Routed Interface

A routed interface and multiple sub-interfaces can be configured on a physical port or a LAG port. As L3 interfaces, the routed interface and associated sub-interfaces are layer 3 interfaces which can be assigned with IP addresses and configured with routing protocols for communication with other layer 3 routing devices. Please have the details by reference of document Configuring Routed Interface.

New OSPF Commands

Add new CLI commands to enable OSPF RFC1583 compatibility and configure simple OSPF authentication key based on specific IP address.

Configure NAC RADIUS UDP Ports

NAC RADIUS UDP ports for authentication and accounting and CoA (Change of Authorization) can be configured as per RADIUS servers.

Encrypted Keys in CLI

The encrypted keys can be recognized in PICOS CLI. When reset this keys with the encrypted value by copying the CLI commands from other switch, the encrypted keys will not be encrypted any longer.

Configure SSH Port

Add CLI command "set system services ssh port XXXX" to specify SSH port.

Configure Source Interface for RADIUS AAA

Add CLI command "set system aaa radius source-interface XXXX" to configure source interface for RADIUS AAA service.

Default Hostname under L2/L3 Mode is Changed to PICOS

The default hostname under L2/L3 mode is changed to "PICOS". And keep the default hostname under OpenFlow mode as it is, i.e "OVS".

Dump Hardware ASIC Information into tech_support

Dump runtime hardware ASIC tables into tech_support in order of root cause analysis including information of VLAN, tunnels, multicasting, TCAM and so on.

Show the Number of Active NAC Sessions

Give the the number of active NAC sessions on NAC enabled ports in the output of CLI command "run show dot1x interface".

New OSPFv2 Commands

Support to configure virtual-link. Support to configure priority, retransmit-interval and transmit-delay on OSPF interface.

Add Hardware Information to tech_support

The hardware information (show system hwinfo) and diagnosis result are included in tech_support (show tech_support).

Maximum Session Number on NAC Port

Allow to configure maximum number of authorization sessions on NAC ports. It can be configured globally or as per a specific port. The number configured on a specific port takes higher priority. Please have the details by reference document set protocols dot1x interface max-sessions and set protocols dot1x max-sessions-per-port.

PVLAN Enhancement

Multiples normal VLANs can be configured on a PVLAN ports. A secondary community or isolated VLAN can be configured to a pvlan-secondary-trunk port from NAC server dynamically if 802.1X or MAB authentication is succeeded.

OSPF ASBR External Route Summarization

Summarization of external redistributed routes as Type-5 external LSAs can be done on the ASBR before injecting them into the OSPF domain. Without summarization, all the redistributed external prefixes from external autonomous systems are passed into the OSPF area. This feature can be used to reduce the size of the OSPF LSDB.

Cover Tunnel and Loopback Interfaces in "run show vrf"

In the output of CLI command "run show vrf" under operational mode, tunnel and loopback interfaces are included in additional to VLAN interfaces.

Overlapping IP Addresses on GRE Tunnel Interfaces in Different VRF Instances

Overlapping IP addresses can be configured on GRE tunnel interfaces within different VRF instances.

Multiple Loopback Interfaces

Within a user configured or the default VRF, multiple loopback interfaces can be configured. The built-in loopback interfaces such as lo in the default VRF are still available. Additionally, the loopback interfaces can get down or up by disabling or enabling them.

GRE Source Interface

Support to configure a loopback interface or a L3 VLAN interface to a GRE tunnel. If multiple IP addresses are configured on the source interface, the smallest IP address will be the source IP address of this GRE tunnel.

GRE IPv6 Support

IPv6 payload can be carried in IPv4 GRE tunnel.

sFlow Next Hop Router

IP address of next hop router, covered in extended router data of sFlow version 5, is included in the samples of IP packets.

LACP Fallback under Preemptive Mode

Under preemptive mode of LACP fallback, it's always the member port of a LAG with the highest priority that will keep alive.

Flood Unregistered Multicast Traffic in VLAN with IGMP Snooping Enabled

By default, if IGMP snooping is enabled on a VLAN, the unregistered multicast traffic can be only forwarded out of mroute ports. If turn on flood-all, the unregistered multicast traffic will be flooded out of all ports within the VLAN even with IGMP snooping enabled.

ABR Route Summarization for OSPF

For an OSPF area, you can summarize and filter intra-area prefixes. All routes that match the configured area range are filtered at the ABR (Area Border Router). And only the summary is advertised to the other areas. That can prevent a large number of link-state records from being flooded out of the area.

Add Support for BGP Delay Open Timer

This BGP command is used to delay sending an OPEN message for a specific time period. The delay allows the remote BGP Peer time to send the OPEN message first.

Support Maximum 20 NAC Servers

Increase the limit of NAC servers. Allow to configure 20 NAC servers with different priorities.

Display GRE Tunnel Interface

The information of GRE tunnel interfaces is included in the output of CLI command "run show l3-interface brief". And the detailed status and information of GRE tunnel interfaces can be shown by CLI command "run show l3-interface tunnel xxxx".

GRE Tunneling

Generic Routing Encapsulation (GRE) is used for tunneling IP traffic via virtual point-to-point links over IP network. The overlay traffic can be isolated by different VRFs. Please refer to Generic Routing Encapsulation Protocol (GRE) for more details.

BFD Support

Bidirectional Forwarding Detection (BFD) is a detection protocol purposed for fast forwarding link failure detection. PICOS BFD supports BGP, OSPF, and PIM. Please refer to Bidirectional Forwarding Detection (BFD) for more details.

VRF Support with OSPFv3

IPv6 routes in different VRF instances can be generated dynamically via OSPFv3.

Support 100G QSFP28 CWDM4

QSFP28 CWDM4 optical transceivers can work with PICOS 4.2.0.

Interface Name VS. Physical Port Index

The names of uplink ports are not consistent with their physical indices such as 49 is the physical index of interface te-1/1/1 on AS4610_54P. A new CLI command "show interface port-index-mapping" under operational mode is added to show the map between interface names and physical port indices. Additionally, in the output when execute "run show interface brief" and "run show interface diagnostics optics xxxx", a physical port index in parenthesis will follow the interface name if they don't match to each other.

Inband Management VLAN Interface

Remove the limitation that inband management can be enabled on only maximum 4 VLAN interfaces. Additionally, inband management can be enabled on all interfaces globally.

BGP ebgp-requires-policy is Enabled by Default

BGP ebgp-requires-policy is enabled by default in 4.2.0, which is different from previous 4.x.x versions. It can be disabled by "set protocols bgp ebgp-requires-policy false".

VXLAN Statistics 

With regarding to a specific VXLAN instance identified by a VNI number, VXLAN counters are used for tracking the Rx/Tx number of traffic on access port and network port respectively.

Enhancement on MLAG Consistency Checking

In case of type 2 of MLAG inconsistent configuration, it is not necessary to show "FAIL" because the peer-link and MLAG ports will not be blocked. When execute CLI command "run show mlag consistency-parameter summary", will display "PASS with ALERT" in the overview/global result and "ALERT" by following each specific type 2 item which doesn't match to the configuration on the peer MLAG spine switch.

RADIUS/TACACS+ Authentication for NETCONF Session

Authenticated RADIUS/TACACS+ users can access to PICOS switch via NETCONF.

Support AS4630-54TE

AS4630-54PE has 48x1G Ethernet ports and 4x25G SFP28 ports and 2x100G ports.