Rugged Operating system on LinuX v2.4.2 Release ... - RuggedCom

Important Upgrade NotesROX2 – v2.4.2 Release NotesChanges to configuration schema that may occur between major releases are convertedautomatically during the upgrade process. The following items are noted as exceptions to thisrule:(ID# 7086) It is invalid for a VRRP instance name to contain spaces and/or specialcharacters (@, #, $, %, ^, &, *, !, etc.). In previous ROX versions 2.1.x, 2.2.x, 2.3.x,and 2.4.0, if a customer configured a VRRP instance name containing these charactersit was erroneously accepted, resulting in the incorrect functioning of the VRRP service.Starting with ROX v2.4.1 and later, this invalid configuration will no longer be acceptedby the <strong>system</strong>. Therefore customers affected by this issue MUST change the VRRPinstance name prior to upgrading. Specifically the VRRP instance name MUST containletters (lower or uppercase), numbers, underscores, and dashes only. Otherwise the<strong>system</strong> will roll back to the previous ROX release after a failed attempt to boot to the(updated) partition.(ID# 7232) It is invalid for a user account password to left un-configured. In previousROX versions 2.1.x, 2.2.x and 2.3.x, if a customer configured any user accounts withan empty password string, it was erroneously accepted, resulting in bypassing of thepassword validation rules. Starting with ROX v2.4.x and later, this invalid configurationwill no longer be accepted by the <strong>system</strong>. Therefore customers affected by this issueMUST initialize all user account password fields prior to upgrading to v2.4.x and later.Otherwise the <strong>system</strong> will roll back to the previous ROX release after a failed attemptto boot to the (updated) partition.Last updated on: Wednesday, August 07, 20133

ROX2 – v2.4.2 Release NotesChanges in the v2.4.1 Release (ID# 6413) – “Limited Availability”EnhancementsSupport for Dynamic MPLS Label DistributionType: New FeatureProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 5793ROX2 now supports Dynamic MPLS Routing using the Label Distribution Protocol (LDP).SNMP Support for MPLSType: New FeatureProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 6063ROX2 now supports SNMP for MPLS with the following standard MIBs: MPLS-LDP-GENERIC-STD-MIB MPLS-LDP-STD-MIB MPLS-LSR-STD-MIBSupport for MPLS Ping and Status EnhancementsType:Products:ID: 5882New FeatureRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ROX2 now supports an ‘mpls-ping’ command. In addition MPLS status reporting has beenimproved.Support for secure transfer (https) for ROX upgrades and the ROXflash toolType: SecurityProducts:RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Last updated on: Wednesday, August 07, 20135

ID: 6376ROX2 – v2.4.2 Release NotesPreviously ROX supported only FTP and HTTP protocols for software upgrades. HTTPS isnow supported as well; however, a certificate from one of the designated trusted certificateauthorities must be used on the upgrade server. HTTPS support has also been added forROXflash, which also previously supported SFTP, FTP and HTTP.Support for displaying compact flash (CF) card capacity informationType: EnhancementProducts:RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 6308Under /chassis/storage the total capacity of the compact flash and the usage level of thecurrent partition are now reported. This information is of particular importance if installing anapp, such as eLAN, that requires a compact-flash card which is larger (4G) than the standard1G compact-flash card.Timezone UpdatesType: EnhancementProducts:RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 7041Time zone data was updated to reflect changes in Russia, Cuba, and Chili.Operational Status for CrossbowType: EnhancementProducts:RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 6238Status parameters were added under /apps/crossbow to indicate the operational state ofCrossbow.Last updated on: Wednesday, August 07, 20136

Bug Fixes – SwitchingROX2 – v2.4.2 Release NotesSome switch-ports configured as route-only ports do not appear in status tables,due to an internal vlan-range misconfigurationType:Products:MajorID: 6132RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous version of ROX2, converting a ‘switched port’ configuration to ‘routed port’configuration could make it disappear from user interface. Validation checking of the internalvlan-range has been added to prevent a misconfiguration that could result in this issue.Multicast traffic not forwarded out of a L3 switch 1G Ethernet port after the portwas removed from a Port TrunkType:Products:MajorID: 6190RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512If a 1Gbps port of a Layer 3 Switch was a member of a port trunk and later was removed fromthe trunk, the switch still erroneously considered it a port trunk member when forwardingmulticast traffic. As a result, multicast traffic might not be forwarded out of the port. This hasbeen corrected.NOTE: This problem also existed on the RX15xx 2-port 100-FX Line Module.Network traffic may not be switched properly after the removal of a Port TrunkType:Products:MajorID: 6381RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512If a port trunk was removed from the switch configuration, in some scenarios the switch stillerroneously considered its ports’ trunk members when forwarding traffic. As a result, trafficmight not be forwarded out of some of those ports. This has been corrected.RSTP BPDU’s might not be processed when ingressing a port on 100M EthernetLM of a L3 switch, while the switch is under an IGMP packet stormType:MajorLast updated on: Wednesday, August 07, 20137

ROX2 – v2.4.2 Release NotesIf an RX5000/M5000 was populated with a 88G no-port Switching Module, in some scenariosan attempt to flush the switch MAC Address Table was failing and the "dxBusyWait:timeout"message was logged in the syslog. Failure to flush the MAC Address Table could potentially(e.g. upon a topology change) result in losing connectivity with some network nodes until theirMAC addresses are aged out or relearned by the switch. This has been corrected.Source MAC address based CoS assignment is not supported on 1G EthernetLM’s of a L3 switchType:Products:MinorID: 5135RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512If a static MAC address is configured to be prioritized in the Static MAC Address Table, aframe should be prioritized by the switch, if the configured MAC address is either the frame’ssource or destination address. However, in a Layer 3 switch, frames ingressing 1G LineModules were only prioritized based on their destination MAC address, while the source MACaddress was ignored. This has been corrected.NOTE: This problem also existed on RX15xx 2-port 100-FX Line Module.L3 switch multicast forwarding rules in RX5000 with 88G Switching Module donot properly display egress VLAN interfacesType:Products:MinorID: 6008RX5000, MX5000Layer 3 Switch multicast forwarding rules have an “Out-VLAN” parameter which should listone or more egress VLAN’s. Instead, in RX5000 with 88G Switching Module, the parameterwas always displayed as “N/A”. This has been corrected.L3 switch forwarding rules summary table is displayed empty, even if L3switching is activeType:Products:MinorID: 6119RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Last updated on: Wednesday, August 07, 20139

ROX2 – v2.4.2 Release NotesEven when Layer 3 Switch had active forwarding rules and traffic was actually switched theLayer 3 Switch forwarding rules summary table was displayed empty by User Interface. Thishas been corrected.MAC address based frame prioritization may not modify egress frame’s VLANtagpriorityType:Products:MinorID: 6617RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512If a frame is prioritized based on its source/destination MAC address and egresses the switchVLAN-tagged, its egress VLAN-tag priority value should be set according to the configuredprioritization (i.e. to the assigned CoS). That means, if the frame ingressed the switch taggedand was prioritized based on its source/destination MAC address, its tag priority value mayneed to be modified. However, the egress VLAN-tag priority value was never modified inframes that ingressed a 1G Ethernet Line Module port and were prioritized based on thesource/destination MAC address. This has been corrected.NOTE: This problem also existed on RX15xx 2-port 100-FX Line Module.When a switch port was configured to be a routed port, a duplicate interface wascreated in the user-interfaceType:Products:MinorID: 6648RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Configuring a switch port to a routed port resulted in a change of the SNMP ifindex it is beingreported under, leading to it subsequently being reported as a new interface. This has beencorrected.Cable Diagnostics Calibration configuration parameter is ignored whenperforming diagnosticsType:Products:MinorID: 6680RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Last updated on: Wednesday, August 07, 201310

ROX2 – v2.4.2 Release NotesThe Cable Diagnostics Calibration parameter did not function properly and was ignored by theswitch when performing cable diagnostics. As result, the distance in the diagnostics resultmight not be precise. This has been corrected.MSTI status not always displayed correctlyType:Products:MinorID: 6729RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Different Multiple Spanning Tree Instance status parameters were often displayed with wrongvalues. This has been corrected.Bug Fixes – Routing, Firewall, and L3 ProtocolsThe <strong>system</strong> would silently ignore an invalid Traffic Control configuration if nominimum bandwidth was specifiedType:Products:MajorID: 5697RX1500, RX1501, RX1510, RX1511, RX1512In ROX versions 2.2.x, 2.3.x, and 2.4.0 the minimum bandwidth should have been mandatory;however, configurations without it were accepted and silently ignored. This has beencorrected with a validation error. Note: if upgrading to 2.4.1 with an invalid Traffic Controlconfiguration, the Upgrade System will halt and prompt the user to correct the configurationsbefore proceeding.MTU size is not restored when MPLS is enabled and then disabled, causingunexpected IP packet fragmentationType:Products:MajorID: 5891RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512When MPLS is enabled, the MTU size is reduced from 1500 to 1496 to accommodate theMPLS header. When MPLS is later disabled, the MTU size is then restored to 1500. In theprevious release, IP Packets were unexpectedly fragmented because the MTU size was notbeing restored after MPLS was disabled.Last updated on: Wednesday, August 07, 201311

ROX2 – v2.4.2 Release NotesMPLS labels not inserted by LER because IP traffic is layer-3 switchedType:Products:MajorID: 5947RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Packets that were supposed to be MPLS-switched by the Layer 3 switch, i.e. with an MPLSlabel inserted, were actually Layer3-switched as if they were not subject to MPLS, i.e.egressed without the MPLS label.Multicast traffic still forwarded to a PIM pruned interface after the traffic is reroutedType:Products:MajorID: 6049RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512After a topology change it was possible for some interfaces to continue to receive multicasttraffic that should have been pruned. This has been corrected.Traffic from some SIP phones is blocked when firewall is enabledType:Products:MajorID: 6378RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512If firewall was enabled, traffic from some models of SIP phones would be blocked. This hasbeen fixed.L2TP tunnel was interrupted when performing IPSec re-keyingType:Products:MajorID: 6482RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Both unicast and multicast traffic in an L2TP tunnel would get interrupted every 60 to 70seconds when IPsec performs re-keying. This has been corrected.The exclude option for a BGP route-map filter was misinterpreted by the <strong>system</strong>Type:MajorLast updated on: Wednesday, August 07, 201312

Products:ID: 6618ROX2 – v2.4.2 Release NotesRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512If both prepend and exclude options were specified for a BGP route-map filter, the prepend parameterwas being applied to the exclude option. This has been corrected.Could not configure multiple static routes with the same source and differentdestinationsType:Products:MajorID: 6862RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Same-source static routes can now be included in the configuration.The <strong>system</strong> allowed firewall configuration with missing zoneType:Products:MajorID: 6866RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512A validation error has been added in the case that a firewall configuration is committed withmissing zone, thus not allowing this configured state to be committed.MPLS forwarding and static-crossconnect tables are not available in CLI andWebUIType:Products:MajorID: 6724RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Both the forwarding and static-cross-connect tables are now displayed correctly from the CLIand WebUI.A static multicast route could not be added if there were more than 32 entriesalready configured on the interfaceType:Products:MajorRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Last updated on: Wednesday, August 07, 201313

ID: 6963ROX2 – v2.4.2 Release NotesA static multicast route could not be added to the configuration if there were 32 entries alreadyconfigured on both the ‘in’ and ‘out’ interfaces. This has been corrected.With a specific DHCP configuration, some commands and configurationchanges are locked out for several minutes after bootType:Products:MajorID: 6972RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512This occurs if a switched interface is configured as a listening interface for DHCP server.After a boot-up a ‘Svcmgr application communication failure’ would be reported in syslog.Furthermore, Svcmgr commands and other configuration changes would be locked out forseveral minutes after boot-up.When a black hole static route is deleted, all other static routes disappear andthe black hole remainsType:Products:MajorID: 7029RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512When there were several static routes defined with one being a black hole and the black holewas deleted, the configuration database was updated correctly but all the other static routeswere falsely deleted from the running configuration while the black hole static route remained.Then upon reboot, the running configuration (with only the black hole static route deleted)would be restored from the configuration database. That behaviour has been corrected: nowremoving the black hole static route immediately removes only the black hole from both theconfiguration database and the running configuration.Edge LSR router does not show the destination network and label for the LFIBtableType:Products:MinorID: 5874RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Last updated on: Wednesday, August 07, 201314

ROX2 – v2.4.2 Release NotesGiven a 3-unit MPLS network configured with static routing, the MPLS forwarding table on theedge LSR router now has an entry in the forwarding table for the destination network with thespecified outgoing label. The MPLS IP binding table lists the static binding correctly. And nowthe LFIB table is also populated correctly.MPLS Static does not accept the binding for a network prefix which is learnedthrough dynamic routingType:Products:MinorID: 6152RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Static bindings are no longer restricted to those already present in the static routing table.Static bindings can now be learned through dynamic protocols such as OSPF.When displaying the MPLS forwarding table, there is no separation between inlabeland out-label if the in-label is 7 digits in length.Type:Products:MinorID: 6154RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512When displayed via the CLI command 'show mpls status forwarding-table', the columns forLocal Label and Outgoing Label are now wide enough to support proper display of themaximum label ID.Sometimes traffic with multiple hops in an OSPF network would not resumeafter link recoveryType:Products:MajorID: 6532RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512When a host - connected to an OSPF network with ROX2 devices - lost its link, sometimestraffic would not resume upon recovery of the link, if the traffic traversed multiple hops. Thishas been corrected.Last updated on: Wednesday, August 07, 201315

ROX2 – v2.4.2 Release NotesVRRP configuration was not applied if the instance name had spaces and otherspecial charactersType:Products:MinorID: 7086RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Spaces and some special characters in the VRRP instance name are not valid, however,previous versions of ROX accepted the incorrect configuration with no errors reported, andthe VRRP would not function as a result. In version 2.4.1, the <strong>system</strong> only allows VRRPinstance names that contain letters, numbers, ‘-‘, and ‘_’. Note that if such a VRRP instancename does exist within the configuration of a previous release, it must be (manually) reconfiguredbefore upgrading to version 2.4.1.Last updated on: Wednesday, August 07, 201316

ROX2 – v2.4.2 Release NotesBug Fixes – WAN, Serial and Cell modem protocolsVery rarely T1/E1 link will lose one or two packets due to CRC errorType:Products:MajorID: 3152RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 very rarely (approximately once every 300+ hours with fullbandwidth) will lose one or two packets on the T1/E1 interface due to CRC error. This hasbeen corrected.Smaller MTU sizes does not work with DDS PPP interface without configuringtraffic controlType:Products:MajorID: 5445RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2 if the MTU of a DDS PPP link is configured to be smaller thanthe default and traffic control is not configured, the link will drop packets. This has beencorrected.Cellmodem was unable to connect to a service provider when usingusername/password option with CHAP authenticationType:Products:MajorID: 6178RX1500, RX1501, RX1510, RX1511, RX1512If a service provider required a username/password for CHAP authentication of the PPPconnection, the cell modem would fail to connect. This has been fixed.TCP connections on serial ports take a long time to re-establishType: MajorProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 6410Last updated on: Wednesday, August 07, 201317

ROX2 – v2.4.2 Release NotesWhen a TCP connection to a serial port was closed, attempts to re-establish it were unsuccessful forup to 3 seconds. This has been corrected.GOOSE packet would not get forwarded to remote network over L2TP tunnel, ifthe packet was ingress from an L2TP tunnelType:Products:MajorID: 7123RX1500, RX1501, RX1510, RX1511, RX1512If the router was configured to receive L2TP traffic over a WAN interface and to forward thattraffic to another remote network over a WAN interface, the packets would get dropped. Thishas been corrected.GOOSE tunnel traffic flow to multiple remote networks is stopped during singlepoint of failureType:Products:MajorID: 7151RX1500, RX1501, RX1510, RX1511, RX1512This applies if the device is forward/receiving traffic over a GOOSE tunnels from multipleremote networks. When the WAN link to one of the remote networks goes down, it waspossible to lose connection to the GOOSE tunnels on other WAN links.Bug Fixes – Device OAMPassword Complexity Rules can be BypassedType:Products:SecurityID: 6624RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Password complexity rules are ignored if password is entered directly into the 'Password'field, instead of using ‘set-password’ command. This has been corrected.HTTPS access of the Web User-Interface accepted weak ciphersType:SecurityLast updated on: Wednesday, August 07, 201318

Products:ID: 6842ROX2 – v2.4.2 Release NotesRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previously, ciphers with 56 bits were accepted. Now, only ciphers with 128 bits or higher willbe accepted.Incorrect authentication error messages were logged in auth.logType:Products:CriticalID: 6443RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The auth.log reported login failures even though the login was successful. This has beencorrected.Authentication via RADIUS server failed after UpgradeType:Products:CriticalID: 6533RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512After Upgrading from ROX 2.3.0 to ROX 2.4.0, authentication via RADIUS server fails andonly local authentication is possible. This has been corrected.After an upgrade from ROX 2.3.x/2.2.x to ROX 2.4.0, the device rolled back to theprevious release for certain configurationsType:Products:Critical / MajorRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 6637, 6641, 7089,After upgrading to ROX 2.4.0, the device rolled back to the previous release version if specificswitch configurations existed as follows:If link aggregation (trunk) was configured.If route-only port option for a switch port was used in 2.3.x before the option was fullysupported in 2.4.0 (as help-text in 2.3.x indicated)In some cases, if static vlans were configured and the customer’s configurationoriginated from a beta pre-release during 2.2.x or 2.3.x development.Last updated on: Wednesday, August 07, 201319

ROX2 – v2.4.2 Release NotesLink up/down alarms for the CM and EM Ethernet ports were sometimes notraisedType:Products:MajorID: 6451RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512This issue affected the fe-cm-1 port on both the RX15xx and MX/RX5000 models, as well asthe fe-em-1 port on the MX/RX5000 model only. If these ports were continuously flippedbetween the up and down state, sometimes the alarm was not raised. This has beencorrected.Clicking ‘+’ icon in web interface for CDMA activation container would causeunit to rebootType:Products:MajorID: 6870RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The ‘+’ icon should not have been available to the user to create the container; the containeris only created by the <strong>system</strong>. This icon has been removed.While in edit-exclusive mode /admin/full-configuration-load action would failwith no indicationType:Products:MajorID: 7032RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The /admin/full-configuration-load action is not supported in the ‘edit-exclusive’ configurationmode. The user-interface now informs the user of this with an error message. If a customerwishes to load a full configuration file in the ‘edit-exclusive’ mode, they may do so using the‘config’ mode of the CLI via the ‘load override’ command.Querying LDP status tables when LDP is disabled causes application errorType: MinorProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 6149Last updated on: Wednesday, August 07, 201320

ROX2 – v2.4.2 Release NotesWhen LDP is disabled, a CLI or WebUI request to display any LDP status table would causean application error. This has been corrected.SNMP trap was not generated when input power recovers after a failureType:Products:MinorID: 6436RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The <strong>system</strong> did not generate an SNMP trap when a power module's input power recoversafter a failure. This has been corrected.Real Time Clock battery-low alarm may falsely trigger at subzero temperaturesType:Products:MinorID: 6588RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 may falsely trigger a real time clock low-battery alarm at sub zerotemperatures. This has been corrected.Administratively disabling or hot removal of WAN module ports causes smallmemory leakType:Products:MinorID: 6592RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 will leak a small amount (< 100 KB) of memory when WANmodule ports are disabled or hot removed. This has been corrected.24V PM with hardware revision number 3 or higher would report I/O error in logsType: MinorProducts: RX1500, RX1501, RX1510, RX1511, RX1512ID: 6774The I/O error reported in the log had no functional impact; it no longer occurs.Last updated on: Wednesday, August 07, 201321

ROX2 – v2.4.2 Release NotesBug Fixes – Line ModulesFX09 Line Module (2x 100Fx Singlemode 1310nm SC 90km) ports are notfunctionalType:Products:MajorID: 6550RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 will recognize the RX15xx FX09 LM, but provide no useable ports.This has been corrected.Cell modem became non-functional if USB connection on Line-module wasbriefly lostType:Products:MajorID: 6610RX1500, RX1501, RX1510, RX1511, RX1512The driver for the cell modem would lockup if the internal USB connection was lost and reestablished.This has been correctedDuring power brownout where the device rebooted, an APE LM's Ethernet link tothe Control Module fails to re-establish itselfType:Products:MajorID: 6543RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, if the device is rebooted due to short momentary power loss(i.e. a power outage approximately less than 1 second), as the chassis reboots the APE LM'sethernet link to the Control Module does not recover; a manual disabling and re-enabling ofthe LM is required to recover the link. This has been corrected.Line module temperature sensor information is not displayedType: MajorProducts: RX1500, RX1501, RX1510, RX1511, RX1512Last updated on: Wednesday, August 07, 201322

ID: 7087ROX2 – v2.4.2 Release NotesPrevious versions of ROX2 will fail to show the temperature information of RX15xx linemodules when queried using the show chassis sensor command. This has been corrected.Repeatedly swapping line module will lead to an invalid log entry indicatingpower usage exceeding the chassis's limitType:Products:MinorID: 4667RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, as a line module is repeatedly swapped, the chassis willerroneously log an entry that the maximum current limit has been exceeded when in fact ithas not. This has been corrected.syslog entries from the layer2 module do not reflect updated <strong>system</strong> timeType:Products:MinorID: 5524RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512If <strong>system</strong> time was reconfigured/updated after the device reboot, syslog entries of the ‘layer2’module were still time stamped according to the <strong>system</strong> time at the time of reboot.Order field is not properly shown after re-insertion of Line Module.Type:Products:MinorID: 5736RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous version of ROX2, on the first time of insertion (the device is booted without serialLine Module then it is inserted) the order code is shown properly. Then if the Line Module isremoved and re-inserted back to the same slot, the order-code field shows “XX”. This hasbeen correctedLast updated on: Wednesday, August 07, 201323

Known Limitation in the v2.4.1 releaseROX2 – v2.4.2 Release NotesManually disabling an Ethernet LM is applied on next boot onlyType:Products:MajorID: 2551RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512If an LM is manually disabled while operational, this configuration change will be applied onthe next boot. This limitation will be in place until full Hot Swap support is available forEthernet LMs.Only Power Supply Modules and Serial LM's are Hot-swappableType:Products:MajorID: 3611RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The full hot-swap functionality for line modules is not part of the ROX 2.4 release. For thisrelease, only the Power-supply Module (PM) and the Serial LM's are hot-swappable.The web user-interface allows multiple edit-exclusive sessionsType:Products:MajorID: 7065RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The <strong>system</strong> should only allow one ‘Edit-Exclusive’ session at a time. This is properly enforcedin the CLI, however within the webUI multiple sessions are permitted. The ‘Edit-Private’ modeis recommended for most webUI users. If using ‘Edit-Exclusive’ mode within the webUI, besure to first confirm that there are no other Edit-Exclusive sessions in progress by clicking onthe ‘tools’ tab and viewing the ‘users’ list.When creating a user account via NETCONF, the password must be specified asan md5 hashType:Products:MajorID: 7076RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The password configuration parameter has been changed to only allow md5 hashedpasswords. Please refer to the NETCONF user guide for instructions on hashing yourpassword. CLI and webUI users may continue to specify plain-text passwords using the setpasswordaction.Last updated on: Wednesday, August 07, 201324

Last updated on: Wednesday, August 07, 201325ROX2 – v2.4.2 Release Notes

Changes in the v2.4.0 release (ID# 4966)New hardware supported88 Gigabit Switch-Module (SM) adds ‘IP/Layer3’ supportType:Products:ID: 5208New FeatureRX5000, MX5000ROX2 – v2.4.2 Release NotesThe RX5000 adds two 88Gbps Switch-Modules to the SM family. Both modules provide fourlanes of gigabit bandwidth (4 Gbps total) to each of the 6 slots on the RX5000. Additionallythe SM69 provides two local / uplink 10G SFP+ Ethernet ports on the front-panel (20 Gbpstotal) while the SM61 does not provide any uplink ports. Both modules now add support forLayer 3 (IP) switching in this release.Hardware acceleration adds support for PIM operationType:Products:New FeatureID: 3627, 5385RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ROX 2 adds hardware acceleration support for ‘Protocol-Independent-Multicasting’ (PIM)dynamic routing operation.Support for ‘Bypass Relay’ added on M12 LMType:Products:New FeatureID: 5568, 6095RX1500, RX1501, RX1510, RX1511, RX1512ROX2 adds support on the RX15xx platform for ‘Bypass Relay’ functionality for the M12 Linemodules.The M12 connector type is designed explicitly to satisfy requirements within theRailway industry.Support for new Power Modules (PM) with ‘Active Load Balancing’Type: New FeatureProducts: RX1500, RX1501, RX1510, RX1511, RX1512Last updated on: Wednesday, August 07, 201326

ID: 5582ROX2 – v2.4.2 Release NotesROX2 Power Management has been extended to better support the Power-supply Moduleswith ‘Active Load Balancing’ facilities.New OAM featuresSupport for Password Complexity CheckingType: New FeatureProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 4020ROX2 now has support for the following password complexity configuration values: minimum-length maximum-length special-characters-required upper-case required lower-case required digits requiredNew options for the ‘Restore Factory Defaults’ commandType: EnhancementProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 5569, 6279The ROX2 ‘restore-factory-default’ command now supports the following optional parameters: delete-logs default-both-partitions delete-saved-configurations shutdownSupport for ICMP Redirection ConfigurationType:New FeatureLast updated on: Wednesday, August 07, 201327

ROX2 – v2.4.2 Release NotesProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 5572ROX2 now supports ICMP redirection controls with the following options: Ignore ICMP ALL Ignore ICMP Broadcast TCP Syn Cookies Send ICMP RedirectSupport for Installation and Upgrading ROX ApplicationsType: New FeatureProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 5873ROX2 now supports field-installation of Add-on applications that are compatible with ROX.Framework support for (future) ‘Crossbow SAC’ applicationType:Products:New FeatureID: 4545, 5873RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ROX2 has introduced a framework to support the future installation and configuration of the<strong>Rugged</strong>Com ‘CrossBow SAC’ application. This feature will be demonstrated when a futurerelease of the ROX2 compliant ‘CrossBow SAC’ becomes available.Framework support for (future) ‘eLAN server ’ applicationType:Products:ID: 4552New FeatureRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ROX2 has introduced a framework to support the future installation and configuration of the<strong>Rugged</strong>Com ‘eLAN server’ application. This feature will be demonstrated when a futurerelease of the ROX2 compliant ‘eLAN server’ becomes available.New alarms and SNMP traps availableType:New FeatureLast updated on: Wednesday, August 07, 201328

ROX2 – v2.4.2 Release NotesProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 6004, 4580, 3834, 5916, 4787, 6038ROX2 now has support for several new alarm types:Link Up/Down Alarms/Traps for fe-cm-1, fe-em-1, WAN Interfaces, and CellmodemInterfacesRTC Battery Low AlarmModule Type Mismatch Alarm/TrapCrypto Certificate Expiry AlarmDS1 Line Status Change TrapNew Certificate Management featureType:Products:New FeatureID: 4597, 5936RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ROX2 now stores the PKI Keys and Certificates used by IPSec, eLAN, and Crossbowapplications within configuration store. Private Keys are encrypted using AES-CFB128 foradded security.Setting device time is now more user-friendlyType: EnhancementProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 2406The ROX2 command for setting device time is now more user friendly.Configurable Login authentication method (Local and/or RADIUS)Type:Products:ID: 2805EnhancementRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ROX2 now supports the configuration of the User Authentication method for either “LocalOnly” or “RADIUS then Local” operation.Last updated on: Wednesday, August 07, 201329

ROX2 – v2.4.2 Release NotesNew routing featuresSupport for MPLS Label-Switched PathsType: New FeatureProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 4905, 4918ROX2 now supports ‘Layer 3’ MPLS forwarding and the creation of static LSPs.New Update-Source Configuration Option for BGPType:Products:ID: 5410EnhancementRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ROX2 has a new BGP neighbor configuration value called “update-source”. It is neededwhenever the dummy0 IP address is used as the neighbor IP address on both BGP peers.New tunneling featuresIPSec supports configuration for IKE LifetimeType:Products:ID: 6282EnhancementRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The ROX2 IPSec configuration now includes the ability to configure the IKE lifetime. Thisextension improves interoperability with Siemens Scalance devices.IPSEC now supports using ID_DER_ASN1_DN for left/right IDType:Products:ID: 5275EnhancementRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The ROX2 IPSec support now includes the ability to configure the ID_DER_ASN1_DN for theIPSec left/right ID values.L2TP support for Windows 7 clients has been improvedLast updated on: Wednesday, August 07, 201330

Type:Products:ID: 4911EnhancementROX2 – v2.4.2 Release NotesRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The ROX2 L2TP support for Windows 7 clients has been improved for the case where theclient is using PSK with NAT-Traversal enabled.L2Tunnel now supports replacing sender's MAC AddressType:Products:ID: 5635EnhancementRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The ROX2 Layer 2 Tunnel feature now includes the option to replace the sender's MACAddress.Last updated on: Wednesday, August 07, 201331

New Ethernet featuresROX2 – v2.4.2 Release NotesSupport for switched Ethernet Routed mode port configurationType:Products:ID: 3566New FeatureRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ROX 2 now supports a simple way to configure switching Ethernet ports to operate in a‘routed port’ mode. This ‘routed port’ mode isolates the IP traffic on that port from otherswitched IP traffic. By default all switched Ethernet ports are in ‘switchport’ Mode.SFP media Information is now availableType: EnhancementProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 3593ROX 2 now displays the media type information for SFP plug-ins.Static MAC learning wildcard supportType:Products:EnhancementID: 4083,3584RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ROX 2 now supports up to 6 wildcard entries ('*') for the lower order values as part of StaticMAC configuration.New Serial featuresSupport for Raw Socket UDP Transport via Serial ServerType: New FeatureProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 5571The ROX2 Serial server now supports a ‘Raw Socket UDP Transport’ option.Support for ‘hot-swap’ on the Serial LMLast updated on: Wednesday, August 07, 201332

Type:Products:ID: 4563New FeatureROX2 – v2.4.2 Release NotesRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ROX2 now supports the hot-swapping of Serial Line-modules. Note that for hot-swap of serialLM to work fully, the replacement LM must be of the same type as the one being replaced.Support for IPv6 addresses with Serial ServerType:Products:EnhancementID: 5694,4538RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The ROX2 Serial server now supports the use of IPv6 Addresses. The Serial server hasimproved log messages whenever encountering error conditions.Support for updating of DNP device address tablesType: EnhancementProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ID: 4532The ROX2 Serial Server now supports the updating of DNP Device Address Tables.Serial server now more efficientType:Products:ID: 4384EnhancementRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The ROX2 Serial server's performance has been optimized to improve its efficiency whilesupporting a large number of serial ports.New WAN featuresExtended T1/E1 StatisticsType: New FeatureProducts: RX1500, RX1501, RX1510, RX1511, RX1512ID: 5405Last updated on: Wednesday, August 07, 201333

ROX2 – v2.4.2 Release NotesROX2 now supports the display of additional T1/E1 Statistics. These new fields includereliability, create-time, last-status-change, txload, and rxload counters.Bug fixes in the 2.4.0 ReleaseAdded password configuration for the BIST and ‘Maint-Login’ modesType:Products:SecurityID: 5570RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ROX2 now supports optional password protection for accessing the Build-In-Self-test (BIST)mode available via the local console when the device is rebooted. The password required foran administrator role user to access the “maint-login” shell (a.k.a. the Linux 'root' userpassword) can also be changed. The commands “set-boot-password” and “set-maintpassword”can be found under “admin authentication”.HTTP to HTTPS Redirection can now be disabledType:Products:SecurityID: 5955RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512ROX2 now provides users the option to disable automatic redirection of HTTP connectionrequests to the HTTPS interface. This option was added to allow users to no longer listen onport 80.Authentication credentials used in SSH and HTTPS are static in ROX2Type:Products:SecurityID: 5689RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 all shipped with a common set of credentials (privatekeys/certificates for SSH and HTTPS). Now all ROX2 devices ship with factory generateduniquely credentials. Customers may also refresh these credentials using a special scriptstored under the ‘maint-login’ access (Maintenance Shell).Web API allowed users to execute commands above their privilege levelType: SecurityProducts: RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Last updated on: Wednesday, August 07, 201334

ID: 5348ROX2 – v2.4.2 Release NotesPrevious versions of ROX2 were vulnerable to “Javascript Hacking”. By manipulating theWebUI javascript a remote, authenticated user could execute commands that exceeded theirprivilege level. This problem has been fixed.Device unmanageable during Denial of Service SYN attackType:Products:SecurityID: 4803RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 were vulnerable to a form of Denial of Service attack known as“SYN Flooding”. This has been corrected.Port 111 (rpcbind) is always openType:Products:SecurityID: 5644RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 always left ‘port 111’ (rpcbind) in an ‘open’ state. Now this port isonly open whenever the L2TP service has been configured.Crashes repeatedly on configuring DHCP server and relayType:Products:CriticalID: 5623RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 could crash, if the DHCP Server and the DHCP Relay serviceswere both configured on the same device. This has been corrected.Device with simultaneous dual-cell modem interface can cause kernelexceptionType:Products:CriticalID: 5814RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 could crash if two cell modems were used simultaneously. Thishas been corrected.Last updated on: Wednesday, August 07, 201335

CM reboots continuously when time is invalidType:Products:CriticalID: 5939ROX2 – v2.4.2 Release NotesRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 could exhibit indefinite rebooting when the ‘Real-Time-Clock’(RTC) time was in an invalid state. This might occur if the RTC time exceeds the capacity ofthe 32-bit unix storage class. This has been corrected.Unexpected Switch Internal Configuration Alarms/ErrorsType:Products:MajorID: 6057RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 could raise ‘Switch Internal Configuration Alarms’ unexpectedly.This has been corrected.High-count (64-bit) SNMP counters in IF-MIB are stuck at zeroType:Products:MajorID: 5919RX1500, RX1501, RX1510, RX1511, RX1512Several 64-bit counters in the IF-MIB always return zero for the following interface types:cellular, serial, route-only Ethernet, and virtual switch. This has been fixed.Traffic Control (qos) interface name allows incorrect valuesType:Products:MajorID: 5764RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 allowed invalid interface names to be configured under the TrafficControl (QoS) feature. This has been corrected.Learned MAC address not shown in Static MAC tableType:Products:MajorRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Last updated on: Wednesday, August 07, 201336

ID: 2261ROX2 – v2.4.2 Release NotesPrevious versions of ROX2 did not display learned MAC address values in the Static MACTable. This has been corrected.Link Alarm behavior is inconsistent with ROSType:Products:MajorID: 5817RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 did not support the automatic clearing of conditional alarms. Thisfeature has been added (see the new “auto-clear” toggle under alarm configuration).LEDs flash and packets dropped for ‘fe-cm-1’ and ‘fe-em-1’ portsType:Products:MajorID: 5424RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 could boot in a bad state recognized as identified by unexpectedLED flashing on the ‘fe-cm-1’ and ‘fe-em-1’ ports. Data packets being forwarded throughthese interfaces may also be dropped in this state. This has been corrected.One out of 32 channels is down after enable PPP over max E1 channelsType:Products:MajorID: 5958RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 were unable to use all 32 E1 channels after PPP service wasenabled. This has been corrected.Save/load commands may fail on some variants of the RX15xx if they haveconformal coated parts on the CMType:Products:MajorID: 5611RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 on RX15xx devices may be unable to reload their configuration ifthey have conformal coated sub-assemblies. This has been corrected.Last updated on: Wednesday, August 07, 201337

ROX2 – v2.4.2 Release NotesNo IGMP queries are sent out of dynamic multicast routing enabledinterfacesType:Products:MajorID: 5192RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 would not send IGMP queries out interfaces with dynamicmulticast routing enabled. This has been corrected.MLPPP logical interface lost under loadType:Products:MajorID: 5404RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 could drop MLPPP logical interfaces at high load. This has beencorrected.Changing PVID may not take effect if combined with manipulating'Forbidden Ports" setting involving the portType:Products:ID: 5534MajorRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 could fail to apply a PVID change if the set of changes includedthe configuration of the Forbidden Ports value. This has been corrected.Configuring interface with name "" through NETCONF locks theconfiguration databaseType:Products:MajorID: 5270RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 could be left unable to configure the device without a reboot ifNETCONF is used to configure an empty interface name. This has been corrected.Cost on GRE tunnel didn't take affectType:MajorLast updated on: Wednesday, August 07, 201338

Products:ID: 6163ROX2 – v2.4.2 Release NotesRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 did not apply the cost on GRE tunnel configuration. This has beencorrected.GRE tunnel deletion didn't work properlyType:Products:MajorID: 6156RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 did not delete GRE tunnels properly as part of a configurationchange. This has been corrected.Layer3 ARP config table may encounter corruption on <strong>system</strong> initializationType:Products:MajorID: 6125RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 could create corruption in the Layer 3 ARP Configuration affectingthe Switch ASIC (data-plane) initialization File. This has been corrected.Bad MLPPP performance, especially while device heavily loadedType:Products:MajorID: 5188RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 had low MLPPP performance, especially while the device washeavily loaded. This has been corrected.Enabling ‘on-demand’ on T1/E1 interface of one unit should bring downthe T1/E1 logical interface on bothType:Products:MajorID: 4270RX1500, RX1501, RX1510, RX1511, RX1512Previous versions of ROX2 had a behavior whereby enabling ‘on-demand’ on a T1/E1interface of one unit would not bring down the T1/E1 logical interface on both devices. Thishas been corrected.Last updated on: Wednesday, August 07, 201339

ROX2 – v2.4.2 Release NotesThe CLI command “full-configuration-load” failuresType:Products:MajorID: 5775, 5333RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, the command “load-full-configuration” did not work properly.One reason for this is that there was a conflict between the CLI's built-in commands “load”and “save” and the commands for “load-full-configuration” and “save-full-configuration”. Toaddress this these commands have been renamed to “full-configuration-save[load]”. Inaddition the “load-full-configuration” was not working correctly. This has been corrected.Backplane link is permanently down between 88G SM and Serial LMType:Products:MajorID: 5607RX5000, MX5000Previous versions of ROX2 would show the Backplane Link as permanently down betweenthe 88G SM and the Serial LM. This has been corrected.Switch Interface status stops updating and starts to log errorsType:Products:MajorID: 5990RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, the device may (rarely) get into a state where the SwitchInterface status stops updating and a series of syslog errors are displayed. This has beencorrected.Cold Start traps aren't generated after rebootType:Products:MajorID: 5757RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, the device would not generate a ‘Cold Start’ SNMP trap afterrebooting the device. This has been corrected.Last updated on: Wednesday, August 07, 201340

ROX2 – v2.4.2 Release NotesCommitting any configuring or enabling SNMP in exclusive mode reports"Aborted: access denied"Type:Products:MajorID: 5464RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, committing any configuring or enabling SNMP in “configexclusive” mode reports "Aborted: access denied". This has been corrected.High CPU usage when certain clients attempt connection over HTTPSType:Products:ID: 4981MajorRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, the CPU usage statistic could spike when certain Web Browserclients (e.g. Chrome, w3m, and to a lesser extent Opera) would connect to the device'sHTTPS Web Interface. This has been corrected."Application error" occurred when configuring "default" IPSec connectionType:Products:MajorID: 5664RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, an "Application error" occurred when configuring a "default"IPSec connection. This has been corrected.Modifying the ‘Serial VLAN/Internal VLAN Range-End’ does not workType:Products:MajorID: 5733RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, changing the ‘Serial VLAN/Internal VLAN Range-End’ does notwork correctly. This has been corrected.Disabling serial LM generates runaway messages in CLI/syslog andDisabling ‘internal-vlan’ stops the WebUI operationType:MajorLast updated on: Wednesday, August 07, 201341

Products:ID: 5680ROX2 – v2.4.2 Release NotesRX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, disabling the serial LM would generate many‘unregister_netdevice’ messages in the CLI/syslog and disabling the ‘internal-vlan’ field wouldfreeze the WebUI. These issues have been corrected.Log partition may failType:Products:MajorID: 6114RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, the Log partitioning can fail in a way that the log rotationcannot correct. This has been corrected.Device stops forwarding traffic on T1/E1 link when oversubscribedType:Products:MajorID: 3442RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, the device stops forwarding traffic on the T1/E1 link when thelink traffic exceeds the link capacity. This has been corrected.IP address configuration does not take effectType:Products:MajorID: 5989RX1500, RX1501, RX1510, RX1511, RX1512In previous versions of ROX2, the IP address configuration does not take effect when thefourth digit of the T1 PPP peer address is larger than 100. This has been corrected.Cell modem PPP connection fails to re-establishType:Products:MajorID: 5942RX1500, RX1501, RX1510, RX1511, RX1512Last updated on: Wednesday, August 07, 201342

ROX2 – v2.4.2 Release NotesIn previous versions of ROX2, If a cell-modem's link flips continuously - approximately 15times or more - the PPP connection may fail to re-establish itself even after the signal hasstabilized. A reboot was required to get out of this state. This has been fixed.ICMP, IGMP, and GRE packets are not dropped by firewallType:Products:MajorID: 5991RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, ICMP, IGMP, and GRE packets are not dropped by firewall undercertain scenarios due to unexpected interaction with the L3 switching sub<strong>system</strong>. The Layer3 Switching should only learn TCP and UDP flows for hardware acceleration. This has beencorrected.Loading configuration file fails after upgradeType:Products:MajorID: 5610RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, loading a configuration file may fail after an upgrade on thedevice whenever a 2x port SFP line module exists. This has been corrected.OSPF crashes due to assertion failureType:Products:MajorID: 6198RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, the OSPF dynamic routing service may (rarely) crash and reportan assertion failure. This has been corrected.Incorrect message logged when invalid checksumType:Products:MajorID: 5666RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, The message "MF:FrameRx. Could not get buffer for frametransmission" is logged when receiving an IGMP Membership Report with an invalidchecksum. This has been corrected.Last updated on: Wednesday, August 07, 201343

ROX2 – v2.4.2 Release NotesA network loop may occur during RSTP topology changeType:Products:MajorID: 5022RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, it was possible for a network loop to occur during a RSTPtopology change event, when the topology is a mesh. This has been corrected.MSTP Region configuration not applied after rebootType:Products:MajorID: 5885RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, the MSTP Region configuration was not applied after reboot. Thishas been corrected.Fragmented traffic flows may be dropped when hardware-acceleratedType:Products:MajorID: 5310RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512Heavily fragmented traffic flows may be dropped whenever traffic is hardware-acceleratedand the default Layer 3 switching configuration is used. The User’s Guide has been updatedto clarify this.Erroneously MOV and Power Supply failure alarms reportedType:Products:MajorID: 5922RX5000, MX5000In previous ROX2 versions, the device erroneously reports MOV and Power Supply failurealarms from time to time. This has been corrected.Cell Modem driver leaks memory on intermittent connectionsType:Products:MajorRX1500, RX1501, RX1510, RX1511, RX1512Last updated on: Wednesday, August 07, 201344

ID: 6001ROX2 – v2.4.2 Release NotesIn previous ROX2 versions, each time a cell-modem interface loses its signal an estimated1192 bytes of memory are leaked by the operating <strong>system</strong> kernel. This has been fixed.Routing protocol reflects WAN interface advertisementType:Products:MajorID: 4050RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, the routing protocol advertises host routes to self. This has beencorrected.An internal configuration alarm is raised when all static MACs are removedType:Products:MajorID: 3263RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, an internal configuration alarm is raised whenever all static MACsare removed before applying the 802.1X setting. This has been corrected.Device vulnerable to heavy IP multicast stream with random portsType:Products:MajorID: 3418RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, it was possible to crash the device by exposing it to heavy IPmulticast traffic streams directed at random UDP ports. This has been corrected.Disabling CLI sessions disconnects the user from device consoleType:Products:MajorID: 4431RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512On ROX2 versions, disabling the ‘CLI sessions’ via configuration will restrict SSH access tothe device. It will also disconnect any existing user access from the device console. This hasbeen made clear in the User Guide.Unit with 88G SM could log false PM reportType:MajorLast updated on: Wednesday, August 07, 201345

Products:ID: 6112RX5000, MX5000ROX2 – v2.4.2 Release NotesIn previous ROX2 versions, a device with the 88G SM could report “PM output voltageexceeds upper Vout limit” in some configurations. This has been corrected.Duplicate OSPF neighbor is shown on the VRRP masterType:Products:MinorID: 6181RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, a duplicate OSPF neighbour is displayed on the VRP masterwhen the Virtual MAC option was selected. This has been corrected.Firewall rules checking is too laxType:Products:MinorID: 6094RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, the firewall rules allowed the specification of the ‘Any’ and‘Related’ keywords when they were not appropriate. This has been corrected.SNMP polling of ifTable results in error syslog messages for fe-cm-1Type:Products:MinorID: 6083RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, SNMP polling of the ifTable object could result in the flooding ofthe syslog with error messages. This has been corrected.Unit replies with SNMP general failure when polling certain MIB objectsusing SNMP ‘get’ and ‘get-next’ operationsType:Products:MinorID: 6010RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, SNMP general failure errors would occur when using ‘get’ and‘get-next’ operations. This has been correctedLast updated on: Wednesday, August 07, 201346

ROX2 – v2.4.2 Release NotesUpgrade procedures are incompleteType:Products:MinorID: 5662RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, NTP packages were not upgraded from ROXv2.2.x to ROXv2.3.0,and obsolete packages were not removed. This has been corrected.Unexpected error messages are logged in auth-logType:Products:MinorID: 5654RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, certain error messages are periodically being logged to the authlogat 5 minute intervals. This has been correctedAlarm configurations are behave incorrectlyType:Products:MinorID: 5522RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512In previous ROX2 versions, The Ethernet port alarm and Link up/down (in Alarms Table)configuration do not control alarm events properly. This has been correctedLast updated on: Wednesday, August 07, 201347

Known Limitations in the 2.4.0 ReleaseROX2 – v2.4.2 Release NotesThe following list describes functionality limitations which are ‘known’ to exist within this softwarerelease.Only Power Supply Modules and Serial LM's are Hot-swappableType:Products:MajorID: 3611RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512The full hot-swap functionality for line modules is not part of the ROX 2.4 release. For thisrelease, only the Power-supply Module (PM) and the Serial LM's are hot-swappable.Enabled HSPA+/CDMA Cell Modems become disabled after upgradeType:Products:MinorID: 6465RX1500, RX1501, RX1510, RX1511, RX1512After an upgrade from previous versions to ROX 2.4, some Cell Modems will reboot into thedisabled state. The Cell Modem interfaces can be re-enabled through any configurationinterface.Manually disabling an Ethernet LM is applied on next boot onlyType:Products:MajorID: 2551RX5000, MX5000, RX1500, RX1501, RX1510, RX1511, RX1512If an LM is manually disabled while operational, this configuration change will be applied onthe next boot. This limitation will be in place until full Hot Swap support is available forEthernet LMs.Last updated on: Wednesday, August 07, 201348

ROX2 Upgrade instructionsUpgrading ROX2_using the <strong>Rugged</strong>CLI WizardROX2 – v2.4.2 Release NotesROX2 supports a ‘dual-partition’ file-<strong>system</strong> offering storage redundancy and rollback features.Software upgrades are always performed to the ‘alternate’ partition in order not to disturb your currentrunning <strong>system</strong> context which will remain operational and intact during the upgrade progress. It shouldbe noted that the upgrade process may also be launched through the WWW and NETCONF interfaces.Details on upgrading using these interfaces are available in the ROX 2.4.0 User Guide.Follow the steps below to perform an upgrade from the <strong>Rugged</strong>CLI:1. From the <strong>Rugged</strong>CLI prompt enter configuration mode:ruggedcom# config2. Launch the upgrade wizard with the following command:ruggedcom(config)# wizard rox_upgrade3. You will then be prompted to enter the URL of your upgrade server as well as the target releaseversion (url below is an example):The upgrade repository url is set to: http://10.200.17.235/release/rr2Press to accept this or type a new address to change it:http://10.200.17.235/rox2/releases/rr2changing repositoryThe software release you are upgrading to is: rr2.4.0Press to accept this or type a different version:Warning:You are about to commit changes to upgrade settings. If any other modifications tothe candidate database are pending, they will be committed too.Continue?(y/n): y4. The upgrade process will then proceed through three distinct phases: transferring the file-<strong>system</strong>to the alternate partition, downloading all updated and new packages and installing thepackages to the ‘alternate’ partition:Checking for a more recent version of the upgrade <strong>system</strong>Already running the most recent version of the upgrade <strong>system</strong>********************************************************************Launching ROXII Upgrade.......Upgrading <strong>system</strong> to Partition 2Last updated on: Wednesday, August 07, 201349

ROX2 – v2.4.2 Release NotesEstimating size of upgrade. This may take a few minutes....21 packages to install, 13220468 bytes to download6353 files, 301611585 bytes will be coppied to Partition 2Starting upgrade...Preparing to transfer files to alternate partition. This may take a fewminutes....---- File Transfer Phase: 301611585 bytes, 6353 files ----progress: 100%File transfer phase complete.Starting download of packages...---- Package Download Phase ----progress: 100%Download phase complete.Installing packages...---- Package Install phase ----progress: 100%Package installation complete.Upgrade to partition 2 completed successfully.A reboot is required to run the upgraded partition.ruggedcom(config)#5. Reboot the <strong>system</strong> to boot the upgraded partitionruggedcom(config)# admin rebootLast updated on: Wednesday, August 07, 201350

ROX2 – v2.4.2 Release NotesROX Firmware/User Guide Version Numbering SystemThe ROX software is labeled with a three digit version numbering <strong>system</strong> of the form X.Y.Z whereeach digit is a number starting from zero. The 'X.Y’ digits together describe the functional version ofROX whereas the ‘Z’ digit represents firmware updates made within a specific functional versionseries.In this release, the ‘X’ digit identifies the ROX series as being series ‘2’ and therefore referring to<strong>Rugged</strong>Com’s next-generation ROX II operating <strong>system</strong> support for the <strong>Rugged</strong>Backbone andfuture products to be released. The ‘Y’ digit identifies the major version number and is incremented fora ‘major’ functional updates of the software. The 'Z' digit represents the minor version number and isincremented for ‘minor’ software updates including bug fixes, cosmetic enhancements and other minorissues.ROX user-guide documentation will follow the same format. In general, a user guide will have thesame 'X.Y' digits as the firmware to which it corresponds.Last updated on: Wednesday, August 07, 201351

Type of ChangesROX2 – v2.4.2 Release NotesEach change to the software is categorized according to the table below which provides guidance as towhether the change justifies upgrading. As well, each change lists an internal <strong>Rugged</strong>Com changenumber.Change TypeCriticalMajorNew FeatureEnhancementMinorCosmeticSecurityDescriptionCritical changes fix problems that prevent the basic operation of the device and haveno workaround. Any critical changes merit a device upgrade under allcircumstances.Major changes fix problems that prevent the basic operation of the device but dohave a workaround. Any major changes merit a device upgrade if the workaround isnot acceptable.New features add significant new capability to the device. Such changes maychange the basic operation of the device, the user interface, and how the device isconfigured. New features only merit a device upgrade if the feature is required.Enhancements improve existing device capability and do not significantly changethe basic operation of the device, the user interface, or how the device is configured.Enhancements only merit a device upgrade if the feature is required.Minor changes fix non-vital problems that may or may not have a workaround.Minor changes do not necessarily merit a device upgrade unless the specificproblem applies.Cosmetic changes have negligible impact on device operation and include suchupdates as spelling mistakes, user interface adjustments, and help textimprovements. Cosmetic changes rarely merit a device upgrade.Security changes usually do not have a discernible impact on normal deviceoperation other than to improve the unit’s defensive response to known exploitsand vulnerabilities. This might include such updates as enhanced protectionagainst newly discovered denial-of-service (DOS) attacks. It is left entirely to thecustomer’s discretion to decide whether or not a security change is appropriate tomerit a device upgrade.Last updated on: Wednesday, August 07, 201352

Contacting <strong>Rugged</strong>ComROX2 – v2.4.2 Release NotesFor further information on this release or technical support of any nature, please contact <strong>Rugged</strong>Com atthe locations below:Corporate headquarters<strong>Rugged</strong>Com Inc, 300 AppleWood Cres., Unit #1Concord, Ontario, CanadaL4K 5C7Toll-free: 1(888) 264-0006Tel: (905) 856-5288Fax: (905) 760-1995Web:Email:http://www.ruggedcom.comsupport@ruggedcom.comLast updated on: Wednesday, August 07, 201353