Maximum number of dynamic-author Clients

Lift the maximum number of RADIUS dynamic-author clients from which the switch accepts Change of Authorization (CoA). Allow to configure maximum 20 dynamic-author clients.

Check PoE Status on AS4630_54NPE and AS4630_54PE

PoE status is covered in system diagnosis report when the switch boots up on AS4630_54NPE and AS4630_54PE.

Routed Interface

A routed interface and multiple sub-interfaces can be configured on a physical port or a LAG port. As L3 interfaces, the routed interface and associated sub-interfaces are layer 3 interfaces which can be assigned with IP addresses and configured with routing protocols for communication with other layer 3 routing devices. Please have the details by reference of document Configuring Routed Interface.

New OSPF Commands

Add new CLI commands to enable OSPF RFC1583 compatibility and configure simple OSPF authentication key based on specific IP address.

Configure NAC RADIUS UDP Ports

NAC RADIUS UDP ports for authentication and accounting and CoA (Change of Authorization) can be configured as per RADIUS servers.

Encrypted Keys in CLI

The encrypted keys can be recognized in PICOS CLI. When reset this keys with the encrypted value by copying the CLI commands from other switch, the encrypted keys will not be encrypted any longer.

Configure SSH Port

Add CLI command "set system services ssh port XXXX" to specify SSH port.

Configure Source Interface for RADIUS AAA

Add CLI command "set system aaa radius source-interface XXXX" to configure source interface for RADIUS AAA service.

Default Hostname under L2/L3 Mode is Changed to PICOS

The default hostname under L2/L3 mode is changed to "PICOS". And keep the default hostname under OpenFlow mode as it is, i.e "OVS".

Dump Hardware ASIC Information into tech_support

Dump runtime hardware ASIC tables into tech_support in order of root cause analysis including information of VLAN, tunnels, multicasting, TCAM and so on.

Show the Number of Active NAC Sessions

Give the the number of active NAC sessions on NAC enabled ports in the output of CLI command "run show dot1x interface".

New OSPFv2 Commands

Support to configure virtual-link. Support to configure priority, retransmit-interval and transmit-delay on OSPF interface.

Add Hardware Information to tech_support

The hardware information (show system hwinfo) and diagnosis result are included in tech_support (show tech_support).

Maximum Session Number on NAC Port

Allow to configure maximum number of authorization sessions on NAC ports. It can be configured globally or as per a specific port. The number configured on a specific port takes higher priority. Please have the details by reference document set protocols dot1x interface max-sessions and set protocols dot1x max-sessions-per-port.

PVLAN Enhancement

Multiples normal VLANs can be configured on a PVLAN ports. A secondary community or isolated VLAN can be configured to a pvlan-secondary-trunk port from NAC server dynamically if 802.1X or MAB authentication is succeeded.

OSPF ASBR External Route Summarization

Summarization of external redistributed routes as Type-5 external LSAs can be done on the ASBR before injecting them into the OSPF domain. Without summarization, all the redistributed external prefixes from external autonomous systems are passed into the OSPF area. This feature can be used to reduce the size of the OSPF LSDB.

Cover Tunnel and Loopback Interfaces in "run show vrf"

In the output of CLI command "run show vrf" under operational mode, tunnel and loopback interfaces are included in additional to VLAN interfaces.

Overlapping IP Addresses on GRE Tunnel Interfaces in Different VRF Instances

Overlapping IP addresses can be configured on GRE tunnel interfaces within different VRF instances.

Multiple Loopback Interfaces

Within a user configured or the default VRF, multiple loopback interfaces can be configured. The built-in loopback interfaces such as lo in the default VRF are still available. Additionally, the loopback interfaces can get down or up by disabling or enabling them.

GRE Source Interface

Support to configure a loopback interface or a L3 VLAN interface to a GRE tunnel. If multiple IP addresses are configured on the source interface, the smallest IP address will be the source IP address of this GRE tunnel.

GRE IPv6 Support

IPv6 payload can be carried in IPv4 GRE tunnel.

sFlow Next Hop Router

IP address of next hop router, covered in extended router data of sFlow version 5, is included in the samples of IP packets.

LACP Fallback under Preemptive Mode

Under preemptive mode of LACP fallback, it's always the member port of a LAG with the highest priority that will keep alive.

Flood Unregistered Multicast Traffic in VLAN with IGMP Snooping Enabled

By default, if IGMP snooping is enabled on a VLAN, the unregistered multicast traffic can be only forwarded out of mroute ports. If turn on flood-all, the unregistered multicast traffic will be flooded out of all ports within the VLAN even with IGMP snooping enabled.

ABR Route Summarization for OSPF

For an OSPF area, you can summarize and filter intra-area prefixes. All routes that match the configured area range are filtered at the ABR (Area Border Router). And only the summary is advertised to the other areas. That can prevent a large number of link-state records from being flooded out of the area.

Add Support for BGP Delay Open Timer

This BGP command is used to delay sending an OPEN message for a specific time period. The delay allows the remote BGP Peer time to send the OPEN message first.

Support Maximum 20 NAC Servers

Increase the limit of NAC servers. Allow to configure 20 NAC servers with different priorities.

Display GRE Tunnel Interface

The information of GRE tunnel interfaces is included in the output of CLI command "run show l3-interface brief". And the detailed status and information of GRE tunnel interfaces can be shown by CLI command "run show l3-interface tunnel xxxx".

GRE Tunneling

Generic Routing Encapsulation (GRE) is used for tunneling IP traffic via virtual point-to-point links over IP network. The overlay traffic can be isolated by different VRFs. Please refer to Generic Routing Encapsulation Protocol (GRE) for more details.

BFD Support

Bidirectional Forwarding Detection (BFD) is a detection protocol purposed for fast forwarding link failure detection. PICOS BFD supports BGP, OSPF, and PIM. Please refer to Bidirectional Forwarding Detection (BFD) for more details.

VRF Support with OSPFv3

IPv6 routes in different VRF instances can be generated dynamically via OSPFv3.

Support 100G QSFP28 CWDM4

QSFP28 CWDM4 optical transceivers can work with PICOS 4.2.0.

Interface Name VS. Physical Port Index

The names of uplink ports are not consistent with their physical indices such as 49 is the physical index of interface te-1/1/1 on AS4610_54P. A new CLI command "show interface port-index-mapping" under operational mode is added to show the map between interface names and physical port indices. Additionally, in the output when execute "run show interface brief" and "run show interface diagnostics optics xxxx", a physical port index in parenthesis will follow the interface name if they don't match to each other.

Inband Management VLAN Interface

Remove the limitation that inband management can be enabled on only maximum 4 VLAN interfaces. Additionally, inband management can be enabled on all interfaces globally.

BGP ebgp-requires-policy is Enabled by Default

BGP ebgp-requires-policy is enabled by default in 4.2.0, which is different from previous 4.x.x versions. It can be disabled by "set protocols bgp ebgp-requires-policy false".

VXLAN Statistics 

With regarding to a specific VXLAN instance identified by a VNI number, VXLAN counters are used for tracking the Rx/Tx number of traffic on access port and network port respectively.

Enhancement on MLAG Consistency Checking

In case of type 2 of MLAG inconsistent configuration, it is not necessary to show "FAIL" because the peer-link and MLAG ports will not be blocked. When execute CLI command "run show mlag consistency-parameter summary", will display "PASS with ALERT" in the overview/global result and "ALERT" by following each specific type 2 item which doesn't match to the configuration on the peer MLAG spine switch.

RADIUS/TACACS+ Authentication for NETCONF Session

Authenticated RADIUS/TACACS+ users can access to PICOS switch via NETCONF.

PoE Available Power on AS4630-54NPE and AS4630-54PE

On AS4630-54NPE and AS4630-54PE, PICOS cannot read out the voltage. Add a CLI command "set poe power voltage [110v|220v]" to specify high-line (220v) or low-line (110v). The PoE available power will be different at high-line or low-line. Please have the details by reference of document set poe power voltage. 

Support AS4630-54TE

AS4630-54PE has 48x1G Ethernet ports and 4x25G SFP28 ports and 2x100G ports.

NAC Port is Blocked on Dynamic VLAN with PVST Enabled

On a port with dot1x enabled, the traffic from the client is blocked even when the client is authenticated successfully if PVST is enabled on the applied dynamic VLAN. This issue is fixed in 4.2.3.8.

Wrong State of NAC RADIUS Server

The configured NAC RADIUS server may be shown as "active" even though it is not reachable.

Cannot Configure 5G/10G to auto-speeds 4630-54NPE

If the speed of ports, from ge-1/1/37 to ge-1/1/48, is under auto mode, the speed cannot be negotiated into 5G/10G with the peer device. Additionally, 5G/10G cannot be configured to auto-speeds on these ports. This issue is fixed in 4.2.3.7.

Duplicate Access-Request Messages

The switch may send out duplicate access-request messages even though the RADIUS service for NAC is available and the associated access-accept messages are returned.

Crash if Enable IGMP Snooping on a VLAN Not Configured

If enable IGMP snooping on a VLAN which is not configured, PICOS will crash. In this case of the invalid configuration, the commit check should fail.

License L3 Features under L2/L3 Mode

If L3 feature is not covered by the installed license, IP routing cannot be set to true with a prompted message "L3 feature is not covered by the installed license key".

Fail to Match CPU port on TD3 Platforms

On TD3 platforms, ECAP rules cannot match CPU port. That will have impact on CoPP rules potentially. This issue is fixed in 4.2.3.

Remove wtmp and btmp

The log files, /var/log/wtmp and /var/btmp, are removed by default when PICOS boots up. User login and logout records can be checked in rsyslog messages. If /var/log/wtmp and /var/log/btmp are created manually, will do rotation when their sizes reach 5M.

rsyslog Doesn't Work after Switch Reboot

On switch reboot, rsyslog doesn't resume sending messages to the syslog server. This issue is fixed in 4.2.3.

Give Warning Message on Sample AS7326_56X

If the label revision is R01F on AS7326_56X, will give warning message when PICOS boots up on this model. This warning message will be also prompted during ONIE installation and upgrade.

FEC Cannot Come into Effect

If a physical port is added to a MLAG, FEC cannot come into effect when reboot PICOS. This issue is fixed in 4.2.2.3.

Physical Ports in SNMP Query

If a port such as xe-1/1/1 is split into 4 sub-ports namely xe-1/1/1.1, xe-1/1/1.2, xe-1/1/1.3, xe-1/1/1.4, xe-1/1/1 should not appear in the output of SNMP query for ifTable (10.10.51.36 1.3.6.1.2.1.2.2.1.2).

Show Banner on Console Port

When telnet to console port connecting to the switch, the banner should be shown up.

NTP Error Log Message

When the space of /tmp/ (maximum 50M) is used up, will print this error message. This issue is fixed in 4.2.2.2.

IPv6 Link Local Address on GRE Interface

The auto configured link local address on GRE interface doesn't work. For example, cannot ping the link local address on a GRE interface from the other end of the GRE tunnel. This issue is fixed in 4.2.2.

Keep OVS Configuration If Upgrade from 3.x to 4.2.2

When upgrade from 3.x to 4.2.2, OVS configuration will be restored and brought into new 4.2.2 version.

Refine Performance on EVPN MAC Learning

When update large number of MAC addresses, such as more than 5K, received from remote VTEP switches, will have severe performance issues such as that VXLAN tunnel may be broken. With this enhancement, the number of MAC addresses learned from remoted VTEP can scale up to 32K.

Public Key Authentication for NETCONF Session

Users authenticated by public key can access to PICOS switch via NETCONF. Please note the public keys of a specific user are supposed to be restored at the home directory, i.e ~/.ssh/authorized_keys.

te-1/1/48 Cannot Link Up on S5248F

Traffic cannot go through the link connecting port te-1/1/48 to other ports on S5248-ON even though te-1/1/48 is up.

Failed to Install Site License on Dell Switches

Site license cannot be installed on Dell switches with Serial numbers having 20 characters. This issue was fixed in 4.2.0.

Multicasting Doesn't Work on LAG Port

If add/delete member ports to/from a LAG port, multicast traffic cannot be routed out of this LAG port. This issue was fixed in 4.2.0.

Speed Setting on SFP/QSFP Port

Speed setting on an SFP/QSFP port from CLI should have higher priority than auto detection by reading out of the inserted SFP/QSFP transceiver.

Filter Log Messages by Date

It doesn't work to filter log messages by date with CLI command "run show log date" under operational mode. This issue was fixed in 4.2.0.

Set PoE Max Power to 90W on AS4630-54NPE/AS4630-54PE Platforms

Fail to set max-power to >30W on "all" ports with command "set poe interface all max-power xxxx" on AS4630-54NPE/AS4630-54PE platforms. In fact, all PoE ports support maximum 90W with 802.3bt capability on AS4630-54NPE/AS4630-54PE platforms. This issue was fixed in 4.2.3.5.

RPSU Display Issue on AS5835

When plug out the power cord of one unit of RPSU on AS5835 switch, this RPSU can still be displayed "power on" in the output of CLI command "run show system rpsu". This issue is fixed in 4.2.3.4.

Fan Display and SysLog Issue on AS5835

If one fan is plugged out, all rear fans are not displayed in the output of CLI command "run show system fan".  This issue is fixed in 4.2.3.4.

KOD SysLog Message

When configure a rogue NTP server, will repeatedly print syslog messages "KOD does nothing without LIMITED". This issue is fixed in 4.2.3.4.

Port LED Issue on AS5835

When traffic goes through QSFP port, xe-1/1/1 or xe-1/1/4, the port LED doesn't blink. This issue is fixed in 4.2.3.2.

Load PHY Firmware from PICOS

The AQR PHY firmware is not always available on the SPI Flash on N32XX and N22XX Dell platforms. If the PHY firmware is failed to be loaded into RAM from SPI Flash, PICOS will load the PHY firmware from software side.

OpenVPN Work with Management VRF & VXLAN Enabled

OpenVPN cannot work when both Management VRF and VXLAN are enabled in old version. This issue was fixed in 4.2.1.