HPE MSR1000 MSR2000 MSR3000 MSR4000- CMW710 … · 2019-03-1 6 Release version...

HPE MSR1000_MSR2000_MSR3000_MSR4000-CMW710-R0707P16 Release Notes

The information in this document is subject to change without notice. © Copyright 2013, 2019 Hewlett Packard Enterprise Development LP

i

Contents

Version information ···········································································1

Version number ··························································································································· 1 Version history ···························································································································· 2 Hardware and software compatibility matrix ······················································································ 8 Upgrading restrictions and guidelines····························································································· 10

Hardware feature updates ································································ 10

CMW710-R0707P16 ··················································································································· 10 CMW710-R0707P12 ··················································································································· 10 CMW710-R0413 ························································································································ 10 CMW710-R0304 ························································································································ 10 CMW710-E0302P06 ··················································································································· 11 CMW710-E0102 ························································································································ 11

Software feature and command updates ············································· 11

MIB updates ·················································································· 12

Operation changes ········································································· 20

Restrictions and cautions ································································· 21

Open problems and workarounds ······················································ 21

List of resolved problems ································································· 21

Resolved problems in CMW710-R0707P16 ···················································································· 21 Resolved problems in CMW710-R0707P12 ···················································································· 22 Resolved problems in CMW710-R0615P16 ···················································································· 22 Resolved problems in CMW710-R0605P20 ···················································································· 23 Resolved problems in CMW710-R0605P13 ···················································································· 24 Resolved problems in CMW710-R0415 ·························································································· 27 Resolved problems in CMW710-R0413 ·························································································· 30 Resolved problems in CMW710-R0411 ·························································································· 34 Resolved problems in CMW710-R0304 ·························································································· 37 Resolved problems in CMW710-E0302P06 ····················································································· 37 Resolved problems in CMW710-E0102 ·························································································· 39 Resolved problems in CMW710-E0006P02 ····················································································· 39

Support and other resources····························································· 39

Accessing Hewlett Packard Enterprise Support················································································ 39 Documents ······························································································································· 39

Related documents ·············································································································· 40 Documentation feedback ······································································································ 41

Appendix A Feature list ··································································· 42

Hardware features ······················································································································ 42 Software features ······················································································································· 49

Appendix B Upgrading software ························································ 53

Software types ·························································································································· 53 Upgrade methods ······················································································································ 53 Preparing for the upgrade ············································································································ 54 Centralized devices upgrading from the CLI ···················································································· 55

Saving the running configuration and verifying the storage space ················································· 55 Downloading the image file to the router ·················································································· 55 Specifying the startup image file ····························································································· 56

ii

Rebooting and completing the upgrade ··················································································· 57 Distributed devices upgrading from the CLI ····················································································· 58

Display the slot number of the active MPU ··············································································· 58 Save the current configuration and verify the storge space ·························································· 58 Download the image file to the router ······················································································ 59 Specifying the startup image file ····························································································· 60 Reboot and completing the upgrade ······················································································· 62

Distributed devices ISSU ············································································································· 63 Disabling the standby MPU auto-update function ······································································· 63 Saving the running configuration and verifying the storage space ················································· 64 Downloading the upgrade image file to the router ······································································ 64 Upgrading the standby MPU ·································································································· 65 Upgrading the active MPU ···································································································· 67

Upgrading from the BootWare menu ······························································································ 69 Accessing the BootWare menu ······························································································ 69 Using TFTP/FTP to upgrade software through an Ethernet port ··················································· 71 Using XMODEM to upgrade software through the console port ···················································· 74

Managing files from the BootWare menu ························································································ 78 Displaying all files ················································································································ 79 Changing the type of a system software image ········································································· 79 Deleting files ······················································································································ 80

Handling software upgrade failures ································································································ 81

Appendix C Handling console login password loss ································ 81

Disabling password recovery capability ·························································································· 81 Handling console login password loss ···························································································· 82

Examining the password recovery capability setting ··································································· 83 Using the Skip Current System Configuration option ·································································· 84 Using the Skip Authentication for Console Login option ······························································ 85 Using the Restore to Factory Default Configuration option··························································· 85

iii

List of Tables

Table 1 Version history .................................................................................................................................................................... 2

Table 2 HPE product device numbers matrix ......................................................................................................................... 8

Table 3 Hardware and software compatibility matrix ......................................................................................................... 9

Table 4 MIB updates ...................................................................................................................................................................... 12

Table 5 MSR1000 specifications ................................................................................................................................................ 42

Table 6 MSR2000/MSR2000 TAA specifications ................................................................................................................. 42

Table 7 MSR3000/MSR3000 TAA specifications ................................................................................................................. 43

Table 8 MSR4000 specifications ................................................................................................................................................ 44

Table 9 MSR4000/MSR4000 TAA MPU Specification ........................................................................................................ 44

Table 10 MSR4000 SPU Specification ..................................................................................................................................... 44

Table 11 MSR2004-24 AC power module specifications ................................................................................................. 45

Table 12 MSR2004-48 DC power module specifications ................................................................................................ 45

Table 13 MSR3044/MSR3064/MSR4060/MSR4080 AC power module specifications ........................................ 45

Table 14 MSR3044/MSR3064/MSR4060/MSR4080 DC power module specifications ........................................ 45

Table 15 MSR3044/MSR3064/MSR4060/MSR4080 PoE power module specifications ...................................... 45

Table 16 MSR series routes Module List ................................................................................................................................ 45

Table 17 Sierra Modem Module and Host/card compatibility matrix........................................................................ 49

Table 18 MSR Series routers software features ................................................................................................................... 49

Table 19 Storage media ................................................................................................................................................................ 54

Table 20 BootWare menu options ............................................................................................................................................ 70

Table 21 Ethernet submenu options ....................................................................................................................................... 71

Table 22 Network parameter fields and shortcut keys ..................................................................................................... 72

Table 23 Serial submenu options ............................................................................................................................................. 74

Table 24 File Control submenu options ................................................................................................................................. 79

Table 25 BootWare options and password recovery capability compatibility matrix .......................................... 81

1

This document describes the features, restrictions and guidelines, open problems, and workarounds for version R0707P16. Before you use this version in a live network, back up the configuration and test the version to avoid software upgrade affecting your live network.

Use this document in conjunction with HPE MSR1000_MSR2000_MSR3000_MSR4000-CMW710-R0707P16 Release Notes (Software Feature Changes) and the documents listed in “Related documents”

Version information

Version number

HPE Comware Software, Version 7.1.064, Release 0707P16

Please see the example below generated by the display version command:

display version

HPE Comware Software, Version 7.1.064, Release 0707P16

Copyright (c) 2010-2019 Hewlett Packard Enterprise Development LP

HPE MSR1002-4 uptime is 0 weeks, 0 days, 0 hours, 4 minutes

Last reboot reason : User reboot

Boot image: flash:/msr100x-cmw710-boot-r0707p16.bin

Boot image version: 7.1.064P85, Release 0707P16

Compiled Jan 13 2017 16:00:00

System image: flash:/msr100x-cmw710-system-r0707p16.bin

System image version: 7.1.064, Release 0707P16

Compiled Jan 13 2017 16:00:00

Feature image(s) list:

flash:/msr100x-cmw710-security-r0707p16.bin, version: 7.1.064

Compiled Jan 13 2017 16:00:00

flash:/msr100x-cmw710-voice-r0707p16.bin, version: 7.1.064

Compiled Jan 13 2017 16:00:00

flash:/msr100x-cmw710-data-r0707p16.bin, version: 7.1.064

Compiled Jan 13 2017 16:00:00

CPU ID: 0x8

1G bytes DDR3 SDRAM Memory

2M bytes Flash Memory

PCB Version: 2.0

CPLD Version: 1.0

Basic BootWare Version: 2.60

Extended BootWare Version: 2.60

[SLOT 0]AUX (Hardware)2.0, (Driver)1.0, (CPLD)1.0

[SLOT 0]GE0/0 (Hardware)2.0, (Driver)1.0, (CPLD)1.0

[SLOT 0]4GSW (Hardware)2.0, (Driver)1.0, (CPLD)1.0

[SLOT 0]SFP0/5 (Hardware)2.0, (Driver)1.0, (CPLD)1.0

[SLOT 0]SERIAL0/0 (Hardware)2.0, (Driver)1.0, (CPLD)1.0

[SLOT 0]CELLULAR0/0 (Hardware)2.0, (Driver)1.0, (CPLD)1.0

2

Version history

Table 1 Version history

Version

number Last version

Release

date

Release

type Remarks

CMW710-R0707P16

CMW710-R0707P12

2019-06-20

Release version

MSR1000_2000_3000_4000 series, including MSR1003-8S

Modified feature:

Ethernet interface

Fixes bugs

CMW710-R0707P12

CMW710-R0615P16

2019-03-16

Release version


New feature:

1. RADIUS ACL assignment by ACL name

Fixes bugs.

CMW710-R0615P16

CMW710-R0605P20

2018-09-18

Release version


New feature:

1. mGRE

2. Public key management support for Suite B

3. PKI support for Suite B

4. IPsec support for Suite B

5. SSL support for Suite B

6. FIPS support for Suit B

7. SSH support for Suite B

8. EVPN

9. SM2 key pair creation

10. Built-in AC

Fixes bugs.

CMW710-R0605P20

CMW710-R0605P13

2017-09-26

Release version


Modified feature:

1. Authentication mode for accessing a 4G network

Fixes bugs.

CMW710-R0605P13

CMW710-R0415

2017-06-07

Release version


New feature:

1. Associating Track with a tracked list

2. Associating Track with EAA

Modified feature:

1. NAT for the multicast source address in PIM join and prune messages

2. Support for ACLs in SNMP commands

3. Setting the maximum number of

3

concurrent FTP users

4.Portal authentication

Fixes bugs.

CMW710-R0415 CMW710-R0413

2017-02-15

Release version


Fixes bugs.

CMW710-R0413 CMW710-R0411

2016-12-01

Release version


New feature:

1. IP forwarding last hop holding

Modified feature:

1. Temporary user role authorization

Fixes bugs.

CMW710-R0411 CMW710-R0410

2016-09-19

Release version


Fixes bugs

CMW710-R0410 CMW710-R0304

2016-08-29

Release version


New feature:

1. Support of multicast for ADVPN

2. Application layer state filtering

3. SIP keepalive

4. Multicast fast forwarding

5. SSL support for POS terminal access

6.Attack defense policy application to a security zone

7.AAA support for IKE extended authentication

8.Percentage-based CAR

9. Logging OSPF router ID conflict events

10. AFT

11. Configuring enhanced CC authentication in FIPS mode

12. Support of AAA for NETCONF

13.Mobile IP tunnel interface settings

14.LISP

15. LISP tunnel entries and dynamic mobility

16. Support of IPv6 multicast routing for VPN instances

17. IPv4/IPv6 PIM NSR

18. IGMP/MLD NSR

19. IPv4/IPv6 PIM passive mode

20.LISP virtual machine multi-hop mobility and DDT

21. LISP NSR

22.PPPoE client support for IPv6

23. Frame-Relay-related functions

4

24.DPI engine and content filtering

25.IPS

26.NBAR

27. URL filtering

28.Local portal Web server

29 Support of portal for NETCONF

30. Newly-added MIB objects

31. Performing a loopback test

32.IPS, ACG, and SSL VPN licenses

33. Support of NQA for NETCONF

34..Configuring CWMP to support VPN

35. Transceiver module source alarm

36. VLAN interface performance optimization

37. POSA

38. Specifying a backup processing slot for an interface

39.Configuring the ISDN leased line

40. NAT support for multicast source address in PIM join/prune packets

41. GDOI GM group anti-replay window

42. SIP compatibility

43. Voice VLAN

44. L2TP-based EAD

45. Configuring device poweroff alarming

46. BFD for an aggregation group

47.4G modem IMSI/SN binding authentication

48. Media Stream Control (MSC) logging

49. IMSI/SN binding authentication

50. Specifying a band for a 4G modem

51. Using tunnel interfaces as OpenFlow ports

52. NETCONF support for ACL filtering

53. WAAS

54. Support for the MKI field in SRTP or SRTCP packets

55. SIP domain name

56. E&M logging

57. Setting the RTC version

58. Setting the maximum size of advertisement files

59. Support of IRF for NETCONF

60. Support of VCF for NETCONF

61. Support of SNMP for NETCONF

5

62. Support of file system for NETCONF

63. Support of PoE for NETCONF

64. Support of RMON for NETCONF

65. Support of policy-based routing for NETCONF

66. Support of BGP for NETCONF

67. Support of OSPF for NETCONF

68. Support of ping for NETCONF

69. Support of tracert for NETCONF

70. Support of L2VPN for NETCONF

71. SIP support for VRF

72.IKEv2

73. Specifying an IKEv2 profile for an IPsec policy

74.Bidirectional BFD control detection for RIP

75.OSPF router ID autoconfiguration

76. Layer 2 Ethernet link aggregation

77. Setting the cable impedance for WAN interfaces

78.Associating a static route with a track entry

79. VLAN tag processing rule for incoming traffic

80. IP-based portal-free rule

81. Portal redirect packet statistics

82. GDVPN

83. OpenFlow instance

84. Enabling the Extended Sequence Number (ESN) feature for an IPsec transform set

85.Enabling Traffic Flow Confidentiality (TFC) padding for an IPsec policy

86. SIP session refresh

Modified feature

1.License restrictions for POS terminal access

2. Displaying and maintaining Frame Relay

3. Displaying track entry infomration

4. User profile

5. Tunnel interface support for IPsec and VXLAN tunnel modes

6. PKI certificate auto-renewal

7. Configuring the PKI entity DN

8. ADVPN

9.Telnet redirect

10. DHCP snooping performance optimization

6

11. OSPF performance optimization

12. POS terminal access

13. License

14.IP performance optimization

15. AAA

16. Configuring a cellular interface for a 3G/4G modem

17. QoS on VXLAN tunnel interfaces

18. Option 60 encapsulation in DHCP replies

19.MPLS QoS support for matching the EXP field

20. MPLS QoS support for marking the EXP field

21. Automatic configuration

22. User profile

23. Default size of the TCP receive and send buffer

24. Obtaining fan and power module vendor information

25.Support for per-packet load sharing

26. Default user role

27. Debugging

28. SSH username

29. IS-IS hello packet sending interval

30. MP-group interface numbering

31. Setting the global link-aggregation load-sharing mode

32.802.1X redirect URL

33. Displaying information about NTP servers from the reference source to the primary NTP server

34. Saving, rolling back, and loading the configuration

35. Displaying information about SSH users

36. SIP trusted nodes

37. IPsec ESP encryption algorithms

38. IPsec ESP authentication algorithms

39.IPsec AH authentication algorithms

40. Specifying an encryption algorithm for an IKE proposal

41. Specifying an authentication algorithm for an IKE proposal

42. Generating asymmetric key pairs

43. Specifying an ECDSA key pair for certificate request

44. Setting the electrical impedance

45. POS access statistics, SNMP

7

notifications for POS access, and NII

46. QoS MIB

47. Enabling PFS for an IPsec transform set

Removed feature:

1. Tiny proxy

2. Displaying switching fabric channel usage

CMW710-R0304 CMW710-E0302P06

2015-06-29

Release version

Support MSR1000_2000_3000_4000 series, added MSR1003-8S

New feature:

1. Setting the RTC version

2. Setting the maximum size of advertisement files

3. IRF

4. Frame Relay

5. EVI

6. VPLS

7. Multicast VPN support for inter-AS option B

Modified feature:

1. 802.1X redirect URL

2. Displaying information about NTP servers from the reference source to the primary NTP server

3. Saving, rolling back, and loading the configuration

4. Displaying information about SSH users

Removed feature

1. Displaying fabric utilization

Fixes bugs

CMW710-E0302P06

CMW710-E0102

2015-04-13

ESS version

Support MSR1000_2000_3000_4000 series

New feature:

1. Object policies

2. IPHC

3. Support of PPPoE server for IPv6

4. QSIG tunneling over SIP-T

5. Playout delay

6. BGP L2VPN support for NSR

7. BGP support for dynamic peers

8. ARP PnP

9. Support of Syslog for DNS and support of customlog&userlog for IPv6 hosts

10. QoS soft forwarding

11. Filtering by application layer protocol status

12. ADVPN support for multicast forwarding

8

13. MPLS LDP support for IPv6

14. Port security

15. Customizable IVR

16. SRST

17. NEMO

18. Support of MFR and FR for L2VPN, FR QoS, and FR compression and fragmentation

19. Support for LLDP on CPOS interfaces

20. SMS-based automatic configuration

21. ARP attack protection

22. SIP support for VRF

Fixes bugs

CMW710-E0102 CMW710-E0006P02

2013-08-10

ESS version

Support MSR2000_3000_4000 series

New feature:

1. Portal authentication

2. MSDP

3. IPsec MIB and IKE MIB

4. PoE

5. CoPP software forwarding feature

6. Configuring MPLS LDP FRR

7. Enhanced routing features

8. Python

9. ATM

10. DHCP MIB

Fixes bugs.

CMW710-E0006P02

CMW710-E0006

2013-04-23

ESS version

Only support MSR3000_4000 series, not support MSR2000 series

Fixes bugs.

CMW710-E0006 First release 2013-01-28

ESS version None

Hardware and software compatibility matrix

CAUTION:

To avoid an upgrade failure, use Table 3 to verify the hardware and software compatibility before performing an upgrade.

Table 2 HPE product device numbers matrix

Product code HPE Product name

JG402A HPE MSR4080 Router Chassis

JG403A HPE MSR4060 Router Chassis

JG404A HPE MSR3064 Router

JG405A HPE MSR3044 Router

9

JG406A HPE MSR3024 AC Router

JG407A HPE MSR3024 DC Router

JG408A HPE MSR3024 PoE Router


JG410A HPE MSR3012 DC Router


JG412A HPE MSR4000 MPU-100 Main Processing Unit

JG413A HPE MSR4000 SPU-100 Service Processing Unit



JG875A HPE MSR1002-4 AC Router

JH060A HPE MSR1003-8S AC Router

JG861A HPE MSR3024 TAA-compliant AC Router

JG734A HPE MSR2004-24 AC Router

JG735A HPE MSR2004-48 Router

JG866A HPE MSR2003 TAA-compliant AC Router

JG869A HPE MSR4000 TAA-compliant MPU-100 Engine

JG409B HPE MSR3012 AC Router

Table 3 Hardware and software compatibility matrix

Item Specifications

Product family

MSR1000_MSR2000_MSR3000_MSR4000

Boot ROM version

MSR1002-4_MSR1003-8S: 260 or higher

MSR2003_MSR2004-24_MSR2004-48: 170 or higher

MSR3012_MSR3024_MSR3044_MSR3064: 170 or higher

MSR4060_MSR4080: MPU-100: 170 or higher

SPU-100/200: 150 or higher

Host software

Hardware software MD5 Check Sum File size

MSR1002-4_MSR1003-8S

MSR100X-CMW710-R0707P16.IPE

004094fae9b5ce16bd73a875022061c3

71,227,392 bytes

MSR2003_MSR2004-24_MSR2004-48

MSR2000-CMW710-R0707P16.IPE

35e25f818cf9f2bec11e1d70b171ebfb

72,152,064 bytes

MSR3012_MSR3024_MSR3044_MSR3064


9439c12ff2130b01db0141c40fc96188

79,980,544 bytes

MSR4060_MSR4080


fce3ecd670c74e24470cdad91811856d

122,566,656 bytes

iMC version iMC BIMS 7.3 (E0501)

iMC EAD 7.3 (E0502)

10

iMC EIA 7.3 (E0503)

iMC IVM 7.3 (E0501)

iMC MVM 7.3 (E0501)

iMC NTA 7.3（E0502）

iMC PLAT 7.3 (E0504)

iMC QoSM 7.3 (E0502)

iMC RAM 7.3 (E0501)

iMC SHM 7.3 (E0502)

iMC UBA 7.3（E0502）

iMC VFM 7.3 (E0502)

iNode version

iNode 7.3 (E0504)

Cards version

Cards Name Software Version CPLD or FPGA version

SIC-3G-HSPA 280 or higher 200 or higher

SIC-3G-CDMA 280 or higher 200 or higher

Upgrading restrictions and guidelines

1. After the software is upgraded from a version earlier than E0302P06 to E0302P06 or a later version, the unit of the VRRP preemption delay is changed from seconds to centiseconds.

2. Congestion might occur on the SIC-4SAE/2SAE interface modules with the FPGA version as 2.0. To solve this problem, manually upgrade the FPGA from version 2.0 to version 3.0.

Hardware feature updates

CMW710-R0707P16

None

CMW710-R0707P12

None

CMW710-R0413

Add new hardware:

1-port Clear Channel E3/T3 HMIM Module(JH449A)

CMW710-R0304

Add new router:

HPE MSR1003-8S AC Router

11

CMW710-E0302P06

Add new hardware:

8-port E1 / CE1 / T1 / CT1 / PRI HMIM Module (JH169A)



8-port E1 / Fractional E1 / T1 / Fractional T1 HMIM Module (JH172A)



8-port 100BASE-FX/1000BASE-X / 4-port 1000BASE-T (Combo) L2/L3 HMIM Module (JH238A)

CMW710-E0102

Add new hardware:

4-port 10/100 Mbps Ethernet L2 switching module-PoE card(SIC-4FSW-POE)

1-port ADSL over POTS SIC interface module (SIC-1ADSL)

1 port E1/CE1/PRI SIC interface module(SIC-1EPRI-V3)

9-port 10/100 Mbps Ethernet L2 switching module -PoE card (DSIC-9FSW-POE)

1-port 8-wire G.SHDSL (RJ45) DSIC Module

2-port 1000BASE-X HMIM Module (HMIM-2GEF)



24-port Gig-T Switch HMIM Module (HMIM-24GSW)

24-port Gig-T PoE Switch HMIM Module (HMIM-24GSW-POE)

1-port OC-3 / STM-1 CPOS HMIM Module (HMM-1CPOS)

2-port OC-3 / STM-1 CPOS HMIM Module (HMIM-2CPOS)

1-port OC-3c / STM-1c ATM SFP HMIM Module (HMIM-ATMOC3)

1-port dual-pair G.SHDSL interface module (MIM-1SHL-4W)(need to config HMIM-Adapter)

SPU-300 service module

MSR3012-DC

MSR3024-DC

MSR3024-POE

300W DCPower(PSR300-12D2)

Support USB modem E303c and E3131

Software feature and command updates

For more information about the software feature and command update history, see HPE MSR1000_MSR2000_MSR3000_MSR4000-CMW710-R0707P16 Release Notes (Software Feature Changes).

12

MIB updates

Table 4 MIB updates

Item MIB file Module Description

CMW710-R0707P16

New None None None

Modified None None None

CMW710-R0707P12

New None None None

Modified None None None

CMW710-R0304

New None None None

Modified hh3c-transceiver-info.mib HH3C-TRANSCEIVER-INFO-MIB

Modified description of hh3cTransceiverCurTXPower and hh3cTransceiverCurRXPower

CMW710-E0302P06

New

hh3c-stack.mib HH3C-STACK-MIB Added HH3C-STACK-MIB

rfc5060-pim-std.mib PIM-STD-MIB Added PIM-STD-MIB

rfc5240-pim-bsr.mib PIM-BSR-MIB Added PIM-BSR-MIB

hh3c-qinqv2.mib HH3C-QINQV2-MIB Added

HH3C-QINQV2-MIB

rfc3019-ipv6-mld.mibs IPV6-MLD-MIB Added IPV6-MLD-MIB

hh3c-nqa.mib HH3C-NQA-MIB Added HH3C-NQA-MIB

hh3c-posa.mib HH3C-POSA-MIB Added HH3C-POSA-MIB

rfc1473-ppp-ip.mib PPP-IP-NCP-MIB Added PPP-IP-NCP-MIB

rfc1471-ppp-lcp.mib PPP-LCP-MIB Added PPP-LCP-MIB

hh3c-mp-v2.mib HH3C-MP-V2-MIB Added HH3C-MP-V2-MIB

hh3c-mplsext.mib HH3C-MPLSEXT-MIB Added HH3C-MPLSEXT-MIB

hh3c-mplste.mib HH3C-MPLSTE-MIB Added H3C-MPLSTE-MIB

rfc6445-mpls-frr-facility-std.mib

MPLS-FRR-FACILITY-STD-MIB

Added MPLS-FRR-FACILITY-STD-MIB

rfc6445-mpls-frr-general-std.mib

MPLS-FRR-GENERAL-STD-MIB

Added MPLS-FRR-GENERAL-STD-MIB

rfc3812-mpls-te-std.mib MPLS-TE-STD-MIB Added MPLS-TE-STD-MIB

rfc3970-te.mib TE-MIB Added TE-MIB

hh3c-transceiver-info.mib HH3C-TRANSCEIVER-INFAdded HH3C-TRANSCEIVER-INF

13

O-MIB O-MIB

rfc5519-mgmd-std.mib MGMD-STD-MIB Added MGMD-STD-MIB

rfc4560-disman-traceroute.mib

DISMAN-TRACEROUTE-MIB

Added DISMAN-TRACEROUTE-MIB

rfc2925-disman-ping.mib DISMAN-PING-MIB Added DISMAN-PING-MIB

rfc5603-pw-enet-std.mib PW-ENET-STD-MIB Added PW-ENET-STD-MIB

rfc5601-pw-std.mib PW-STD-MIB Added PW-STD-MIB

hh3c-snmp-ext.mib HH3C-SNMP-EXT-MIB Added HH3C-SNMP-EXT-MIB


hh3c-bfd-std.mib HH3C-BFD-STD-MIB Added HH3C-BFD-STD-MIB

hh3c-ppp-over-sonet.mib HH3C-PPP-OVER-SONET-MIB

Added HH3C-PPP-OVER-SONET-MIB

rfc3815-mpls-ldp-std.mib MPLS-LDP-STD-MIB Added MPLS-LDP-STD-MIB

rfc4382-mpls-l3vpn-std.mib MPLS-L3VPN-STD-MIB Added MPLS-L3VPN-STD-MIB

hh3c-license.mib HH3C-LICENSE-MIB Added HH3C-LICENSE-MIB

hh3c-tunnel.mib HH3C-TUNNEL-MIB Added HH3C-TUNNEL-MIB

rfc5643-ospfv3.mib OSPFV3-MIB Added OSPFV3-MIB

rfc2981-disman-event.mib DISMAN-EVENT-MIB Added DISMAN-EVENT-MIB

hh3c-pvst.mib HH3C-PVST-MIB Added HH3C-PVST-MIB

hh3c-evi.mib HH3C-EVI-MIB Added HH3C-EVI-MIB

hh3c-l2vpn.mib HH3C-L2VPN-MIB Added HH3C-L2VPN-MIB

Modified

rfc4444-isis.mib ISIS-MIB

Modified description of

isisSysLevelMinLSPGenInt

rfc1213.mib RFC1213-MIB

Modified description of sysDescr and sysObjectID; Modified TAA description of sysObjectID;

Modified index of ipv6InterfaceTable; Modified description of sysContact and sysLocation;

Modified Access of ipAddressStorageType.



isisRouterID, isisSysLevelTEEnabled, isisNextCircIndex, isisCirc3WayEnabled, isisCircExtendedCircID,

isisISAdj3WayState 和 isisISAdjNbrExtendedCircID

14

rfc2465-ipv6.mib IPV6-MIB Modified description of

ipv6IfDescr

hh3c-splat-mstp.mib HH3C-LswMSTP-MIB


hh3cdot1sStpForceVersion

rfc2933-igmp-std.mib IGMP-STD-MIB Modified description and

PDS of IGMP-STD-MIB

rfc2863-if.mib IF-MIB

Updated the rfc2863-if.mib from rfc2233-if.mib

hh3c-dns.mib HH3C-DNS-MIB Modified description of HH3C-DNS-MIB

hh3c-domain.mib H3C-DOMAIN-MIB Modified description of HH3C-DOMAIN-MIB

hh3c-sys-man.mib HH3C-SYS-MAN-MIB Modified example of hh3cSysBtmLoadTable

hh3c-config-man.mib HH3C-CONFIG-MAN-MIB

Modified description of hh3cCfgLogTerminalUser and hh3cCfgLogCmdSrcAddress

rfc2933-igmp-std.mib IGMP-STD-MIB

Modified description of igmpInterfaceQueryMaxResponseTime, igmpInterfaceRobustness, igmpInterfaceLastMembQueryIntvl, mldInterfaceQueryMaxResponseDelay, mldInterfaceRobustness, mldInterfaceLastListenQueryIntvl;

Modified PDS of igmpCacheAddress, igmpCacheIfIndex, igmpCacheSelf, mldCacheAddress, mldCacheIfIndex, mldCacheSelf

rfc2925-disman-ping.mib DISMAN-PING-MIB

Modified description of pingCtlIfIndex;

Added pingProbeFailed, pingTestFailed, pingTestCompleted, hh3cNqaProbeTimeOverThreshold, hh3cNqaJitterRTTOverThreshold, hh3cNqaProbeFailure, hh3cNqaJitterPacketLoss, hh3cNqaJitterSDOverThreshold, hh3cNqaJitterDSOverThreshold, hh3cNqaICPIFOverThreshold, hh3cNqaMOSOverThreshold

15

rfc4133-entity.mib ENTITY-MIB Modified description of entPhysicalAlias, entPhysicalAssetID

hh3c-if-ext.mib HH3C-IF-EXT-MIB Modified description of HH3C-IF-EXT-MIB

hh3c-config-man.mib HH3C-CONFIG-MAN-MIB Modified description of HH3C-CONFIG-MAN-MIB

hh3c-trng2.mib HH3C-TRNG2-MIB Modified description of HH3C-TRNG2-MIB

rfc2925-disman-ping.mib DISMAN-PING-MIB Modified description of pingCtlTable

hh3c-ntp.mib HH3C-NTP-MIB Modified description of hh3cNTPSystemMIB

hh3c-entrelation.mib HH3C-ENTRELATION-MIB Modified description of hh3cEntRelationTable

hh3c-entity-ext.mib HH3C-ENTITY-EXT-MIB

Added hh3cEntityExtCpuUsageRecoverThreshold, hh3cEntityExtMemSizeRev, hh3cEntityExtCpuUsageIn1Minute, hh3cEntityExtCpuUsageIn5Minutes,

hh3cEntityExtVoltageTable;

Modified description and relationship of hh3cEntityExtTemperatureThreshold,

Modified description of hh3cEntityExtTemperature.

hh3c-ssh.mib HH3C-SSH-MIB Added hh3cSTelnetServerEnable, hh3cSCPServerEnable

hh3c-lsw-dev-adm.mib HH3C-LSW-DEV-ADM-MIB

Added hh3cLswSlotMemRev, hh3cLswSlotPhyMemRev, hh3cLswSlotRunTime and hh3cLswSlotMemUsedRev


Added hh3cLswCpuTable

hh3c-3gmodem.mib HH3C-3GMODEM-MIB Added hh3cLteInfoTable

hh3c-trap.mib HH3C-TRAP-MIB Modified description of hh3cTrapConfigSwitch

rfc2863-if.mib IF-MIB Modified description of ifOutQLen

hh3c-ip-address.mib HH3C-IP-ADDRESS-MIB Added hh3cIpAddrFirstTrapTime

fc1471-ppp-lcp.mib PPP-LCP-MIB Modified description of pppLinkStatusBadFCSs

16

ieee8023-lag.mib IEEE8023-LAG-MIB Modified title of IEEE8023-LAG-MIB

hh3c-lag.mib HH3C-LAG-MIB Modified title of HH3C-LAG-MIB

hh3c-domain.mib HH3C-DOMAIN-MIB Modified description of hh3cDomainDefault and hh3cDomainName

hh3c-if-ext.mib HH3C-IF-EXT-MIB Added hh3cIfOperStatus and hh3cIfDownTimes

rfc5603-pw-enet-std.mib PW-ENET-STD-MIB Modified pwEnetTable

rfc5602-pw-mpls-std.mib PW-MPLS-STD-MIB Modified the module of PW-MPLS-STD-MIB

rfc5603-pw-enet-std.mib PW-ENET-STD-MIB Modified the table of PW-ENET-STD-MIB

table hh3cPosParamTable HH3C-PPP-OVER-SONET-MIB

Only support POS interfaces

hh3c-acl.mib HH3C-ACL-MIB

Modified hh3cAclNumberGroupTable, hh3cPfilterApplyTable, hh3cPfilterAclGroupRunInfoTable, hh3cPfilterStatisticSumTable and added the hh3cAclNamedGroupTable, hh3cAclIPAclNamedBscTable, hh3cAclIPAclNamedAdvTable, hh3cAclNamedMACTable, hh3cAclIntervalTable hh3cAclNamedUserTable, hh3cPfilter2ApplyTable, hh3cPfilter2, hh3cPfilter2AclGroupRunInfoTable, hh3cPfilter2AclRuleRunInfoTable, hh3cPfilter2StatisticSumTable,

hh3cAclNamedGroupTable

hh3c-stack.mib HH3C-STACK-MIB Modified description of hh3cStackTopology

rfc2819-rmon.mib RMON-MIB Modified description of default value in RMON-MIB

rfc4502-rmon.mib RMON2-MIB Modified description of default value in RMON2-MIB

lldp-ext-dot1-v2.mib LLDP-EXT-DOT1-V2-MIB

Removed lldpXdot1dcbxConfigETSConfigurationTable

lldpXdot1dcbxConfigETSRecommendationTable

lldpXdot1dcbxConfigPFCTable

lldpXdot1dcbxConfigApplicat

17

ionPriorityTable

lldpXdot1dcbxLocETSBasicConfigurationTable

lldpXdot1dcbxLocETSConPriorityAssignmentTable

lldpXdot1dcbxLocETSConTrafficClassBandwidthTable

lldpXdot1dcbxLocETSConTrafficSelectionAlgorithmTable

lldpXdot1dcbxLocETSRecoTrafficClassBandwidthTable

lldpXdot1dcbxLocETSRecoTrafficSelectionAlgorithmTable

lldpXdot1dcbxLocPFCBasicTable

lldpXdot1dcbxLocPFCEnableTable

lldpXdot1dcbxLocApplicationPriorityAppTable

lldpXdot1dcbxRemETSBasicConfigurationTable

lldpXdot1dcbxRemETSConPriorityAssignmentTable

lldpXdot1dcbxRemETSConTrafficClassBandwidthTable

lldpXdot1dcbxRemETSConTrafficSelectionAlgorithmTable

lldpXdot1dcbxRemETSRecoTrafficClassBandwidthTable

lldpXdot1dcbxRemETSRecoTrafficSelectionAlgorithmTable

lldpXdot1dcbxRemPFCBasicTable

lldpXdot1dcbxRemPFCEnableTable

lldpXdot1dcbxRemApplicationPriorityAppTable

lldpXdot1dcbxAdminETSBasicConfigurationTable

lldpXdot1dcbxAdminETSConPriorityAssignmentTable

lldpXdot1dcbxAdminETSConTrafficClassBandwidthTable

lldpXdot1dcbxAdminETSConTrafficSelectionAlgorithmTable

lldpXdot1dcbxAdminETSRecoTrafficClassBandwidthTab

18

le

lldpXdot1dcbxAdminETSRecoTrafficSelectionAlgorithmTable

lldpXdot1dcbxAdminPFCBasicTable

lldpXdot1dcbxAdminPFCEnableTable

lldpXdot1dcbxAdminApplicationPriorityAppTable

CMW710-E0102

New

rfc5060-pim-std.mib PIM-STD-MIB Added PIM-STD-MIB

rfc5240-pim-bsr.mib PIM-BSR-MIB Added PIM-BSR-MIB

hh3c-qinqv2.mib HH3C-QINQV2-MIB Added HH3C-QINQV2-MIB

rfc3019-ipv6-mld.mibs IPV6-MLD-MIB Added IPV6-MLD-MIB


Added hh3cLswSlotMemRev, hh3cLswSlotPhyMemRev, hh3cLswSlotRunTime and hh3cLswSlotMemUsedRev

hh3c-nqa.mib HH3C-NQA-MIB Added HH3C-NQA-MIB


Modified

rfc4444-isis.mib ISIS-MIB Modified description of isisSysLevelMinLSPGenInt

hh3c-entity-ext.mib HH3C-ENTITY-EXT-MIB

Modified description and relationship of hh3cEntityExtTemperatureThreshold

rfc1213.mib RFC1213-MIB Modified description of sysDescr and sysObjectID


Modified description of isisRouterID, isisSysLevelTEEnabled, isisNextCircIndex, isisCirc3WayEnabled, isisCircExtendedCircID, isisISAdj3WayState and isisISAdjNbrExtendedCircID

rfc2465-ipv6.mib IPV6-MIB Modified description of ipv6IfDescr

hh3c-splat-mstp.mib HH3C-LswMSTP-MIB Modified description of hh3cdot1sStpForceVersion

rfc2933-igmp-std.mib IGMP-STD-MIB Modified description and PDS of nodes in IGMP-STD-MIB

rfc4133-entity.mib ENTITY-MIB Modified description and PDS of entPhysicalAlias and entPhysicalAssetID

hh3c-posa.mib HH3C-POSA-MIB Modified description of hh3cPosaFcmIdleTimeout

19

rfc2863-if.mib IF-MIB Updated the rfc2863-if.mib from rfc2233-if.mib

CMW710-E0102

New

hh3c-ike-monitor.mib HH3C-IKE-MONITOR-MIB Added HH3C-IKE-MONITOR-MIB

hh3c-ike-monitor.mib HH3C-IPSEC-MONITOR-V2-MIB

Added HH3C-IPSEC-MONITOR-V2-MIB

lldp-v2.mib LLDP-V2-MIB Added LLDP-V2-MIB

lldp-ext-dot1-v2.mib LLDP-EXT-DOT1-V2-MIB Added LLDP-EXT-DOT1-V2-MIB

lldp-ext-dot3-v2.mib LLDP-EXT-DOT3-V2-MIB Added LLDP-EXT-DOT3-V2-MIB

rfc2620-radius-acc-client.mib RADIUS-ACC-CLIENT-MIB

Added RADIUS-ACC-CLIENT-MIB

rfc2618-radius-auth-client.mib

RADIUS-AUTH-CLIENT-MIB

Added RADIUS-AUTH-CLIENT-MIB

hh3c-domain.mib HH3C-DOMAIN-MIB Added HH3C-DOMAIN-MIB

hh3c-domain.mib HH3C-DOMAIN-MIB Added HH3C-DOMAIN-MIB

hh3c-user.mib HH3C-USER-MIB Added HH3C-USER-MIB

hh3c-qos-capability.mib HH3C-QOS-CAPABILITY-MIB

Added HH3C-QOS-CAPABILITY-MIB

rfc3621-power-ethernet.mib POWER-ETHERNET-MIB Added POWER-ETHERNET-MIB

hh3c-power-eth-ext.mib HH3C-POWER-ETH-EXT-MIB

Added HH3C-POWER-ETH-EXT-MIB

rfc3814-mpls-ftn-std.mib MPLS-FTN-STD-MIB Added MPLS-FTN-STD-MIB

hh3c-dhcp4.mib HH3C-DHCP4-MIB Added HH3C-DHCP4-MIB

hh3c-dhcp-snoop2.mib HH3C-DHCP-SNOOP2-MIB

Added HH3C-DHCP-SNOOP2-MIB

rfc2662-adsl-line.mib ADSL-LINE-MIB Added ADSL-LINE-MIB

rfc2819-rmon.mib RMON-MIB Added RMON-MIB

rfc4502-rmon.mib RMON2-MIB Added RMON2-MIB

hh3c-rmon-ext2.mib HH3C-RMON-EXT2-MIB Added HH3C-RMON-EXT2-MIB

rfc5132-ipmcast.mib IPMCAST-MIB Added IPMCAST-MIB

Modified

hh3c-common-system.mib HH3C-COMMON-SYSTEM-MIB

Modified HH3C-COMMON-SYSTEM-MIB to V2.4

hh3c-splat-inf.mib HH3C-LswINF-MIB Modified HH3C-LswINF-MIB to V3.4

hh3c-infocenter.mib HH3C-INFO-CENTER-MIB Added hh3cICLogbufferContTable in

20

HH3C-INFO-CENTER-MIB


Added hh3cLswSlotPktBufFree, hh3cLswSlotPktBufInit, hh3cLswSlotPktBufMin and hh3cLswSlotPktBufMiss in hh3cLswSlotTable

rfc2465-ipv6.mib IPV6-MIB Added ipv6RouteNumber, ipv6DiscardedRoutes and ipv6RouteTable

rfc2096-ip-forward.mib IP-FORWARD-MIB

Added inetCidrRouteNumber, inetCidrRouteDiscards and inetCidrRouteTable

hh3c-config-man.mib HH3C-CONFIG-MAN-MIB Modified the description of hh3cCfgRunModifiedLast

hh3c-cbqos2.mib HH3C-CBQOS2-MIB

Modified the description of hh3cCBQoSPolicyClassNextIndex and hh3cCBQoSPolicyClassCfgInfoTable,and deleted hh3cCBQoSRedirectCfgInfoTable and hh3cCBQoSMirrorIfCfgInfoTable

rfc3415-snmp-vacm.mib NMP-VIEW-BASED-ACM-MIB

Modified the description of vacmContextName

rfc1213.mib RFC1213-MIB Modified the description of ipNetToMediaIfIndex

rfc3415-snmp-vacm.mib SNMP-VIEW-BASED-ACM-MIB

Modified the description of vacmContextName

rfc2233-if.mib IF-MIB Modified the description of ifAlias

hh3c-common-system.mib HH3C-COMMON-SYSTEM-MIB

Modified the description of hh3cSysStatisticPeriod, hh3cSysSamplePeriod, hh3cSysTrapResendPeriod, hh3cSysTrapCollectionPeriod, hh3cSysSnmpPort, hh3cSysSnmpTrapPort, hh3cSysNetID, hh3cSysLastSampleTime.And Modified the PDS of hh3cSysNetID

rfc1213.mib RFC1213-MIB Modified the description of sysDescr and sysObjectID

Operation changes

None

21

Restrictions and cautions

1. HPE’s FXS not supporting call transfers from an analog phone to Lync Server.

2. The mGRE and Suite B features are not available in the current software version R04XX.

3. To upgrade from R0305 to R0305P04 or a later version, you must first install the R0305H01 hot patch.

Open problems and workarounds

201906240172

Symptom: The memory leaks.

Condition: This symptom occurs if the info-center syslog trap buffersize 65535 command is executed and the device runs for a long period of time.

Workaround: Execute the undo form of this command or set a smaller value in this command.

201906120398

Symptom: ADVPNs fail to be established.

Condition: This symptom occurs if multiple spokes use different addresses and ports to register ADVPN negotiation.

Workaround: None. To be resolved in the later version.

201902130213

Symptom: A QoS policy that matches APR does not take effect.

Condition: This symptom occurs if a QoS policy that matches APR is configured and then another QoS policy that does not match APR is configured.

Workaround: First configure the QoS policy that does not match APR and then configure the QoS policy that matches APR.

201810290817

Symptom: When the memory usage reaches the alarm threshold, the application statistics feature still takes effect.

Condition: This symptom occurs if the application statistics feature is enabled for APR and the memory usage reaches the alarm threshold.

Workaround: None.

List of resolved problems

Resolved problems in CMW710-R0707P16

201905230062

Symptom: The TACACS server cannot recover from the Block status.

Condition: This symptom occurs if active/standby switchover occurs on the device.

201905220166

Symptom: Static route configuration is lost.

22

Condition: This symptom occurs if the route configuration contains interfaces and descriptions, and the IRF mode is switched.

201905230358

Symptom: Errors occur to LLDP initialization.

Condition: This symptom occurs if the subordinate member device of an IRF fabric is rebooted.

201905230130

Symptom: The link aggregation module operates abnormally.

Condition: This symptom occurs if links flap.

201905230155

Symptom: Telnet users remain.

Condition: This symptom occurs if users repeatedly Telnet to the device through different terminals.

201905200886

Symptom: The device cannot properly forward packets.

Condition: This symptom occurs if the device is configured with the vpn popgo command.


201802270338

Symptom: QoS does not take effect.

Condition: This symptom occurs if QoS is enabled on the VT interface bound to an E1 interface and the VT interface is shut down and then brought up.


201809060320

Symptom: MPLS traffic forwarding fails when frequent MPLS LDP flapping occurs.

Condition: This symptom might occur if frequent MPLS LDP flapping occurs.

201808080157

Symptom: The router is connected to a Cisco device configured with NSF IETF, and IS-IS PIC is enabled on the router. After the Cisco device is rebooted, route errors occur because the outgoing interface and next hop of some routes are not updated.

Condition: This symptom might occur if the IS-IS PIC-enabled router is connected to a Cisco device configured with NSF IETF, and the Cisco device is rebooted.

201804160334

Symptom: IPsec negotiation with the peer failed on an interface configured with both NAT and IPsec settings.

Condition: This symptom occurs if the interface is configured to translate IP addresses into addresses in VPN instances for use by IPsec negotiation.

201803070382

Symptom: The device cannot be logged in to through a serial port when it is acting as a Telnet redirect server.

Condition: This symptom might occur if the ip alias command is configured.

23

201707170226

Symptom: MSR device has poor forwarding performance in certain situation

Condition: the traffic be forwarded from Vlan virtual interface to GE interface, the symptom will occur if MSR enable stp.


201608110569

Symptom: The system executes commands issued through TR-069 from user view instead of from system view. As a result, command execution fails.

Condition: This symptom might occur if the system executes commands issued through TR-069.

201709130041

Symptom: After the router obtains an IP address through a 4G modem from the service provider, the router generates an invalid route that contains an IP address 1 bit higher than the assigned IP address.

Condition: This symptom might occur if the router obtains an IP address through a 4G modem from the service provider.

201708290037

Symptom: A Type-5 route complying with OSPF Appendix E is lost after this type of routes are added and deleted on a remote peer.

Condition: This symptom might occur if Type-5 routes complying with OSPF Appendix E are added and deleted on a remote peer.

201708020358

Symptom: The router cannot correctly establish an MSDP neighbor relationship with a Juniper router.

Condition: This symptom might occur if the router works with a Juniper router.

201708020689

Symptom: In standalone mode, the dual-MPU router prompts for MPU software version inconsistency during a reboot when the MPUs have the same software version.

Condition: This symptom might occur if the router is in standalone mode and has two MPUs that have the same software version.

201708020663

Symptom: CVE-2017-7618

Condition: An attacker can exploit this issue to cause a denial-of-service condition.

201709130104

Symptom: A PC sends DHCP requests before 802.1X authorization is finished.

Condition: This symptom might occur if a PC performs 802.1X authentication and attempts to obtain an IP address through DHCP.

201709010141

Symptom: All BGP neighbors flap when the minor free-memory alarm threshold is reached.

Condition: This symptom might occur if both the tunnel interface and the source interface of an ADVPN tunnel have VPN instance associations.

24

201707270401

Symptom: A 3G router cannot access an LNS through VPDN dialup.

Condition: This symptom might occur if a 3G router accesses an LNS through VPDN dialup.


201703070200

Symptom: An error occurs in a certain condition when the MSR router uses the route calculation method described in Appendix E of RFC 2328 to calculate routes.

Condition: This symptom occurs if the router learns multiple routes that have the same network address but different mask lengths through Type-3 LSAs.

201703060562

Symptom: A Selected member port in a dynamic aggregation group fails to forward traffic because the underlying state of the port is block.

Condition: This symptom occurs if the dynamic aggregate interface is configured as an edge aggregate interface and the state of the member port frequently changes between Selected and Unselected.

201703060160

Symptom: Layer 2 interfaces on the HMIM-24GSW or HMIM-8GSW interface module cannot receive OSPF, STP, or VRRP protocol packets in a certain condition.

Condition: This symptom occurs if a large number of protocol packets arrive at the router at a high rate.

201702240598

Symptom: The MSR router reboots unexpectedly in a certain condition.

Condition: This symptom might occur if a SIC-FEA, SIC-4FSW, or SIC-9FSW interface module is installed in the router and interfaces on the interface module receive error packets.

201702150554

Symptom: The MSR router checks the destination address configured for a tunnel interface to determine whether the destination address is a broadcast address of a natural subnet. However, the router is not supposed to perform the check because physical interfaces on the MSR router support IP addresses of 31-bit masks.

Condition: None.

201701240040

Symptom: Direct routes of the local routing protocol on the MSR router get lost in a certain condition.

Condition: This symptom occurs with a low probability if the router initiates an active/standby switchover when receiving a large amount of spoofing traffic of the routing protocol.

201701200267

Symptom: Routes for IPv6 dial-up PPPoE clients on the MSR router get lost on a host-initiated PPPoE network in a certain condition.

Condition: This symptom occurs after an active/standby switchover.

201701160212

Symptom: The MSR router cannot operate correctly in a certain condition.

Condition: This symptom occurs if the following conditions exist:

25

The router establishes multiple EBGP neighboring relationships with other devices.

The router learns the maximum number of IS-IS routes.

EBGP interfaces on the router flap when the router receives a large amount of IPv4 or IPv6 traffic.

201612260204

Symptom: A Chinese SMS message received on the SIM card of a 4G module in the MSR router is displayed as messy codes

Condition: None.

201612260161


Condition: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert flood remote DoS. It was found that function "ssl3_read_bytes" in ssl/s3_pkt.c might lead to higher CPU usage due to improper handling of warning packets. An attacker could repeat the undefined plaintext warning packets of "SSL3_AL_WARNING" during the handshake, which will cause a 100% CPU usage on the server. It is an implementation problem in OpenSSL that OpenSSL would ignore undefined warning, and continue dealing with the remaining data (if exist). So the attacker could pack multiple alerts inside a single record and send a large number of these large records. Then the server will be fallen in a meaningless cycle, and not available to any others.

201610260172

Symptom: All IKE negotiations on the MSR router fail in a certain condition.

Condition: This symptom occurs if the router tries to establish IPsec tunnels with multiple peers but IKE negotiations with one or more peers fail, which causes frequent renegotiations.

201609230619

Symptom: The MSR router fails to forward IPv4 or IPv6 traffic in a certain condition.

Condition: This symptom occurs with a low probability if a large number of ND entries are learned and age out because a large number of subinterfaces are created and assigned IPv6 addresses.

201608290386

Symptom: The CPU usage is high and the delay of voice traffic is long when the router uses more than two EM voice modules and makes more than 12 calls simultaneously.

Condition: This symptom might occur if the router uses more than two EM voice modules and makes more than 12 calls simultaneously

201612070312

Symptom: Memory leak occurs when a user logs in to the router through the Web interface and repeatedly displays information about current configuration files.

Condition: This symptom might occur if a user logs in to the router through the Web interface and repeatedly displays information about current configuration files.

201703010352

Symptom: The company name is incorrect in the output from display commands.

Condition: None.

201703060529

Symptom: A dynamic Layer 2 aggregate interface cannot forward packets for a short period of time if a member port fails to receive LACPDUs.

Condition: This symptom occurs if the following operations are performed:

Configure the Layer 2 aggregate interface as an edge aggregate interface.

26

Configure the member port as an STP edge port.

Enable unknown unicast storm suppression and set the unknown unicast storm suppression threshold on the member port.

201703210604

Symptom: Memory leaks occur when a port receives a large number of packets with different source MAC addresses.

Condition: This symptom occurs if MAC authentication is enabled on the port.

201610290399

Symptom: IPv6 hosts cannot access IPv4 hosts through the router acting as an AFT device.

Condition: This symptom occurs if the router fails to perform IPv6-to-IPv4 address translation.

201704200573

Symptom: Telnet users are stuck, and memory leaks occur.

Condition: This symptom occurs if the router is attacked by a large number of Telnet users.

201612050209

Symptom: One-way communication occurs for some voice services.

Condition: This symptom occurs if the following conditions exist:

The router acting as a voice gateway interacts with SIP servers.

A large number of NAT ALG entries exist and some NAT ALG entries are conflicting.

201703210493

Symptom: The NAT configuration on a dialer interface loses effect after the router is restarted with the binary configuration file.

Condition: This symptom occurs if the following operations are performed:

a. On the dialer interface, configure multiple common NAT Server mappings for the same private IP address that allow reverse address translation, and save the configuration.

b. Reboot the router.

201611080307


Condition: A race condition was found in the way the memory subsystem of Linux kernel 2.6.22 or a later version handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to other read-only memory mappings and thus increase their privileges on the system.

201703210399

Symptom: The CPU usage is 100% for a long time.

Condition: This symptom occurs if the router acts as a PPPoE server and a large number of users come online and go offline repeatedly.

201703070010

Symptom: The ASPF policy loses effect after the router software is upgraded from Release 03xx to Release 04xx or 06xx.

Condition: This symptom occurs if the router acts as an IPsec gateway and its public network interface has the ASPF policy applied.

201612260262


27

Condition: An attacker with access to the NTP broadcast domain can periodically inject specially crafted broadcast mode NTP packets into the broadcast domain which, while being logged by ntpd, can cause ntpd to reject broadcast mode packets from legitimate NTP broadcast servers.


Condition: An attacker with access to the NTP broadcast domain can send specially crafted broadcast mode NTP packets to the broadcast domain which, while being logged by ntpd, will cause ntpd to reject broadcast mode packets from legitimate NTP broadcast servers.


Condition: Zero Origin timestamp problems were fixed by Bug 2945 in ntp-4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the handling of some Zero origin timestamp checks.

201703230350

Symptom: In port-based access control mode, a user cannot pass 802.1X authentication.

Condition: This symptom occurs if the following operations have been performed:

a. Reboot the card that hosts the interface that is enabled with 802.1X authentication.

b. Change the access control method from MAC-based access control (the default) to port-based access control.

201703230384

Symptom: The router restarts unexpectedly when it forwards Layer 2 multicast traffic.

Condition: This symptom occurs if IGMP snooping and dropping unknown multicast data are enabled.

201607130472

Symptom: Some voice settings are lost on a distributed MSR4000 router after a software upgrade or configuration restoration by using .cfg files.

Condition: This symptom might occur if a software upgrade is performed or configuration is restored by using .cfg files on a distributed MSR4000 router.

201606300313

Symptom: The Line protocol state field is displayed as down in the display interface command output for interfaces on a SIC-4SAE card installed in the MSR router.

Condition: This symptom occurs if the interfaces on the SIC-4SAE card are sending and receiving traffic at wire speed for a long time.

Resolved problems in CMW710-R0415

201611250396

Symptom: When a card that uses OSCCA algorithms is forwarding a large amount of traffic, encrypted traffic is interrupted.

Condition: This symptom might occur if a card that uses OSCCA algorithms is forwarding a large amount of traffic.

201612010463

Symptom: LLDP and DHCP packets cannot trigger MAC authentication on a Layer 2 interface.

Condition: None.

28

201611090369

Symptom: The actual error packet count of an interface is inconsistent with the value in the MIB.

Condition: None.

201611080068

Symptom: Two interfaces of an HMIM-8GEF or HMIM-8GEE card cannot forward 64-byte long packets at wire speed.

Condition: None.

201612270562

Symptom: The actual E1 timeslot usage for an HMIM-E1POS card is inconsistent with the value in the MIB.

Condition: None.

201610120612

Symptom: A Layer 2 aggregate interface fails to forward unicast traffic when certain conditions exist.

Condition: This symptom might occur if the following conditions exist:

The Layer 2 aggregate interface is forwarding dense unicast, multicast, and broadcast traffic.

The card that hosts members of the aggregation group is rebooted.

201612230066

Symptom: The upper limit of APs cannot be increased for the MSR3000 series routers.

Condition: None.

201612010089

Symptom: A PC cannot access the public network through the router when certain conditions exist.


NAT is configured on the interface connected to the public network.

Packets forwarded by the router are fragmented.

201607230333

Symptom: In certain conditions, users cannot come online when the router acts as an LNS.


A large number of users request network access.

Low network quality causes significant packet loss. As a result, the LAC constantly sends retransmission requests to the router, and the router repeatedly responds to the requests.

201612130014

Symptom: When TACACS authentication is enabled, an SSH user must input the password twice to log in to the router.

Condition: This symptom might occur if TACACS authentication is enabled for SSH login.

201611090044

Symptom: An MSR4000 router cannot establish BGP neighbor relationships after an active/standby MPU switchover.

Condition: This symptom might occur if an active/standby MPU switchover occurs on an MSR4000 router.

29

201610240441

Symptom: In a hub-spoke ADVPN with multiple domains, traffic is forwarded through wrong tunnels and some services are interrupted.

Condition: This symptom might occur if the VAM server has multiple domains, and each domain uses a dedicated tunnel.

201609090290

Symptom: Memory leak occurs when an NMS reads BGP peer information from the MIB.

Condition: This symptom might occur if BGP is configured on the router, and an NMS reads BGP peer information from the MIB.

201611180292

Symptom: On an IRF fabric, PBR settings on interfaces are lost after the master is rebooted.

Condition: This symptom might occur if the master of an IRF fabric is rebooted.

201612080627

Symptom: When acting as an LNS, the router cannot establish tunnels to LAC clients in certain conditions.

Condition: This symptom might occur if frequent login and logout of a large number of L2TP users cause memory leaks on the router.

201611130042

Symptom: BFD cannot work correctly on VLAN interfaces when certain operations are performed.

Condition: This symptom might occur if the following operations are performed:

a. Enable BFD for some VLAN interfaces on the router.

b. Remove the IP addresses for the VLAN interfaces that are not enabled with BFD, and reconfigure IP addresses for them.

201610250612

Symptom: The router reboots unexpectedly for low memory when traffic is constantly sent at wire speed to a Layer 3 aggregate interface.

Condition: This symptom might occur if traffic is constantly sent at wire speed to a Layer 3 aggregate interface.

201611170075

Symptom: After the router is rebooted, voice settings are lost and the voice process becomes abnormal. As a result, HMIM-16FXS cards on the router cannot make calls.


All available slots of the router are installed with HMIM-16FXS cards.

The router is rebooted.

201609230644

Symptom: Layer 3 subinterfaces cannot be deleted after certain operations are performed.


a. Configure a large number of Layer 3 subinterfaces.

b. Batch configure the shutdown and undo vlan-type commands on some Layer 3 subinterfaces.

30

201610280218

Symptom: When a Windows 10 terminal is used to manage the router, the description command does not support certain characters.

Condition: None.

201610280206

Symptom: The router stops responding when certain conditions exist.

Condition: This symptom might occur if password control is enabled, and a large number of users frequently log in to or log out of the router.

201612260239

Symptom: In certain conditions, portal users cannot pass authentication when the router acts as the portal access device.


The router uses RADIUS for authentication and accounting.

A large number of users access the network through the router.

201612260225

Symptom: The number of BFD sessions cannot reach the specification.

Condition: None.

201612260176

Symptom: In certain conditions, the console port of the master in an IRF fabric is inaccessible.

Condition: This symptom might occur if users frequently log in and log out through the console port of the IRF master.

201612260253

Symptom: Errors occur when the MPLS L3VPN-enabled router sends default routes of VPN instances to PE neighbors.

Condition: This symptom might occur if the MPLS L3VPN-enabled router sends default routes of VPN instances to PE neighbors.


201607220244

Symptom: The system displays a configuration success message when an IP address that is being used by a loopback interface is assigned to a GigabitEthernet interface through TR-069.

Condition: This symptom might occur if an IP address that is being used by a loopback interface is assigned to a GigabitEthernet interface through TR-069.

201608190045

Symptom: Profile 3 of a VZW or Sprint modem cannot be modified.

Condition: This symptom might occur if Profile 3 of a VZW or Sprint modem is modified.

201608250319

Symptom: Modem pass-through fails when certain conditions exist.

Condition: This symptom might occur if the router sends an INVITE request to the peer and receives the following messages in sequence.

183 response with SDP.

180 response without SDP.

31

200 OK message without SDP.

Re-INVITE request for modem pass-through (500 ms after the 200 OK message is received).

201611110619

Symptom: Long forwarding delay occurs when certain conditions exist.


The router uses an SIC-3G-CDMA card installed with an EM660 module.

The router reboots the SIC-3G-CDMA card repeatedly because no SIM card is installed.

201609200420

Symptom: The router reboots unexpectedly when FPGA upgrade is performed for an HMIM-8E1T1 card.

Condition: This symptom might occur if FPGA upgrade is performed for an HMIM-8E1T1 card.

201611110593

Symptom: An SIC-4FSW card cannot communicate with a peer when certain conditions exist.


After negotiation, the duplex mode of the peer-facing interface is set to half duplex on the SIC-4FSW card.

The router forwards traffic through VLAN interfaces.

201611110596

Symptom: The forwarding speed of a Layer 2 interface decreases after mirroring is configured on the interface.

Condition: This symptom might occur if mirroring is configured on a Layer 2 interface.

201611130027

Symptom: Execution of the dm-port open command fails on interfaces of an SIC-3G/4G card.

Condition: None.

201611110625

Symptom: Two interfaces of an HMIM-8GEF card cannot forward 64-byte packets at wire speed.

Condition: None.

201611140158


Condition: The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

201611110614

Symptom: The CLI stops responding when port security configuration is modified.


a. LLDP, 802.1X authentication, and port security are enabled on a Layer 2 interface, and the intrusion protection action is set to shut down the interface upon authentication failure.

b. The interface is shut down when a Cisco IP phone fails authentication.

c. Port security configuration is modified at the CLI.

32

201611140163

Symptom: The MSR router cannot use IS-IS to obtain routes from a Cisco NX9000 device.

Condition: None.

201611140150


Condition: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.

201611140096

Symptom: IPsec operates incorrectly when the router uses IKE aggressive mode with NAT traversal to communicate with a WatchGuard device.

Condition: This symptom might occur if the router uses IKE aggressive mode with NAT traversal to communicate with a WatchGuard device.

201611110663

Symptom: IPsec operates incorrectly when an MSR router works with a Comware 5 router.


The Comware 5 router uses an IPsec policy template.

The MSR router initiates a connection to the Comware 5 router.

The MSR router needs to encrypt multiple flows, but no IPsec SA exists. As a result, IKE negotiation fails for SA inconsistency, and traffic forwarding fails.

201611140100

Symptom: Long forwarding delay occurs on a QoS-enabled interface.


QoS policy nesting is configured on the interface.

GTS is configured in the parent policy for rate limiting, and the CBS is larger than 3000 bytes.

201611140087

Symptom: An MSR router cannot communicate with a strongSwan device through IKEv2.

Condition: None.

201611140085

Symptom: The router uses an incorrect IP priority value when adding GRE encapsulation to MPLS tunneled packets.

Condition: This symptom might occur if GRE encapsulation is added to MPLS tunneled packets.

201611110657

Symptom: Memory usage keeps increasing after the TCP MSS is modified for a GRE tunnel interface.


a. The TCP MSS is modified for a GRE tunnel interface.

b. The GRE tunnel constantly forwards fragmented packets.

201611140084

Symptom: Telnet or SSH login to the router fails when an IPv6 address is used.

33

Condition: This symptom might occur if the Telnet or SSH client is not directly connected to the router, and the tcp syn-cookie enable command is executed on the router.

201611140259

Symptom: All L2TP users might go offline unexpectedly when the router acts as an LNS.

Condition: This symptom might occur if the L2TP tunnel is deleted mistakenly when an L2TP user uses an incorrect username or password for authentication.

201611140165

Symptom: When password control is enabled and a user logs in to the router after multiple failures, the router does not display login failure information.

Condition: This symptom might occur if password control is enabled.

201611110626

Symptom: When a PVST-enabled VLAN is deleted, state of interfaces becomes incorrect in other PVST-enabled VLANs.

Condition: This symptom might occur if a PVST-enabled VLAN is deleted.

201611140169

Symptom: Hosts cannot access some websites when the router acts as a NAT gateway.


NAT hairpin is configured on the internal network-side interface.

Outbound dynamic NAT is configured on both the internal network-side interface and the external network-side interface.

201611140094


Condition: A remote user can send specially crafted data during the key exchange process to trigger a flaw in kex_input_kexinit() and consume excessive memory on the target system. This can be exploited to consume up to 384 MB per connection.

201611130022

Symptom: ADVPN registration fails when certain conditions exist.


Multiple ADVPN domains are configured on the VAM server, and each domain has a dedicated ADVPN tunnel.

The router acts as a hub. When setting up a tunnel with a spoke, the router selects a wrong tunnel.

201611140104

Symptom: The router reboots unexpectedly when a ping operation is performed through a Layer 3 aggregate interface.


a. CBQ is applied to a Layer 3 aggregate interface, and the gts percent command is executed in traffic behavior view for CBQ.

b. The router pings the peer through the Layer 3 aggregate interface.

201611140181

Symptom: The MPU operates incorrectly during traffic forwarding when certain conditions exist.


Multicast VPN is configured.

34

A Layer 3 aggregate interface is connected to the private network.

201611140167

Symptom: Traffic forwarding fails when POPGO forwarding is enabled for MPLS L3VPN.

Condition: This symptom might occur if POPGO forwarding is enabled for MPLS L3VPN.

201611110642

Symptom: The router might reboot unexpectedly when NetStream, PBR, and ACL settings are repeatedly configured and deleted through NETCONF.

Condition: This symptom might occur if NetStream, PBR, and ACL settings are repeatedly configured and deleted through NETCONF.

201611140097

Symptom: The router reboots unexpectedly after certain operations.


a. Change the link type of a port from Layer 2 to Layer 3 on an SIC-4GSW card.

b. When the port is forwarding Layer 3 traffic, change its link type to Layer 2, and create a VLAN interface.

201611140175

Symptom: MPLS L3VPN traffic forwarding fails on an IRF fabric after a master/subordinate switchover.


Direct routes and OSPF routes are imported to VPN instances.

An IRF master/subordinate switchover occurs.

201611110649

Symptom: The router operates incorrectly when EAD assistant and free IP are configured.

Condition: This symptom might occur if EAD assistant and free IP are configured.

201611160600

Symptom: An IRF subordinate member reboots unexpectedly when a multidevice Layer 2 aggregate interface is deleted.

Condition: This symptom might occur if the following conditions exist on the IRF fabric:

a. Port isolation is enabled on the multidevice Layer 2 aggregate interface.

b. The Layer 2 aggregate interface is deleted.

201611250648

Symptom: The EAD assistant feature cannot operate correctly. Specifically, if only free IPs are configured but no redirect URL is configured, unauthenticated users cannot access webpages on the free IPs. If both free IPs and the redirect URL are configured, unauthenticated users are redirected to the redirect URL, but the URL keeps being refreshed and cannot be opened.

Condition: None.


201609120130

Symptom: The extra "broadcasts" and "multicasts" fields appear in the incoming traffic statistics for an E1-F interface on an MSR router.

HPE MSR1000 MSR2000 MSR3000 MSR4000- CMW710 … · 2019-03-1 6 Release version...

Documents

Transcript of HPE MSR1000 MSR2000 MSR3000 MSR4000- CMW710 … · 2019-03-1 6 Release version...