Disable/Enable IP Routing

Add a command which can globally enable/disable IP routing.By default, IP routing is disabled.

Limit Maximum Number of VRRP Interfaces

User can configure maximum 128 VRRP interfaces which is also the maximum number of L3 interfaces.

Tagged/Untagged with Voice-VLAN

If configured "tagged" on a specific port for voice-vlan, will include voice-vlan in the Network Policy TLV sent to the connected endpoint device such as IP phone.And only frames tagged with voice-vlan are sent out to the connected IP phone. Otherwise, Network Policy TLV doesn't include the voice-vlan. And untagged frames are sent out to the connected IP phone.

PVST Manual-Forwarding

Allow user to configure manual-forwarding on a port enabled PVST.

TACACS+ Failover Enhancement

Try TACACS+ servers one by one to do authentication if number of TACACS+ servers configured. Local authentication is used only if all TACACS+ servers are not reachable. If the TACACS+ server is not reachable for authorization, will go back to Linux shell. But in the case that PicOS enters CLI directly, will log off.

MSH8920 - BPDU & LACP Tunneling on Static LAG

On MSH8920, allow user to configure BPDU & tunneling on static LAG port.

Enhancement for PVST/MSTP information in tech_support

Include complete PVST/MSTP information on each VLAN and interface in the tech_support log file.

Refreshing MAC Learning on MLAG Pair Switches

To make sure consistence of MAC table between the 2 MLAG switches, MAC addresses on one MLAG switch will be refreshed depending on the MAC addresses on the peering MLAG switch every 30 minutes.

Remove SSH/Telnet Connection Number Limiting

The connection number of SSH/Telnet can be unlimited by setting the rate-limit of SSH/Telnet as 0.

PoE - Power Negotiation

To support power provision via PoE for Cisco 8861 VoIP phone with 8860 key expansion, support power negotiation via LLDP optional 802.3 Power-via-MDI TLV.

Show Entire Spanning-tree PVST Infomation

Add new command - "show spanning-tree pvst interface vlan all" - to display the entire spanning tree PVST information in addition to per-VLAN PVST information.

DHCP Snooping over MLAG

With DHCP snooping enabled on the MLAG pair switches, ensure DHCP DISCOVERY can go up to DHCP server via trust ports and similarly DHCP OFFER can go down to hosts via MLAG ports.

Kontron - CDP and LLDP Tunneling

Add CDP and LLDPDU tunneling in addition to BPDU and LACP tunneling.

Boeing - Add new OIDs to UCB MIB

Add new OIDs to UCB SNMP MIB:
    - CPU - ssCpuRawSystem, ssCpuRawIdle
    - Memory - memTotalReal, memAvailReal, memTotalFree

OEM - Display timestamp in syslog Message in Millisecond

Keep local syslog message and remote syslog message with consistent format. Format the timestamp into millisecond for the local and remote syslog message.It's an customization feature for Enterprise customers.

OEM - Show System Date in Milliseconds

Display the date/time in milli-seconds, which is supported in the OEM version for Enterprise customers.

Remark DSCP with ACL Rule

Apply action of DSCP remarking to ACL rule with command alike "set firewall filter xx sequence xx then dscp xx"

Configure rate-limit on Egress Queues

Allow to apply rate-limit on each egress queue of a physical interface. It indicates that the traffic in a specific egress queue that exceeds the configured rate-limit will be dropped.

GE Interfaces on AG5628 and AS7312

Allow to configure the speed of 25G interfaces of hardware models with Tomahawk+ - AS5648 and AS7312 - to 1Gbps.

Send Traps if CPU Utilization Thredhold is Exceeded

For seek of TCA (Threshold Crossing Alarm), switch will send SNMP traps for CPU threshold when
    - Total CPU utilization rises above high_threshold
    - Total CPU utilization falls below low_threshold
high_threshold and low_threshold can be configured.

Issue a SNMP Trap if L2 Table Threshold is Exceeded

For seek of TCA (Threshold Crossing Alarms), switch will send SNMP traps if threshold of L2 table is exceeded. The threshold is defined as the percentage of maximum capacity of L2 table.User can change the threshold.

Allow Hyphen "-" in VLAN Name

Allow to include hyphen "-" in VLAN name such as following command,
admin@Xorplus# set vlans vlan-id 10 vlan-name "office-sales"

Add entPhysicalTable per RFC 6933

Support entPhysicalTable (such as entPhysicalDescr, entPhysicalSoftwareRev, entPhysicalSerialNum, entPhysicalMfgName, entPhysicalModelName) included in SNMP Entity MIB (RFC 6933).

2.11.4

2.11.7.5

Support UPoE

Support UPoE on N3048EP-ON and AS4610-54P and AS4610-30P.

Configure Rate Limit by Reference of Percentage

Allow user to configure rate limit on a specific port by reference of percentage of the maximum speed which can be supported by the port.

Add auto Mode to Voice VLAN

Add support for voice-vlan "auto" mode in addition to "untagged" and "tagged" modes. By default, auto mode is enabled on a port configured voice VLAN. Under auto mode, for attached endpoint device that are LLDP-MED capable, voice traffic is requested to be tagged with voice VLAN; otherwise, Voice traffic from attached endpoint devices that are not LLDP-MED capable will be untagged.

Disable SNMP Traps Related to LLDP

Add a command to allow user to disable SNMP trap related to LLDP as following:
set protocols lldp snmp-trap false

Enhancement on Displaying PoE Information

Add 2 columns, "Reserved" and "PD-Class", to the output of "run show poe interface XXXX".

IGMP Snooping over MLAG

If enable IGMP snooping on both MLAG spine switches, IGMP messages including report and query and leave received from an MLAG port on one spine switch should sync up with the peer spine switch which will updates multicast group information. The sources and clients of one multicast group attached to MLAG spine or leaf switches can communicate with each other.

TACACS+ - Add New Command local-auth-fallback

Configure and enable TACACS+. Login to PicOS On in-band/management interface. If TACACS+ server is not reachable or unavailable, will allow to fallback to local authentication if local-auth-fallback enabled.

Press "Enter" key to stop the process of upgrade2

The process of upgrade2 can be aborted before reboot into the update version of PicOS with the prompt message "PRESS ANY KEY TO STOP REBOOT".

Configure the rate-limit of filter rules by reference of kbps

Allow to configure rate-limit of ACL filter rules by reference of kbps in addition to pps.

2.11.14

2.11.7.5

Set Auto Negociation Speeds

Allow user to configure the speeds which can be advertised to the connected device under auto-negotiation mode.

Performance Refinement - ARP Handling

Reduce the time to handle the packet-in ARPs. Allow larger number of protocol packets destined to CPU.

Performance Refinement - Sync up ARP on Active-Active VRRP Devices

The time used to syn up ARP on active-active VRRP devices is reduced drastically.

Support VRRPv3

PicOS supports both VRRPv2 and VRRPv3. The advantage of VRRPv3 is that it supports both IPv4 and IPv6 address families.

MLAG - Sync up MAC Addresses Learned on Orphan Ports the Peer Switch

MAC addresses which are learned on the single-homed ports of one spine switch of MLAG should be synchronized to the peer-link port of the other spine switch. 

Add a Description Field after the Command "run request system reboot" 

Add a description field after the command "run request system reboot" and add this text to the log message. This help Operations track the reason for the reboot through log messages.

MSH8920 - Extend L2-transparency to cover LLDP and CDP

L2-transparency is enabled for LLDP and CDP. Namely, If "set protocols lldp||cdp message-in disable true", the frames of LLDP and CDP will be flooded out of the switch instead of being trapped to CPU.

9747

2.11.9.5

MSH8920 - xe-1/1/2.1 does not work after installing PICOS at its very first time; it needs an extra reboot to starts it

This problem has been fixed in 2.11.9.5.

10118

2.11.9.5

MSH8920 - upgrade2 creates ext3 filesystem for new partition 

This problem has been fixed in 2.11.9.5.

802.1X - Support MAB Authentication, Dynamic VLAN and CoA Function

Extend the 802.1X feature to support MAB authentication, dynamic VLAN and CoA function.

9763

2.11.15

Support 1G speed with DELTA 10G RJ45 Module

Parameters of this module is as following:

Leo Vendor Name : DELTA 

Vendor PartNr : LCP-10GRJ3SRT

Serial Number : 183209100001

Cable Length : 300m

Configure Rate-limit and Burst on Port

Add commands to configure rate-limit and burst to the port on ingress side and egress side. Both L2/L3 and OVS support this new feature.

Hashing with Sorted LAG Member

 In generic, specific traffic will be forwarded out of a LAG member port depending on hashing algorithm with the key configuration. Certain behavior is defined between 2 LAGs with same number of member ports. Assuming ae1 has 4 member ports (1, 2, 3, 4) and ae2 also has 4 member ports (5, 6, 7, 8), with lag_members_sorted enabled, if a traffic is hashed out of port 2 for ae1, the traffic will be hashed out of port 6 for ae2. 

Cable Diagnostics using TDR on RJ45 Interface

Support cable diagnostic function using TDR on RJ45 ports. 

Add a New Command to Configure NAS-IP 

Add a CLI command to let the user configure the NAS-IP address: 
"set protocols dot1x aaa radius nas-ip x.x.x.x" 
This command is to set the nas-ip field in RADIUS access-request message.

Update "run show bgp routes"

Keep the existing “peer” column, but change the heading to “Router ID”. Add a column before the “Router ID” column above, with the heading “Peer”, listing the configured peer IP address of the received routes.

New Additions to NAC

NAC can operates under multi-domain mode or single-host mode with new features including dynamic/downloadable filter and central web authentication. 

Add New Columns to "run show lldp neighbor"
Add to columns - "Platform" and "Capability" - to the output of "run show lldp neighbor"

NAC - Invalid Downloadable ACL
If an invalid downloadable ACL is included in the returned access-accept RADIUS message, the suplicant client will be denied from the network access. And the invalid downloadable ACL will be marked when run "run show dot1x interface gigabit-ethernet XXX".

Show "service-tag"
Add new Cli command - "run show system hwinfo service-tag" - to show service-tag. 

Restore License and User Password Automatically
On OverlayFS platforms such as N3048 and N3132, license key and the updated user password for first login will not be lost if reboot system even though "save_config" is not executed.

Licensing Policy is Updated

In addition to the 4 first ports, extra 2 high speed uplink ports are allowed to be enabled bypassing license checking.

Reboot Fails to Bring up PICOS L2/L3 Processes

It only happens on S4048-ON and S4148F-ON. After reboot, the console keeps displaying the following messages: 
Mar 29 2019 19:20:27 dev2-si kern.err :ismt_smbus 0000:00:13.0: completion wait timed out 
Mar 29 2019 19:20:28 dev2-si kern.err :ismt_smbus 0000:00:13.0: completion wait timed out 
It is caused by hardware limitation of S4048-ON and S4148F-ON. Namely if turn on/off i2c too fast, it may flap. the solution is to tune delay time (i2c_ismt.delay) to 8k ns.

User operator is not Allowed to Login by Default 

User operator is not allowed to login with default password "pica8". That would be a security concern. User operator can be given a password explicitly by admin. 

Disable TCP SACK

Several TCP networking vulnerabilities associated with TCP SACK are identified (https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md). As a work around, TCP SACK is disabled in rootfs of PICOS. 

Raise kernel:__div64_32 Exception Under OVS Mode on PPC Platforms

This issue is raised by overflow of tick based cputime. As a work around, it can be mitigated if enable kernal CONFIG_HZ_250 and set CONFIG_HZ to 250 instead to 1000. With this fix, in theory, the issue will not happen within 6 years.

Host Name is Truncated in rsyslog Messages 

Full host name is not included in the rsyslog messages. 

Support AG7648

The AG7648 is top of rack (ToR) switch designed for data centers.It has 48 10GbE SFP+ ports and six 40GbE QSFP ports.The AG7648 provides comprehensive hardware capability on supporting layer 2 and layer 3 features.

Clean up the Data when Remove an User

Clean up the corresponding data at /pica/config if an user is removed.

MSH8920 - Configure FEC on 10G Febric

Enable/Unable FEC on 10G fabric ports, which is only available on MSH8920.

Indicate That the Interface is Down Due to BPDU Guard

If an interface is brought down by BPDU guard, include the information in the output of "show interface ......".

Kontron - Present portmap Running Configuration

Present portmap setting even if default value - 9x40G_FABRIC - configured with "show | display all".

Kontron - keep executing the rest of the commands in the execution file even if encounter the "same value"

The execute CLI command stops when there exist "WARNING: The same value ..." message. Kontron asks to continue executing the rest in the file.

Power Outages Cause Corruption of pica_start.conf 

The file pica_start.conf is damaged because it is updated by rc.sh but not flushed to the flash when outage happens.Boot process hangs with the damaged pica_start.conf.

Clean up Associated ACL Rules When Delete MLAG

When delete a MLAG, the associated ACL rules should be removed. Otherwiese, specific traffic from the peer link will be dropped.

 DHCP Request are Send When ZTP is Disabled and IP is Configured Statically

DHCP DISCOVERY should not be sent out if ZTP is disabled and static IP address is configured to management interface.

Boot Failure Caused by Configuration File Corrupted

It is possible that PicOS hangs up if power outage happens during boot process, which might damage the config files which is being written.

More Than 2 wtmp Files

It's possible to have more than 2 wtmp files in /tmp/log/wtmp. That does not work as designed.

 Do not Remark Voice Traffic DSCP by Default

It will not update the DSCP of voice packet to 46 by default. User can remark the DSCP of voice traffic with command,
# set vlans voice-vlan dscp [0..63]

Management Interface eth0 is Up even if No cable Plugged in

There is no cable plugged into switch's management interface eth0. But the management interface is up when use Linux tool such as "ifconfig" to display the status of eth0.

Voice VLAN - Remove Default OUIs

OUI is used to identify the attached voice devices such as IP phone. By removing the default OUIs, allow user to configure up to 10 different OUIs.

Kernel Log-Level is Decoupled from the XorPlus Log-Leve

PicOS keeps sending the "kern.debug" messages to syslog server even though the log-level is Info set in XorPlus CLI. The root cause of the problem is because the log-level in XorPlus does not apply to Kernel.

PoE - threshold-mode Setting Does not Work

It does not work to set threshold-mode to 1 on all PoE ports with command "set poe interface all threshold-mode 1".

Corruption of Startup Configuration File

It's possible that startup configuration file pica_startup.boot could be corrupted if power cycle or power outage happens during PicOS boot process. To fix this issue, firstly, will not write back to pica_startup.boot when PicOS boots up. Secondly, will load backup configuration if pica_startup.boot is corrupted.

Remove Date Checking of the License if Downgrade to Previous Version

It does not make sense to check the date of end support of license when downgrade to previous version.

upgrade2 is Broken if There is a Large File in /home/admin

If there is a large file in /home/admin, upgrade2 might be broken by an error of out of memory when tar and compress the file and copy to the second partition. To fix this issue, on the one hand, copy the backup files to the target partition directly instead of tar & gzip & untar; on the other hand, clean up cache memory with /proc/sys/vm/drop_caches.

[N3132] Management Interface is Changed to eth0

The management interface on N3132 is changed to eth0 from eth1. The startup configuration will be lost if upgrade to 2.11.19. To restore the startup configuration, customer should replace "eth1" with "eth0" in a seperate copy of pica_startup.boot and then put it to /pica/config after upgrade. 

AS5600/2.11.16 ONIE Installation Failure 

AS5600/2.11.16 PICOS ONIE Installer fails. Fixed in 2.11.19.

Upgrade to 3.1.0+ on EFI Platform 

We have one version of S4148 which boots into EFI (Extensible Firmware Interface) mode. Upgrade to 3.1.0 from 2.11.19 will work on EFI platforms or non-EFI platforms.

Disable Weak Ciphers for SSHD 

Enterprise customers prefer to have the weak ciphers disabled by default for ssh server. So, disable the following ciphers in PICOS: arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, aes256-cbc,arcfour. 

CPU Utilization is Reported to Reach 100%

It indicates that CPU utilization reaches 100% by checking "/tmp/system/cpuusage". In fact, it's a false alarm from pica_monitor.

Mac Leaning Command Does Not Work at Once

When disable MAC learning on a specific port such as, 

admin@XorPlus# set interface gigabit-ethernet xe-1/1/2.1 mac-learning false

MAC entries do not disappear from the mac table immediately.

MSH8920 - Add option to allow BPDU & LACP to Bypass CPU

On MSH8920, BPDU & LACPDU can be flooded out of switch instead of being trapped to CPU.

PICOS stops host load balance if VRRP is configured

PICOS used to trap all of the VRRP packets to CPU even if they are the host VRRP Keepalive packets for load balance. The fix is to add source MAC address matching field to the VRRP filter.

IGMP Snooping Does NOT Work

After enabling IGMP Snoop, the client is unable to join the group any more.

Duplicate SNMP Traps of LLDP Update

In case of neighbor device with multiple sub-interfaces,the switch will send out an SNMP traps if receive a LLDP PDU including a different port ID with previous one. Eventually,ton of SNMP traps are issued.

Dropping LLDP frames with unknown TLVs

If receive a LLDP PDU with an unknown TLV, the unknown TLV should be skipped instead of dropping the total LLDP frame.

Status of Voice VLAN is Not Correct

If the voice VLAN ID is changed on a specific port, in certain circumstance, the status of voice VLAN is always "working" even the LLDP neighbor is disappeared.

Ignore VRRP Authentication Packets

PicOS does not support VRRP authentication. Issue explicit syslog message if receive VRRP Authentication Packets.

LLDP Frames Dropped by LLDP Module

LLDP module can only process one packet per 1 second in state machine,so there will be packets dropped when more than 1 packet per 1 second per interface. In case of peer device with sub-interfaces configured, the switch sometimes ages out and then re-adds LLDP neighbors even though it is receiving regular LLDP updates for each neighbor every 30 seconds.

IGMP Snooping - Source MAC Address of IGMP Leave Message

If enable IGMP snooping on a switch, because the IGMP leave message sent out of mrouter interface(s) is generated by IGMP snooping, the source MAC address of the IGMP leave message should be the MAC address of the switch instead of the multicast client host.

PIM neighbor can not be Established Between two PIM Router

With IGMP snooping enabled, PIM protocol packets are trapped to CPU. IGMP snooping uses PIM hello message to learn mrouter interfaces automatically. And then, PIM protocol packets are dropped. To fix this issue, PIM protocol packets are flooded out of the switch meanwhile duplicate copies are destined to CPU.

Configure IP address to management interface before starting PicOS

If the static IP address is confiured to management interface, the static IP address will be activated on eth0 before starting PicOS. Ensure that user can access the hardware model even if PicOS is failed to boot up. 

Migrate UDLD fix of 2.7.2S1G to 2.11.7.2

This version (2.11.7.2) of PICOS release will always send out UDLD PDU with Pica8 OUI (0x486E73). But it needs to use the OUI in the UDLD PDU to figure out if the peer device is PICOS 2.7.2S1F (OUI=0x486E73) or Cisco (OUI=0x00000C), and use the corresponding method to calculate the checksum. Anyway, 2.11.7.2 can talk to both 2.7.2S1F (backward compatible) and the future release (forward compatible) via UDLD.

Enable and disable a port when STP is turned on interrupts the traffic

When disable the port with traffic, it switches to the other port after ~550-600ms. But when enable it again, it interrupts the whole traffic.The mac entries are messed up. 

Buffer Management - Refine Headroom and Flow Control

The maximum size of headroom is increased.  If enable flow control and configure speed of the port, the size of headroom is 0.

MLAG - Traffic is Broken when Bring Up One Down MLAG Link

Initially one link of a MLAG is down. And then bring it up, the traffic from upstream device is broken for 5 - 6 seconds.

MLAG - Traffic is Broken when Master Spine Shuts Down

With reload delay configured, the traffic from downstream device is broken for 12 seconds when the master spine shuts down.

Root Guard

If enble root guard on a port, the port will be blocked if received a BPDU with high bridge priority. That can deny devices behind such ports from participation in STP. The blocking is removed as soon as the device ceases to send superior BPDUs. 

VLAN Membership Issue with DHCP Discovery Packets

If enable DHCP snooping, DHCP DISCOVERY packets with unexpected VLAN ID can be received on a port and flooded out of the ports configured with different VLAN memberships. For example, an DHCP DISCOVERY packet tagged with VLAN 608 can ingress ge-1/1/2 and then egress on te-1/1/49 even thought the VLAN608 is only configured for te-1/1/49. e expected only tagged packets on VLAN 19 and VLAN 20 to be allowed to ingress on ge-1/1/2.

CLI Session Hangs Due to PoE Display

CLI hangs when execute command "show poe interface all".

STP Process Crashes on 2.11.5.cloudistics.0/as5812_54x

Cloudistics reports problems related to STP process (pica_mstp) crash. User can restart STP feature from CLI, but the CLI show the protocol is MSTP instead of the configured STP. User has to delete the current force-version and set it back. Then, the show and configuration are consistent.

Don't Allow to Configure Different Filters to the Same VLAN Interface

Add the configuraiton checking which does not allow to configure different firewall filters to the same VLAN interface on ingress side or egress side.

"set system hostname" Does not Update /etc/hostname

Boeing reported that the hostname in /etc/hostname file is not updated with “set system hostname” command,  this causes DHCP requests sent on eth0 to advertise as “xorplus.chs.sc.boeing.com” since the hostname in /etc/hostname is "xorplus"

RR Scheduler Does not Work

The RR (Round Robin) scheduler configured to the egress queues behaviors as the mode of SP (Strict Priority) scheduler.

MSH8920 - Fail to activate LACP and BPDU L2-transparency

If "set protocols lacp||stp message-in disable true", the frames of BPDU and LACP are not flooded out of the switch instead of being trapped to CPU.

Xorp_policy Crash

If configure static routes, xorp_policy will crash and generate coredump file when it shuts down.

Maximum Power Setting on UPoE Ports

The Maximum power that can be provided by an UPoE power of AS4610-54P is 51 watts instead of  64 watts. So the range of max-power of a specific port is changed to [1..51].

The Default Value of lldp-negotiation is TRUE

To symplify the PoE configurtion, the default value of lldp-negotiation for the setting of global/all and local/per-port is changed to true.  

Phone classified as CDP If LLDP Enabled Capabilities are not Set Correctly

Customer has phones which do not set LLDP Enabled Capabilities:Telephone correctly (Not Enabled), but the LLDPDU includes Network Policy TLV requesting policy for Voice application. PICOS LLDP/CDP would classify these phones as CDP phones and send untagged voice related traffic to these phones, which is not expected by the phones because of the LLDP-MED negotiation. PICOS should classify the device as a LLDP-MED phone, if the switch receives LLDPDUs from the phone with LLDP-MED Network Policy TLVs for Voice, EVEN IF the base LLDP has “Enabled Capabilities::Telephone=NO”. The logic is that if the device is requesting LLDP-MED Network Policy for Voice, then it must be a phone, and this overrides the fact that Enabled-Capability::Telephone=NO.

PoE Power Provision Error If the Phone Has Different Chassis IDs with Different IP Addresses

The attached phone sends LLDPDUs with 2 different Chassis IDs which are the values of the IP addresses. Initially, the Chassis ID/IP address is 0.0.0.0 and then becomes such as 104..255.99.11 when the phone gets an actual IP address from the DHCP sever. The initial LLDPDU with 0.0.0.0 requests 12.1 watt. And the following LLDPDU with 104..255.99.11 requests 15.1 watt. Unfortunately, the LLDPDU with 104..255.99.11 is ignored. PicOS switch should continuously check the the TLV of Power Via MDI and provide the power requested by the TLV from the incoming LLDPDU.

Add ifSpeed and ifHighSpeed for Port with 25G and 100G Speed

ifspeed/ifhighspeed MIB value for port with 25G and 100G is not the value as expected, so we add ifSpeed and ifHighSpeed for port with 25G and 100G speed to make the MIB value correct.

Add VLAN Display in Dot1x MAB Table

Present dynamic VLAN of the connected deviced authenticated by MAB. 
admin@Xorplus# run show dot1x mab interface 
Interface Mac Authenticated Dynamic-Vlan 
-------------- ----------------- ------------- ------------ 
ge-1/1/33 00:00:06:00:00:07 true 20 

802.1x Precedes MAB 

To follow the behavior of Cisco, 802.1x will precede MAB if both 802.1x and MAB are available. 

Add the Service Type Attribute in Access Request Message 

Add Service Type attribute in the access request messages sent out to RADIUS to differentiate MAB and 802.1x.

[AS4610-54P]Phone won't power up randomly after disabling & reenabling PoE on UPOE ports. 

Cisco 8845 IP Phone was powered up and working properly on a UPoE ports (ports ge-1/1/44, ge-1/1/48). After disabling and reenabling PoE, somehow it's possible the phone will no longer power up. 

 Don't Allow to Configure 802.1X to LAG Member Port 

Add config checking to prevent LAG member port from being enabled 802.1X.

ECMP max Path Should not Be Changed When Disable Symmetric Hashing

After commit "delete interface ecmp hash-mapping symmetric" successfully, CLI will prompt message "ECMP max path has been changed, please reboot the system for changes to take effect!". It should not change the ECMP max path if disable symmetric hashing. 

Port is not Deleted when Change the User Status

A port is secured by 802.1X and configured with a dynamic VLAN such as VLAN 8. And then the dynamic VLAN is changed to VLAN 9 on the side of RADIUS server such as PacketFence. The re-authentication doesn't change the dynamic VLAN of the port to VLAN 9 on the side of Pica8 switch.

L2/L3 Protocol Packets cannot Be Trapped to CPU on Delta Models

L2 BPDU and L3 protocol packets cannot be trapped to CPU occasionally on Delta models including AG9032 and AG548.

SNMP Trap is not Send out if RPSU Powered On/Off 

SNMP trap - rpsuStatusChangePowerOff or rpsuStatusChangePowerOn - is not sent out if RPSU powed on or off. 

Traffic Failed to Be Mapped to Correct Queue

For TD+ models, if set a forwarding-class with local-priority such as 2 and associate the specific traffic with this forwarding-class, by counter of BCM shell, the traffic goes to egress queue 0 instead 2.

[PVST]Wrong Port Role

In a network topology, Pica8 switch is connected to a Cisco switch. PVST is enabled on the both switch. When get a port on the Pica8 switch down and then up, somehow the role of another port of the Pica8 switch is not correct.

Fail to Query ipNetToMediaPhysAddress and atPhysAddress on AG5648

Fail to query out SNMP OID - RFC1213-MIB::atPhysAddress and IP-MIB::ipNetToMediaPhysAddress.

Include "#" in Shared Key of TACACS+ Session
Allow character "#" to be included in shared key of TACACS+ session.