3COM OS Switch 4500 V3 (1) .03.02p21 Release Notes PDF

Switch 4500 V3.03.
02p21 Release Notes
Keywords: Resolved problems, software upgrading
Abstract: This release notes describes the Switch 4500 V3.03.02p21 release with respect to version
information, updating, unresolved and solved problems, and software upgrading.
Acronyms:
Abbreviations Full spelling

ACL Access Control List
CLI Command line interface

DHCP Dynamic Host Configuration Protocol
FTP File Transfer Protocol
GARP Generic Attribute Registration Protocol

GVRP GARP VLAN Registration Protocol
HTTP Hypertext Transfer Protocol
ICMP Internet Control Message Protocol

IGMP Internet Group Management Protocol
IP Internet Protocol
LACP Link Aggregation Control Protocol

MIB Management Information Base
MSTP Multiple Spanning Tree Protocol
NDP Neighbor Discovery Protocol

NTP Net Time Protocol
QOS Quality of Service
RADIUS Remote Authentication Dial-In User Service
RMON Remote Monitoring
RSTP Rapid Spanning Tree Protocol
SNMP Simple Network Management Protocol

SP Strict Priority
SSH Secure Shell
STP Spanning Tree Protocol
December 20, 2012 Page 1 of 1

Abbreviations Full spelling
TFTP Trivial File Transfer Protocol
UDP User Datagram Protocol
VLAN Virtual Local Area Network
3ND 3Com Network Director

3COM OS Switch 4500 V3.03.02p21 Release Notes
Table of Contents
Version Information ········································································································································· 7

Version Number ········································································································································· 7
Version History ··········································································································································· 7
Hardware and Software Compatibility Matrix ····························································································· 8
Restrictions and Cautions ······························································································································ 9
Feature List ···················································································································································· 10

Hardware Features ·································································································································· 10
Software Features ···································································································································· 10
Version Updates ············································································································································ 12

Feature Updates ······································································································································ 12
Command Line Updates ·························································································································· 17
MIB Updates ············································································································································ 31
Configuration Changes ···························································································································· 33
V3.03.02p21 Operation Changes ····································································································· 33
V3.03.02 Operation Changes ··········································································································· 37
V3.03.00 Operation Changes ··········································································································· 38
Open Problems and Workarounds ·············································································································· 38
List of Resolved Problems ··························································································································· 39

Resolved Problems in V3.03.02p21········································································································· 39

Resolved Problems in V3.03.02··············································································································· 60
Related Documentation································································································································· 70
Software Upgrading······································································································································· 70

Remote Upgrading through CLI ··············································································································· 70
Boot Menu ················································································································································ 71
Software Upgrading via Console Port (Xmodem Protocol)······································································ 72
Using TFTP Through an Ethernet Interface ····························································································· 74
Using FTP Through an Ethernet Interface ······························································································· 75
Appendix ························································································································································ 76

Details of Added or Modified CLI Commands in V3.03.02p06 ································································ 76
dot1x unicast-trigger ························································································································· 76
mac-authentication timer offline-detect ···························································································· 76
bpdu-drop any ·································································································································· 77
voice vlan lldp ··································································································································· 78
display link-delay ······························································································································ 78
link-delay ·········································································································································· 79
link-delay up ····································································································································· 80
link-delay updown ····························································································································· 80
mac-address station-move quick-notify ···························································································· 81
arp rate-limit enable noshut ·············································································································· 82
dot1x auth-fail-retry··························································································································· 82
Modified command: bims-server ······································································································ 83
Modified command: dhcp server bims-server ·················································································· 84
Modified command: dldp authentication-mode ················································································ 85
Modified command: xrn-fabric authentication-mode ········································································ 85
Modified command: key (HWTACACS scheme view) ····································································· 86
Modified command: key (RADIUS scheme view) ············································································ 87

Modified command: local-server nas-ip···························································································· 87

Modified command: mac-authentication authmode usernameasmacaddress ································· 88
Modified command: mac-authentication authpassword ··································································· 89
Modified command: ntp-service authentication-keyid ······································································ 90
Modified command: password (Remote-ping test group view) ························································ 90
Modified command: password (local user view) ·············································································· 91
Modified command: rip authentication-mode ··················································································· 92
Modified command: set authentication password ············································································ 93
Modified command: snmp-agent usm-user v3 ················································································· 93
Modified command: super password································································································ 95

List of Tables
Table 1 Version history .............................................................................................................................. 7
Table 2 Compatibility matrix....................................................................................................................... 8
Table 3 Hardware features ...................................................................................................................... 10
Table 4 Software features ........................................................................................................................ 10
Table 5 Feature updates .......................................................................................................................... 12
Table 6 Command line updates ............................................................................................................... 17
Table 7 MIB updates ................................................................................................................................ 31
Table 8 Encrypted authentication key length requirements ..................................................................... 94
Table 9 Encrypted privacy key length requirements ................................................................................ 94

Version Information
Version Number
Version Information: 3Com OS V3.03.02s168p21
Note: To view version information, use the display version command in any view. See Note①.
Version History
Table 1 Version history
Version number Last version Release Date Remarks

V3.03.02s168p21 V3.03.02s168p20 2012-12-14 None
V3.03.02s168p20 V3.03.02s168p19 2012-10-18 None

V3.03.02s168p19 V3.03.02s168p15 2012-06-19 None
V3.03.02s168p15 V3.03.02s168p11 2010-12-15 None
V3.03.02s168p11 V3.03.02s168p09 2010-06-21 None

V3.03.02s168p09 V3.03.02s168p06 2010-04-23 From the version, only
release the APP of
168-bit encryption for
SSH.
V3.03.02s56p06 V3.03.02s56p05 2009-12-23 None
V3.03.02s168p06 V3.03.02s168p05
V3.03.02s56p05 V3.03.02s56p04 2009-10-14 None

V3.03.02s168p05 V3.03.02s168p04
V3.03.02s56p04 V3.03.02s56p03 2009-08-19 None
V3.03.02s168p04 V3.03.02s168p03
V3.03.02s56p03 V3.03.02s56p01 2009-06-19 None
V3.03.02s168p03 V3.03.02s168p01
V3.03.02s56p01 V3.03.02s56 2009-02-23 New features

released
V3.03.02s168p01 V3.03.02s168
V3.03.02s56 V3.03.00s56p03 2008-10-31 New features
released
V3.03.02s168 V3.03.00s168p03
V3.03.00s56p03 V3.03.00s56p02 2008-09-25 None
V3.03.00s168p03 V3.03.00s168p02
V3.03.00s56p02 V3.03.00s56p01 2008-06-16 None

V3.03.00s168p02 V3.03.00s168p01
V3.03.00s56p01 V3.03.00s56 2008-03-20 None
V3.03.00s168p01 V3.03.00s168

Version number Last version Release Date Remarks

V3.03.00s56 V3.02.00s56p02 2008-02-29 First release of
V3.03.xx
V3.03.00s168 V3.02.00s168p02
V3.02.00s56p02 V3.02.00s56p01 2007-07-20 None

V3.02.00s168p02 V3.02.00s168p01
V3.02.00s56p01 V3.02.00s56 2007-06-30 None
V3.02.00s168p01 V3.02.00s168
V3.02.00s56 V3.01.00s56p03 2007-01-17 New features
released
V3.02.00s168 V3.01.00s168p03
V3.01.00s56p03 V3.01.00s56p02 2006-09-21 None

V3.01.00s168p03 V3.01.00s168p02
V3.01.00s56p02 V3.01.00s56p01 2006-06-13 None
V3.01.00s168p02 V3.01.00s168p01
V3.01.00s56p01 V3.01.00s56 2006-01-09 None
V3.01.00s168p01 V3.01.00s168
V3.01.00s56 First release 2005-10-27 First release

V3.01.00s168
Hardware and Software Compatibility Matrix

Table 2 Compatibility matrix
Item Specifications
Product family Switch 4500 Series
Hardware platform 26-Port/50-Port/26-Port PWR/50-Port PWR
Minimum memory 64 MB
requirements
Minimum Flash 8 MB
requirements
Boot ROM version Version 4.06 (Note: It is required to use V1.00 or later, but V4.06 is
preferred. You can view the version number with the display version
command in any view. Please see Note②)
Host software s3n03_03_02s168p21.app

iMC version iMC PLAT 5.1 SP1(E0202P05)
iMC UAM 5.1 SP1(E0301P03)
iMC TAM 5.1 (E0301)
iMC QoSM 5.1 (E0201)
iNode version iNode PC 5.1(E0304)

Item Specifications
Web version 5.01
Remarks None
z When a switch with a new version flash runs V3.01.00, using FTP to upload an application file to
the switch, or performing write operations on the flash of the switch such as executing the
display diagnostic-information command often fails. V3.01.00p01 and later have solved this
problem.
z A device running boot ROM V1.00 may get out of power during startup, which may cause the
loss of the application file. You are recommended to upgrade the boot ROM version to V1.01 to
solve this problem.
<4500>display version
3Com Corporation
Switch 4500 26-Port Software Version 3Com OS V3.xx.xx ------- Note①
Copyright (c) 2004-2008 3Com Corporation and its licensors, All rights reserved.
Switch 4500 26-Port uptime is 0 week, 0 day, 0 hour, 0 minute
Switch 4500 26-Port with 1 MIPS Processor

64M bytes DRAM
8196K bytes Flash Memory
Config Register points to FLASH
CPLD Version is CPLD 003

Bootrom Version is x.xx -------- Note②
[Subslot 0] 24 FE + 4 GE Hardware Version is 00.00.00
Restrictions and Cautions

1) For storm suppression, use the pps mode because the ratio mode is not suitable for long frames.
2) The forwarding capability of some ports cannot reach the wire speed when the switch works as a
stacking device.
3) Silicon behavior: IP packets with the Options field cannot be forwarded.
4) After an ARP entry is aged out from the software, it is not removed from the hardware
immediately. Since then, if the ARP entry is not updated within an hour, it is removed from the
hardware.
5) After upgrading the software of a NTP-configured stacking device from a version between
V3.03.00 and V3.03.00p03 to V3.03.02 or later, you need to remove the existing NTP
configuration and reconfigure it.

6) A version prior to V3.03.02p21 might not support the cipher and simple keywords or use a
different password encryption algorithm than V3.03.02p21 or a later version. If you downgrade
the software from V3.03.02p21 or a later version to a version prior to V3.03.02p21, or upgrade it
to V3.03.02p21 or a later version and roll it back after saving the configuration file, the relevant
configuration commands might get lost or the passwords might become invalid. For more
information, see the change descriptions for the commands.
Feature List
Hardware Features
Table 3 Hardware features
Category Description
Dimensions (H × W × D) 43.6mm × 440mm × 260mm (1.72 × 17.32 ×10.24 in.) (devices without
PWR)
43.6mm × 440mm× 420mm (1.72 × 17.32 × 16.54 in.) (devices with
PWR)
Weight (full configuration) ≤3.5Kg (7.72 lb.) (26-port devices without PWR)
≤4Kg (8.82 lb.) (50-port devices without PWR)
≤5.8Kg (12.79 lb.) (26-port devices with PWR)
≤6.2Kg (13.67 lb.) (50-Port devices with PWR)
Maximum power 40 W (26-port devices without PWR)

consumption
50 W (50-port devices without PWR)
380 W (26-port devices with PWR)
380 W (50-Port devices with PWR)
Input voltage AC:

Rated voltage range: 100 VAC to 240 VAC (50Hz to 60Hz)
Max voltage range: 90 VAC to 264 VAC (50Hz to 60Hz)
DC:
Rated voltage range: –48 VDC to –60 VDC
Max voltage range: –72 VDC to –36 VDC
Operating temperature 0°C to 45°C (32°F to 113°F)
Operating humidity 10% to 90%
Software Features
Table 4 Software features
Features Description
Port auto-negotiation Supports both speed and duplex mode auto-negotiation.

Flow control Supports IEEE 802.3x-compliant flow control for full-duplex, and back-
pressure based flow control for half-duplex.
Link aggregation Supports up to 8 aggregation groups, each of which supports up to 8 FE
ports or 4 GE ports.
Port internal/external The port internal loopback test detects the connectivity between switch
loopback test chips and PHY chips. The port external loopback test detects the
connectivity between PHY chips and network interfaces with the help of
the self-loop header. The two tests used together can determine whether
a fault is a switch fault or a link fault.
Combo ports
Unicast, multicast and Supports bandwidth ratio- and rate-based suppression modes on ports.
broadcast suppression
VLAN Supports port-based VLANs, and up to 256 IEEE 802.1Q-compliant
VLANs.
MAC address table Supports MAC address learning and up to 8K MAC addresses;
Complies with IEEE 802.1D;
Notifies MAC address changes to ARP.
RSTP Supports STP and complies with IEEE 802.1D.
802.1X authentication Supports PEAP/EAP/TLS/TTLS.
The main purpose of IEEE 802.1X is to implement authentication for
wireless LAN users, but its application in IEEE 802 LANs provides a
method of authenticating LAN users.
SSHv2 Secure Shell (SSH) offers an approach to logging into a remote device
securely. By encryption and strong authentication, it protects devices
against attacks such as IP spoofing and plain text password interception.
A switch can work as an SSH server to support connections with SSH
clients running on PCs.
Voice VLAN The voice VLAN feature adds ports into voice VLANs by identifying the
source MAC addresses of packets. It automatically assigns higher priority
for voice traffic to ensure voice quality. This feature supports two
application modes: manual and automatic.
DHCP relay agent Through a DHCP relay agent, DHCP clients in a subnet can
communicate with a DHCP server in another subnet to obtain valid IP
addresses. In this way, DHCP clients in different subnets can share one
DHCP server. This method saves costs and helps implement centralized
management.
ARP Supports up to 256 static ARP entries.
IP routing Supports static routing and RIP.
IGMP Snooping Internet Group Management Protocol Snooping (IGMP Snooping) is a
multicast constraining mechanism that runs on Layer 2 devices to
manage and control multicast groups.

QoS Bandwidth management;
flow control with 64 bps granularity;
8 sending queues per port;
Traffic classification;
Traffic rate limit;
Port mirroring, which supports only one source mirroring port.
Software upload and Software upload and upgrade through the XMODEM protocol, FTP or
upgrade TFTP
Remote authentication To implement authentication on remote telnet, web, and console users,
you need to configure use names and passwords on a RADIUS server,
and configure RADIUS authentication on the access switch. When such
a user logs onto the switch, the switch sends the user name and
password to the RADIUS server for authentication. If the user passes
authentication, it can log it to the switch.
FTP, TFTP The switch can only works as a TFTP client.
System configuration Configuration methods supported: CLI, console port, telnet, and Modem;
and management
Features and functions supported: SNMP, remote monitoring (RMON)
1/2/3/9 group MIBs, system logging, hierarchical alarming, Syslog And
NTP.
Network maintenance Filtering, output and collection of alarm/debug information;
Diagnostic tools: Ping, Tracert, and so on;
Remote maintenance through Telnet and other ways
web
Fault diagnostics and Detects and reports hardware/software faults.
alarm output
Fast startup In fast startup mode, a switch can complete a startup process within 60
seconds by skipping the power-on self test (POST) and directly running
the APP program. You can set the startup mode to fast or normal in the
boot ROM menu.
Version Updates
Feature Updates
Table 5 Feature updates
Version Number Item Description

V3.03.02p21 Hardware feature None
updates
Software feature None
updates

updates
updates
updates
Software feature New feature:
updates
ARP quick update

updates
Software feature New feature:
updates
1) Automatic Discovery of IP Phones Using LLDP
2) Link State Change Suppression Configuration
updates
Software feature New features:
updates
bpdu-drop any
updates
updates
1) DHCP client supports automatic configuration
of default route
updates
updates
1) 802.1X Unicast Trigger Function

updates
updates
updates
updates
1) System-guard transparent feature
With this function, you can configure the switch not
to deliver RIP multicast packets to the CPU while
the protocol is not enabled on the switch.
2) Mac-address max-mac-count log
3) LACP MAD
updates


updates
1) Restart accounting when the reauthentication
user name changes.
2) Private LLDP MIB
3) CPU-protection feature
4) Command-alias feature
5) Loopback detection trap
6) IPv6 ACL
updates
updates
1) HTTPS
2) Auto VLAN
3) AM binding
3 types of binding added: IP-MAC binding, IP-port
binding, MAC-port binding.
4) line-rate assignment feature of RADIUS
5) Attribute ignore feature
This feature can be configured to ignore the
authentication attribute in the RADIUS
Authentication Accept packet.
Please refer to the Operation Manual and
Command Manual.
V3.03.02 Hardware feature None
updates
updates
1) LLDP
2) IP Source Guard
3) Dynamic ARP Inspection
4) HWTACACS.
Please refer to the Operation Manual and
Command Manual.
updates
updates
1) Sub IP
2) DHCP server
3) Password control


updates

updates
RSA, DSA negotiation order self-selection and
GVRP
updates
updates
Support for RFC4188 and RFC2674.
updates
Software feature New features added to V3.03.00e on the basis of
updates V3.02.xx:
1) VLAN mapping
2) Selective QINQ
3) IGMP snooping non-flooding
4) FTP banner
5) HTTP banner
6) Telnet copyright
7) Speed auto-negotiation configuration
8) Port link-delay (link state change delay)
9) Host manual addition to a multicast group
10) Dot1X handshake control
11) Router port manual designation
12) Support for inner-VLAN based Layer-2 ACL
configuration, which allows you to configure
ACL rules based on the inner VLAN
information of packets.
13) IPv6 management
14) DHCP snooping support for processing DHCP
NAK and decline packets
15) Enhanced SFP, supporting SFP encryption
information reading
16) Port isolation across a stack
17) EAP authentication mode for telnet users
18) Port security and/or mode
19) RIP support for modifying the offset field for
specific subnets
20) SNMP support for password configuration
copy
21) IGMPv3 snooping


22) Support for long domain names
23) Support for mask configuration in SNMP MIB-
view
24) MAC-authentication support for guest VLAN
25) DLDP recover
26) DHCP option 82 string function
27) HGMP topology management and trace-MAC
28) EAD quick employment
29) Support for web-based cluster configuration
30) Destination MAC address update
Deleted features: password control
updates
updates
1. “Or” mode of port-security
Dot1X request packets trigger dot1X
authentication; non-dot1X packets with an
unknown MAC address trigger MAC-
authentication. Suppose the source MAC address
of a dot1X packet passes MAC authentication. If it
then passes dot1X authentication, the original
MAC authentication user logs out automatically; if
not, the original MAC authentication user keeps
online.
updates
updates
1) Putty V0.58 support
2) Syslog to host
3) 802.1X PEAP/EAP/TLS/TTLS
4) NTP
5) Notifying MAC address/port changes to ARP
V3.01.00 Hardware feature First release; refer to related manuals for more
updates information.
Software feature First release; refer to related manuals for more
updates information.

Command Line Updates
Table 6 Command line updates

V3.03.02p21 New Commands None
Removed Commands local-user password-display-mode { auto |
cipher-force }
undo local-user password-display-mode
Modified Commands Refer to Details of Added or Modified CLI
Commands in V3.03.02p21
Removed Commands None
Modified Commands None
V3.03.02p19 New Commands Command 1: mac-address station-move quick-
notify
Command 2: dot1x auth-fail-retry
Refer to Details of Added or Modified CLI
Modified Commands Command 1: arp rate-limit enable noshut

Add new keyword of noshut to command ‘arp rate-
limit enable’. Please refer to Details of Added or
Modified CLI Commands in V3.03.02p19
V3.03.02p15 New Commands Refer to Details of Added or Modified CLI
V3.03.02p11 New Commands bpdu-drop any
Modified Commands mac-authentication timer offline-detect
V3.03.02p06 New Commands Refer to Details of Added or Modified CLI


V3.03.02p04 New Commands Command 1:
Syntax
system-guard transparent rip

undo system-guard transparent rip
View
System view
Description
Use the system-guard transparent

command to configure the system-guard
transparent function for RIP protocol. Then,
upon receiving a RIP multicast packet, the
switch will only broadcast the packet within
the corresponding VLAN, but not deliver the
packet to the CPU for processing.
Use the undo system-guard transparent
command to disable the function for RIP
protocol. Then, upon receiving a RIP
multicast packet, the switch will not only
broadcast the packet within the
corresponding VLAN but also deliver the
packet to the CPU for processing.
By default, the system-guard transparent
function is disabled on the switch.
Note that:
z If RIP is enabled on the switch, do not
enable the system-guard transparent
function for the protocol. Otherwise, RIP
cannot function normally.
Example
[sysname] system-guard transparent rip
Caution: When enabling RIP, undo this
command. Otherwise, RIP can't work
correctly.
V3.03.02p03 New Commands Please refer to the manuals of new features
provided along with current version.
Modified Commands Please refer to the manuals of new features

provided along with current version for IPv6 acl

command.
Syntax
[ undo ] icmp acl-priority
View
System view
Description
Use the icmp acl-priority command to

modify the local priority of ICMP packets
which are forwarded to the CPU. When the
device has an IP address configured,
enabling the command will occupy some
hardware ACL resources.
Use the undo icmp acl-priority command
to keep the local priority and free the
corresponding hardware ACL resources.
By default, the icmp acl-priority command
is applied.
Example
[Switch] undo icmp acl-priority
Command 2:
Syntax
[ undo ] mirroring stp-collaboration
View
System view
Description
Use the mirroring stp-collaboration

command to enable the collaboration of
mirroring and STP state. When a mirrored
port is in STP discarding state (or in
discarding state in at least one instance
while it is in MSTP mode), mirroring on this
port doesn’t work. When its STP state
changes to forwarding state, mirroring is
activated.
Use the undo mirroring stp-collaboration
command to disable the collaboration.
By default, the mirrored port is independent
of its STP state.

Example
[Switch] mirroring stp-collaboration
Command 3:
Syntax
attribute-ignore { standard | vendor

vendor-id } type type-value
undo attribute-ignore { all | standard |
vendor vendor-id }
View
RADIUS view
Description
The attribute-ignore vendor vendor-id

type type-value command is used to ignore
specific private attributes having the
specified vendor ID and type.
The attribute-ignore standard type type-
value command is used to ignore all the
standard attributes having the specified
type.
undo attribute-ignore all command is used
to remove all the attribute-ignore
configuration.
undo attribute-ignore standard command
is used to remove the ignore configuration of
RADIUS standard attributes.
undo attribute-ignore vendor vendor-id is
used to remove the ignore configuration of
the given Vendor ID private attribute.
One RADIUS standard attribute can be
configured with one attribute-ignore
command at most; one Vendor ID can bee
configured with one attribute-ignore
command at most. One RADIUS scheme
can be configured with 3 attribute-ignore
commands at most.
Example
# Configure RADIUS scheme “system” to

ignore the type 81 standard attribute.
[Switch]radius scheme system
[Switch-radius-system]attribute-ignore
standard type 81
# Configure RADIUS scheme “system” to
ignore the type 22 H3C private attribute with
Vendor ID 25506.

[Switch-radius-system]attribute-ignore
vendor 25506 type 22
# Remove the standard attribute ignore
configuration of RADIUS scheme “system”.
[Switch-radius-system]undo attribute-
ignore standard
# Remove the H3C private attribute ignore
configuration of RADIUS scheme “system”:
ignore vendor 2011
# Remove all the ignore attribute
configurations of RADIUS scheme “system”:
ignore all
Removed commands None
V3.03.02 New Commands Please refer to the Operation Manual and
Command Manual.
Removed commands Please refer to the Operation Manual and
Command Manual.
Modified Commands Please refer to the Operation Manual and
Command Manual.
Syntax
ip address ip-address { mask | mask-

length } [ sub ]
undo ip address [ ip-address { mask |
mask-length } [ sub ] ]
View
VLAN interface view, loopback interface

view
Parameters
ip-address: IP address, in dotted decimal

notation.
mask: Subnet mask, in dotted decimal
notation.
mask-length: Subnet mask length, the
number of consecutive ones in the mask. It
is in the range of 0 to 32.
sub: Specifies a secondary IP address of a
VLAN or loopback interface.
Description
Use the ip address command to specify an

IP address and mask for a VLAN or


loopback interface.
Use the undo ip address command to
remove an IP address and mask of a VLAN
or loopback interface.
By default, no IP address is configured for
VLAN or loopback interface.
Note that:
z If you execute the undo ip address
command without any parameter, the
switch deletes both primary and
secondary IP addresses of the
interface.
z The undo ip address ip-address
{ mask | mask-length } command is
used to delete the primary IP address.
z The undo ip address ip-address
{ mask | mask-length } sub command is
used to delete specified secondary IP
addresses.
z You can assign at most five IP address
to an interface, among which one is the
primary IP address and the others are
secondary IP addresses. A newly
specified primary IP address overwrites
the previous one if there is any.
z The primary and secondary IP
addresses of an interface cannot reside
on the same network segment; the IP
address of a VLAN interface must not
be in the same network segment as that
of a loopback interface on a device.
z A VLAN interface cannot be configured
with a secondary IP address if the
interface has been configured to obtain
an IP address through BOOTP or
DHCP.
Examples
# Assign the primary IP address 129.12.0.1

and secondary IP address 129.12.1.1 to
VLAN-interface 1 with subnet mask
255.255.255.0.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface Vlan-interface 1
[Sysname-Vlan-interface1] ip address
129.12.0.1 255.255.255.0
[Sysname-Vlan-interface1] ip address
129.12.1.1 255.255.255.0 sub
Modified commands None
V3.03.00p02 New commands Command 1:
Syntax


igmp-snooping special-query source-ip
{ current-interface | ip-address }
undo igmp-snooping special-query
source-ip
View
VLAN view
Parameters
current-interface: Specifies the IP address

of the current VLAN interface as the source
address to be carried in IGMP group-specific
queries. If the current VLAN interface does
not have an IP address, the default IP
address 0.0.0.0 will be used as the source
IP address of IGMP group-specific queries.
ip-address: Specifies the source address to
be carried in IGMP group-specific queries,
which can be any legal IP address.
Description
Use the igmp-snooping special-query

source-ip command to configure the source
address to be carried in IGMP group-specific
queries.
Use the undo igmp-snooping special-query
source-ip command to restore the default.
By default, the Layer 2 multicast switch
sends group-specific query messages with
the source IP address of 0.0.0.0.
Related commands: igmp-snooping querier.
Examples
# Configure the switch to send group-

specific query messages with the source IP
address 2.2.2.2 in VLAN 3.
System view, return to user view with
Ctrl+Z.
[Sysname] igmp-snooping enable
[Sysname] vlan 3
[Sysname-vlan3] igmp-snooping enable
[Sysname-vlan3] igmp-snooping special-
query source-ip 2.2.2.2
V3.03.00 New Commands Please refer to the documents provided by 3Com.
Removed commands Command 1:
Syntax


language-mode { english | chinese }
View:
user view
Reason
No need to support Chinese language mode

Modified Commands Command 1:
Syntax
traffic-limit inbound acl-rule [ union-

effect ] target-rate [ burst-bucket burst-
bucket-size ] [ exceed action ]
undo traffic-limit inbound acl-rule
View
Ethernet port view
Parameters
inbound: Imposes traffic limit on the packets

received through the interface.
acl-rule: ACL rules to be applied for traffic
classification. This argument can be the
combination of multiple ACLs. For more
information about this argument. Note that
the ACL rules referenced must be those
defined with the permit keyword.
union-effect: Specifies that all the ACL
rules, including those identified by the acl-
rule argument in this command and those
applied previously, are valid. If this keyword
is not specified, traffic policing issues both
the rate limiting action and the permit action
at the same time, that is, traffic policing
permits the conforming traffic to pass
through. If this keyword is specified, traffic
policing issues only the rate limiting action
but not the permit action. In this case, if a
packet matches both an ACL rule specified
in the traffic-limit command and another
previously applied ACL rule with the deny
keyword specified, the packet will be
dropped.
On Ethernet 1/0/1, assume that the filter

command is configured to filter packets
destined to IP address 2.2.2.2 and the
traffic-limit command is configured to limit

the rate of packets sourced from IP address
1.1.1.1 within 128 kbps. Whether packets
conforming to the rate limit of 128 kbps,
sourced from IP address 1.1.1.1, and
destined to IP address 2.2.2.2 (referred to
as packets A later) will be dropped depends
on the union-effect keyword of the traffic-
limit command.
z If the union-effect keyword is not
specified, the traffic-limit command
issues both the rate limiting action and
the permit action. Whether packets A
can pass through depends on the
configuration order of the filter
command and the traffic-limit
command. If the traffic-limit command
is configured after the filter command is
configured, packets A can pass through;
otherwise, packets A are dropped.
z If the union-effect keyword is specified,
the traffic-limit command issues only
the rate limiting action. Whether packets
A can pass through depends on the
filter command. As for this example,
packets A are dropped.
target-rate: Target packet rate (in kbps) to be

set. The range of this argument varies with
the port type as follows.
z Fast Ethernet port: 64 to 99,968
z Gigabit Ethernet port: 64 to 1,000,000
The granularity of rate limit is 64 kbps. If the
number you input is in the range N*64 to
(N+1)*64 (N is a natural number), it will be
rounded off to (N+1)*64.
burst-bucket burst-bucket-size: Specifies
the maximum burst traffic size (in KB)
allowed. The burst-bucket-size argument
ranges from 4 to 512 and defaults to 512.
Note that it must be an integer power of 2.
exceed action: Specifies the action to be
taken when the traffic rate exceeds the
threshold. The action argument can be:
z drop: Drops the packets.
z remark-dscp value: Sets a new DSCP
value for the packets and then forwards
the packets.
Description
Use the traffic-limit command to enable

traffic policing and set the related settings.
Use the undo traffic-limit command to
disable traffic policing for packets matching
specific ACL rules.
Related commands: display qos-interface


traffic-limit.
Examples
# Configure traffic policing for inbound

packets sourced from VLAN 200 on Ethernet
1/0/1, setting the target packet rate to 128
kbps, burst bucket size to 64 KB, and
configuring to drop the packets exceeding
the rate limit.
Ctrl+Z.
[Sysname] acl number 4000
[Sysname-acl-ethernetframe-4000] rule
permit source 200
[Sysname-acl-ethernetframe-4000] quit
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] traffic-limit
inbound link-group 4000 128 burst-
bucket 64 exceed drop
Command 2:
Syntax
line-rate { inbound | outbound } target-rate

[ burst-bucket burst-bucket-size ]
undo line-rate{ inbound | outbound }
View
Ethernet port view
Parameters
inbound: Limits the inbound packet rate.

outbound: Limits the outbound packet rate.
target-rate: Total target rate (in kbps). The
range of this argument varies with port type
as follows:
z Fast Ethernet port: 64 to 99,968;
z GigabitEthernet port: 64 to 1,000,000.
The granularity of port rate limit is 64 kbps.
Assume that the value you provide for the
target-rate argument is in the range N*64 to
(N+1)*64 (N is a natural number), it will be
rounded off to (N+1)*64.
burst-bucket burst-bucket-size: Specifies
the maximum burst traffic size (in KB). This
is the buffer size provided for burst traffic
while traffic is being forwarding or received
at the rate of target-rate. The burst-bucket-
size argument must be an integer power of
2, in the range of 4 to 512. If it is not
specified, 512 KB applies by default.
Description


Use the line-rate command to limit the rate
of the inbound or outbound packets on a
port.
Use the undo line-rate command to cancel
the line rate configuration.
Compared to traffic policing, line rate applies
to all the inbound or outbound packets
passing through a port and thus a simpler
solution when you only want to limit the rate
of all the inbound or outbound packets
passing through a port as a whole.
Examples
# Limit the inbound packet rate to 128 kbps

on Ethernet 1/0/1 and provide 32 KB of
buffer for burst traffic.
Ctrl+Z.
[Sysname] interface Ethernet1/0/1
[Sysname-Ethernet1/0/1] line-rate
inbound 128 burst-bucket 32
# Display the line rate configuration of
Ethernet 1/0/1.
[Sysname-Ethernet1/0/1] display qos-
interface Ethernet 1/0/1 line-rate
Ethernet1/0/1: line-rate
Inbound: 128 Kbps
Burst bucket size: 32 Kbyte
Command 3:
Syntax
display vlan [ vlan-id1 [ to vlan-id2 ] | all |

dynamic | static ]
View
Any view
Parameters
vlan-id1: Specifies the ID of a VLAN of which

information is to be displayed, in the range
of 1 to 4094.
to vlan-id2: In conjunction with vlan-id1,
define a VLAN range to display information
about all existing VLANs in the range. The
vlan-id2 argument takes a value in the range
of 1 to 4094, and must not be less than that
of vlan-id1.
all: Displays information about all the
VLANs.
dynamic: Displays the number of dynamic
VLANs and the ID of each dynamic VLAN.
Dynamic VLANs refer to VLANs that are

generated through GVRP or those
distributed by a RADIUS server.
static: Displays the number of static VLANs
and the ID of each static VLAN. Static
VLANs refer to VLANs manually created.
Description
Use the display vlan command to display

information about VLANs. The output shows
the ID, type, VLAN interface state and
member ports of a VLAN.
If no keyword or argument is specified, the
command displays the number of existing
VLANs in the system and the ID of each
VLAN.
Command 4:
Syntax
display ntdp device-list [ verbose ]
View
Any view
Parameters
verbose: Displays the detailed information

of devices in a cluster.
Description
Use the display ntdp device-list command

to display the cluster device information
collected by NTDP.
Examples
# Display the list of devices collected by

NTDP.
<Sysname> display ntdp device-list
MAC HOP IP
PLATFORM
000f-e20f-3901 0 100.100.1.1/24
Switch 4500
000f-e20f-3190 1 16.1.1.1/24
Switch 4500
Syntax
port-security enable
undo port-security enable
View


System view
Parameters
None
Description
Use the port-security enable command to

enable port security.
Use the undo port-security enable
command to disable port security.
By default, port security is disabled.
Caution
Enabling port security resets the following
configurations on the ports to the defaults
(as shown in parentheses below):
z 802.1x (disabled), port access control
method (macbased), and port access
control mode (auto)
z MAC authentication (disabled)
In addition, you cannot perform the above-
mentioned configurations manually because
these configurations change with the port
security mode automatically.
Examples
# Enable port security.

Ctrl+Z.
[Sysname] port-security enable
Notice: The port-control of 802.1x
will be restricted to auto when port-
security is enabled.
Please wait... Done.
Command 2: Configures port-security mode
Syntax
port-security port-mode { autolearn |

mac-and-userlogin-secure | mac-and-
userlogin-secure-ext | mac-authentication
| mac-else-userlogin-secure | mac-else-
userlogin-secure-ext | secure | userlogin |
userlogin-secure | userlogin-secure-ext |
userlogin-secure-or-mac | userlogin-
secure-or-mac-ext | userlogin-withoui }
undo port-security port-mode
View
Ethernet port view

Description
Use the port-security port-mode command

to set the security mode of the port.
Use the undo port-security port-mode
command to restore the default mode.
By default, the port is in the noRestriction
mode, namely access to the port is not
restricted.
z Before setting the security mode to

autolearn, you need to use the port-
security max-mac-count command to
configure the maximum number of MAC
addresses allowed on the port.
z When a port operates in the autolearn
mode, you cannot change the maximum
number of MAC addresses allowed on
the port.
z After setting the security mode to
autolearn, you cannot configure static
or blackhole MAC addresses on the
port.
z When the port security mode is not
noRestriction, you need to use the
undo port-security port-mode
command to change it back to
noRestriction before you change the
port security mode to other modes.
On a port configured with a security mode,

you cannot do the following:
z Configure the maximum number of
MAC addresses that can be learned.
z Configure the port as a reflector port for
port mirroring.
z Configure the port as a Fabric port.
z Configure link aggregation.
Note that:
If port security is enabled in system view and dot1X

or MAC authentication is enabled on a port, some
port-security related commands are executed on
the port automatically. These commands can’t be
executed manually for compatibility with later
releases. The details are as follows.
1) If MAC-authentication and MAC-based dot1X are
enabled on a port, the following command is
executed on the port automatically.

port-security port-mode mac-else-userlogin-
secure-ext
2) If MAC-based dot1X is enabled on a port, the
following command is executed on the port
automatically.
port-security port-mode userlogin-secure-ext
3) If port-based dot1X is enabled on a port, the
automatically.
port-security port-mode userlogin
4) If mac-authentication is enabled on a port, the
automatically.
port-security port-mode mac-authentication

V3.02.00 New Commands Please refer to the command manuals
Modified Commands Please refer to the command manuals

V3.01.00 New Commands First release; please refer to the manuals.
Removed commands First release; please refer to the manuals.
Modified Commands First release; please refer to the manuals.
MIB Updates
Table 7 MIB updates
Version number Item MIB file Module Description

V3.03.02p21 New None None None
Modified None None None

V3.03.02p03 New 1) H3C-VOICE- 1) VOICE 1) Add node
VLAN-MIB VLAN h3cVoiceVlanPortLe
gacy and
2) H3C-LLDP- 2) LLDP h3cVoiceVlanPortQo
EXT-MIB sTrus in
h3cvoiceVlanPortTa
ble to control 'voice
VLAN legacy' and
'voice VLAN QOS
trust'.
2) Adding the following
private MIB:
(1)
h3clldpAdminStatus:
Enable/Disable
LLDP in global;
(2)
h3clldpComplianceC
DPStatus: LLDP
supports CDP in
global;
(3)
h3clldpPortConfigTa
ble:LLDP port
configure table;
(4)
h3clldpPortConfigPo
rtNum: LLDP port
number;
(5)
h3clldpPortConfigCD
PComplianceStatus:
LLDP supports CDP
in port


Modified a3com_domain_tr h3cDomain The vlan assignment
ee.c VlanAssign mode SHOULD be the
Mode same as the mode of
the corresponding
server.
1 (integer) - Integer
Vlan assignment mode.
2 (string) - String Vlan
assignment mode.
3 (vlanlist) - VLAN-List
Vlan assignment mode.
The default value is
integer.
The 3rd mode is to
support auto-vlan
feature, which will be
supported on the new
software version.
Modified dot1X_tree.c dot1XPaeP After you set the
ortInitialize attribute of the module
to true, all 802.1X users
on the corresponding
port are disconnected,
and then the attribute of
the module returns to
false.
If you perform get
operations on the
module, it always
returns “false”.
Configuration Changes
V3.03.02p21 Operation Changes
None
1) Modified the value of node hh3cUserPassword in HH3C-USER-MIB due to security concerns.

When read, hh3cUserPassword always returns a zero-length OCTET STRING.
2) Changed to the operation mode of the hwDHCPSIPInUseTable and hwDHCPSIPInUseExTable
MIB
Before modification, if the switch is enabled with DHCP server and has assigned IP addresses, the
hwDHCPSIPInUseExTable and the hwDHCPSIPInUseTable MIB tables contain IP address
assignment data after an SNMP walk operation is performed on them.

After modification, if the switch is enabled with DHCP server and has assigned IP addresses, the
hwDHCPSIPInUseExTable and the hwDHCPSIPInUseTable MIB tables do not contain IP address
assignment data after an SNMP walk operation is performed on them.
1) The operation of set the maximum number of 802.1X authentication attempts for the MAC-
Authenticated users that are online
In early version: Unlimited.
In current version: Provide 'dot1x auth-fail-retry' command to set the maximum number of attempts.
By default, the maximum number of attempts is 5.
2) The operation of EAPOL V2
In early version: The system only supports to process the EAPOL packets of version 1, the EAPOL
packets of version 2 will be dropped.
In current version: The system supports to process the EAPOL packets of version 1 and the EAPOL
packets of version 2
3) The change to the max value of the dot1x re-authentication timer
The max value of the dot1x re-authentication timer is modified from 7200s (2 hours) to 86400s (24
hours).
4) The change to the value of Server-Type used in radius access request packets of MAC
authentication
To differentiate the user type, the value of Server-Type used in radius access request packets
changes from 2 to 10 in the case of MAC address authentication. The other authentication keeps the
original value 2.
5) The 'voice vlan lldp' and fabric aren't mutually exclusive any longer.
6) The change to ARP packet rate limit function
In early version: ARP packet rate limit can't work if ARP detection isn't enabled.
In current version: ARP packet rate limit works no matter ARP detection is enabled or not.
1) DHCP Snooping supports forwarding BOOTP packet
1) The Changes of syslog records WEB user's name

In early version: The syslog records only the user's name after a WEB user log in, such as:
%Apr 7 09:10:24:698 2010 switch WEB/5/USER:- 1 -web login succeed
%Apr 7 09:10:47:961 2010 switch WEB/5/USER:- 1 -web logout
In current version: The syslog records both the user's name and the user's IP address after a WEB
user log in, such as:
%Apr 7 09:20:34:698 2010 switch WEB/5/USER:- 1 -web (1.1.1.1) login succeed
%Apr 7 09:20:37:961 2010 switch WEB/5/USER:- 1 -web (1.1.1.1) logout

2) The Changes of LLDP function
In early version:LLDP packets are forwarded to other ports if LLDP function is disabled globally.
In current version:LLDP packets aren't forwarded if LLDP function is disabled globally.
1) The change of the bootp reply packet’s length

In early version:
Switch serves as DHCP relay. If the packet received by the device whose length less than 300 bytes,
the device does not add padding automatically to make packet length to 300 bytes.
In current version:
Switch serves as DHCP relay. If the packet received by the device whose length less than 300 bytes,
the device add padding automatically to make packet length to 300 bytes.
2) Dot1x free-ip and stack aren't mutually exclusive any longer
1) The change to DHCP server, DHCP snooping and DHCP Relay

In early version:
DHCP server, DHCP snooping and DHCP Relay can not be enabled at the same time; otherwise PC
can't get IP address successfully.
In current version:
DHCP server, DHCP snooping and DHCP Relay can be enabled at the same time. PC can get IP
address successfully from switch, and of three functions can record its item.
2) The change to the operation of 'mac-address aging destination-hit enable' command

In early version:
Executing this command, only destination-hit function is enabled.
In current version:
Executing this command, the mac-address synchronization function will also be enabled besides the
destination-hit function.
3) The change to the 'display mac-address'
In early version:
There is no 'unit id' option, only ‘display mac-address' can be executed to show the mac-addresses
on the current device.

In current version:
The 'unit id' option is introduced. Therefore, the mac-address on every unit can be displayed through
‘display mac-address unit id’.
1) The change to the Syslog

In early version:
Specific syslog messages will be sent to log server from every unit in a stack.
In current version:
Specific syslog messages will be sent to log server only from the master unit in a stack.
2) The change to VLAN number
In early version:
The device supports 256 VLANs.
In current version:
The device supports 4K VLANs.
1) The operation of Net2Startup in CONFIG-MAN-MIB

In early version:
Executing "Net2Startup" operation in "CONFIG-MAN-MIB", the filename can not contain directory.
In current version:
Executing "Net2Startup" operation in "CONFIG-MAN-MIB", the filename can contain directory.

2) Change to the content of option60 field in DHCP packets
In early version:
When the switch is configured as a DHCP client, the option60 field in DHCP discover packets sent by
the switch is filled only with the product series information.
In current version:
When the switch is configured as a DHCP client, the option60 field in DHCP discover packets sent by
the switch is filled with the product series information and other more detailed information.
3) Change to the source MAC address of Loopback-detection packet
From 3.03.02p03, the source MAC address of Loopback-detection packet is changed from the Bridge
MAC of the device to 00e0-fc09-bcf9.
4) The operation about Management address in LLDP packets
In early version:

If the LLDP management-address has not been configured, the IP address of the VLAN with smallest
ID which the port belongs to will be used. And if the IP address of the VLAN with smallest ID which
the port belong to has not been configured, the loopback IP (127.0.0.1) address will be used.
In current version:
(1) If the LLDP management-address has not been configured, the IP address of the smallest
permitted VLAN whose IP is configured will be used;
(2) If the LLDP management-address has been configured, and the port belongs to the VLAN with the
LLDP management-address, the IP address will be used;
(3) Otherwise, no IP address will be used.

5) Modification of 802.1X re-authentication with user-name change
In early version:
Doing 802.1X re-authentication with a RADIUS server. Even if user-name changes, the device just
sends RADIUS Access-Request packet for the latter user-name, but does not send RADIUS
Accounting-Stop packet for the former user-name.
In current version:
Doing 802.1X re-authentication with a RADIUS server. If user-name changes, the device sends
RADIUS Accounting-Stop packet for the former user-name firstly, then sends RADIUS Access-
Request packet for the latter user-name.
1) Optical module recognition changes

Before modification, the switch cannot recognize any optical module with checksum errors.
After modification, the switch can recognize such modules and output corresponding debug
information .
V3.03.02 Operation Changes
1) The change to the default stp pathcost standard

In early version:
By default, the IEEE 802.1t standard is used to calculate the default path costs of ports.
In current version:
By default, the legacy standard is used to calculate the default path costs of ports.
1) PoE operation changes

Before modification:

The switch will delete the "poe enable" configuration of a port if the port detects overload for three
consecutive times.
After modification:
The switch will not delete the "poe enable" configuration of a port if the port detects overload for three
consecutive times.
1) dot1x timer tx-period command changes

The interval for sending 802.1X multicast requests set with the dot1X timer tx-period command is in
the range 10 to 120 seconds. If a port joins the guest VLAN upon receiving no response for an
802.1X multicast request, the shortest time for the port to join the guest VLAN is about 10 seconds.
After Modification:
The interval for sending 802.1X multicast requests set with the dot1X timer tx-period command is in
the range 1 to 120 seconds. If a port joins to the guest VLAN upon receiving no response for an
802.1X multicast request, the shortest time for the port to join the guest VLAN is about 1 second.
V3.03.00 Operation Changes
After modification:
1) Info-center related configuration is placed at the end part of the configuration file.
2) The vlan-vpn enable command is exclusive with stack configuration only, and can coexist with
other protocols such as STP/GVRP.
3) The device is compatible with line feed characters "\r\n" and"\n", so that it can exchange files with
the TFTP server running on the UNIX system.
4) The ping operation performance is improved, but consequently the real time performance of
displaying port statistics is reduced, that is, a delay occurs when you view port statistics.
5) You can perform port mirroring and mirroring group configuration through the web interface.
6) The device forwards unknown EAP packets rather than discards them.
7) The sequence of matching web files is changed from main, backup, default to default, main,
backup.
8) The device no longer sends PortMstiStateDiscarding trap and log packets when a port goes
down.
Open Problems and Workarounds

None

List of Resolved Problems

Resolved Problems in V3.03.02p21
LSOD010610
z Symptom: The switch may reboot abnormally.

z Condition: The XRN function is not enabled and the switch receives XRN packets
LSOD010596
z Symptom: Because of the weak cryptographic algorithm there is a risk that the stored passwords
possibly be cracked.
z Condition: Configure password in ciphertext.

LSOD010562
z Symptom: There is little possibility that some routes are correct in the FIB table but updated to
hardware incorrectly.
z Condition: There are lots of ECMP routes and ARP entrys on the device. Change the state of the
VLAN interface and refresh ARP entries frequently.
LSOD010570
z Symptom: When access the hh3cUserPassword node of hh3cUserInfoTable by SNMP, the

device returns the user's password.
z Condition: Access the hh3cUserPassword node of hh3cUserInfoTable by SNMP.

LSOD010543
z First Found-in Version: V3.03.02p15

z Condition: Switch serves as DHCP server, and the client requests IP addresses from it with its
MAC address and a series of different client IDs.
z Description: The usage of CPU of the switch is continuously high when walking DHCP server ip-
in-use MIB item with a network management tool.
LSOD010537

z Condition: Switch serves as dhcp-snooping and configures dhcp-snooping information string with
quotation mark.
z Description: The DHCP-snooping option 82 field of the packet also contains quotation mark.
ZDD04632/ZDD04712

z Condition: In the Access-Accept packet from the RADIUS Server to the client, the sub-attributes
in Attribute 26(Vender-Specific) don't be encapsulated in the type-length-value (TLV) standard
format.
z Description: The RADIUS Server sends an Access-Accept response, but the switch drops this
packet because of wrong format. The user can't get online.
ZDD04483/ZDD04548

z Condition: The device receives LLDP data unit which contain Location ID type-length-value (TLV)
and its LCI length equal to zero. Display neighbor information.
z Description: The device reboots abnormally.
LSOD10526

z Condition: Query the LLDP lldpRemSysName MIB with a 'TimeFilter' value of zero.
z Description: Reports No Such Instance currently exists at this OID
LSOD10515

z Condition:
z The default route of the device is an ECMP route and the next-hop of default route has a
blackhole route. Configure routes and VLAN interfaces in sequence, for example:
1) Add default route: ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
ip route-static 0.0.0.0 0.0.0.0 1.1.1.2
2) Add blackhole route with a subnet which covers next-hop IP of default route: ip route-static
1.1.0.0 255.255.0.0 NULL 0
3) Create a link-down VLAN interface with a subnet which covers next-hop IP of default Route ,
the VLAN interface state is changed from DOWN to UP: [switch-Vlan-interface100]1.1.1.10 24
4) Delete the ECMP route: undo ip route-static 0.0.0.0 0.0.0.0 1.1.1.2
5) Check the route table of the device: display drv drv-route

z Description: The ECMP route isn’t deleted successfully.
LSOD10502

z Condition: Enable ‘lldp compliance cdp’ in a stack; the stack has CDP neighbor(s); the stack split
or merge occurs.
z Description: There may be memory leaks on all stack members.
LSOD10493/LSOD10496

z Condition: Port down occurs during the 802.1x authentication on it.
z Description: Sometimes, the switch will reboot abnormally.

LSOD10482

z Condition: In a stack, the switch configured global AM user binding item, and it configured port
AM user binding item on some units, and then delete the global AM user binding item.
z Description: The AM user binding items are not synchronized on some units.
ZDD04028

z Condition: Login with hwtacacs, pass the authentication but fail the authorization (no matter
whether the authentication server and the authorization are the same).
z Description: Re-free the memory, sometimes cause exception to reboot.
LSOD10465

z Condition: The user execute the command ‘debugging vty fsm’ or ‘debugging vty negotiate’ firstly,
and then execute the command ‘free user-interface vty’.
z Description: The switch may reboot abnormally.
LSOD10436

z Condition: Configure EAP authentication on the switch but PAP authentication is used between
the RADIUS server and client.
z Description: The switch cannot forward EAP messages with a type value of 7 transparently. The
authentication fails.
LSOD10460

z Condition: The switch serves as NTP client. The NTP server precision is less than the NTP client.
The NTP client synchronized time from NTP server.
z Description: The synchronization fails.
ZDD04119/ZDD04171

z Condition: Device with LLDP running, such as IP Phone, is connected to switch. The switch
receives LLDP packets from the IP Phone and sets up LLDP neighbor information entry. And the
chassisID of the neighbor information is net address.
z Description: The chassisID in the LLDP information displayed on the switch is not correct.
LSOD10418/LSOD10425

z Condition: Configure one port with 'speed 10' and 'duplex half'. Connect some type of other
device to this port.
z Description: The communication speed is slow.

LSOD10428

z Condition: Reboot a fabric with configurations of STP or dot1x and so on.
z Description: The devices may fail to build a fabric with little probability after reboot.
LSOD10395/LSOD10396

z Condition: Switch serves as DHCP relay, it receives DHCP discover packet, the bootp flag of
which is 0x0001.
z Description: The switch drops DHCP packet, and DHCP client can not get IP address.
LSOD10391

z Condition: Configure routes and VLAN interfaces in sequence, for example:
1) Add a valid static route with mask length of 32: ip route-static 2.1.1.2 32 1.1.1.2
2) Create a link-up VLAN interface with a subnet which covers the subnet IP in the above route:
[switch-Vlan-interface1]ip address 2.1.1.1 24
3) Delete the static route: undo ip route-static 2.1.1.2 32
4) Check the FIB table: display fib

z Description: The static route isn’t deleted successfully.
LSOD10340

z Condition: Configure dot1x function, and the dot1x authentication-method is EAP. In one second,
the dot1x client sends two EAPOL-start packets in one second to trigger an authentication.
z Description: The dot1x authentication failed.
LSOD10272/LSOD10301

z Condition: With stack and link aggregation over units, the master port from one device has
configured 'port trunk permit vlan all', the slave port from other device has configured 'port trunk
permit vlan 1'.
z Description: The slave port is not selected. Configure 'port trunk permit vlan all' under this port is
invalid.
LSOD10303/LSOD10306

z Condition: Enable DHCP relay with valid configuration. Make the relay receive DHCP inform
packet from client.
z Description: DHCP inform packet will be relayed to DHCP server, but the sources IP of the
relayed inform packet will be not DHCP relay's input interface.

LSOD10299/LSOD10302

z Condition: Enable DHCP relay with valid configuration and system server group 1 is referred by
VLAN interface, and DHCP client successfully apply IP address. Create another server group 0
and then delete it in system mode.
z Description: After irrelevant server group 0 being created and deleted, DHCP client can not get IP
address.
LSOD10310/LSOD10311
z First Found-in Version: 3.03.02p15

z Condition: A 100M BIDI SFP module is inserted into a combo slot.
z Description: The module maybe can’t be identified.

LSOD10261/LSOD10269

z Condition: IGMP packets are received by a port on which 'port-security port-mode autolearn' is
configured.
z Description: The source MAC can't be learnt by the device.
LSOD10082/LSOD10232

z Condition: When STP is disabled, 'loopback internal' test is executed on port A. At the same time,
port B receives an STP packet. Port A and port B are in the same VLAN.
z Description: STP packet is sent back from port B.
LSOD10247/LSOD10274

z Condition: Use the command 'port-security trap dot1xlogon', 'port-security trap dot1xlogoff' or
'port-security trap dot1xlogfailure' to open the trap of dot1x, and the dot1x authentication-method
is EAP, a user logs in successfully, and change the username when doing re-authentication.
z Description: Although the re-authentication is successful, the username in the trap dose not
change.
ZDD03292/ZDD03331

z Condition: Configure the switch as DHCP client, and there is no END option in ACK packet from
DHCP server.
z Description: The switch can not get IP address.
LSOD10189/LSOD10187

z Condition: Plug in BIDI fiber module.

z Description: The fiber module type is different between log information and the information
displayed by command 'display transceiver interface'.
LSOD10207

z Condition: Configure the device through Web. Select ‘Port > MAC Address [Add]’ from the
navigation tree to add MAC address to a port of specified VLAN.
z Description: Cannot choose a port of specified VLAN to add MAC address.
LSOD10180

z Condition: When the first octet of the MAC address of the client or the gateway is not 0x00(such
as 30-00-00-00-00-01).
z Description: The EAD-Quick-Deploy feature doesn't work.
LSOD10079

z Condition: There are telnet users on device, executing ‘display users all’ command.
z Description: The IP address is reduplicated in the result. For example (the italic part is unwanted):
<sysname>display users all
UI Delay Type Ipaddress Username Userlevel
F 0 AUX 0 00:01:09 3
F 1 AUX 1 00:00:00 3
2 AUX 2
3 AUX 3
4 AUX 4
5 AUX 5
6 AUX 6
7 AUX 7
+ 18.118.118.458 VTY 0 00:00:13 TEL 18.118.118.45 3
+ 18.118.118.1119 VTY 1 00:00:03 TEL 18.118.118.111 3
10 VTY 2
11 VTY 3
12 VTY 4
+ : User-interface is active.
F : User-interface is active and work in async mode.
LSOD10077

z Condition: In a fabric, both master and slave were attacked by telnet log on packets.
z Description: The ACL resources will leak on master and slave.
LSOD10050

z Condition: Configure 'pki certificate access-control-policy', then add and remove rule.

z Description: Every operation will lead to 1056 bytes memory leak.
LSOD10083

z Condition: Switch serves as DHCP snooping, and it receives bootp packets or abnormal DHCP
packets without option 53.
z Description: Switch reboots abnormally.
LSOD10016

z Condition: Switch serve as DHCP snooping, and it receives DHCP ACK packets with source
UDP port 4011.
z Description: DHCP snooping can not transmit those DHCP ACK packets.
LSOD10023

z Condition: Switch serves as DHCP relay and DHCP snooping, PC gets IP address through
switch and renews its IP address.
z Description: When PC renew its IP address, DHCP snooping can not refresh its item.

LSOD09957

z Condition: Configure VLAN-interface A and B on the device. Configure IP address of B as NAS-
IP address of the RADIUS scheme. Do dot.1X authentication with RADIUS server.
z Description: NAS-IP address in RADIUS Authentication-Request packet sent to server is IP
address of A, not B.
ZDD02999

z Condition: Some NMS send messages to the device at the same time.
z Description: The device can only process 10 messages in one time, others are dropped.
LSOD09955

z Condition: A device receives ARP reply packet with VLAN X in 8021.q tag, and the corresponding
VLAN interface X is UP. However, the port that receives the packet is NOT in the VLAN X.
z Description: The receiving port learns the ARP by error.
LSOD09894

z Condition: CPU is busy and there is a lot of trap information in a moment.
z Description: device reboots abnormally.

LSOD09928

z Condition: configured 'snmp-agent target-host trap address udp-domain A.B.C.D (D>223) params
securityname RADAR'in system view.
z Description: execute 'undo snmp-agent target-host A.B.C.D (D>223) securityname RADAR'
unsuccessfully.
LSOD09920

z Condition: Configure 'authentication-mode scheme command-authorization' on VTY scheme.
Telnet user passes RADIUS authentication and login the device.
z Description: After login, every command executed by user will cause memory leak.
LSOD09911

z Condition: The switch is enabled with DHCP snooping. The PXE client obtains an IP address
through the switch, and downloads the bootstrap program and boot menu through the switch.
z Description: The PXE client can obtain an IP address successfully, but it fails to download the
bootstrap program and boot menu.
LSOD09909

z Condition: Configure 'mac-address max-mac-count X' on the portA.
z Description: The system sometimes prompts 'MAC address table exceeded maximum number X
on interface portA' after the learning MAC count of the port A has not reached the limit.

LSOD09759

z Condition: Configure ACL group with number between 5000 and 5999, and add at least 2 user-
defined ACL rules. These user-defined ACL rules are setup by the command with 'rule-string
rule-mask offset' format, such as 'rule 1 permit 0806 ffff 24 000fe213629e ffffffffffff 34'. Save the
configuration and reboot the switch.
z Description: The switch can not boot up successfully because of dead loop.
LSOD09745

z Condition: In a stack, dot1x is not enabled globally, but enabled on several ports.
z Description: Attempt to execute ‘dot1x’ globally times out and fails.
LSOD09830

z Condition: The client application does dot1x authentication with TTLS certification.
z Description: By chance, the device reboots abnormally for dead loop.
LSOD09837

z Condition: Switch serves as DHCP relay, two PCs get IP address through two different relay
interfaces.
z Description: In the offer packets that switch sent to PC, the source IP address in IP header is
incorrect.
ZDD02827

z Condition: Switch serves as DHCP relay and it receives a bootp packet without magic cookie.
z Description: The switch regards the packet as wrong one and drops it.
LSOD09587

z Condition: Several ACL numbers including the same rule can be applied on one port for traffic-
priority action to remark different COS value.
Such as:
Basic ACL 2000, 1 rule
Acl's step is 1
rule 0 permit
Basic ACL 2001, 1 rule

Acl's step is 1
rule 0 permit
interface Ethernet1/0/1
traffic-priority inbound ip-group 2000 rule 0 cos spare
traffic-priority inbound ip-group 2001 rule 0 cos background
z Description: After one ACL rule is removed from the port, the other ACL rules can’t be deleted.
Note: Action traffic-limit/traffic-remark-vlanid has similar problem.
LSOD09728

z Condition: Execute the command 'virtual-cable-test' in Ethernet interface view.
z Description: The command is executed correctly, but it does not give cable length.
LSOD09619

z Condition: The network device acted as SSH server, and received specific SSH attack packets.
z Description: The device will be rebooted abnormally.
LSOD09678

z Condition: As the following operation:
1. Create an SSL server policy, example: ssl server-policy myssl1
2. Https use this SSL server policy, example: ip https ssl-server-policy myssl1
3. Undo use this SSL server policy, example: undo ip https ssl-server-policy
z Description: This ssl server policy can't be deleted.
LSOD09700

z Condition: Enable DHCP server and DHCP snooping on switch. The pool lease of DHCP server
is set less than one minute, and lots of users get IP address from switch.
z Description: The memory exhausted on switch.
LSOD09499

z Condition: When 802.1X authentication and mac-authentication are both enabled on the port, the
user first pass the mac-authentication and success get IP address by DHCP, then do 802.1X
authentication success and get IP address by DHCP again.
z Description: Sometimes the IP address shown by the command "display connection" is in reverse
order.
LSOD09555

z Condition: On the authentication port Y, execute ‘undo dot1x’ command and then execute ‘dot1x’
command during dot1X authentication.
z Description: In a very small chance, the information ‘Port Y is Processing Last 802.1X command...
Please try again later.’ is shown.
LSOD09550

z Condition: Configure ‘dot1x timer server-timeout’ to X seconds, and configure ‘dot1x
authentication-method eap’. Do dot1X authentication. The EAP Request Challenge packet from
the switch to the client gets no response.
z Description: The switch will not send EAP Failure packet until (X+80) seconds after.
LSOD09598

z Condition: Configure ‘accounting optional’. And configure ‘dot1x timer server-timeout’ to X
seconds. Do dot1X authentication with RADIUS server. When logging in, accounting-Start packet
from the switch to the RADIUS server gets no response.
z Description: After log out, the client can not log in again until X seconds after.
LSOD09554

z Condition: The switch enables DHCP snooping and the up-link port of the switch is configured as
the trust port of DHCP snooping. The DHCP server and the user’s PC are connected to the up-
link port of the switch.
z Description: DHCP snooping record the user item on trust port.
LSOD09521

z Condition: STP or MSTP is enabled on the device. There are dynamic ND entries or short-
static resolved ND entries on one port whose STP state is changed from 'Forwarding' to
'Discarding'.
z Description: 1). Dynamic ND entries on the port are not deleted.
2). Short-static resolved ND entries on the port are not changed to ‘INCMP’ state.
Note: Short-static ND entry is configured by command line. The entry doesn't have port information.
The port information will be learnt by ND packets. When the port information is learnt, the ND entry is
called short-static resolved ND entry.
Short-static ND entry Example: ipv6 neighbor 3000::1 0000-0002-0002 interface vlan-interface 1.
LSOD09717/LSOD09709

z Condition: Configuring 'authentication-mode scheme command-authorization' on the user
interface, a user telnet the switch and logging in successfully through local authentication mode,
then the user running a valid command such as 'quit' through telnet.
z Description: The device will be rebooted abnormally.
LSOD09572/LSOD09605

z Condition: Configuring the switch as a DHCP server, an IP phone connecting the switch and
getting voice VLAN ID and IP address from the switch.
z Description: The IP phone can not get voice VLAN ID and IP address successfully within 25
seconds.

LSOD09324

z Condition: Configure IPv6 ACL rule including COS or VID by WEB or command line.
z Description: The rule is configured successfully by WEB, but unsuccessfully by command line.
LSOD09537

z Condition: User's MAC item moves from port A to port B in switch. Port A is a single port, port B
is in the aggregation group whose master port is down.
z Description: User's ARP item can not be updated by MAC item.

LSOD09483

z Condition: Test the IPV6 communication between a device and a stack that has an aggregation
group across different units.
z Description: The stack device can not communicate with other device.
LSOD09498

z Condition: Connect with huawei S2300. Enable LLDP and show LLDP neighbor information.
z Description: The 'Management address OID' section of neighbor information will be garbage
characters.
LSOD09434

z Condition: In domain view, configure authentication scheme to be radius scheme, but do not
configure accounting scheme. Configure ‘accounting optional’.
z Description: Users can not log-in successfully.
LSOD09447

z Condition: Do 802.1X authentication with iNode client (whose version is lower than V3.60-E6206)
on PC, and ‘upload IP address’ option is chosen. PC gets IP address from DHCP server.
z Description: The switch passes empty user-name to the RADIUS server, and authentication fails.
LSOD09406

z Condition: There are many switches serve as DHCP snooping in network. PC applies for IP
address through DHCP snooping and finally get a conflict one.
z Description: The DHCP Decline packets broadcast in network for a while.
LSOD09332

z Condition: Configure DHCP rate limit on port, and display the configuration.
z Description: The switch shows the default configuration.
LSOD09048

z Condition: Configure the ipv6 ACL that include destination IP address and source IP address in
sequence.
z Description: The source IP address includes part of the destination IP address in the current
information.
LSOD09439

z Condition: Configure port-security auto learn mode on port A. Delete all MAC-address and
change the VLAN ID of the port A while there are background traffic.
z Description: The MAC of the old VLAN is left occasionally.
LSOD09268

z Condition: Connect device to HUAWEI S2300 and running LLDP.
z Description: The device can not find S2300 as LLDP neighbor.
LSOD09295

z Condition: Dot1x is enabled on a device. Ping the device with IPv6 address from an
unauthenticated PC.
z Description: The device makes a response to the ping request.

LSOD09096

z Condition: Connect PC to port A of a slave device in stack. After reboot the slave device, the port
A enters guest-VLAN.
z Description: Display interface information on the master of stack. It is shown that the port A is not
in the guest-VLAN.
LSOD09204

z Condition: Connect PC to port A. Configure port-security on port A (the port-mode is mac-and-
userlogin-secure, userlogin-secure-or-mac, mac-else-userlogin-secure, userlogin-secure or
userlogin-withoui). Do 802.1X authentication with windows XP client on PC.
z Description: After log-in, windows XP client does re-authentication frequently.
LSOD09167

z Condition: Many 802.1X users are on-line on the same device (about 1000). In system-view,
execute ‘undo dot1x’ command, and then execute ‘dot1x’ command.
z Description: Executing the ‘dot1x’ command always fails, and the system prompts ‘Processing
Last 802.1X command... Please try again later.’
LSOD09156

z Condition: In stack, do 802.1X authentication with iMC server. User A log-in, then user B log-in
from another device of the fabric with the same user-name of A.
z Description: The iMC server forces user A to log-out.

LSOD08866

z Condition: Walk the entAliasMappingIdentifier node.
z Description: The multiple entities of walk result have the same index which causes the failure in
synchronizing device data through SNMP network management.
LSOD09143

z Condition: The device has been configured ‘igmp-snooping non flooding’ function. The VLAN X is
configured igmp-snooping function and configures port Y as static router port. VLAN X receives
unknown multicast flow, and then disables igmp-snooping function in VLAN X.
z Description: The port which is not router port can receive unknown multicast flow.
LSOD09176

z Condition: Enable voice VLAN legacy and connect an IP phone to switch.
z Description: The switch may ignore CDP packets from IP phone, and voice VLAN will not work.
LSOD09145

z Condition: Voice VLAN, dot1x (or port-securtiy) and DHCP-launch are enabled on the device,
and then the device receives DHCP Discover packet or DHCP Request packet whose source
MAC address is belong to a Voice VLAN OUI.
z Description: The source MAC address of DHCP Discover packet or DHCP Request packet can
not be learnt. The correct behavior is: the source MAC address should be learnt.

LSOD09059
z First Found-in Version: V3.03.00

z Condition: configure "dot1x guest-vlan" on the port. Users succeed in authentication, and
authorization VLAN is assigned to the port. After that, configure "undo dot1x" on the port.
z Description: In a very tiny chance, the port remains in the authorization VLAN.
ZDD02152

z Condition: Switch work as Telnet client or server. Input non-english character after login.
z Description: Possible unexpected logout.
LSOD08964

z Condition: Enable DHCP snooping and DHCP snooping option 82 on switch with replacing
strategy.
z Description: Switch can not replace OPTION 82 of DHCP discover packet correctly.

LSOD09106

z Condition: EAD fast deployment is enabled on the port connecting the switch to a client, and no
VLAN-interface is created for the VLAN where the port resides. The client sends repetitive HTTP
requests or out-of-sequence HTTP packets when it is unauthenticated and accesses the network.
z Description: A memory leak occurs.
LSOD09080

z Condition: Access MIB node "hwNDPPortStatus" on a stack.
z Description: Each slave unit leaks 9K-byte memories every time. No memory leakage occurs on
master unit.
LSOD08774

z Condition: Do EAD authentication with iMC server.
z Description: The user goes off-line soon after passing the security checking.
LSOD09095

z Condition: Enable 802.1x authentication on a device, and connect a PC to a trunk port of the
device through a Netgear switch. The data traffic should be tagged when it passes the trunk port.
Then do 802.1x authentication.
z Description: After log-on, PC’s MAC-Address is learnt in the PVID VLAN of the port, not the
tagged VLAN. So, the port can not forward the data traffic.
LSOD09097

z Condition: The device has been configured user ACL remark VLAN ID, and user VLAN ID is
configured as multicast VLAN ID. The device receives IGMP report message from the host.
z Description: The device can not transmit IGMP report message to upstream device periodically,
so as to multicast stream to be interrupted.
LSOD09102

z Condition: Set up an extended IP ACL with number 3000, and add a rule with protocol key. Such
as "rule 0 permit ip", in which "ip" means IP protocol. View the configuration file by "more"
command after saving configuration, or display the current configuration.
z Description: The protocol key of the rule in the configuration becomes capital, and it will be
lowercase in current version. For example, former version shows up "rule 0 permit IP" and
current version shows "rule 0 permit ip". There is no any effect for function.
LSOD09100

z Condition: Net management software, which is using SNMP, is connected to the slave device in a
stack.
z Description: Execute setting operation; the operation can be succeeding, but the device cannot
send SNMP response to the net management software.
LSOD09045

z Condition: A large amount of security MAC addresses are learnt in a stack.
z Description: Several MAC address can not be aged after aging timer is reached.
LSOD08988

z Condition: One user with privilege level 0 login the web management interface.
z Description: WEB can not show the page of "Help".

LSOD08968

z Condition: Enable mac-authentication and set the offline-detect timer to be larger than one half of
mac-address aging timer on the switch. And connect a PC to the switch to do mac-authentication,
but the traffic sent from the PC is very small, such as only sending one packet every 2 or 3
minutes.
z Description: The PC may log off probably even though the mac-address of the PC has not aged-
out on the switch.
LSOD08964

z Condition: A switch serves as DHCP SNOOPING, and enable DHCP SNOOPING OPTION 82
function with replace strategy on the switch.
z Description: The switch can not replace the OPTION 82 of DHCP discover packet correctly.
LSOD06917

z Condition: In the following network, the monitor port is on the master device (UNIT 1). After
rebooting fabric with saved configuration, configure the ports of UNIT 3 as the source mirroring
port and the monitor port.

z Description: The fabric can't ping the PC connected to the mirroring port successfully.
LSOD08776

z Condition: Execute "ip host" command and the "hostname" parameter includes "-" character.
z Description: The command fails and the message of "Invalid host name format!" is prompted.
LSOD08782

z Condition: Enable dot1x function and some dot1x clients are on-line.
z Description: The ports which have passed dot1x authentication will forward the unicast EAP
packets to the entire vlan.
LSOD08757

z Condition: Enable NDP on a fabric system and many NDP adjacent devices attached to the same
port of the device.
z Description: When getting the NDP neighbor information through SNMP, the usage of CPU of the
device is high.
LSOD08753

z Condition: Enable NTP on a fabric system, the NTP server is connected to one port of the slave
device.
z Description: When working in NTP multicast client modes, the stack device can not synchronize
the clock from NTP Server.
LSOD08892

z Condition: The devices are in a fabric. Lots of VLAN and some MSTP instances are configured.
Execute the command "active region-configuration".
z Description: There is little probability that the command fails and the device outputs the following
information: Command synchronization failed, please try later...
LSOD08819

z Condition: The last port of a device in a fabric has a link-up state and is configured with link-delay.
Reboot the fabric after saving configuration.
z Description: There is little probability that the port mentioned above can't send packets.
LSOD08905

z Condition: Execute command "display memory" in a stack composed of multiple devices. Press
"Ctrl+C" before the display process completes.
z Description: A memory leak of 1K bytes occurs.

LSOD08907

z Condition: Access a device repeatedly by SSH with public key authentication.
z Description: An exception may occur on the device at little probability.
LSOD08729

z Condition: Set port-security as "and" mode in device. Some users do MAC and dot1x
authentication on several ports at the same time.
z Description: The dynamic "auto vlan" is added to some port's configuration.
LSOD08843

z Condition: Set port-mirroring function on web.
z Description: The CPU usage of device is up to 100%, and the information of port-mirroring can't
be normally displayed at web view.
LSOD08788

z Condition: The 802.1x server is CAMS or iMC, the device enable DHCP snooping or DHCP relay,
the 802.1x client which is on-line requests ip address frequently.
z Description: The device send accounting update packet to server frequently, which lead the
802.1x client off-line.
LSOD08808

z Condition: The IP address of a WEB server is the same as that of the vlan-interface of a device.
z Description: After user login through web-authentication, the user's layer-2 traffic can't be
forwarded normally.
LSOD08738

z Condition: When congestion happens on a port, enable burst mode function.
z Description: All packets can't be forwarded on the port.
LSOD08679

z Condition: Units A, B, and C are in the same stack. An 802.1x user logs in through Port X of unit
A, and Port X is assigned to the authorization VLAN (PVID or auto VLAN). Reboot unit B. Then
the user in unit A logs off, and Port X leaves the authorization VLAN.
z Description: After the user logs off, execute the display interface command on units A and B to
display information about port X. It is showed that the port is no longer in the authorization VLAN.
Execute the display command on unit C, and it is showed that the port is still in the authorization
VLAN.

LSOD08657

z Condition: In a stack device, configure port security in autolearn mode for a port, and set the
max-mac-count limit. Let the port learn MAC addresses automatically, and make MAC count of
the port reach the limit.
z Description: Try to add one more MAC address to the port using the mac-address security
command. Although a failure information is showed, the display mac-address command shows
that the additional MAC address is added actually, making the MAC count of the port exceed the
limit.
LSOD08665

z Condition: In a stack, enable port security in autolearn mode and aging mode on ports. After the
security MAC is learnt, disable the port security feature when the security MAC is aging.
z Description: The device reboots.
LSOD08631

z Condition: Enable 802.1X and debugging for RADIUS packets. Lots of users log on and then log
off.
LSOD08656

z Condition: Configure the multicast static-group command on a device configured with multicast
VLAN.
z Description: When deleting the multicast static-group configuration, the IGMP snooping groups
can't be removed.
LSOD08713

z Condition: Display the voice VLAN information of an LLDP neighbor.
z Description: The COS value and DSCP value of the voice VLAN are incorrect.
LSOD08716

z Condition: Configure the lldp compliance CDP command on a switch to communicate with a
Cisco device through Cisco CDP version 1.
z Description: The duplex mode of the LLDP neighbor displayed is incorrect.
LSOD08575

z Condition: When non-flooding is enabled, the device acts as the NTP client in the multicast mode
to synchronize timekeeping.
z Description: The timekeeping of the device can not be synchronized.
LSOD08674

z Condition: In a stack, there is global am user-bind in the startup configuration file. After rebooting,
the minimum Unit ID is not that of the master. Configure global am user-bind again and then
delete all the global am user-bind from the slave units.
z Description: The device displays the checksum different from that of unit 1 when you save the
configuration.
LSOD08652

z Condition: Add a hybrid port to the Guest VLAN of 802.1x, and then use the undo port hybrid vlan
command to remove the port from the Guest VLAN.
z Description: The display interface command shows that the port is still in the Guest VLAN.
Actually, the port is not in the VLAN.
LSOD08675

z Condition: In a stack, a port in unit A is assigned to the guest VLAN (VLAN x) of port security.
Then send packets with authenticated MAC addresses as source MAC to the port continuously.
z Description: After the port is removed from the guest VLAN, PVID of the port changes back to the
original VLAN y. Execute the display mac-address on unit B, and some dynamic MAC addresses
in VLAN y without authentication are displayed.
LSOD08678

z Condition: Reboot the master device of a stack.
z Description: Failed to discover LLDP neighbors on an STP port in Discarding state.
LSOD08726

z Condition: There are several units in a stack. Reboot the master device of the stack.
z Description: The VRRP function becomes abnormal.
LSOD08667

z Condition: Use the display transceiver xxx command to check the Copper SFP information.
z Description: The device does not support displaying Copper SFP information.
LSOD08673

z Condition: Configure am user-bind in system view of a stack member.
z Description: The packets with authenticated MAC addresses as source MAC can not be
forwarded by the other units of the stack.

LSOD08570

z Condition: Enable the port security feature on a stack, and set the intrusion mode to blockmac.
After one port (for example, port A) learns some blocked MAC addresses, remove the device to
which port A belongs from the stack.
z Description: Such blocked MAC addresses on the other devices of the stack can not be removed.
LSOD08734

z Condition: Enable STP and loopback detection in both interface view and system view. A loop
occurs on the port.
z Description: The loop on the port can not be detected.

LSOD08278
z First found-in version: V3.03.02

z Condition: Run command update fabric filename on device A, which is in a stack.
z Description: A memory leak of 256 bytes occurs.
LSOD08284

z Condition: Reboot a stacking device.
z Description: After reboot, there is little probobility that some MAC entry information in the MAC
forwarding table cannot be displayed.
LSOD08291

z Condition: Set the authentication mode with the command xrn-fabric authentication-mode md5
STRING<1-16> in a stack. Set the MD5 password twice, and the last configured password has
16 characters. Save the configuration and reboot a device in the stack.
z Description: After startup, the stack cannot be established and the stack ports are in isolated
state (auth failure).
LSOD08603

z Condition: Execute the dot1x authentication-method pap command.
z Description: A user whose password has two characters cannot pass dot1x authentication.
LSOD08460

z Condition: The device is enabled with voice VLAN, dot1x (or port-security with userlogin,
userloginext, userloginsecure mode) and DHCP-launch.
z Description: A PC connected to the device cannot pass dot1x authentication.

LSOD08576

z Condition: There are security MAC addresses in the switch. Then walk dot1qTpFdbStatus node
through SNMP.
z Description: The result is incomplete.
LSOD08651

z Condition: Enable DHCP-snooping on a ring-mode stack. The DHCP server and DHCP client
connect to different stacking units. The port connected to the DHCP server is configured with the
dhcp-snooping trust command and belongs to a link-aggregation group.
z Description: The DHCP client will get duplicate DHCP ACK packets when requesting an IP
address.
LSOD08655

z Condition: Configure a space-included string for DHCP server option 130 .
z Description: The operation fails.
LSOD08646

z Condition: The member ports of a link-aggregation group which belong to different units are
configured as mirrored ports. The mirroring-group monitor port and the link-aggregation group
master port are on the same unit.
z Description: The LLDP information on the master port of the link-aggregation group is wrong.
LSOD08628

z Condition: Get the value of node lldpRemPortDescription via MIB.
z Description: The result is the same as ifAlias. In fact, that value should be the same as ifDesc.
Resolved Problems in V3.03.02

LSOD08196
z First found-in version: V3.03.00p03

z Condition: The switch is the first-hop router of a multicast source, and another vendor’s device
(for example, IP 8800 of NEC) is the RP. The RP cannot create multicast entries through PIM null
register packets. When the link between the first-hop router and the RP breaks, the multicast
entries on the RP are aged out.
z Description: When the link between the first-hop router and the RP recovers, the RP cannot
create multicast entries.
LSOD08193

z Condition: Configure password information.
z Description: The password can be displayed in log information, compromising security.
LSOD08145

z Condition: Enable selective QinQ, and configure outer VLAN tag-to-inner VLAN tag mappings
until the system resources become insufficient.
z Description: Configured mappings cannot be deleted. To delete them, you need to restart the
device.

LSOD07956

z Condition: Get the value of module0 under the entPhysicalVendorType MIB node.
z Description: The returned value is Null, which should be 256.
LSOD07413

z Condition: Two switches comprise a cluster. The header legal command is configured on the
member switch. Execute the cluster switch-to 1 command on the command switch to log into
the member switch.
z Description: The login operation fails no matter whether "Y" or "N" is input.
LSOD07744

z Condition: Modify RADIUS scheme configuration through the CLI and web interface respectively
when there exist online users.
z Description: Modification through CLI fails, while modification through web interface succeeds.
LSOD07980/ LSOD07531/LSOD07749

z Condition: A PC acts as an administrator user and its MAC address is configured as a static MAC
address on the switch.
z Description: Logging into the web NM interface of the switch from the PC fails because the login
request is redirected to the EAD server.
LSOD07692

z Condition: Configure the maximum hops of topology discovery with the ntdp hop xxx command.
If the new maximum hop number is less than the previous one, a cluster is built on the device.
z Description: Devices beyond the maximum hops of topology discovery also join the cluster.
LSOD07939

z Condition: Local user User 1 sets the access-limit to N on the switch. Then, N local users except
for User 1 log into the switch (Local users can be FTP/ LAN-access/SSH/telnet/terminal users. If
a user logs into the switch through 2 ways at the same time, for example, FTP and telnet, the
user is counted as two logged-in users.).
z Description: User 1 cannot log in to the switch.
LSOD08070

z Condition: Configure the dot1x authentication-method eap command in system view, and
configure the port-security port-mode mac-and-userlogin-secure or port-security port-mode
mac-and-userlogin-secure-ext on a port that is connected to a PC. The PC passes 802.1X
authentication but fails MAC authentication .
z Description: The PC goes online. (It is required that the PC can go online after passing both
802.1X authentication and MAC authentication.)
LSOD08034

z Condition: The switch acts as the SSH/Telnet server, and SecureCRT acts as the SSH/Telnet
client. After the client logs into the server, copy a lot of configuration setting into the client window.
z Description: Some configurations are lost.
LSOD07962

z Condition: Configure an ACL rule and configure a description for the rule. View ACL rule
information through the web interface.
z Description: Two entries for the rule exist, and one entry is empty.
LSOD08035

z Condition: A stacking switch serves as a DHCP client and gets an IP address from the DHCP
server. When the client renews its lease, the DHCP server returns a NAK packet.
z Description: DHCP clients on the master and slave devices in the stack have different states.
LSOD08049

z Condition: The switch receives a packet with a broadcast destination MAC address and a unicast
destination IP address other than the IP address of the receiving VLAN interface.
z Description: The switch can't send a redirect packet to the sender.
LSOD08101

z Condition: Enable DHCP snooping on the switch.
z Description: The device can't forward DHCP packets whose UDP source port is 68 and whose
UDP destination port is neither 67 nor 68.

LSOD08106

z Condition: Enable selective QinQ, and configure outer VLAN tag-to-inner VLAN tag mappings
until the system resources become insufficient.
z Description: Configured mappings cannot be deleted. To delete them, you need to restart the
switch.
LSOD08118

z Condition: Update the software from version A (V3.01.xx and V3.02.xx) to version B (V3.03.00,
V3.03.00p01 and V3.03.00p02).
z Description: The password used on version A is invalid on version B.

LSOD07718

z Condition:
The network diagram is shown below:
PC1 and PC2 communicate with each other at Layer-3 through Switch 1.
Configure a static ARP entry that has no VLAN ID or outbound interface specified for PC2 on Switch
1. After PC1 and PC2 communicate with each other, the egress port and VLAN ID (VLAN B) of the
ARP entry are learned.
Then change the network as follows:
Remove VLAN B from Switch 1, configure VLAN B on Switch 2, and move PC2 from Switch 1 to
Switch 2.
After that, all PC1, Switch 1, Switch 2 and PC2 communicate with one another at Layer-3.
The new network is shown below:
z Description: The ping operation from PC1 to PC2 fails. To solve the problem, you have to reboot
Switch 1.

LSOD07630

z Condition: Perform EAD authentication on a port. Before authentication, the port's PVID is V1.
During authentication, the port is assigned a VLAN ID of V2. V2 and V1 are not in the same
MSTP instance.
z Description: EAD security policy authentication fails.
LSOD07571

z Condition: The switch works together with the CAMS server to implement RADIUS authentication.
The CAMS server assigns an SSL VPN group number to the switch.
z Description: RADIUS authentication fails because the switch does not support the SSL VPN
group number attribute.
LSOD07676

z Condition: Configure the ip address dhcp-alloc command on a VLAN interface.
z Description: The TTL of the DHCP Discover packet sent on the VLAN interface is 1. Because the
DHCP relay agent drops packets with TTL being 1, the DHCP Discover packet can't be
forwarded to the DHCP server.
LSOD07670

z Condition: A port (Ethernet1/0/28, for example) receives more than 500 error packets (CRC error
packets, for example) within one minute. Shutdown the port.
z Description: The switch prints the information "The link partner of Ethernet1/0/28 may be bad,
sending lots of error packets", which means the shutdown port is still receiving error packets.
LSOD07668

z Condition: Set forced mode, such as speed 100 and duplex full, for a lot of ports of the switch.
Save the configuration and reboot the switch.
z Description: The startup duration is much longer than before.
LSOD07316

z Condition: Perform 802.1X authentication on a user through the CAMS server. Before
authentication, the VLAN ID of the receiving port is V1. After authentication, the assigned VLAN
ID is V2.
z Description: On the CAMS, the user's VLAN ID is V1, not V2.
LSOD07416/LSOD07422/LSOD07420/LSOD01108

z Condition: Perform 802.1X authentication on a user in VLAN V1. VLAN V2 is assigned. V1 and
V2 belong to different MSTP instances.
z Description: Authentication fails.
LSOD07375

z Condition: Send UDP packets with destination port as 1645 or 1646 to the device.
z Description: Each UDP packet causes a memory leak of 32 bytes.
LSOD07479

z Condition: Disable and then enable STP repeatedly.
z Description: The device may reboot without exception information.
LSOD07124

z Condition: A stack serves as a DHCP relay agent. After a PC gets an IP address through the
relay agent, it sends a DHCP Inform packet to get extra information.
z Description: The DHCP relay agent does not process the DHCP ACK packet from the DHCP
server correctly, and thus the PC cannot process the DHCP ACK packet.
LSOD07425

z Condition: Execute the debugging snmp-agent detail process 0 command in hidecmd view.
The CPU usage is high (>50%). Then, use IMC software to scan the interfaces on the device.
LSOD07313

z Condition: Swap an SFP module within 5 seconds.
z Description: Use the display transceiver command to check the SFP module information, which
is updated.
LSOD07467

z Condition: The outgoing traffic speed on port A is higher than its maximum speed.
z Description: Dropped packets are not counted
LSOD07460

z Condition: A stack is established, and the following conditions are met on a stacking device.
(1) The unit ID is not 1.
(2) The DHCP server is connected to a port of this unit, and the port is configured as a DHCP-
snooping trusted port.
z Description: A DHCP client connected to the device can't get an IP address successfully.


LSOD07038

z Condition: The stack serves as a DHCP relay agent. After a PC gets its IP address from a DHCP
server through the DHCP relay agent, it sends a DHCP Inform packet to the DHCP server.
z Description: When the PC requests an IP address again, it has to repeat the request operation
before it gets an IP address.
LSOD07240

z Condition: Send DHCP request packets to the switch (a DHCP relay agent) continuously and
clear clients’ entries from the relay agent at the same time.
z Description: The switch reboots or cannot create clients’ entries according to DHCP requests.
LSOD07138

z Condition: A stack has DHCP snooping enabled. A PC gets an IP address from a DHCP server
through the stack.
z Description: Display DHCP client information on Unit X with the display dhcp-snooping unit X
command. The remaining lease time is always 0.
LSOD07145

z Condition: An administrator initiates RADIUS authentication. The server assigns two
administrative privilege attributes, (Vendorid=43, Type=1) and (Vendorid=2011, Type=29).
z Description: RADIUS authentication fails.
LSOD07184

z Condition: A stacking device joins a cluster as a cluster member.
z Description: A memory leak of 512 bytes occurs on the slave device per minute.
LSOD07234

z Condition: Execute the undo cluster enable command on a stacking device that also works as a
cluster member.
z Description: The cluster configuration of the master device cannot be synchronized to the salve
device.
LSOD07128

z Condition: A stack has STP BPDU protection enabled. An STP edge port on a slave device
becomes administratively down upon receiving BPDUs.
z Description: Using the display stp portdown command cannot view information about the port.
LSOD07143

z Condition: Port A, which is not a STP edge port, is connected to a terminal. Port A goes up.
z Description: The STP status of port A in MSTI changes from discarding to forwarding directly,
without passing the learning state.
LSOD07136

z Condition: Telnet to a device that is handling huge IUC traffic.
z Description: The telnet user is hung up and the corresponding resources cannot be released.
LSOD07140

z Condition: Two devices form a stack. Telnet to the slave device and execute the free user-
interface vty command on its console port. Then, use the display users command to view the
user information on the master device.
z Description: The master device reboots abnormally.
LSOD06680/LSOD07269

z Condition: The device has the default configuration file 'config.def', but has no startup
configuration file specified.
z Description: The device does not use the auto-configuration function after startup, but runs the
default configuration file 'config.def'.
ZDD01517

z Condition: Use the AT&T network management tool to backup the configuration on the device.
z Description: A memory leak of 512K bytes occurs each time a backup operation is performed.
LSOD06530

z Condition: The network diagram is shown below: The stack acts as an FTP client. Device A in the
stack is not directly connected to the FTP server. All devices in the figure are the S4500 series.
z Description: Performing FTP put operations on Device A fails.
LSOD06010

z Condition: Configure a static route with the blackhole attribute on the device, and its next hop
address is a reachable valid IP address. For example, execute the ip route-static 1.1.1.0
255.255.255.0 2.2.2.2 blackhole command.
z Description: IP packets matching the blackhole route are still forwarded normally.

None

LSOD03797

z Condition: Execute the undo shutdown or shutdown command on the combo port of a device
whose unit ID is not 1. .
z Description: The output information shows that the unit ID is not correct.

LSOD03479

z Condition: Change the sysname in the default configuration file and reboot the device (the default
configuration file is used).
z Description: After startup, the new sysname does not take effect.
LSOD03115

z Condition: Execute “?” on the switch repeatedly.
z Description: The usage of memory increases continuously until it gets exhausted and no
command can be executed.
LSOD02840

z Condition: The switch acts as the SSH server. SSH packets from the SSH client are fragmented
before reaching the SSH server.
z Description: The SSH connection between client and server can’t be established successfully, or
SSH doesn’t work after the SSH connection is established.
OLSD31930

z Condition: Execute the display diagnostic command.
z Description: “display mac number in hardware” and “display mac hided in hardware” cannot be
resolved.
OLSD31973

z Condition: Display log information on the device.

z Description: Information such as “msg:rtbit_set_vrf:0.0.0.0/0(n_bitsset=1) public vpn-instance”
appears.

None, only new features added.

OLSD30061

z Condition: The device receives broadcast packets destined to a subnet not directly connected.
z Description: The switch processes these packets and thus extra system resources are consumed.
OLSD29599

z Condition: Configure a sysname with a space through the web interface, for example, "4500
sysnametest".
z Description: After the switch reboots, a syntax error is reported and the sysname is changed back
to the original sysname, because the sysname cannot contain any space.
OLSD30143

z Condition: Configure and display an ACL through the web interface.
z Description: An ACL rule in deny mode configured through CLI cannot be displayed on the web
interface, and you cannot configure an ACL rule in deny mode through the web interface.

Problem 1

z Condition: No DC power is used on the switch.
z Description: The switch keeps sending traps and the following information appears frequently.
%Apr 23 11:06:13:982 2000 11FL-Voice-SW2 DEV/5/DEV_LOG:- 1 -
Power 2 recovered
%Apr 23 11:06:15:547 2000 11FL-Voice-SW2 DEV/5/DEV_LOG:- 1 -
Power 2 is absent

Problem 1

z Condition: Use FTP to download an application file to the switch that uses the Intel J3D flash, or
perform other write operations to the flash such as execute the display diagnostic-information
command.

z Description: Some errors occur and command executions fail. For example, if you download a
large file from the FTP server when there is enough space, the following prompt appears:
Local space is not enough !
System will delete the file which has been transferred, please wait...
...Error Writing Local File: not enough space!
On an S4500 device that has an Intel J3D flash installed and runs a version earlier than V3.01.00p01,
performing above-mentioned operations will fail.

First release.
Related Documentation
For the most up-to-date version of documentation:
1) Go to http://www.3Com.com/downloads
2) Select Documentation for Type of File and select Product Category.
Software Upgrading
The device software can be upgraded through the console port, TFTP, and FTP.
Remote Upgrading through CLI

You may upgrade the application and Boot ROM program of a device remotely through command line
interface (CLI). To this end, telnet to the device from a computer (at 10.10.110.1) running FTP server
first; and then get the application and Boot ROM program, switch.app and switch.btm for example,
from the FTP server as follows:
<Switch> ftp 10.10.110.1
Trying
Press CTRL+K to abort
Connected
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(none):lyt
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] get switch.app switch.app
[ftp] get switch.btm switch.btm
[ftp] bye
<Switch> boot bootrom switch.btm
please wait ...
Bootrom is updated!
<Switch> boot boot-loader switch.app
<Switch> display boot-loader

The app to boot at the next time is: flash:/ switch.app

<Switch> reboot
After getting the new application file, reboot the device to validate it.
Note that if you do not have enough Flash space, upgrade the Boot ROM program first, and then
download the application file to the device.
The following sections introduce some approaches to local upgrading.
Boot Menu
Upon power-on, the switch runs the Boot ROM program first. The following information will be
displayed on the terminal:
Starting......
******************************************************************
* *
* Switch 4500 PWR 50-Port BOOTROM, Version 1.00 *
* *
******************************************************************
Copyright (c) 2003-2005 3Com Corporation. All Rights Reserved.

Creation date : Sep 13 2005, 10:42:24
CPU type : BCM4704
CPU Clock Speed : 200MHz
BUS Clock Speed : 33MHz
Memory Size : 64MB
Mac Address : 000fe2004500
Press Ctrl-B to enter Boot Menu... 2
After the screen displays “Press Ctrl-B to enter Boot Menu...”, you need to press <Ctrl+B> within 5
seconds to access the Boot menu. Otherwise, the system will start program decompression, and then
you have to reboot the switch to access the Boot menu.
The system displays:

Password :
Enter the correct password (no password is set by default) to access the Boot menu.

Remember your Boot ROM password.
BOOT MENU
1. Download application file to flash

2. Select application file to boot
3. Display all files in flash
4. Delete file from flash
5. Modify bootrom password
6. Enter bootrom upgrade menu
7. Skip current configuration file
8. Set bootrom password recovery
9. Set switch startup mode
0. Reboot
Enter your choice(0-9):
Software Upgrading via Console Port (Xmodem Protocol)

Step 1: Enter 6 in the Boot menu and press <Enter> to access the bootRom update menu.
Bootrom update menu:
1. Set TFTP protocol parameter
2. Set FTP protocol parameter
3. Set XMODEM protocol parameter
0. Return to boot menu
Enter your choice(0-3):
Step 2: Enter 3 to select the Xmodem protocol and press <Enter>. The following information appears:
Please select your download baudrate:
1. 9600
2. 19200
3. 38400
4. 57600
5. 115200
6. Exit
Enter your choice (0-5):
Step 3: Select the appropriate download baud rate. For example, enter 5 to select the download baud
rate of 115200 bps. Press <Enter> and the following information appears:

Download baudrate is 115200 bps. Please change the terminal's baudrate to 115200 bps,
and select XMODEM protocol.
Press ENTER key when ready.
Step 4: Configure the same baud rate on the console terminal, disconnect the terminal and reconnect
it. Then, press <Enter> to start downloading. The following information appears:
Are you sure to download file to flash? Yes or No(Y/N)y
Now please start transfer file with XMODEM protocol.
If you want to exit, Press <Ctrl+X>.
Downloading ... CCCCC
After the terminal baud rate is modified, it is necessary to disconnect and then re-connect the terminal
emulation program to validate the new setting.
Step 5: Select [Transfer\Send File] from the terminal window. Click <Browse> in the pop-up window
and select the software to be downloaded. Select Xmodem from the Protocol drop down list.
Figure 1 Send File
Step 6: Click <Send> and the following window appears.

Figure 2 Xmodem File Send
Step 7: After downloading completes, the following information appears:

Loading ...CCCCCCCCCC done!
Using TFTP Through an Ethernet Interface

1) Introduction to TFTP
The Trivial File Transfer Protocol (TFTP) employs UDP to provide unreliable data transfer service.
2) Upgrade procedure
Step 1: Connect an Ethernet interface of the switch to the PC where the program files are located,
and connect the console port of the switch to the same PC.
Step 2: Run the TFTP server program on the PC, and put the program files into a file directory.
Switch 4500 series are not shipped with the TFTP server program.
Step 3: Run the terminal emulation program on the PC, and start the switch, to access the Boot menu.
Step 4: Enter 1 in the Boot menu, and press <Enter> to enter the following menu.
Please set application file download protocol parameter:
Enter your choice(0-3):1

Step 5: Enter 1 to use TFTP, and press <Enter>. The following information appears:
Load File name
Switch IP address (This address and the server IP address must be on the same network
segment)
Server IP address (IP address of the PC where the file is stored)
Step 6: Input correct information and press <Enter>. The following information appears:
Are you sure to download file to flash? Yes or No(Y/N)
Step 7: Enter Y to start downloading the files. Enter N to return to the Boot menu. Take entering Y as
an example. Enter Y and press <Enter>, the system begins downloading programs. After downloading
completes, the system starts writing the programs to the flash. Upon completion of this operation, the
screen displays the following information to indicate that the downloading is completed:
Loading ........................................................done!
Writing to flash................................................done!
Using FTP Through an Ethernet Interface

1) Introduction to FTP
The 4500 can serve as an FTP server or client. In the following example, the 4500 serves as an FTP
client.
2) Upgrade procedure
Step 1: Connect an Ethernet interface of the 4800G to the PC where the program files are located,
and connect the console port of the switch to the same PC.
Step 2: Run the FTP server program on the PC, and put the program files into a file directory.
Step 3: Run the terminal emulation program on the PC, and start the switch to access the Boot menu.
Step 4: Enter 1 in the Boot menu and press <Enter> to access the following menu.
Please set application file download protocol parameter:
Enter your choice(0-3):2
Step 5: Enter 2 to select FTP and press <Enter>. The following information appears:
Please modify your FTP protocol parameter:
Load File name
Switch IP address
Server IP address
FTP User Name
FTP User Password
Step 6: Input correct information and press <Enter>. The following information appears:
Are you sure to download file to flash? Yes or No(Y/N):

Step 7: Enter Y to start downloading the files. Enter N to return to the Boot menu. Take the first case
as an example. Enter Y and press <Enter>, and the system begins downloading programs. After
downloading completes, the system starts writing the programs into the flash. Upon completion of this
operation, the screen displays the following information to indicate that the downloading is completed:
Loading ........................................................done!
Writing to flash................................................done!
Appendix
Details of Added or Modified CLI Commands in V3.03.02p06
dot1x unicast-trigger
Syntax
dot1x unicast-trigger
undo dot1x unicast-trigger
View
Ethernet interface view
Default Level
2: System level
Parameters
None
Description
Use the dot1x unicast-trigger command to enable the unicast trigger function of 802.1X on a port.
Use the undo dot1x unicast-trigger command to disable this function.
By default, the unicast trigger function is disabled.

mac-authentication timer offline-detect
Syntax
mac-authentication timer offline-detect offline-detect-value
undo mac-authentication timer offline-detect

View
System view, Ethernet port view
Parameters
offline-detect-value: Offline detect timer, which specifies the idle timeout interval (in seconds) for users.
At this interval, the switch checks whether there is traffic from each user. If receiving no traffic from a
user within two consecutive intervals, the switch logs the user out and notifies the RADIUS server.
The value range for the offline-detect-value argument is 0 to 3000000. The default is 300 seconds.
Description
Use the mac-authentication timer offline-detect command to set the offline detect timer for MAC
authentication.
Use the undo mac-authentication timer offline-detect command to restore the default.
Note that:
z The offline detect timer configured in system view applies to all MAC authentication-enabled
ports.
z The offline detect timer configured in Ethernet port view applies to the current port only. You can
set the offline detect timer to different values on different Ethernet ports.
z The offline detect timer configured in Ethernet port view takes precedence over the one
configured in system view.
If the offline-detect-value argument takes the value of 0, the offline detect timer is disabled.
bpdu-drop any
Syntax
bpdu-drop any
undo bpdu-drop any
View
Ethernet port view
Parameters
None
Description
Use the bpdu-drop any command to enable BPDU dropping on the Ethernet port.
Use the undo bpdu-drop any command to disable BPDU dropping on the Ethernet port.
By default, BPDU dropping is disabled.


voice vlan lldp
Syntax
voice vlan lldp
undo voice vlan lldp
View
Ethernet port view
Parameters
None
Description
Use the voice vlan lldp command to enable automatic discovery of IP phones using LLDP on the
Ethernet port.
Use the undo voice vlan lldp command to disable automatic discovery of IP phones using LLDP on
the Ethernet port.
By default, automatic discovery of IP phones using LLDP is disabled on ports.
Examples
# Enable automatic discovery of IP phones using LLDP on Ethernet 1/0/1.

[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] voice vlan lldp
display link-delay
Syntax
display link-delay
View
Any view
Parameters
None

Description
Use the display link-delay command to display information about ports configured with link state
change suppression, including the port name and the configured timer.
Related commands: link-delay, link-delay up, and link-delay updown.
Examples
# Display information about ports configured with link state change suppression.
<H3C>display link-delay
Interface Up Delay Time Down Delay Time
====================== ============== ==============
Ethernet1/0/1 0 3
Ethernet1/0/2 5 0
Ethernet1/0/3 4 4
link-delay
Syntax
link-delay delay-time
undo link-delay
View
Ethernet port view
Parameters
delay-time: Link down suppression interval (in seconds), which ranges from 2 to 10.
Description
Use the link-delay command to enable physical link state change suppression and set the link down
suppression timer. When the physical link of the port goes down, the port starts the timer and does
not report link state changes to the system within the timer interval.
Use the undo link-delay command to disable link state change suppression.
By default, link state change suppression is disabled.
Examples
# Enable link down suppression on port Ethernet 1/0/5, and set the link down suppression interval to
8 seconds.
Enter system view, return to user view with Ctrl+Z.
[Sysname-Ethernet1/0/5] link-delay 8
link-delay up
Syntax
link-delay up delay-time
undo link-delay
View
Ethernet port view
Parameters
delay-time: Link up suppression interval (in seconds), which ranges from 2 to 10.
Description
Use the link-delay up command to enable physical link state change suppression and set the link up
suppression timer. When the physical link of the port goes up, the port starts the timer and does not
report link state changes to the system within the timer interval.
Examples
# Enable link up suppression on port Ethernet 1/0/5, and set the link up suppression interval to 8
seconds.
[Sysname-Ethernet1/0/5] link-delay up 8
link-delay updown
Syntax
link-delay updown delay-time
undo link-delay
View
Ethernet port view
Parameters
delay-time: Link state change suppression interval (in seconds), which ranges from 2 to 10.

Description
Use the link-delay updown command to enable physical link state change suppression and set the
link up-down suppression timer. When the physical link of the port goes down or goes up, the port
starts the timer and does not report link state changes to the system within the timer interval.
Examples
# Enable link state change suppression on port Ethernet 1/0/5, and set the link up-down suppression
interval to 8 seconds.
[Sysname-Ethernet1/0/5] link-delay updown 8

mac-address station-move quick-notify
Syntax
mac-address station-move quick-notify enable
undo mac-address station-move quick-notify enable
View
System view
Parameters
None
Description
Use the mac-address station-move quick-notify enable command to enable ARP quick update.
Use the undo mac-address station-move quick-notify enable command to restore the default.
By default, ARP quick update is disabled.
Examples
# Enable ARP quick update.

[Sysname] mac-address station-move quick-notify enable

arp rate-limit enable noshut
Syntax
arp rate-limit enable [ noshut ]
undo arp rate-limit enable
View
System view
Parameters
noshut: Does not shut down the port.
Description
Use the arp rate-limit enable command to enable ARP packet rate limit on the port.
Use the undo arp rate-limit enable command to disable ARP packet rate limit on the port.
By default, ARP packet rate limit is disabled, and ARP packet rate is not limited on a port.
Without the noshut keyword, this command enables the switch to shut down the port when the
maximum rate is reached.
With the noshut keyword, this command enables the switch to discard incoming ARP packets
received on the port when the maximum rate is reached.
Note
We recommend you to set a small value for the maximum rate with command arp rate-limit rate.
dot1x auth-fail-retry
Syntax
dot1x auth-fail-retry retry-value
undo dot1x auth-fail-retry
View
System view
Parameters
retry-value: For the MAC-Authenticated users that are online, specifies the maximum number of
attempts because of having failed 802.1X authentication, in the range of 0 to 50.

Description
Use the dot1x auth-fail-retry command to set the maximum number of attempts because of having
failed 802.1X authentication, for the MAC-Authenticated users that are online. The default maximum
number of attempts is 5.
Use the undo dot1x auth-fail-retry command to restore the default.
Examples
# Set the maximum number of attempts because of having failed 802.1X authentication as 3.
[Sysname] dot1x auth-fail-retry 3
Unless otherwise stated, all passwords and keys, including those configured in plaintext, are stored in
encrypted form for security purposes .
Modified command: bims-server
Old syntax
bims-server ip ip-address [ port port-number ] sharekey key
New syntax
bims-server ip ip-address [ port port-number ] sharekey [ cipher | simple ] key
Views
DHCP address pool view
Parameters
ip ip-address: Specifies the IP address of the BIMS server.
port port-number: Specifies the port number of the BIMS server, in the range of 1 to 65534.
cipher: Sets a ciphertext key.
simple: Sets a plaintext key.
key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string
of 1 to 16 characters. If cipher is specified, it must be a ciphertext string of 1 to 53 characters. If
neither cipher nor simple is specified, you set a plaintext key string.

Change description
Before modification: The cipher and simple keywords are not supported. The key you enter must be a
plaintext string of 1 to 16 characters.
After modification: You can enter a key in encrypted form or plaintext form.
Modified command: dhcp server bims-server
Old syntax
dhcp server bims-server ip ip-address [ port port-number ] sharekey key { interface interface-type
interface-number [ to interface-type interface-number ] | all }
New syntax
dhcp server bims-server ip ip-address [ port port-number ] sharekey [ cipher | simple ] key { interface
interface-type interface-number [ to interface-type interface-number ] | all }
Views
System view
Parameters
ip ip-address: Specifies the IP address of the BIMS server.
port port-number: Specifies the port number of the BIMS server, in the range of 1 to 65534.
key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string
of 1 to 16 characters. If cipher is specified, it must be a ciphertext string of 1 to 53 characters. If
interface interface-type interface-number [ to interface-type interface-number ]: Specifies an interface

range. The interface-type interface-number arguments specify an interface by its type and number.
all: Specifies all interfaces.
Change description

Modified command: dldp authentication-mode
Old syntax
dldp authentication-mode { none | simple simple-password | md5 md5-password }
New syntax
dldp authentication-mode { none | { simple | md5 } password }
Views
System view
Parameters
none: Specifies not to perform authentication.
simple: Specifies the simple authentication mode and sets a plaintext or ciphertext password.
md5: Specifies the MD5 authentication mode and sets a plaintext or ciphertext password.
password: Sets the password. This argument is case sensitive. It must be a plaintext string of 1 to 16
characters, or a ciphertext string of 33 to 53 characters.
Change description
z For simple authentication, you can set only a plaintext password of 1 to 16 characters.
z For MD5 authentication, you can set a plaintext or ciphertext password. A plaintext password
comprises 1 to 16 characters, and a ciphertext password is a ciphertext string corresponding
to the plaintext password.
After modification: Both simple authentication and MD5 authentication support plaintext or ciphertext
passwords. A plaintext password is a string of 1 to 16 characters, and a ciphertext password is a
string of 33 to 53 characters.
Modified command: xrn-fabric authentication-mode
Syntax
xrn-fabric authentication-mode { md5 key | simple password }
Views
System view
Parameters
md5: Specifies the MD5 authentication mode.

key: Specifies an MD5 authentication key. You can enter the key in plaintext form or encrypted form.
In plaintext form, it must be a case-sensitive string of 1 to 16 characters. In encrypted form, it must be
a case-sensitive string of 24 characters. For security purposes, the plaintext form of the MD5
authentication key is encrypted before being stored.
simple: Specifies the simple authentication mode.
password: Specifies a password in plaintext form, a case-sensitive string of 1 to 16 characters. The

password is stored in plaintext form. This password storing strategy will not create security risks,
because the password is only useful for member chassis in the XRN fabric.
Change description
Before modification: You can enter the MD5 authentication key only in plaintext form.
After modification: MD5 authentication key can be entered in plaintext form or encrypted form.
Modified command: key (HWTACACS scheme view)
Old syntax
key { accounting | authentication | authorization } string
New syntax
key { accounting | authentication | authorization } [ cipher | simple ] string
Views
HWTACACS scheme view
Parameters
accounting: Sets the key for secure HWTACACS accounting communication.
authentication: Sets the key for secure HWTACACS authentication communication.
authorization: Sets the key for secure HWTACACS authorization communication.
string: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a
string of 1 to 16 characters. If cipher is specified, it must be a ciphertext string of 1 to 117 characters.
If neither cipher nor simple is specified, you set a plaintext key string.
Change description
Before modification: The cipher and simple keywords are not supported. The key for securing
HWTACACS authentication, authorization, or accounting communication must be a plaintext string of
1 to 16 characters.
After modification: You can set a key in encrypted form or plaintext form to secure HWTACACS
authentication, authorization, or accounting communication.
Modified command: key (RADIUS scheme view)
Old syntax
key { accounting | authentication } string
New syntax
key { accounting | authentication } [ cipher | simple ] string
Views
RADIUS scheme view
Parameters
accounting: Sets the key for secure RADIUS accounting communication.
authentication: Sets the key for secure RADIUS authentication/authorization communication.
string: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a
string of 1 to 16 characters. If cipher is specified, it must be a ciphertext string of 1 to 53 characters. If
Change description
Before modification: The cipher and simple keywords are not supported. The key for securing RADIUS
authentication/authorization or accounting communication must be a plaintext string of 1 to 16
characters.
After modification: You can set a key in encrypted form or plaintext form to secure RADIUS
authentication/authorization or accounting communication.
Modified command: local-server nas-ip
Old syntax
local-server nas-ip ip-address key password
New syntax
local-server nas-ip ip-address key [ cipher | simple ] password

Views
System view
Parameters
nas-ip ip-address: Specifies the IP address of the network access server through which users can
access the local RADIUS authentication/authorization server. The IP address must be in dotted
decimal notation.
key [ simple | cipher ] password: Sets the key to share between the local RADIUS
authentication/authorization server and the network access server.
z cipher: Sets a ciphertext key.

z simple: Sets a plaintext key.
z password: Specifies the key string. This argument is case sensitive. If simple is specified, it
must be a string of 1 to 16 characters. If cipher is specified, it must be a ciphertext string of 1
to 53 characters. If neither cipher nor simple is specified, you set a plaintext key string.
Change description
Before modification: The cipher and simple keywords are not supported. The key to share between
the local RADIUS authentication/authorization server and the network access server must be a
After modification: You can set a key in encrypted form or plaintext form to share between the local
RADIUS authentication/authorization server and the network access server.
Modified command: mac-authentication authmode usernameasmacaddress
Old syntax
mac-authentication authmode usernameasmacaddress [ usernameformat { with-hyphen | without-

hyphen } { lowercase | uppercase } | fixedpassword password ]
New syntax
mac-authentication authmode usernameasmacaddress [ usernameformat { with-hyphen | without-

hyphen } { lowercase | uppercase } | fixedpassword [ cipher | simple ] password ]
Views
System view
Parameters
usernameformat: Specifies the username and password input format for MAC-based accounts.
with-hyphen: Uses the hyphenated MAC address of a user, such as 00-05-e0-1c-02-e3, as the
username and password for MAC authentication of the user.
without-hyphen: Uses the unhyphenated MAC address of a user, such as 0005e01c02e3, as the
username and password for MAC authentication of the user.
lowercase: Enters letters of the MAC address in lower case.
uppercase: Enters letters of the MAC address in upper case.
fixedpassword [ simple | cipher ] password: Uses a fixed password, instead of user MAC addresses,
for MAC authentication users.
z cipher: Sets a ciphertext password.

z simple: Sets a plaintext password.
z password: Specifies the password string. This argument is case sensitive. If simple is
specified, it must be a string of 1 to 63 characters. If cipher is specified, it must be a ciphertext
string of 1 to 117 characters. If neither cipher nor simple is specified, you set a plaintext
password.
Change description
Before modification: The cipher and simple keywords are not supported. The password you enter
must be a plaintext string.
After modification: You can enter a password in encrypted form or plaintext form.
Modified command: mac-authentication authpassword
Old syntax
mac-authentication authpassword password
New syntax
mac-authentication authpassword [ cipher | simple ] password
Views
System view
Parameters
[ cipher | simple ] password: Sets the password of the shared account for MAC authentication users.
z cipher: Sets a ciphertext password.

z simple: Sets a plaintext password.
z password: Specifies the password string. This argument is case sensitive. If simple is
specified, it must be a string of 1 to 63 characters. If cipher is specified, it must be a ciphertext
string of 1 to 117 characters. If neither cipher nor simple is specified, you set a plaintext
password.

Change description
Before modification: The cipher and simple keywords are not supported. The password you enter
must be a plaintext string.
After modification: You can enter a password in encrypted form or plaintext form.
Modified command: ntp-service authentication-keyid
Old syntax
ntp-service authentication-keyid keyid authentication-mode md5 value
New syntax
ntp-service authentication-keyid keyid authentication-mode md5 [ cipher | simple ] value
Views
System view
Parameters
keyid: Specifies a key ID in the range of 10 to 4294967295.
value: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a
string of 1 to 32 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters. If
Change description
Modified command: password (Remote-ping test group view)
Old syntax
password password
New syntax
password [ cipher | simple ] password

Views
Remote-ping test group view
Parameters
cipher: Sets a ciphertext FTP password.
simple: Sets a plaintext FTP password.
password: Specifies the password string. This argument is case sensitive. If simple is specified, it
must be a string of 1 to 32 characters. If cipher is specified, it must be a ciphertext string of 1 to 73
characters. If neither cipher nor simple is specified, you set a plaintext password string.
Change description
Before modification: The cipher and simple keywords are not supported. The FTP password must be a
After modification: You can set an FTP password in encrypted form or plaintext form.
Modified command: password (local user view)
Syntax
password [ { cipher | simple } password ]
Views
Local user view
Parameters
cipher: Sets a ciphertext password.
simple: Sets a plaintext password.
password: Specifies the password string. This argument is case sensitive.
z If simple is specified, it is a plaintext string of 1 to 63 characters.

z If cipher is specified, it is a string of 1 to 117 characters. If you specify a password of 1 to 63
characters and the system can decrypt the password, the system considers that you have
specified a ciphertext password. If you specify a password of 1 to 63 characters but the
system cannot decrypt the password, the system considers that you have specified a plaintext
password. A password comprising 64 to 117 characters is always considered a ciphertext
password.
Change description
Before modification: If cipher is specified, you can set an 88-character password or a password of 1 to
63 characters.

After modification: If cipher is specified, you can set a password of 1 to 117 characters.
Modified command: rip authentication-mode
Old syntax
rip authentication-mode { md5 { rfc2082 key-string key-id | rfc2453 key-string } | simple password }
New syntax
rip authentication-mode { md5 { rfc2082 [ cipher ] key-string key-id | rfc2453 [ cipher ] key-string } |
simple [ cipher ] password }
Views
Interface view
Parameters
md5: Specifies the MD5 authentication mode.
rfc2082: Uses the message format defined in RFC 2082.
cipher: Sets a ciphertext authentication key or password. If this keyword is not specified, you set a
plaintext authentication key or password.
key-string: Specifies the MD5 key string. This argument is case sensitive. It must be a plaintext string
of 1 to 16 characters, or a ciphertext string of 33 to 53 characters.
key-id: Specifies the MD5 key number, in the range of 1 to 255.
rfc2453: Uses the message format defined in RFC 2453 (IETF standard).
simple: Specifies the simple authentication mode.
password: Sets the password in simple authentication mode. This argument is case sensitive. It must
be a plaintext string of 1 to 16 characters, or a ciphertext string of 33 to 53 characters.
Change description
z For simple authentication, you can set only a plaintext password.

z For MD5 authentication, the ciphertext password you set must comprise 24 characters.
After modification:
z For simple authentication, the cipher keyword is added, which means you can set a ciphertext
password.
z For MD5 authentication, the ciphertext password you set can comprise 33 to 53 characters.

Modified command: set authentication password
Syntax
set authentication password { simple | cipher } password
Views
User interface view
Parameters
key: Specifies the password string. This argument is case sensitive. If simple is specified, it must be a
plaintext string of 1 to 16 characters. If cipher is specified, it can be a plaintext string of 1 to 16
characters or a ciphertext string of 17 to 53 characters.
Change description
Before modification: When you specify the cipher keyword, you can enter a string of 1 to 16
characters or a string of 24 characters as the password.
After modification: When you specify the cipher keyword, you can enter a string of 1 to 53 characters
as the password.
Modified command: snmp-agent usm-user v3
Syntax
snmp-agent usm-user v3 user-name group-name [ [ cipher ] authentication-mode { md5 | sha } auth-

password [ privacy-mode { aes128 | des56 } priv-password ] ] [ acl acl-number ]
Views
System view
Parameters
user-name: Specifies a username, a case-sensitive string of 1 to 32 characters.
group-name: Specifies a group name, a case-sensitive string of 1 to 32 characters.
cipher: Specifies that auth-password and priv-password are encrypted keys, which can be calculated
to a hexadecimal string by using the snmp-agent calculate-password command. If this keyword is not
specified, auth-password and priv-password are plaintext keys.
authentication-mode: Specifies an authentication algorithm. MD5 is faster but less secure than SHA.
For more information about these algorithms, see Security Configuration Guide.
z md5: Specifies the MD5 authentication algorithm.

z sha: Specifies the SHA-1 authentication algorithm.
auth-password: Specifies a case-sensitive plaintext or encrypted authentication key. A plaintext key is
a string of 1 to 64 visible characters. If the cipher keyword is specified, the encrypted authentication
key length requirements differ by authentication algorithm and key string format, as shown in Table 8.
Table 8 Encrypted authentication key length requirements
Authentication algorithm Hexadecimal string Non-hexadecimal string
MD5 32 characters 53 characters

SHA 40 characters 57 characters
privacy-mode: Specifies an encryption algorithm for privacy. The three encryption algorithms AES,
3DES, and DES are in descending order of security. Higher security means more complex
implementation mechanism and lower speed. DES is enough to meet general requirements.
z des56: Specifies the DES algorithm.

z aes128: Specifies the AES algorithm.
priv-password: Specifies a case-sensitive plaintext or encrypted privacy key. A plaintext key is a string
of 1 to 64 characters. If the cipher keyword is specified, the encrypted privacy key length
requirements differ by authentication algorithm and key string format, as shown in Table 9.
Table 9 Encrypted privacy key length requirements
Authentication Encryption
Hexadecimal string Non-hexadecimal string
algorithm algorithm
AES128 or DES-
MD5 32 characters 53 characters
56
AES128 or DES-
SHA 40 characters 53 characters
56
acl acl-number: Specifies a basic ACL to filter NMSs by source IPv4 address. The acl-number
argument represents a basic ACL number in the range of 2000 to 2999. Only the NMSs with the IPv4
addresses permitted in the ACL can use the specified username to access the SNMP agent.
local: Represents a local SNMP entity user.
engineid engineid-string: Specifies an SNMP engine ID as a hexadecimal string. The engineid-string

argument must comprise an even number of hexadecimal characters, in the range of 10 to 64. All-
zero and all-F strings are invalid.
Change description
Before modification: Only authentication and privacy keys in hexadecimal format are supported.
After modification: Both hexadecimal and non-hexadecimal format authentication and privacy keys
are supported.
z For encrypted authentication key length requirements, see Table 8.

z For encrypted privacy key length requirements, see Table 9.
Modified command: super password
Syntax
super password [ level user-level ] { cipher | simple } password
Views
System view
Parameters
level user-level: Specifies a user privilege level in the range of 1 to 3. The default is 3.
key: Specifies the password string. This argument is case sensitive. If simple is specified, it must be a
plaintext string of 1 to 16 characters. If cipher is specified, it can be a plaintext string of 1 to 16
characters or a ciphertext string of 17 to 53 characters.
Change description
Before modification: When you specify the cipher keyword, you can enter a string of 1 to 16
characters or a string of 24 characters as the password.
After modification: When you specify the cipher keyword, you can enter a string of 1 to 53 characters
as the password.

3COM OS Switch 4500 V3 (1) .03.02p21 Release Notes PDF

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

3COM OS Switch 4500 V3 (1) .03.02p21 Release Notes PDF

Diunggah oleh

Hak Cipta:

Format Tersedia

Switch 4500 V3.03.

02p21 Release Notes

Keywords: Resolved problems, software upgrading

information, updating, unresolved and solved problems, and software upgrading.

Abbreviations Full spelling

CLI Command line interface

GARP Generic Attribute Registration Protocol

ICMP Internet Control Message Protocol

LACP Link Aggregation Control Protocol

NDP Neighbor Discovery Protocol

SNMP Simple Network Management Protocol

STP Spanning Tree Protocol

December 20, 2012 Page 1 of 1

December 20, 2012 Page 2 of 2

Version Information ········································································································································· 7

Restrictions and Cautions ······························································································································ 9

Version Updates ············································································································································ 12

Open Problems and Workarounds ·············································································································· 38

List of Resolved Problems ··························································································································· 39

Resolved Problems in V3.03.02p03········································································································· 54

Related Documentation································································································································· 70

Software Upgrading······································································································································· 70

December 20, 2012 Page 4 of 4

Modified command: local-server nas-ip···························································································· 87

December 20, 2012 Page 5 of 5

Table 1 Version history .............................................................................................................................. 7

Table 2 Compatibility matrix....................................................................................................................... 8

Table 3 Hardware features ...................................................................................................................... 10

Table 4 Software features ........................................................................................................................ 10

Table 5 Feature updates .......................................................................................................................... 12

Table 6 Command line updates ............................................................................................................... 17

Table 7 MIB updates ................................................................................................................................ 31

Table 8 Encrypted authentication key length requirements ..................................................................... 94

Table 9 Encrypted privacy key length requirements ................................................................................ 94

December 20, 2012 Page 6 of 6

Version number Last version Release Date Remarks

V3.03.02s168p20 V3.03.02s168p19 2012-10-18 None

V3.03.02s168p11 V3.03.02s168p09 2010-06-21 None

V3.03.02s56p05 V3.03.02s56p04 2009-10-14 None

V3.03.02s56p01 V3.03.02s56 2009-02-23 New features

V3.03.00s56p02 V3.03.00s56p01 2008-06-16 None

December 20, 2012 Page 7 of 7

Version number Last version Release Date Remarks

V3.02.00s56p02 V3.02.00s56p01 2007-07-20 None

V3.01.00s56p03 V3.01.00s56p02 2006-09-21 None

V3.01.00s56 First release 2005-10-27 First release

Hardware and Software Compatibility Matrix

Host software s3n03_03_02s168p21.app

December 20, 2012 Page 8 of 8

Switch 4500 26-Port with 1 MIPS Processor

CPLD Version is CPLD 003

Restrictions and Cautions

December 20, 2012 Page 9 of 9

≤4Kg (8.82 lb.) (50-port devices without PWR)

≤5.8Kg (12.79 lb.) (26-port devices with PWR)

≤6.2Kg (13.67 lb.) (50-Port devices with PWR)

Maximum power 40 W (26-port devices without PWR)

380 W (26-port devices with PWR)

380 W (50-Port devices with PWR)

Input voltage AC:

Operating humidity 10% to 90%

December 20, 2012 Page 10 of 10

December 20, 2012 Page 11 of 11