewall:
- Added ip firewall sessions tracking sip port command, allowing you to select TCP/UDP port for SIP session tracking
- Tunneling:
- Implemented L2TP client with IPSec support
- IP SLA agent (Wellink):
- Added possibility to manage tests without portal participation
- Redesigned control and monitoring commands
- Added threshold management commands: setting thresholds for exceeding and normalizing test parameters, alerting in CLI, SYSLOG and SNMP about threshold crossing
Version 1.4.1
Revisions:
- Tunneling:
- GRE enhancement:
- Implemented keepalive mechanism for Ethernet over GRE tunnels
- Increased maximum number of SoftGRE tunnels to 8K (ESR-1200/ESR-1700)
- Added possibility to configure MTU on SUB-GRE tunnels
- IPsec enhancement:
- Added encryption algorithm null command in config-ipsec-proposal mode to disable encryption of ESP traffic
- Support for policy-based IPsec operation in VRF
- GRE enhancement:
- BRAS:
- Supports speed limit per subscriber session
- Added session ip-authentication command in config-subscriber-control configuration mode. When this option is enabled, user authentication is by IP address
- Added show subscriber-control radius-servers command to view information about RADIUS servers used
- SNMP:
- Added possibility to apply the configuration and reboot the device with commitConfirmAndReload SetRequest
- Support for the RMON agent, which allows to collect statistics about the nature of traffic on network interfaces
- Implemented management of VoIP services via SNMP
- Support for sending notifications when DoS attacks are detected
- Implemented sending SNMP traps when thresholds are reached:
- Network interfaces load
- GRE/SUB-GRE tunnel
- Number of tunnels included in the bridge-group
- BRAS sessions
- AAA:
- Added possibility to specify the source-address for requests to the authentication and authorization server in config-tacacs-server and config-ldap-server configuration modes
- Multiwan:
- Added wan load-balance commands in config-cellular-modem configuration mode to configure Multiwan using a USB modem
- L3 routing:
- Supported BFD technology for static routing
- BGP enhancement:
- Added commands: default-information originate in config-bgp-af configuration mode, default-originate in config-bgp-neighbor configuration mode to allow default route advertisement
- CLI:
- Added support for the Ctrl-P and Ctrl-N hotkeys to view the history of entered commands
- Added possibility to view the current state of tracking objects using the show tracking objects command
- LLDP:
- Added support for MED extension with support for announcing DSCP, VLAN, PRIORITY parameters for different device types. Through this extension the Voice VLAN transmission is realized
- Firewall:
- Implemented application traffic classification technology
- Added ip firewall logging screen command in config mode to log detected DoS attacks
- QOS:
- Implemented GRED (Generic RED) mechanism to manage queue overflow based on IP DSCP or IP Precedence
- VRRP:
- Supported operation in VRF
- Added VRRP track-ip
- Zabbix:
- Implemented Zabbix agent
- Configuration:
- Implemented automatic reading of the configuration from removable media when booting the device without configuration
Version 1.4.0
Revisions:
- Tunneling:
- Added PPTP client
- Added PPPoE client
- Support for Ethernet over GRE tunnel
- Support for creating subinterfaces for Ethernet over GRE tunnels
- Added possibility to increase MTU for tunnels up to 10000
- IPsec enhancement:
- Supported XAuth for dynamic IPsec tunnels
- OpenVPN enhancement:
- Extension of the list of encryption and authentication algorithms
- BRAS:
- Added possibility to broadcast the table USER IP - PROXY IP by NetFlow for proxied connections
- L2 switching:
- Added force-up command to config-vlan In this mode, the VLAN is always in the 'Up' state
- L3 routing:
- Added possibility to optionally enable IPv6 stack on interfaces
- BGP enhancement:
- Increased the range of values for the local preference parameter
- Extended output of the show ip bgp neighbors command
- Implemented VRRP tracking: change MED and AS-path attributes based on VRRP state
- CLI:
- Added possibility to scale the size of the terminal to the size of the window on the PC when using the console connection. terminal resize command
- Extended the set of allowed characters in APN in config-cellular-profile Added characters: '@', '.', '-'
- Monitoring:
- Added possibility to filter traffic by source/destination MAC address
- Added possibility to view Firewall sessions
- Output interface status information when calling show ip interfaces
- DHCP:
- Added possibility to exclude IP address from DHCP server address pool
- Added possibility to set arbitrary option in IP-address, string, HEX-string format
- NAT:
- Support for Static NAT
- NTP:
- The ntp enable vrf <NAME> command outdated. Protocol time synchronization is enabled by the ntp enable command and will be allowed for all servers and peers in the configuration
- Added ntp logging command to log NTP events
- Added ntp source address <IP> command to set IP address for all NTP peers
- SNMP:
- The snmp-server vrf <NAME> command outdated. Protocol access is enabled with the snmp-server command and will be allowed for all communities and SNMPv3 users in the configuration
- Management:
- Support for copying firmware, configuration, certificates
- Support for configuration operations (commit, confirm, restore, rollback, etc.)
- Added possibility to create interfaces
- Added possibility to change the image of the active software
- Added possibility to reboot the device (only when snmp-server system-shutdown is enabled on esr)
- Added possibility to configure VRRP
- Monitoring:
- Added possibility to view the number of existing interfaces and tunnels of all types
- Added possibility to view the size of the ARP table
- SYSLOG:
- Added logging of stops/starts of system processes
- VRRP:
- Added the vrrp force-up In this VRRP mode, IP interface is always in the 'Up' state
Version 1.3.0
Revisions:
- Attack protection:
- DoS attack protection:
- ICMP flood
- Land
- Limit-session-destination
- Limit-session-source
- Syn flood
- UDP flood
- Winnuke
- Blocking spy activity:
- Fin-no-ack
- ICMP type
- IP sweep
- Port scan
- Spoofing
- Syn-fin
- TCP-no-flag
- Blocking non-standard packets
- ICMP fragment
- IP fragment
- Large ICMP
- Syn fragment
- UDP fragment
- Unknown protocols
- DoS attack protection:
- Support for DNS name resolution. Caching DNS server
- Support for LLDP
- Support for 3G/4G USB modems
- AAA:
- Added possibility to adjust the number of failed authentication attempts
- Added possibility to set the password lifetime
- Added possibility to set the maximum number of passwords stored in the history for each local user
- Added reminder function of the initial password change
- Added possibility to set a timeout for the login session
- Added setting to allow/deny login as root when connecting via RS-232 (console)
- Requirement to change the password after it expires
- Added possibility to control password complexity
- BGP:
- Combining peers into groups with a set of attributes
- BRAS:
- Added Framed-IP-Address attribute containing subscriber IP address to Access-Request packets of RADIUS protocol
- Optimized performance of the Proxy server
- CLI:
- Supported SFTP for uploading/downloading firmware files, configurations and certificates
- Support for USB memory sticks, SD/MMC cards in firmware, configuration and certificate file copying operations
- Added possibility to view table sizes and routing protocol priorities
- Added possibility to view all routes belonging to a specified subnet
- DHCP:
- DHCP client. Manual IP address re-request
- Support for DHCP server in VRF
- Support for options 150 (tftp-server ip) and 61 (client-identifier HH:<MAC>) for DHCP server
- Firewall:
- Added possibility to control ALG modules
- Added possibility to disable drop packets related to the session with an invalid status (e.g., in asymmetric routing)
- IPSEC:
- Added possibility to set the local address to any when configuring the IKE gateway
- Support for certificates
- L2 switching:
- Added possibility to pass BPDU through the bridge on ESR-100/200
- Added possibility to include the physical port in the bridge on the ESR-100/200
- Multiwan:
- Implemented automatic switching to a backup channel if parameters of the current channel deteriorate (LOSS, jitter, RTT)
- Support for VRF operation
- Support for LT tunnels
- NTP:
- Authentication support
- Support for filtering by message type
- SNMP:
- Added possibility to disable SNMPv1
- Implemented access control lists
- Added possibility to control password complexity for snmp-server community
- SSH
- Added possibility to configure the maximum number of authentication attempts to connect via SSH
- Added possibility to set the waiting interval for SSH connection authentication
- Added possibility to set the key pair update interval for SSH
- Selectable SSH version
- Implemented authentication algorithms, encryption, key exchange configuration
- Variable length RSA key generation
- VLAN
- Operational VLAN status management (ESR-1000/ESR-1200)
- Support for MAC based VLAN
- Added possibility to automatically add ports to existing VLANs
- VRRP
- Added possibility to use VRRP IP as source IP address for GRE, IP4IP4, L2TPv3 tunnels and RADIUS client
- Listening to VRRP by L2TP/PPTP IP servers
- Support for VRRPv3
- Fixed incorrect order of virtual IP addresses in a packet
Version 1.2.0
Revisions:
- Tunneling:
- GRE Keepalive support
- L3 routing:
- BGP:
- Adding of neighbor description
- Possibility to enable/disable neighbors
- Increased total number of BGP peers to 1000
- View the total information on peers
- Multiwan:
- View operational information
- VRRP:
- Set a subnet mask for VRRP IP
- Port-Channel Operational Status Management (ESR-100/200)
- BGP:
- IPSEC:
- Support for Policy-based IPsec mode
- Flexible tunnel key renegotiation (margin seconds/packets/bytes, randomization)
- Closing the IPsec tunnel after a specified number of packets/bytes have been transmitted
- Specification of the time interval after which the connection is closed if no packets are received or transmitted through the SA
- SNMP:
- Display the current speed of the interfaces in the ifSpeed parameter of the IF-MIB
- SNMP Trap:
- Trap on exceeding the thresholds of CPU load and temperature, fan speed, free RAM and FLASH space
- CLI:
- Routing information filtering by protocol
- Filtering by interface, IP address and MAC address in ARP/ND table clear commands
- Storing log files in the non-volatile memory of the device
- Uploading log files from the device using the copy command
- View the contents of critlog with the show syslog command
- View the contents of the log files from the end. Added show syslog from-end command
- Configuration confirmation timer setting. Added system config-confirm timeout command
- Changes in the command interface:
- Cisco-like paths for files:
v1.2.0: system:..
esr# copy system:running-config
v1.1.0: fs://.../
esr# copy fs://running-config
- AAA:
- Added a mode in which the following methods will be used for authentication if the priority one is not available
- NTP:
- Authentication support
- Firewall:
- Increased the number of security zone pairs to 512
- Added possibility to pass packets that could not be identified as belonging to any known connection and that are not the start of a new connection. Added ip firewall sessions allow-unknown command
- QOS:
- Configuring the length of edge queues in Basic QoS
- BRAS:
- Shaping by SSID and offices
- Subscriber authentication by MAC-address
- Configuring active/reserve redundancy based on VRRP status
Version 1.1.0
Revisions:
- BRAS:
- User termination
- RADIUS CoA processing, interaction with AAA
- URL whitelists/blacklists
- Quoting by traffic volume and session time, or quoting by both
- HTTP proxy
- HTTP Redirect
- HTTPS Proxy
- HTTPS Redirect
- Getting URL lists from PCRF
- Session accounting via Netflow protocol
- Optional additional verification of authorized users by MAC-address
- Netflow:
- Netflow v10. Exporting statistics by URL
- VRF support
- Support for Domain Observation ID
- Information on NAT sessions
- HTTPS Host export
- Exporting information on L2/L3 location
- Active-timeout configuration
- Setting the source IP address for packets sent to the Netflow collector
- Configuring exports on an interface with the Firewall enabled
- VRRP:
- Tracking routes based on the state of the VRRP process
- CLI:
- Autocomplete and display the names of created objects in tooltips
- Display summary information by Firewall and NAT sessions
- View real-time information on running services/processes
- Informative tooltip in case of incorrect parameter entry
- SYSLOG:
- Added possibility to set source IP-address for interaction with SYSLOG servers
- L2 switching:
- Q-in-Q subinterfaces
- L3 routing:
- VRF enhancement:
- Virtual Ethernet Tunnel (tunnel linking VRF)
- BGP enhancement:
- Configuring the source IP address for routing information exchange (update-source)
- Support for BFD
- VRF enhancement:
- DHCP Relay:
- Support for Option 82
- VRF support
- Support for point-to-point interfaces (GRE, IP-IP, etc.)
- Management interfaces:
- SNMP:
- Support for MAU-MIB
- SNMP:
- QOS:
- Increasing the number of QoS policy-map to 1024 and class-map to 1024
- Wi-Fi Controller:
- Retrieve settings (tunnel-served SSID and shaping parameters) of DATA tunnels from RADIUS server
Version 1.0.8
Revisions:
- Improved health monitoring of network services
- AAA:
- Setting a source IP to communicate with RADIUS servers
- Deleting SSH host keys
- Support for legacy encryption protocols for SSH connections from third-party devices
- L3 routing:
- MultiWAN: per-flow routing
- Recursive static routing
- BGP support for setting blackhole/unreachable/prohibit as Nexthop
- VRF-lite enhancement:
- support for NTP
- Support for GRE tunnels
- CLI enhancement:
- Support for correct addition of partially entered parameters
- Display the network interfaces uptime in the show interfaces status command
- Replacing private data when logging entered commands with ***
- Added no nat { source | destination } commands to quickly remove the entire NAT configuration
- VRRP:
- Support for version 3
- Support for configuring GARP Master parameters
- Simultaneous configuration of up to 8 Virtual IPs per process
- Reservation of Firewall sessions is now configured independently of the Wi-Fi Controller
- Multiwan:
- Output messages about changes in route states
- ESR-100/ESR-200:
- Support for 100BASE-X transceivers on combo ports
- ESR-1000:
- Bridge: Prohibit switching of unknown-unicast traffic
- Management interfaces:
- SNMP:
- SNMP Trap:
- Trap on high CPU load
- SNMP MIB:
- IP-MIB
- TUNNEL-MIB
- ELTEX-TUNNEL-MIB
- RL-PHYS-DESCRIPTION-MIB
- CISCO-MEMORY-POOL-MIB
- CISCO-PROCESS-MIB
- SNMP Trap:
- SNMP:
Version 1.0.7
Revisions:
- Device control: configuring the operation mode of the fans
- L3 routing:
- Automatically allocated VLAN (Internal Usage VLAN) do not change when the configuration is applied
- MultiWAN: unconditional target check
- Removed mutual crossing check for DirectConnect networks and static routes
- Changes in TCP MSS
- Changed restrictions on the maximum number of active routes (FIB)
- Limited maximum number of routes for each dynamic routing protocol (RIB)
- Added possibility to filter the default route in the Prefix List
- BGP support
- BGP ECMP
- Keepalive timer autocalculation
- Support for Policy-based routing (IPv4 only)
- Logging changes in the state of connections with peers in the OSPF and BGP
- Added possibility to use route-map for OSPF, RIP
- VRF-lite enhancement:
- BGP support
- Support for OSPF
- Поддержка QoS
- Router management (AAA, Telnet, SSH, SNMP, Syslog, copy command)
- IPv6 enhancement:
- BGP support
- Support for setting Nexthop in route-map
- Support for RADIUS/TACACS/LDAP
- Support for MultiWAN
- Tunneling:
- Authentication via RADIUS server for PPTP/L2TP servers
- OpenVPN
- Expiration of automatically raised Ethernet-over-GRE tunnels (Wi-Fi controller)
- IPsec enhancement:
- Support for DES protocol
- Obtain operational information
- ARP/ND:
- Configuring the lifetime of entries
- DHCP Server:
- Configuring the netbios-name-server option in the DHCP address pool
- CLI enhancement:
- Viewing load on network interfaces
- Extended list of protocols in ACL
- The untagged/tagged parameter is made optional when removing a VLAN with the switchport general allowed vlan remove command
- Viewing traffic on network interfaces
- VRRP:
- Preempt delay configuration
- Simultaneous configuration of multiple Virtual IP
- Multiwan:
- Verification of all targets on the target list
- ESR-100/ESR-200:
- Policy-based QoS
- ACL
- ESR-1000:
- Automatic SFP transceiver detection for 10G ports
- Bridge: Isolation of tunnels or sub-interfaces in the bridge
- Integration of third-party software:
- IP SLA agent (Wellink)
- SYSLOG: Added timezone setting before displaying messages
- Management interfaces:
- SNMP:
- SNMP Trap
- SNMP MIB:
- ENTITY-MIB
- IANA-ENTITY-MIB
- SNMP:
Version 1.0.6
Revisions:
- Management and monitoirng:
- Automatic configuration redundancy
- Statistics collection:
- Netflow v5/v9/v10(IPFIX)
- sFlow
- MAC table:
- Added possibility to limit the MAC-addresses being learnt
- Added possibility to adjust the storage time of MAC-addresses
- Syslog enhancement:
- Logging critical commands
- Logging routing protocols operation
- CLI enhancement:
- Command trace filtering by | include/exclude/begin/count
- Improvement of the page view mode of commands
- Switching syslog file browsing to page mode
- Support for entering the port on which the TFTP/SSH/FTP service on the remote server works in the copy command
- Added age display of ARP/IPv6 entries and self entries in show arp and show ipv6 neighbors commands
- Changes in the command interface:
- Added ip path-mtu-discovery command
- DHCP: The ip address dhcp enable command changed to ip address dhcp
- Changes in the command interface:
v.1.0.6:(config)# interface gigabitethernet 1/0/1
(config-if-gi)# ip address dhcp
v.1.0.5:(config)# interface gi 1/0/15
(config-if)# ip address dhcp enable
- DHCP: Theip address dhcp server <IP> command changed to ip dhcp server address <IP>
v.1.0.6: (config)# interface gigabitethernet 1/0/1
(config-if)# ip dhcp server address 10.10.0.1
v.1.0.5: (config)# interface gigabitethernet 1/0/1
(config-if)# ip address dhcp server 10.10.0.1
- DHCP: The ip address dhcp {<Ignore, lease-time, reboot, set reboot time, retry, select-timeout, timeout, vendor-class-id>} command changed to ip dhcp client {<Ignore, lease-time, reboot, set reboot time, retry, select-timeout, timeout, vendor-class-id>}
v.1.0.6: (config)# interface gigabitethernet 1/0/1
(config-if)# ip dhcp client timeout 60
v.1.0.5: (config)# interface gigabitethernet 1/0/1
(config-if)# ip address dhcp timeout 60
- Firewall: The show security zone-pair counters command changed to show ip firewall counters
v.1.0.6: # show ip firewall counters
v.1.0.5: # show security zone-pair counters
- Firewall: The clear security zone-pair command changed to clear ip firewall counters
v.1.0.6: # clear ip firewall counters
v.1.0.5: # clear security zone-pair
- sNAT: The service nat source command changed to nat source
v.1.0.6: (config)# nat source
v.1.0.5: (config)# service nat source
- dNAT: The service nat destination command changed to nat destination
v.1.0.6: (config)# nat destination
v.1.0.5: (config)# service nat destination
- NTP: The service ntp {< broadcast-client, dscp, enable, peer, server>} command changed to ntp {< broadcast-client, dscp, enable, peer, server>}
v.1.0.6: (config)# ntp peer 10.10.10.10
v.1.0.5: (config)# service ntp peer 10.10.10.10
- MULTIWAN: The target <IP> command changed to ip address <IP>
v.1.0.6: (config)# wan load-balance target-list eltex
(config-wan-target-list)# target 3
(config-wan-target)# ip address 10.10.0.1
v.1.0.5: (config)# wan load-balance target-list eltex
(config-wan-target-list)# target 3
(config-wan-target)# target 10.10.0.1
- IPsec: The ipsec authentication method psk command changed to ipsec authentication method pre-shared-key
v.1.0.6: (config)# remote-access l2tp elt
(config)# ipsec authentication method pre-shared-key
v.1.0.5: (config)# remote-access l2tp elt
(config)# ipsec authentication method psk
- QoS enhancement:
- Prioritizing control traffic
- Firewall enhancement:
- Managing timers and number of sessions
- SSH enhancement:
- RSA, DSA, ECDSA, Ed25519 key generation
- NAT enhancement:
- Added possibility to run NAT when Firewall is disabled
- Using bridge in the command to limit the scope of a rule group
- MultiWAN enhancement:
- Specifying SUB-interfaces as a gateway
- SNMP enhancement:
- Support for ifXTable
- SNMP IPv6
- Enable/disable user for low-level technical support access
- Arbitrary MAC address settings on the network bridge
- L3 routing:
- BGP enhancement:
- ExtCommunity
- Private AS deletion mode
- Mode of default-route announcement along with other routes
- Filtering and assigning parameters to routes in redistribution
Version 1.0.5
Revisions:
- CLI enhancement:
- Deleting entities of the same type with one command via the 'all' option
- Interfaces:
- Support for Jumbo Frame (MTU up to 10000 bytes)
- Assigning /32 prefixes to Loopback interfaces
- Firewall:
- Added possibility to interrupt/clean up established sessions
- Disabling Firewall function
- QOS:
- Marking/remarking traffic
- DSCP code mutation
- Hierarchic QoS (HQoS)
- Bandwidth management (shaping), 1 kbit/s step
- Bandwidth reservation by traffic class (shaping per queue)
- RED, GRED queue overload management
- SFQ queue management
- Policy-based QoS
- Network services:
- Access control list (ACL)
- Support for issuing IP addresses by DHCP-server according to client's MAC-address
- Support for filtering by MAC-addresses in Firewall
- Support for simultaneous operation of DHCP server and Relay agent
- Telnet, SSH clients
- Support for E1 interfaces:
- CHAP
- PPP
- MLPPP (Multilink PPP)
- AAA:
- Authentication and authorization by local user base, RADIUS, TACACS+, LDAP
- Command accounting via the TACACS+ protocol
- Session accounting: SYSLOG, RADIUS, TACACS+
- Managing command privilege levels
- L3 routing:
- BGP enhancement:
- Attribute filtering and attribute modification (local preference, AS-path, community, nexthop, origin, metric, subnet)
- Support for Route-Reflector feature
- Configuration of authentication options for a specific neighbor
- Support for 32-bit numbers of autonomous systems
- Added possibility to view prefixes received from neighbor and announced to neighbor
- Added possibility to view information by specific prefix
- RIP enhancement:
- Summation of advertised subnets
- Static neighborhood
- OSPF enhancement:
- Summation of advertised subnets
- Support for the eligible parameter for NBMA interfaces
- Route propagation management (prefix lists with the ability to specify valid prefixes using eq, le, ge rules)
- Static routes with blackhole/prohibit/unreachable destination
- VRF Lite:
- Operation of network functions in the context of VRF:
- IPv4/IPv6 addressing
- Static routing
- NAT
- Firewall
- Operation of network functions in the context of VRF:
- System resource monitoring:
- Connection/flow monitoring
- Routing table monitoring
- Improvements in Syslog operation
- Router redundancy:
- Firewall session redundancy
- DHCP server lease redundancy
- SoftGRE tunnel redundancy for Wi-Fi access points
- Support for IPv6 addressing in the following network services:
- Addressing
- Static routing
- Firewall
- OSPFv3
- Prefix-List
- NTP
- Syslog
- Ping, traceroute utilities
- Telnet client/server
- SSH client/server
- DHCP Server/Relay/Client
- SNMP:
- Added support for SNMPv3
- Added SNMP MIB (monitoring) for QoS
Version 1.0.4
Revisions:
- CLI:
- Added possibility to import and export files using FTP, SCP
- Viewing configurations by section
- Added possibility to update u-boot from the system command interface
- Changes in the command interface:
- NAT: The proxy-arp interface command changed to ip nat proxy-arp
v.1.0.4: (config)# service nat source
(config-snat)# proxy-arp interface gigabitethernet 1/0/15 SPOOL
v.1.0.3: (config)# interface gigabitethernet 1/0/15
(config-if)# ip nat proxy-arp SPOOL
- IKE: The policy command changed to ike-policy
v.1.0.4: (config)# security ike gateway gw1
(config-ike-gw)# policy ik_pol1
v.1.0.3: (config)# security ike gateway gw1
(config-ike-gw)# ike-policy ik_pol1
- IPSec: The vpn-enable command changed to enable
v.1.0.4: (config)# security ipsec vpn vpn1
(config-ipsec-vpn)# vpn-enable
v.1.0.3: (config)# security ipsec vpn vpn1
(config-ipsec-vpn)# enable
- VTI: The interface vti command changed to tunnel vti
v.1.0.4: (config)# tunnel vti 1
v.1.0.3: (config)# interface vti 1
- DHCP: The service dhcp-server command changed to ip dhcp-server
v.1.0.4: (config)# ip dhcp-server
v.1.0.3: (config)# service dhcp-server
- SNMP:
- Added support for SNMP monitoring
- Supported standard SNMP MIB (monitoring)
- Routing features:
- Authentication key-chain
- OSPF:
- NSSA
- Stub Area
- MD5 Authentication
- MTU Ignore mode
- RIP:
- MD5 Authentication
- BGP:
- Support for EBGP Multihop
- Support for next-hop-self attribute
- Static routing:
- Support for configuring multiple default routes
- Configurable preference for routing protocols
- Redundancy features:
- Support for VRRP
- Support for DualHoming redundancy
- Control and redundancy of WAN (Wide Area Network) connections
- Load balancing on WAN interfaces
- DHCP:
- Support for DHCP relay
- QOS:
- Traffic prioritization
- L3 priority processing (DSCP)
- Support for 8 priority queues
- SP, WRR queue processing algorithms
- Setting interface bandwidth limits for incoming and outgoing traffic
- Interfaces:
- Support for loopback interfaces
- NAT/Firewall:
- Support for renumbering rules
- Viewing information about established sessions
- Improved session monitoring for a number of protocols (H.323, GRE, FTP, SIP, SNMP)
- Activating and deactivating session traffic counters
- Change in the command interface: improved commands autocompletion
- Mirroring:
- Support for traffic mirroring
Version 1.0.3
Revisions:
- Switching:
- VLAN configuration
- LAG (static and LACP)
- STP/RSTP/MSTP
- Port isolation
- Bridge groups
- Routing:
- OSFP
- BGP
- RIP
- NAT:
- Proxy ARP for Source NAT
- Remote access:
- L2TPv3
- IPv4-over-IPv4
- GRE
- Syslog:
- Added possibility to configure logging in remote sessions (SSH and Telnet)
- The message format is in accordance with RFC5424
- Entered commands logging
- CLI:
- Added possibility to update the software via the CLI
- Added possibility to view the operational status of interfaces
- Support for port utilization
- Support for viewing the ARP table
- Command to view the serial number
- View hardware version command
- Support for ARP table cleaning
- System:
- Support for licensing
- Support for Flash button
- Implemented automatic load balancing between router cores
- Security:
- Support for group SHA-2 authentication methods in IKE IPsec
Version 1.0.2
Revisions:
- Configuration:
- Added possibility to copy configuration to (c) TFTP server(s)
- Hostname
- System time (manual)
- Interface description
- Added possibility for the firewall to filter the traffic broadcast or non-broadcast DNAT service
- Added possibility to ignore certain options in the DHCP client
- Changes in IPSec commands related to authentication and encryption
- Checking for duplicate information in object-group service/network
- Added possibility to reset to factory configuration
- Added possibility to set time zones
- Operative information:
- System environment parameters
- Active user sessions
- Load on physical interfaces
- Status of logical interfaces
- Counters of logical interfaces
- Remote access:
- PPTP
- L2TP/IPSec
- NTP:
- Server, peer, client modes
- 10G port indication
- Utilities:
- Ping
Version 1.0.1
Revisions:
- Address translation:
- Source NAT
- Destination NAT
- Static NAT
- Virtualization, VPN:
- IKE
- Tunnelling (IPsec)
- Connection encryption (3DES, AES)
- Message authentication by MD5, SHA1, SHA256, SHA384, SHA512
- Network services:
- DHCP Server
- DHCP Client
- DNS
- L3 routing:
- Static routes
- Network security:
- Firewall
- Management:
- Management interfaces:
- CLI
- Telnet, SSH
- Access control (local user base)
- Сonfiguration management
- Automatic configuration restore
- Updating the firmware (u-boot)
- Management interfaces:
- Monitoring:
- Syslog
Performance:
Firewall performance (large packets) | 5.9 Gbps |
NAT performance (large packets) | 5.9 Gbps |
IPsec VPN performance (large packets) | 3.7 Gbps (AES128bit / SHA1) |
Number of VPN tunnels | 100 |
Quantity of static routes | 100 |
Number of competitive sessions | 512,000 |
Version restrictions:
- Bandwidth is limited (500Mbit/s per IPsec tunnel)
- CPU load balancing is supported with limitations
- Policy-based VPN is not supported
- Updating firmware only by means of u-boot
- Static switch control
- No hardware bridging acceleration
- No VLAN configuration (bridging)
- No support for SNMP, Webs
- No timezone configuration
- No NTP