Release Notes for the Ethernet Routing Switch 8600 Release...

Part No. 317177-D Rev 00June 2006

4655 Great America ParkwaySanta Clara, CA 95054

Release Notes for the Ethernet Routing Switch 8600 Release 4.1.0

2

Copyright © 2006 Nortel Networks. All rights reserved.

The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks

The software described in this document is furnished under a license agreement and may be used only in accordance with the terms of that license.

Trademarks

Nortel, the Nortel logo, the Globemark, Unified Networks, PASSPORT, and Alteon are trademarks of Nortel.

Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporated.

The asterisk after a name denotes a trademarked item.

Restricted rights legend

Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.

Statement of conditions

In the interest of improving internal design, operational function, and/or reliability, Nortel Inc. reserves the right to make changes to the products described in this document without notice.

Nortel Inc. does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.

Portions of the code in this software product may be Copyright © 1988, Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that such portions of the software were developed by the University of California, Berkeley. The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission.

SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third parties).

317177-D Rev 00

3

Contents

Ethernet Routing Switch 8600 Release 4.1.0. . . . . . . . . . . . . . . . . . . . . . . . . 9

Features not supported in Release 4.1.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Important notes before upgrading to Release 4.1.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Fixes from earlier releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Supported upgrade paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Ethernet Routing Switch 8600 modules in 8003, 8006, 8010, and 8010co chassis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

File names for this release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

New hardware supported in Release 4.1.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

8683XZR (10GE LAN/WAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Enterprise Enhanced CPU Daughter Card (SuperMezz) . . . . . . . . . . . . . . . . . . . 20

Bi-directional Small Form (BX SFP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

10GBase-ZR/ZW 10 Gigabit Small Form Factor Pluggable (XFP) . . . . . . . . . . . . 21

New software supported in Release 4.1.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Reliability/Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Sub 100 ms convergence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Layer 3 HA Phase 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Resilient Switch Clustering - L3 support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Resilient Switch Clustering - Multicast support . . . . . . . . . . . . . . . . . . . . . . . . 25

Simple Loop Prevention Protocol (SLPP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

802.1w/802.1s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

802.3ad/SMLT interop/VLACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

MultiLink Trunking (MLT) scaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Per VLAN Spanning Tree (PVST+) (Cisco Compatibility) . . . . . . . . . . . . . . . . 26

IP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Internet Protocol version 6 (IPv6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Service Delivery Module Firewall (SDM-FW) . . . . . . . . . . . . . . . . . . . . . . . . . 27

Service Delivery Module Threat Protection System (SDM-TPS) . . . . . . . . . . 27


4 Contents

Reverse Path Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

802.1X Extensible Authentication Protocol (EAP) . . . . . . . . . . . . . . . . . . . . . . 29

Extended Authentication Protocol (802.1x) with User Based Policy support . 29

CLI Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Serviceability/Manageability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Internet Protocol Flow Information eXport (IPFIX) . . . . . . . . . . . . . . . . . . . . . 30

Lite Domain Name Service (DNS) Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Ping Trace Routes and Management Information Base (MIB) . . . . . . . . . . . . 31

Remote Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Software support for R mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Supported software and hardware scaling capabilities . . . . . . . . . . . . . . . . . . . . . 34

Supported standards, RFCs, and MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Supported network managment MIBs (format B) . . . . . . . . . . . . . . . . . . . . . . . . . 42

Supported traps/notifications supported by Release 4.1.0 . . . . . . . . . . . . . . . . . . . . . 47

8672ATM/ATME/ATMM supported PVCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Enabling the Enterprise Enhanced CPU Daughter Card (SuperMezz) . . . . . . . . . . . . 48

Device Manager installation requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

HP-UX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

CPU Warm Standby . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Password encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Upgrading the switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Firmware revision on R-series modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Hot-swapping the CPU/SF module or I/O modules . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Layer 3 considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Upgrading SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

SNMP upgrade considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Upgrading SNMP from Release 4.0.x to Release 4.1.0 . . . . . . . . . . . . . . . . . . . . 55

Non-High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Configuring SNMP traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Upgrading SDM software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

317177-D Rev 00

Contents 5

Upgrading the SDM TPS software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Extended CP Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Extended CP Limit Chassis Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Extended CP Limit Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Fixed CRs from Releases 4.0.5, 4.0.6, and 4.0.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

ATM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Layer 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

IPv4 Layer 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

QoS and Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Known limitations and considerations in this release . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Hardware and platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

SDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Software Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Switch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

PCAP/Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Layer 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

SMLT/STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Link Aggregation Group (MLT/802.3ad) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

802.1w (RSTP) - 802.1s (MSTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

SLPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

VLACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

IPv4 Layer 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90


6 Contents

BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

HA (High Availability Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

IPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Qos/Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

IPv6 Layer 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Multicast SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

MIBs/Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Device Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Hard-copy technical manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

How to get Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Getting Help from the Nortel Web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Getting Help over the phone from a Nortel Solutions Center . . . . . . . . . . . . 105

Getting Help from a specialist by using an Express Routing Code . . . . . . . . 106

Getting Help through a Nortel distributor or reseller . . . . . . . . . . . . . . . . . . . 106

317177-D Rev 00

7

Tables

Table 1 8010 and 8006 chassis data performance . . . . . . . . . . . . . . . . . . . . . . . . 12

Table 2 Release 4.1.0 software files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Table 3 Ethernet Routing Switch 8600 hardware . . . . . . . . . . . . . . . . . . . . . . . . . 19

Table 4 Merge information for new features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Table 5 Operation modes for module types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Table 6 Modules and modes feature availability . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Table 7 Supported scaling capabilities in the Ethernet Routing Switch 8600 switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Table 8 Supported standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Table 9 Supported IPv6 standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Table 10 Supported IPv4 standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Table 11 Supported ATM POS module RFCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Table 12 Standard MIBs (IEEE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Table 13 Standard MIBs (RFC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Table 14 Proprietary MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Table 15 Supported or unsupported PVCs on the 8672ATM/ATME/ATMM module 47

Table 16 Chassis Ext. CP Limit Tab Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Table 17 Port Ext. CP Limit Tab Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Table 18 Hardware platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Table 19 ATM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Table 20 Switch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Table 21 MAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Table 22 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Table 23 MLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Table 24 Link Aggregation (802.3ad) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Table 25 SMLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Table 26 SFFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Table 27 VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Table 28 ECMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Table 29 OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Table 30 BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Table 31 High Availability (HA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Table 32 Route Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70


8 Tables

Table 33 General Qos and Filter CRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Table 34 Legacy modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Table 35 R modules (ACE/ACLs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Table 36 IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Table 37 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Table 38 MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Table 39 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Table 40 Device Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Table 41 Known issues and considerations in this release . . . . . . . . . . . . . . . . . . . 74

Table 42 Hardware and Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Table 43 SDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Table 44 CLI CRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Table 45 Switch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Table 46 PCAP and platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Table 47 VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Table 48 SMLT/STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Table 49 Link Aggregation Group (MLT/802.3ad) . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Table 50 802.1w (RSTP) - 802.1s (MSTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Table 51 SLPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Table 52 VLACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Table 53 IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Table 54 OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Table 55 BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Table 56 High Availability (HA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Table 57 IPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Table 58 QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Table 59 Legacy module filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Table 60 R module filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Table 61 IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Table 62 Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Table 63 Multicast SMLT CRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Table 64 MIBs/Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Table 65 Device Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

317177-D Rev 00

9

Release Notes for the Ethernet Routing Switch 8600 Release 4.1

Any problems found should be reported through the Customer Support contact.

These release notes describe the supported and unsupported hardware and software features in the Ethernet Routing Switch 8600 Software Release 4.1.0, the procedure for upgrading the software, and any existing known issues.

For information on how to upgrade your version of Device Manager, see Installing and Using Device Manager (316341).

Ethernet Routing Switch 8600 Software Release 4.1 is supported by Release 4.1 documentation. For a list of related publications, refer to “Related publications” on page 102. The Ethernet Routing Switch 8600 Software Release 4.1 documentation suite can be found on the documentation CD included with your software or on the Nortel technical documentation web site, www.nortel.com/documentation.

The following topics are discussed in this document:

Topic Page

Features not supported in Release 4.1.0 10

Important notes before upgrading to Release 4.1.0 10

File names for this release 15

New hardware supported in Release 4.1.0 19

New software supported in Release 4.1.0 22

Supported software and hardware scaling capabilities 34

Supported standards, RFCs, and MIBs 39

8672ATM/ATME/ATMM supported PVCs 47

Password encryption 50

Upgrading the switch 52

Firmware revision on R-series modules 52

Hot-swapping the CPU/SF module or I/O modules 52


http://www.nortel.com/documentation

http://www.nortel.com/documentation

10 Features not supported in Release 4.1.0

Features not supported in Release 4.1.0

The following features are not available for this release:

• PCAP is not supported on R modules.

Important notes before upgrading to Release 4.1.0

The configuration file generated with Ethernet Routing Switch 8600 Software Release 4.1.0 contains options that are not backward compatible with Ethernet Routing Switch 8600 Software Releases 3.0.x, 3.1.x, 3.2.x, 3.3.x, 3.5.x, 3.7.x or 4.0.x.

Loading a Release 4.1.0 configuration file on a 3.0.x, 3.1.x, 3.2.x or 3.3.x run-time image generates errors and causes the image to stop loading the configuration file.

The Ethernet Routing Switch 8600 Software Release 4.1 now supports configuration files created with Ethernet Routing Switch 8600 Software Release 3.7 software.

Software Release 4.1.0. incorporates a new SNMPv3 agent. Upgrading Releases 3.5.x, 3.7.x, or 4.0.x to 4.1.0 require special instructions, see “Upgrading SNMP” on page 54.

High Availability 53

Upgrading SNMP 54

Configuring SNMP traps 58

Upgrading SDM software 59

Known limitations and considerations in this release 74

Related publications 102

Hard-copy technical manuals 104

How to get Help 105

Topic Page

317177-D Rev 00


Before you upgrade or downgrade your switch software, make a copy of the switch configuration file specified in the boot.cfg file using the following CLI command:

copy /flash/config.cfg /<device>/orig-config.cfg

In the above command, device can be PCMCIA, flash, or an IP host.

When installing files on the on-board flash or PCMCIA, verify the flash capacity before downloading files.

Upgrade your boot monitor prior to copying the new software image to the flash. Not following this process can corrupt the image (Q00436246).

After you upgrade the Ethernet Routing Switch 8600 software, save the configuration file.

Fixes from earlier releases

Release 4.1 contains fixes from releases up to and including Releases 3.7.12, and 4.0.4.

Supported upgrade paths

Release 4.1.0 supports upgrades from the following earlier Releases:

• 3.5.x • 3.7.x • 4.0.x

Downgrades from a Release before 4.1.0 require previously saved boot config files from the previous release (boot.cfg and config.cfg) and require the R modules to be removed prior to the downgrade, unless downgrading to 4.0.0.0 in which case the R modules, with the exception of the 8648GTR, can remain.


12 Important notes before upgrading to Release 4.1.0

Ethernet Routing Switch 8600 modules in 8003, 8006, 8010, and 8010co chassis.

All existing Ethernet Routing Switch 8600 hardware, except the 8003 (3-slot chassis), and 8100 modules, are supported in Release 4.1.0.

Release 4.x provides an enhanced set of features and functionality to the Ethernet Routing Switch 8600, with new high-density modules and switch fabrics to increase the switch fabric performance to 512 Gbps. Continuing Nortel’s commitment to protecting customer investments and to simplify customer upgrades, the new R-series modules are compatible with customers’ existing 8010 and 8006 chassis.

The new R modules offer both increased port density and increased performance over the existing pre-E, E and M-series modules. However, for customers with existing 8010 and 8006 chassis it is important to introduce the concept of standard and high performance slots. An R-series module installed in a standard slot will deliver increased port density, and an R-series module installed in a high performance slot will deliver increased performance as well.

R-series modules inserted in Slots 2 to 4 and Slots 7 to 9 of the 8010 10-slot chassis and Slots 2 to 4 of the 8006 6-slot chassis operate at high performance. R-series modules inserted into Slot 1 and Slot 10 of the 8010 chassis and Slot 1 of the 8006 chassis operate at standard performance. Refer to Table 1 for relative data performance per slot with two fabrics installed in existing 8010 and 8006 chassis.

To assist customers, the following message is displayed on the console when an R-series module is inserted into a standard slot:

Table 1 8010 and 8006 chassis data performance

Module type Standard Slot (S1 and S10) full duplex

High Performance Slot (S2-4, S7-9) full duplex

Pre-E, E- and M-series 16Gbps 16Gbps

8630GBR, R-series 16Gbps 60Gbps

8683XLR, R-series 16Gbps 60Gbps

8648GTR, R-series 16Gbps 32Gbps

8683XZR, R-series 16Gbps 60Gbps

317177-D Rev 00


For maximum performance, Nortel recommends placing R modules in Slots 2 to 4 or 7 to 9 as available. Please refer to release notes for additional details.

A chassis revision with an upgraded High Performance Backplane, compatible with existing pre-E, E- and M- series modules, as well as new R-series modules supporting high performance in all slots, is available. Customers are able to identify the High Performance Backplane by the chassis revision number in the CLI. The CLI output from the show sys info command displays a revision number of 02 or higher in the "H/W Config" field to indicate the new high performance chassis.

The CLI command shows the following output of system information:

ERS-8606:5# show sys info

General Info :

SysDescr : ERS-8606 (4.1.0.0) SysName : ERS-8606 SysUpTime : 5 day(s), 23:12:54 SysContact : [email protected] SysLocation : 4655 Great America Parkway,Santa Clara,CA 95054

Chassis Info :

Chassis : 8006 Serial# : SSNM0604I2 HwRev : A H/W Config : NumSlots : 6 NumPorts : 29 GlobalFilter: enable VlanBySrcMac: disable Ecn-Compatib: enable WsmDirectMode : disable BaseMacAddr : 00:80:2d:c0:90:00 MacAddrCapacity : 1024

Temperature : 34 C MgmtMacAddr : 00:80:2d:c0:93:f4 System MTU : 1950 clock_sync_time : 60Web Switch Module considerations


14 Important notes before upgrading to Release 4.1.0

• Release 4.1 supports Web Switching Module WebOS software version 10.0.33.0.

• If a Web Switching Module (WSM) is installed, a non R mode switch does not recognize the R modules, and an R mode switch does not initialize the WSM.

• Limitations between Web Switching Module and Alteon 180 Series Stackable Switches are as follows:— The Web Switching Module WebOS software implementation for STP

over MLT has been modified in Ethernet Routing Switch 8600 Software Release 3.3.x or later and WebOS 10.0.33.0 or later to make it fully compatible with Ethernet Routing Switch 8600 Software Release 4.1

— If you trunk the Web Switching Module with Alteon Stackable 180 series switches, STP must be disabled on either the Web Switching Module or the Alteon Stackables to avoid incorrect STP operation.

317177-D Rev 00


File names for this release

Table 2 describes the Ethernet Routing Switch 8600 Series Switch Software Release 4.1 software files. It is important to note the file size when upgrading a Ethernet Routing Switch 8600. When using the CPU flash for storage, this area must contain enough free space in order to accept a new software upgrade

Verify the MD5 signature for each file. For additional information about the MD5 signature, see Upgrading to Ethernet Routing Switch 8600 Software Release 4.1 316674-C.

Table 2 Release 4.1.0 software files

Module or file type Description File name Size in bytes

Software Tar file Tar file of all software deliverables

4100.tar.gz

Boot configuration file CPU and switch fabric firmware for the Ethernet Routing Switch 8600 routing switch

boot.cfg

Configuration file Ethernet Routing Switch 8600 configuration file

config.cfg

SuperMezz image file Supported on the Ethernet Routing Switch 8692SF module only with the SuperMezz module (required to support IPv6 and the sub 100ms convergence).

p80m4100.img

Ethernet Routing Switch Images

Boot monitor image CPU and switch fabric firmware for the Ethernet Routing Switch 8600 routing switch

p80b4100.img 1078844

Run-time image The Ethernet Routing Switch 8600 image

p80a4100.img 8533609

Run-time image for R modules

The Ethernet Routing Switch 8600 image for R modules

p80j4100.dld 1258952

Run-time image for Enterprise Enhanced CPU Daughter Card (SuperMezz)

The Ethernet Routing Switch 8600 image for the SuperMezz card

p80m4100.img 8633149


16 File names for this release

3DES Encryption module, which enables one to use Secure Shell (SSH)

p80c4100.img 55928

AES/snmpv3 image Encryption module, which enables one to use the Privacy protocol with SNMPv3

p80c4100.aes 26112

MIB Ethernet Routing Switch 8600 switch MIB

p80a4100.mib.txt 3307907

MIB (zip file) zip file containing mibs p80a4100.mib.txt.zip

md5 checksum file md5 checksums of all Release 4.1.0 software files

p80a4100.md5

Runtime image for ATM Runtime image for the ATM module

p80t4100.dld 906024

Runtime image for POS Runtime image for the POS module

p80p4100.dld 701771

Firmware images

FOQ FPGA firmware for FOQ device

foq267.xsvf

BMC FPGA firmware for BMC device

bmc776.xsvf

DPC FPGA firmware for DPC device

dpc184.xsvf

SSL Images

SSL cluster upgrade Ethernet Routing Switch 8600 clustered SSL modules self-installing runtime image/upgrade

p80s4100.pkg

SSL boot monitor Ethernet Routing Switch 8600 SSL module boot monitor

p80s4100.img

SSL upgrade instructions Ethernet Routing Switch 8600 SSL upgrade instructions

p80s4100.upgrade

SSL installation instructions Ethernet Routing Switch 8600 SSL installation instructions

p80s4100.install

SSL diagnostics Ethernet Routing Switch 8600 SSL diagnostics

p80s4100.diag

WSM Images

Table 2 Release 4.1.0 software files (continued)


317177-D Rev 00


WebOS firmware image WSM WebOS v10.0.33.0 firmware image for the Ethernet Routing Switch 8600

wsm100330_mp.img

WebOS binary WSM WebOS v10.0.33.0 binary image for Ethernet Routing Switch 8600

wsm100330_bin.img

WebOS boot image WSM WebOS v10.0.33.0 boot image for Ethernet Routing Switch 8600

wsm100330_boot.img

JDM Images

Solaris for SPARC image Device Manager software image

jdm_6000_solaris_sparc.sh

Microsoft Windows image Device Manager software image

jdm_6000.exe

Linux image Device Manager software image

jdm_6000_linux.sh

HP Unix image Device Manager software image

jdm_6000_hpux_pa-risc.sh




18 File names for this release

SDM images

SDM Firewall Boot image for the Nortel Switched Firewall (NSF) Service Delivery Module Firewall

NSF5100_2.3.3.0_SDM_R60.img

Boot ISO for the NSF Service Delivery Module Firewall booting from CD-ROM

NSF5100_2.3.3.0_SDM_R60.iso

Upgrade package for the NSF Service Delivery Module Firewall

NSF5100_2.3.3.0_SDM_R60.pkg

SDM TPS Boot image for TPS Intrusion Sensor

Nortel_TPS_Intrusion_Sensor-SDM-v4.5.0-627-Install.iso

Boot ISO for TPS Defense Center booting from CD-ROM

Nortel_TPS_Defense_Center-2x70-v4.5.0-627-Install.iso

Upgrade script (patch) to upgrade TPS IS from 4.5.0 to 4.5.1.

Nortel_TPS_IS_Upgrade_4.5.0_to_4.5.1_Upgrade-47.sh

IS upgrade download verification file.

Nortel_TPS_IS_Upgrade_xxx_Upgrade-10.md5

Upgrade script (patch) to upgrade TPS DC from 4.5.0 to 4.5.1

Nortel_TPS_DC_Upgrade_4.5.0_to_4.5.1_Upgrade-47.sh

DC upgrade download verification file

Nortel_TPS_DC_Upgrade_4.5.0_to_4.5.1_Upgrade-47.sh.md5



317177-D Rev 00


New hardware supported in Release 4.1.0

To run Ethernet Routing Switch 8600 Series Switch Software Release 4.1 on the 8690 CPU/SF and 8691 CPU/SF you must have 256 MB of memory on the CPU/SF. Release 4.1 does not support R modules with 8690 or 8691 CPU/SF.

Table 3 describes the Ethernet Routing Switch 8600 hardware introduced in Release 4.1.0.

Table 3 Ethernet Routing Switch 8600 hardware

New hardware Module part number Where to find information Document part

number

8683XZR module (10GE LAN/WAN)

DS1404064 Using the Ethernet Routing Switch 8600 10 Gigabit Ethernet Modules

315893-E

10GBase-ZR/ZW 10 Gigabit Small Form Factor Pluggable (XFP)

AA1403006

Installing SFP and XFP Transceivers and GBICs 318034-D

1000BASE-BX (Bi-directional) SFPs

AA1419069 and AA1419070

8660 Service Delivery Module Firewall 1 (SDM FW1)

DS1404104

Installing the 8660 Service Delivery Module (SDM) for the 8600 Series Switch

217314-B8660 Service Delivery Module Firewall 2 (SDM FW2)

DS1404081

8660 Service Delivery Module Firewall 4 (SDM FW4)

DS1404080

8660 SDM spare disk drive DS1411023 Important Notice about the Ethernet Routing Switch 8600 Series Modules

316340-E8660 SDM spare PrPMC DS1411024

8660 SDM TPS4 (Intrusion Sensor) DS1404082-E5

Installing the 8660 Service Delivery Module (SDM) for the 8600 Series Switch

217314-B

8660 COMBO SDM FW-2/TPS-2 ( Intrusion Sensor )

DS1404086-E5

8660 COMBO SDM FW-1/TPS-1( Intrusion Sensor )

DS1404087-E5

Enterprise Enhanced CPU Daughter Card (SuperMezz)

DS1411025 Installing Ethernet Routing Switch 8600 Switch Modules 312749-K

8692SF Switch Fabric/CPU with factory-installed Enterprise Enhanced CPU Daughter Card (SuperMezz).

DS1404066Installing Ethernet Routing Switch 8600 Switch Modules 312749-K


20 New hardware supported in Release 4.1.0

8683XZR (10GE LAN/WAN)

The 8683XZR provides 3 x 10 Gigabits per second (Gbps) wire-speed performance and interface flexibility for concurrent support of 10GE LAN and/or WAN PHYs WAN interface for interconnect to most routers.

The 8683XZR broadens a solution set that supports carrier infrastructures with 10GE WAN deployments as well as potential future support for SONET deployments.

For more information on the 8683 LAN/WAN, see Using the Ethernet Routing Switch 8600 10 Gigabit Ethernet Modules (315893-E).


The Enterprise Enhanced CPU Daughter Card is an optional daughter card for the 8692 CPU/SF. SuperMezz comprises two 1GHz processors for support of advanced protocols, faster convergence, scaled routing protocols and order-of-magnitude faster trunk failover. The SuperMezz is required for IPv6 and sub-100 msec failover using fast VLACP timers.

Note: M-modules are required to run your system in M mode.

Note: R-modules are required to run your system in R mode.

Note: Nortel XFP modules are required for WAN functionality.

317177-D Rev 00


For more information on the Enterprise Enhanced CPU Daughter Card (SuperMezz), see Installing Ethernet Routing Switch 8600 Switch Modules (312749-K).

Bi-directional Small Form (BX SFP)

The BX SFP pluggable optics are for use in the 8630GBR module. The BX SFPs provide a solution for increased bandwidth to locations with minimal installed fiber strands. The BX optic uses a pair of wavelengths to support both transmit and receive signals on a single fiber strand. The BX optics support LC connectors up to a distance of 2km over single mode fiber.

For more information on the BX SFP, see Installing SFP and XFP Transceivers and GBICs (318034-D).


The 10GBASE-ZR/ZW pluggable optics may be used with the 8683XLR and 8683XZR modules (XLR is LAN PHY only, XZR is LAN and WAN PHY capable). The 10GBASE-ZR/ZW XFPs provide 10Gb/s Ethernet solutions. The 10GBASE-ZR/ZW optics support LC connectors up to a distance of 80km over single mode fiber. Refer to transmit and receive specifications in the Installing SFP and XFP Transceivers and GBICs 318034-D.

Note: You can install a maximum of one 10GBase-ZR/ZW for each 8683XZR and 8683XLR module, due to cooling limitations. The single 10GBase-ZR/ZW XFP must be installed in Port 1. You can install a 10GBase-SR, -LR/LW in one or both of the remaining ports.


22 New software supported in Release 4.1.0

New software supported in Release 4.1.0

The Ethernet Routing Switch 8600 Software Release 4.1.0 is an IP core routing switch with increased scaling, density, and I/O technology that allows software upgrades.

This section provides a list of the new Ethernet Routing Switch 8600 Software Release 4.1.0 features.

Table 4 contains merge information for new features

Table 4 Merge information for new features

Feature Merge information

Reliability

Sub 100 ms convergence New feature in 4.1.0 - Requires SuperMezz

Resilient Switch Clustering - L3 support Merge from 3.7.0

Resilient Switch Clustering - Multicast support New feature in 4.1.0

Layer 3 HA Phase 2 Merge from 3.7.0

802.1w/802.1s Merge with 3.7.0.2

802.3ad/SMLT interop/VLACP• 802.3ad standard

• VLACP (end-to-end link failure detection)

• interoperability with Resilient Switch Clustering

Merge with 3.7.0

MultiLink Trunking (MLT) scaling New feature in 4.1.0 - Requires R modules

New MLT hashing algorithm New feature in 4.1.0 - R mode only

ECMP scaling - up to 8 paths New feature in 4.1.0 - R mode only

Per VLAN Spanning Tree (PVST+) (Cisco Compatibility)

Merge from 3.7.0

Simple Loop Prevention Protocol (SLPP) New feature in 4.1.0

Security

Service Delivery Module Firewall (SDM-FW) Merge from 3.7.6

Service Delivery Module Threat Protection System (SDM-TPS)

New feature in 4.1.0

802.1X Extensible Authentication Protocol (EAP) Merge from 3.7.0

Reverse Path Checking New feature in 4.1.0 - Requires R modules

317177-D Rev 00


Reliability/Resiliency

Sub 100 ms convergence

Multimedia application such as voice or video over IP are sensitive to link or switch failures. The Ethernet Routing Switch 8600 now provides sub 100ms convergence for such applications. Using ultra short timers (10 milliseconds) as part of the VLACP protocol, based on the 802.3ad implementation, the SuperMezz CPU sends heartbeats at regular intervals to neighbors in point-to-point core configurations. If the neighbor CPU, with a SuperMezz, does not reply consistently to messages, the switch fails over, allowing fast convergence.

CLI Logging Merge from 3.7.0

IP Services

Internet Protocol version 6 (IPv6) New feature in 4.1.0 - Requires R modules and the SuperMezz

Network Visibility/Serviceability

Internet Protocol Flow Information eXport (IPFIX) New feature in 4.1.0 - Requires R modules

Remote Mirroring Merge from 3.7.0 (legacy modules)

New feature in 4.1.0 for R modules

Lite Domain Name Service (DNS) Client Merge from 3.7.0

Ping Trace Routes and Management Information Base (MIB)

Merge from 3.7.0

New Hardware Support


New feature in 4.1.0 - Requires 8692SF

Service Delivery Module Firewall (SDM-FW) Merge with 3.7.6 + TPS

8683XZR (10GE LAN/WAN) New feature in 4.1.0 - Requires 8692SF


New feature in 4.1.0 - Requires 8683XZR

Bi-directional Small Form (BX SFP) New feature in 4.1.0

Table 4 Merge information for new features (continued)

Feature Merge information



Using short timers, multiple switches can detect a link failure across a physical or L2 infrastructure: optical loop, hub, switch, and failover, providing sub 100ms convergence.

Layer 3 HA Phase 2

The High Availability feature adds support for dynamic routing protocols RIP and OSPF, and the support for VRRP and Filters. With this support, HA can recover an Ethernet Routing Switch 8600 chassis with two Switching Fabrics (SF) from an SF failure in less than one second in a full layer 3 environment.

For more information on Layer 3 HA Phase 2, see Configuring IP Routing Operations (314720-F).

Resilient Switch Clustering - L3 support

Formerly known as RSMLT, resilient switch clustering provides L3 networks with support for failover and recovery for all applications and protocols.

Resilient Switch Clustering provides a sub-second failover for L3 networks using such L3 protocols as IP-RIP, IP-OSPF, IP-BGP and IPX-RIP. The extension is not routing protocol dependent because it is only a manipulation of the data path.

This feature is a logical extension of the already implemented and also widely deployed virtual router redundancy protocol (VRRP) BackupMaster feature, but it is not based on VRRP. In some scenarios, it even makes VRRP unnecessary.

For more information on Resilient Switch Clustering, see Configuring IP Routing Operations (314720-F).

Note: Sub 100 ms convergence requires at least one SuperMezz module and one 8692SF module per chassis.

317177-D Rev 00


Resilient Switch Clustering - Multicast support

Certain multimedia applications rely on multicast protocols, such as PIM-SM, PIM-SSM, or DVMRP. Resilient switch clustering brings sub-second failover to to networks running multicast protocols in their core.

Simple Loop Prevention Protocol (SLPP)

With Release 4.1 Nortel introduces SLPP, an enhanced loop prevention functionality for any type of L2 or L3 network. SLPP can be used in conjunction with Spanning Tree or SMLT as well as any L3 protocol. SLPP protects networks of unwanted network loops by actively detecting whether test packets are looping back to the originating switch. If a loop is detected a port is switched off. The auto-enable feature can be used to re-enable the port after a pre-set time.

SLPP does not replace Spanning Tree or SMLT for designing redundant networks, it however provides additional loop prevention capabilities if undesired network conditions occur.

For more information on SLPP, see Configuring VLANs, Spanning Tree, and Link Aggregation (314725-E).

802.1w/802.1s

The Rapid Spanning Tree Protocol (RSTP- 802.1w) provides a faster convergence time than the traditional Spanning Tree Protocol (STP).

802.1s is a standardized evolution of Nortel’s proprietary Spanning Tree Group (STG), that allows the building of networks with multiple Spanning Tree domains or Spanning Tree Groups. The Multiple Spanning Tree Protocol/Multiple Spanning Tree Group (802.1s) enables VLANs to be grouped into a spanning tree instance.

The ability to be grouped is important for resiliency as one failure in one domain does not impact other domains, as is the case for the regular Spanning Tree protocol. 802.1s provides other advantages as well, like load-balancing.

For more information on 802.1w and 802.1s, see Configuring VLANs, Spanning Tree, and Link Aggregation (314725-E).



802.3ad/SMLT interop/VLACP

While 802.3ad provides a point to point interaction only, Nortel provides extensions to support 802.3ad in SMLT configurations. For example, in a triangle configuration, a non-Nortel edge switch, compliant with 802.3ad thinks that the two core switches support 802.3ad. For existing SMLT customers, this provides a mechanism to prevent loops.

For more information on 802.3ad, see Configuring VLANs, Spanning Tree, and Link Aggregation (314725-E).

MultiLink Trunking (MLT) scaling

The Ethernet Routing Switch 8600 Software Release 4.1.0 now supports 128 MLT aggregation groups with up to 8 ports per group but only in R mode.

Per VLAN Spanning Tree (PVST+) (Cisco Compatibility)

PVST+ is Cisco's proprietary Spanning Tree mechanism using a Spanning Tree instance per VLAN. The Ethernet Routing Switch 8600 Software Release 4.1.0 enables the Ethernet Routing Switch 8600 to be setup using either method, Ethernet Routing Switch 8600's tagged BPDU or PVST+.

For more information on PVST+, see Configuring VLANs, Spanning Tree, and Link Aggregation (314725-E).

IP Services

Internet Protocol version 6 (IPv6)

IPv6 was developed to solve many of the inefficiencies and scaling limits found in IPv4. These improvements include larger address space, auto-configuration, better route aggregation, integrated security, flow labels for QoS support, mobility routing support, simplified packet handling and improved multicast support. There are two functions that cannot be addressed by improving IPv4: larger address space and better mobility support and the removal of restrictions and security problems caused by NATs.

317177-D Rev 00


IPv4 addressing is limited. The number of available Internet addresses offered by IPv4 can be exhausted by current Internet growth. IPv6 increases the number of available Internet addresses.

With Release 4.1.0, do not configure both IPv4 and IPv6 on the same VLAN.

For more information on IPV6, see Configuring IPv6 321585-A.

Security

Service Delivery Module Firewall (SDM-FW)

The Ethernet Routing Switch 8660 Service Delivery Module (SDM) is a Secured by Check Point module that brings firewall functionality to the Ethernet Routing Switch 8600. The SDM-FW creates a lower Total Cost of Ownership that leverages existing infrastructures while introducing advanced security services. This module contains up to four Check Point Firewall-1 NGs that inspect network traffic and enforce firewall policies. The card has four slots called iSDs, that can be used for flexible application modules. The initial offering includes configurations for one firewall (FW1), two firewalls (FW2), or four firewalls (FW4). A single system image simplifies configuration, software management, and fault handling. The ability to support multiple services at the same time on one platform eliminates the need for dedicated systems running different applications and leverages the resiliency of the Ethernet Routing Switch 8600.

For information on the minimum Ethernet Routing Switch 8600 software version required to support the 8660 Service Delivery Module, see Important Notice about the Ethernet Routing Switch 8600 Series Modules (316340-E).

Service Delivery Module Threat Protection System (SDM-TPS)

With support of Checkpoint Firewall (CP) on SDM, CP is integrated inside the Ethernet Routing Switch 8600 chassis as a module. This embedded firewall feature simplifies the connection and configuration for users. But once the packet passes the network security firewall, there is no way in the system to detect the thread or attacks that pass through the firewall.



TPS is a fully integrated security monitoring system for identifying and protecting against network threats and provides the user with visibility, flexibility, scalability, and complete data management. With TPS, a user can detect attacks that pass through the firewall and take corrective action to prevent it.

Reverse Path Checking

The Unicast Reverse Path Checking feature mitigates problems that are caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address. For example, a number of common types of Denial-of-Service (DoS) attacks, including Smurf and Tribal Flood Network (TFN), can take advantage of forged or rapidly changing source IP addresses that prevent the locating or filtering of attacks.

For Internet Service Providers (ISPs) that provide public access, Unicast RPF detects such attacks by forwarding only packets that have a source addresses which are valid and consistent with the IP routing table. This action protects the network of the ISP, its customer, and the rest of the Internet. Reverse Path Checking is configured per IP interface. When Reverse Path Checking is enabled, the Ethernet Routing Switch 8600 checks all the routing packets that come through that interface, to ensure that the source address and source interface appear in the routing table and match the interface on the packet that was received. There are two modes for Reverse Path Checking:

• Exist-only mode: when configured in this mode, RPC checks whether the incoming packet's source IP address exists in routing table. If the source IP entry is founded the packet is forwarded as normal; otherwise, the packet is discarded.

• Strict mode: when configured in this mode, RPC first checks whether the incoming packet's source IP address exists in routing table. If the source IP entry is not found the packet is dropped; otherwise, RPC further checks if the source IP interface matches the packet's incoming interface. If they match, packet is forwarded as normal; otherwise, the packet is discarded.

Note: Reverse path-checking is supported only on R modules with R-mode enabled.

317177-D Rev 00


802.1X Extensible Authentication Protocol (EAP)

802.1x (EAP) enables users in physically non-secured areas to authenticate an IP address prior to being authenticated through their network userid and password. Through 802.1x (EAP) users can assume valid identities or launch denial of services attacks on critical network resources. The authentication method chosen by Nortel is based on RADIUS. EAP supports Microsoft Windows XP and 2000 clients. RADIUS supported servers are Microsoft Internet Authentication Service (IAS) and BaySecure Access Control (BSAC).

Additional parameters such as VLAN ID and the QoS are configurable based on the RADIUS authentication with additional RADIUS attributes.

For more information on EAP, see Important Security Information for the Ethernet Routing Switch 8600 (314997-E).

Extended Authentication Protocol (802.1x) with User Based Policy support

802.1x/EAP provides an authentication method for network access. The authentication method is based on Radius. Supported EAP clients include Windows XP and Windows 2000.

Additional parameters, such as the VLAN ID and QoS, are configurable based on Radius authentication attributes.

CLI Logging

The Ethernet Routing Switch 8600 Software Release 4.1.0. includes the capability to track every CLI modification. A dedicated file is created on the PCMCIA (please note that this is not available using the internal flash, for security reasons), and every modification to the configuration is included into the file, with the following format:

Slot5 71 [05/01/03 19:38:07] CONSOLE rwa conf vlan 1

Slot5 71 [05/01/03 19:38:07] CONSOLE rwa conf vlan 1CPU Seq Date and Time Context User Cli command Slot No



The file is encrypted and accessible only entering RWA.

For more information on CLI Logging, see Managing Platform Operations (315545-E).

Serviceability/Manageability

Internet Protocol Flow Information eXport (IPFIX)

IPFIX (R modules only), a function of IETF Standard Flow Management, is Real Time Flow Management metering plus exporter. Please note that the IPFIX model defines the following:

• the metering process• the exporter process• the collector• and some network management applications.

The metering and exporter processes are executed by the Ethernet Routing Switch 8600 and some flow statistics are available using the CLI information. With the Ethernet Routing Switch 8600 Software Release 4.1.0, Nortel supports only one collector, the solution from NetQoS. Nortel is not providing the NetQoS equipment for the release.

For more information on IPFIX, see Configuring Network Management (314723-E).

Lite Domain Name Service (DNS) Client

The Ethernet Routing Switch 8600 Software Release 4.1.0 enables the use of names such as ping, telnet, or rlogin, rather than IP addresses when using some commands.

For more information on the Lite DNS Client, see Managing Operations (315545-E).

317177-D Rev 00


Ping Trace Routes and Management Information Base (MIB)

Ethernet Routing Switch 8600 Software Release 4.1.0 supports the MIB ping and Traceroute MIB as defined in the RFC2725. These MIBs are allowed to ping/do a traceroute from the 8600 to remote devices and verify the connectivity from the switch itself.

For more information on Ping Trace Routes and MIBs, see Using Diagnostic Tools (317359-C).

Remote Mirroring

Remote Mirroring reduces the exploitation cost by providing a way to redirect virtually any traffic coming from any port of a network switch to one switch where the probe or PCAP are configured. Remote Mirroring also centralizes the analysis on one point, without having to physically move the probe to the remote location.

For more information on Remote Mirroring, see Using Diagnostic Tools (317359-C).

Software support for R mode

R mode allows the operation of R module specific features, such as the new QoS capabilities. Table 5 lists the operation mode according to module type. Table 6 shows the supported features by module type.



Table 5 Operation modes for module types

Table 6 lists the feature availability according to module and mode type.

Module Types

Operation Modes

R M E Pre E

e = enabled ; d = disabled

Default

Mode

e e e e

M Mode e e d d

R Mode e d d d

Table 6 Modules and modes feature availability

Module Types Comments

Feature R M E Pre E

Memory – IP 256k 119k 25k 25k For M, theoretical number if 128k

For E and Pre E, theoretical number is 32k

Memory - MAC

64k 119k 25k 25k For M, theoretical number if 128k

For E and Pre E, theoretical number is 32k

Memory – ARP

16k

VLAN Scaling without SMLT

1972 1972 1972 1972

VLAN Scaling with MLT/SMLT

1972/990 1972/990 1972/990 240/120 Please refer to “enhanced operational mode”.

MLT Scaling / ports per group

128/8 32/8 32/8 32/8 128 MLT groups supported ONLY with R modules in R Mode

SVLAN No Yes Yes Yes Pre standard

317177-D Rev 00


SMLT over 10GE

Yes No No No Available ONLY withthe 8683XLR/XZR (not available with the 8681XLW single port 10GE module)

ECMP paths 8 4 4 4 8 paths supported by R modules only in R Mode

BGP scaling Yes Yes No No R Modules can support full internet routing entries

IPX routing No Yes Yes Yes

IPv4 ACLs Ingress L2-L4

Yes - - - Ingress Filtering ACT, ACL, ACE based

IPv4 ACLs Egress L2-L4

Yes - - - Egress Filtering ACP, ACL, ACE based

IPv4 ACL Pattern Matching

Yes - - - Pattern Matching for ingress and egress

IPv4 Ingress Policing L2-L4

Yes - - - 450 policers per LANE (10*1G, 1*10G), total of 10 800 policers

IPv6 Egress Shaping L2-L4

Yes - - - Per port/per queue shapers

640 queues per LANE (10*1G, 1*10G) total of 15360 queues

IPv6 ACLsIngress L2-L4

Yes - - - Ingress Filtering ACT, ACL, ACE based

IPv6 ACLsEgress L2-L4

Yes - - - Egress Filtering ACP, ACL, ACE based

IPv6 ACLPattern Matching

Yes - - - Pattern Matching for ingress and egress

Legacy Filter L2-L4

No Yes Yes Yes L2 with global filters (limited to 8 per ARU). MAC FDB filters are available only on classical modules

Legacy Ingress Policing L3-L4

No Yes Yes Yes

Table 6 Modules and modes feature availability (continued)



Supported software and hardware scaling capabilities

Table 7 lists the current values for supported software and hardware scaling capabilities in Ethernet Routing Switch 8600 Software Release 4.1

Note: The module types within an operation mode operate whether the chassis is deployed with the same module type or mixed module types. The exception is R-mode which supports only the R module type.

Note: In addition to the modes listed in Table 5, you can also independently enable enhanced operational mode (config sys set flags enhanced-operational-mode <true | false>) parameter. If you enable this additional parameter, Pre-E modules will always be disabled, while all other module types will function as shown in Table 5. For additional information on enabling and using enhanced operational-mode, please refer to Managing Platform Operations.

Note: The capabilities described in Table 7 are supported as individual protocols.

Table 7 Supported scaling capabilities in the Ethernet Routing Switch 8600 switch

Feature Maximum number supported (R modules)

Maximum number supported (Pre E/E/M modules)

Hardware forwarding records R modules: 64 000 MAC entries and up to 256 000 routing entries

Non-E and E modules: 25 000 records M modules: 125 000 records1

M modules N/A N/A

R modules R modules require at least one 8692SF.

N/A

317177-D Rev 00


8681 10 Gigabit Ethernet LAN/WAN module

Note: This information does not apply to the 8683XLR/XZR 10GE LAN module.

N/A Release 4.1.0 does not support the combination of the following features with the 10 GE LAN/WAN module:• IPX routing

• SMLT

• External MLT (Nortel recommends that you use a layer 3 protocol for resiliency, for example, OSPF associated to Equal Cost MultiPath [ECMP])

• Egress port mirroringDue to architectural considerations, Nortel recommends that you install 2 8691SF/8692SF modules in a system using a 10GE module (internal MLT of 8 Gig ports) for load sharing and redundancy.

VLANs 1972 1972

IP subnet-based VLANs 800 Pre-E and E modules: 200

M modules: 800

IP interfaces 500 or 1972 with chassis MAC upgrade

ECMP paths 1 through 8 4

ECMP routes size 5000

BGP peers 10

BGP forwarding routes • Maximum of 140 000 forwarding routes with the 250K modules (R modules)

• Maximum of 20 000 forwarding routes with the 32K modules (non-E modules and E modules)

• Maximum of 119 000 forwarding routes with the 128K modules (M modules)

RIP routes 2500

Static ARP entries 2040

Dynamic ARP entries 16000 11000 for pre E/E modules; 16000 for M modules

Table 7 Supported scaling capabilities in the Ethernet Routing Switch 8600 switch (continued)





Static route entries 2000

DVMRP Passive Interfaces 500 or 1200 with the chassis MAC upgrade.

DVMRP Active Interfaces/Neighbors

80

DVMRP Routes 2500

PIM passive interfaces 500 or up to 1500 with the chassis MAC upgrade.

PIM active interfaces 80

PIM neighbors 80

Multicast source subnet trees 500 5

Multicast records—PIM 1980

Multicast records—DVMRP 1980

IPX interfaces (IPX routing is not supported on R module ports)

100

IPX RIP routes N/A 5000

IPX SAP entries N/A 7500

VRRP interfaces 255

Spanning Tree Groups Ethernet Routing Switch 8600 switch: 252

Aggregation Groups

- 802.3ad aggregation groups- Multi Link Trunking group (MLT)3

Non R mode: 32 (128 groups ONLY in R mode)

32

Ports per MLT4 Up to 8

RIP interfaces 200

RSMLT per VLAN 1 VLAN can belong to 32 RSMLTs

RSTP/MSTP (number of interfaces) 384, with 224 active. Configure the remaining interfaces with Edge mode.

IPFIX up to 384 000 flows per chassis N/A

OSPF areas per switch 5

OSPF adjacencies per switch 80

OSPF routes R modules: 20 000 Pre-E and E modules: 15 000

M modules: 20 000

OSPF interfaces 238




317177-D Rev 00


OSPF LSA packet maximum size 3000 bytes

IPv6 interfaces 250 N/A

IPv6 tunnels 350 N/A

IPv6 static routes 2000 N/A

IPv6 routes 15000 N/A

OSPFv3 areas 5 N/A

OSPFv3 adjacencies 80 N/A

OSPFv3 routes 5k N/A

OSPFv3 interfaces N/A

OSPFv3 LSA packet maximum size N/A






RMON Alarm scaling

RMON Alarms with 250K memory 130

RMON Alarms with 4000K memory 2630

RMON Events with 250K memory 324

RMON Events with 4000K memory 5206

RMON Ethernet Statistics with 250K memory

230

RMON Ethernet Statistics with 4000K memory

4590

1 The exact number is 125838. 2162 records are used by the system. The record reservation feature prealocates 8000 records for traffic types such as ARP, MAC and so on. See Managing PlatformOperations (315545-E) for more information about the record reservation feature.

2 Nortel supports ONLY 25 STGs in this release. Although you can configure up to 64 STGs (only 63 when a Web Switching Module is present), configurations including more than 25 STGs are not supported. If you need to configure more than 25 STGs, please contact your Nortel Customer Support representative for more information about the support of this feature. The Web Switching Module supports only tagged bridged protocol data units (BPDU) with the default STG value: STG ID 1

3 The MLT feature is statically compliant with the 802.3ad standard (no support of LACP).4 When multicast is used in MLT configurations, Nortel recommends using E modules or M modules if the MLT on the

Ethernet Routing Switch 8600 is connected to a different device (non-Ethernet Routing Switch 8600).5 Refer to the Network Design Guide (313197-E) for more detailed information.




317177-D Rev 00


Supported standards, RFCs, and MIBs

This section identifies the 802 standards, RFCs, and network management MIBs supported in this release.

Table 8 lists the supported standards.

Table 9 lists the IPv6 RFCs supported in Ethernet Routing Switch 8600 Software Release.4.1.S

Table 8 Supported standards

Supported standards

802.3 CSMA/CD Ethernet ISO/IEC 8802 ISO/IEC 8802-3

802.3i 10BaseT ISO/IEC 8802-3

802.3u 100BaseT ISO/IEC 8802-3

802.3z Gigabit Ethernet

802.3ab Gigabit Ethernet 1000BaseT

4 pair Cat5 UTP

802.3ae 10 Gigabit Ethernet

802.1Q and 802.1p VLAN tagging and prioritization

802.3x Flow Control

802.1D MAC bridges/spanning tree protocol

802.1w Rapid Spanning Tree protocol (RSTP)

802.1s Multiple Spanning Tree protocol (MSTP)

802.3ad Link Aggregation Control protocol (LACP)

Table 9 Supported IPv6 standards

Supported IPv6 standards

RFC 1981 Path MTU Discovery for IP version 6

RFC 2375 Multicast address assignment IP version 6

RFC 2460 Internet Protocol Version 6 Specification

RFC 2461 Neighbor Discovery for IP Version 6

RFC 2462 IPv6 Stateless Address Autoconfiguration


40 Supported standards, RFCs, and MIBs

Table 10 lists the IPv4 RFCs supported in Ethernet Routing Switch 8600 Software Release.4.1. See Table 12, Table 13 and Table 14 for all network management standards including SNMP.

RFC 2463 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 Specification

RFC 2464 Transmission of IPv6 Packets over Ethernet Networks

RFC 2474 Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers

RFC 2475 An Architecture for Differentiated Services Framework

RFC 2710 Multicast Listener Discovery (MLD) for IPv6

RFC 2740 OSPF for IPv6

RFC 2893 Transition Mechanisms for IPv6 Hosts and Routers

RFC 3484 Default Address Selection for Internet Protocol version 6

RFC 3513 Internet Protocol Version 6 Addressing Architecture

RFC 3587 IPv6 Global Unicast Address Format

RFC 3596 DNS Extensions to Support IP version 6

RFC 3810 Multicast Listener Discovery Version 2 (MLDv2) for IPv6, June 2003



RFC 768 UDP protocol

RFC 783 TFTP protocol

RFC 791 IP protocol

RFC 792 ICMP protocol

RFC 793 TCP protocol

RFC 826 ARP protocol



317177-D Rev 00


RFC 854 Telnet protocol

RFC 903 Reverse ARP protocol

RFC 1058 RIPv1 protocol

RFC1075 DVMRP protocol

RFC1112 IGMPv1 protocol

RFC1541/1542, updated by RFC2131 Bootp/DHCP protocols

RFC1591 DNS client

RFC1745 BGP/OSPF interaction

RFC1771/1772 BGPv4 protocol

RFC1812 Router requirements

RFC1866 HTMLv2 protocol

RFC 1965 BGP-4 Confederations

RFC 1966 BGP-4 Route Reflectors

RFC 1997 BGP-4 Community Attributes

RFC 2068 Hypertext Transfer Protocol

RFC 2138/2139 RADIUS Authentication/RADIUS Accounting

RFC 2236 IGMPv2 protocol

RFC 2270 BGP-4 Dedicated AS for sites/single provider

RFC 2328 OSPFv2 protocol

RFC 2338 VRRP (Virtual Router Redundancy Protocol)

RFC 2385 BGP4 MD5 authentication

RFC 2362 PIM-SM protocol

RFC 2439 BGP4 Route Flap Dampening

RFC2453 RIPv2 protocol

RFC 2474/2475 DiffServ

RFC 2597/2598 DiffServ per hop behavior

RFC2819 RMON (Remote Monitoring)Alarms, Events, Statistics & Groups

draft-holbrook-idmr-igmpv3-ssm-02.txt IGMPv3 for SSM

RFC 3208 (draft-speakman-pgm-spec-04)

PGM





Table 11 lists the ATM POS module RFCs supported in this release.

Supported network managment MIBs (format B)

The Ethernet Routing Switch 8600 an SNMPv1/v2/v2c/v3 agent with Industry Standard MIBs, as well as private MIB extensions, which ensures compatibility with existing network management tools.

All these MIBs are given with any version of code. Please consult the Nortel web site where a file called mib.zip contains all these MIBs, and a special, called manifest, for the order of MIB compilation.

RFC 3376 IGMPv3* partial compliancy*

RFC 3569 (draft-ietf-ssm-arch-03.txt) PIM-SSM

RFC 3917/3995 IPFIX

Table 11 Supported ATM POS module RFCs

Supported ATM POS module RFCs

RFC 1332 IPCP

RFC 1471 LCP

RFC 1473 NCP

RFC 1474 Bridge NCP

RFC 1552 IPXCP

RFC 1661 PPP

RFC 1638 BCP

RFC 1989 PPP Link Quality Monitoring

RFC 2558 SONET/SDH

RFC 2615 PPP over SONET/SDH



317177-D Rev 00


Table 12, Table 13 and Table 14 list the network management MIBs and standards supported in this release.

Table 12 Standard MIBs (IEEE)

Standard MIB name IEEE File name

LACP (802.3ad) 802.3ad ieee802-lag.mib

EAPoL (802.1x) 802.1x ieee8021x.mib

Table 13 Standard MIBs (RFC)


IANA Interface Type N/A iana_if_type.mib

SMI RFC1155 rfc1155.mib

SNMP RFC1157 rfc1157.mib

MIB for network management of TCP/IP based Internet MIB2

RFC1213 rfc1213.mib

A convention for defining traps for use with SNMP

RFC1215 rfc1215.mib

RIP version 2 MIB extensions RFC1389 rfc1389.mib

Definitions of Managed Objects for Bridges

RFC1493 rfc1493.mib

Evolution of the Interface Groups for MIB2

RFC1573 rfc1573.mib

Definitions of Managed Objects for the Ethernet-like Interface Types

RFC1643 rfc1643.mib

Definitions of Managed Objects for the Fourth Version of the Border Gateway Protocol (BGP-4) using SMIv2

RFC1657 rfc1657.mib

RIP version 2 MIB extensions RFC1724 rfc1724.mib

Remote Network Monitoring Management Information Base (RMON)NOTE: 8600 supports Alarms, Events, Statistics and History

RFC1757/RFC2819 rfc1757.mib



OSPF Version 2 Management Information Base

RFC1850 rfc1850.mib

Management Information Base of the Simple Network Management Protocol (SNMPv2)

RFC1907 rfc1907.mib

Remote Network Monitoring Management Information Base (RMON) version 2 using SMIv2

RFC2021 rfc2121.mib

IP Forwarding Table MIB RFC2096 rfc2096.mib

The Interfaces Group MIB using SMIv2

RFC2233 rfc2233.mib

IPv6 Management Information Base for the Transmission Control Protocol

RFC2452 rfc2452.mib

IPv6 Management Information Base for the User Datagram Protocol

RFC2454 rfc2454.mib

Management Information Base for IPv6: Textual Conventions and General Group

RFC2465 rfc2465.mib

Management Information Base for IPv6: ICMPv6 Group

RFC2466 rfc2466.mib

An Architecture for Describing SNMP Management Frameworks

RFC2571 rfc2571.mib

Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)

RFC2572 rfc2572.mib

SNMP Applications RFC2573 rfc2573.mib

User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMP)

RFC2574 rfc2574.mib

View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)

RFC2575 rfc2575.mib

Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework

RFC2576 rfc2576.mib

Table 13 Standard MIBs (RFC) (continued)


317177-D Rev 00


Definitions of Managed Object for Bridges with Traffic

Classes, Multicast Filtering, and Virtual LAN extensions

RFC2674 rfc2674.mib

Textual Conventions for Internet Network Addresses

RFC2851 rfc2851.mib

The Interface Group MIB RFC2863 rfc2863.mib

Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations

RFC2925 rfc2925.mib

IPv4 Multicast Routing MIB RFC2932 rfc2932.mib

Internet Group Management Protocol MIB

RFC2933 rfc2933.mib

Protocol Independent Multicast MIB for IPv4

RFC2934 Rfc2934.mib

IP version 6 Management Information Base for the Multicast Listener Discovery Protocol

RFC3019 rfc3019.mib

The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP Used-based Security Model

RFC3826 rfc3826.mib

Management Information Base for the Transmission Control protocol (TCP)

RFC4022 rfc4022.mib

IP Tunnel MIB RFC4087 rfc4087.mib

Management Information Base for the User Datagram Protocol (UDP)

RFC4113 rfc4113.mib

Table 14 Proprietary MIBs

Proprietary MIB name File name

Rapid City MIB rapid_city.mib

SynOptics Root MIB synro.mib

Other SynOptics definitions s5114roo.mib

Table 13 Standard MIBs (RFC) (continued)




Other SynOptics definitions s5tcs112.mib

Other SynOptics definitions s5emt103.mib

Nortel RSTP/MSTP proprietary MIBs nnrst000.mib, nnmst000.mib

Nortel IPX MIBs ipx_rcc.mib, ipxripsap_rcc.mib

Nortel IGMP MIB rfc_igmp.mib

Nortel VRRP MIB vrrp_rcc.mib

Nortel IP Multicast MIB ipmroute_rcc.mib

Nortel DVMRP MIB dvmrp_rcc.mib

Nortel PIM MIB pim-rcc.mib

Nortel ATM MIB atm_tc.mib

Nortel MIB definitions wf_com.mib

Nortel PGM MIB wf_pgm.mib

The Definitions of Managed Objects for the Link Control Protocol of the Point-to-Point Protocol – Nortel Proprietary

rfc1471rcc.mib

The Definitions of Managed Objects for the IP Network Control Protocol of the Point-to-Point Protocol – Nortel Proprietary

rfc1473rcc.mib

The Definitions of Managed Objects for the Bridge Network Control Protocol of the Point-to-Point Protocol

rfc1474rcc.mib

Definitions of Managed Objects for the SONET/SDH Interface Type – Nortel Proprietary

rfc1595rcc.mib

OSPF Version 2 Management Information Base – Nortel Propriétaire extensions

rfc1850t_rcc.mib

Nortel IPv6 Proprietary MIB definitions rfc_ipv6_tc.mib, inet_address_tc.mib, ipv6_flow_label.mib

Table 14 Proprietary MIBs

Proprietary MIB name File name

317177-D Rev 00

Supported traps/notifications supported by Release 4.1.0 47

Supported traps/notifications supported by Release 4.1.0

See Using Diagnostic Tools 317359-D for a complete list of traps generated by Ethernet Routing Switch 8600 Software Release 4.1.0.

8672ATM/ATME/ATMM supported PVCs

Although you can configure higher VPI numbers than those supported PVCs specified in Table 15 (without a warning or error message displaying), do not use these high numbers as they do not function properly. It is important to note that some of these values have changed since the previous release of Ethernet Routing Switch 8600. Therefore, read through this table carefully prior to upgrading your Ethernet Routing Switch 8600.

* In software releases prior to 3.5.0, values 3.1260 through 3.2047 were unavailable.** In software releases prior to 3.5.0, all values were available.*** In software releases prior to 3.5.0, values 1.252 through 1023 were unavailable.

Table 15 Supported or unsupported PVCs on the 8672ATM/ATME/ATMM module

Interface VPI bits Unavailable PVCs

OC12 1 (VCI Bit max value 4095)2 (VCI Bit max value 2047)3 (VCI Bit max value 1023)4 (VCI Bit max value 511)5 (VCI bit max value 255)6 (VCI bit max value 127)7 (VCI bit max value 63)8 (VCI bit max value 31)

1.3324 through 1.40953.1276 through 3.2047*7.252 through 7.102314.252 through 14.511 **28.252 through 28.255 **None (that is, all values are available)None (that is, all values are available)None (that is, all values are available)

OC3 1 through 6 None (that is, all values are available) ***

DS3 1 (VCI Bit max value 2047)2 (VCI Bit max value 1023)3 (VCI Bit max value 511)4 (VCI Bit max value 255)5 (VCI Bit max value 127)6 (VCI Bit max value 63)7 (VCI Bit max value 31)

1.0 through 1.20472.0 through 3.10234.0 through 7.5118.0 through 15.25516.0 through 31.12732.0 through 63.6364.0 through 127.31


48 Enabling the Enterprise Enhanced CPU Daughter Card (SuperMezz)

Enabling the Enterprise Enhanced CPU Daughter Card (SuperMezz)

After installing the SuperMezz card it must then be enabled. For information on installing SuperMezz, see Installing Ethernet Routing Switch 8600 Switch Modules 312749-K.

After installation, complete the following procedure to enable the SuperMezz card:

1 Enter the following command to identify the mezz-image name:ERS-8610:5# config bootconfig mezz-image image-name p80m4100.img

2 Enter the following command to enable the use of the SuperMezz card operation:

ERS-8610:5# config bootconfig flags mezz true

3 Enter the following command to save the boot configuration: ERS-8610:5# save bootconfig

4 Re-boot the system/chassis in order for the updates to take effect: ERS-8610:5# boot -y

To disable the SuperMezz card, complete the following procedure:

1 Enter the following command to disable usage of the SuperMezz card:ERS-8610:5# config bootconfig flags mezz false

2 Enter the following command to save the boot configuration: ERS-8610:5# save bootconfig

Note: The SuperMezz card is enabled by default.

317177-D Rev 00

Device Manager installation requirements 49

3 Re-boot the system/chassis in order for the updates to take effect ERS-8610:5# boot -y

Device Manager installation requirements

Windows

The minimum system requirements for installing Device Manager on Microsoft Windows 98 SE (Second Edition), Windows 2000, Windows ME (Millennium Edition) Windows 2003 and Windows XP are:

• 350 MHz or higher Pentium processor• 256 MB DRAM• 350 MB space on hard drive

Solaris

Device Manager 5.9.7 and above requires Solaris 8 as a minimum requirement. The minimum system requirements for installing Device Manager on Solaris are:

• 256 MB DRAM • 350 MB space on hard drive

Linux

The minimum system requirements for installing Device Manager on Linux are:

• Kernel version 2.2 and above• 256 MB DRAM • 350 MB space on hard drive


50 CPU Warm Standby

HP-UX

The minimum system requirements for installing Device Manager on HP-UX are:

• OS version 11.x and above• 256 MB DRAM • 350 MB space on hard drive

CPU Warm Standby

The Ethernet Routing Switch 8600 supports up to 2 8690/8691/8692 CPU/SF modules in slots 5 or 6 in either a 6 slots or 10 slots chassis. When you boot up the switch with 2 CPU/SF modules in slots 5 and 6, slot 5 becomes the master CPU and slot 6 becomes the backup, or warm standby, by default. You can change this default behavior with a bootconfig flag.

8690/8691/8692 modules have two functions: CPU and Switching. Switching fabrics (SF) are always active, providing load balancing for I/O modules. One CPU remains active, while the other CPU is the backup. R Modules are supported only with 8692SF.

Password encryption

In Ethernet Routing Switch 8000 Releases 3.2.1 through 4.1.0, passwords are stored in an encrypted format in your system rather than in the configuration file. Before upgrading to Release 4.1.0 from Releases 3.5/3.3/3.2.2/3.2.1, you must back up your current configuration file.

Note: a Dual CPU/SF system configuration supports 2 modes: Warm Standby or Hot Standby. Hot Standby, or High Availability (HA) uses the two CPUs as synchronizing tables – L2 or L3. HA is not enabled by default. You must enable a specific bootconfig flag to enable HA.

317177-D Rev 00

Password encryption 51

To limit access to configuration files and the corresponding encrypted text, the switch resets passwords to default after the upgrade. You must change the default passwords (ro, l1, l2, l3, rw and rwa) immediately after the upgrade to secure your system.

To change the passwords use the following CLI commands. All passwords are case sensitive.

config cli password <access-level> <username>Enter the old password: <password>Enter the new password: <password>Re-enter the new password: <password>

For lost password recovery, you must reset the switch and apply the following command in boot monitor mode:

reset-passwd

Contact your Nortel account support team for the release for other password issues.


52 Upgrading the switch

Upgrading the switch

Release 4.1.0 introduces a number of significant changes to the switch upgrade process. These changes are captured in Upgrading to Ethernet Routing Switch 8600 Software Release 4.1 316674-C. Read this document before attempting to upgrade.

Firmware revision on R-series modules

A new Fabric Output Queue (FOQ) Field Programmable Gate Array (FPGA) firmware (version 267) is available with Software Release 4.1. This new firmware revision resolves a potential issue which existed since the initial release of the 8648GTR module, Release 4.0.1. Please note that the two other FPGA devices, BMC and DPC, are unchanged. This issue happens only in some heavily congested networks where a backpressure message has to be sent at ingress using the FOQ.

Although this issue is specific to the 8648GTR module, since the FOQ device is on the base board of all R-modules, you should review and update firmware revisions on every R-module for consistency.

The FOQ update is not required if you are not using an 8648GTR module or if you don’t expect to encounter high congestion.

To verify and update the revision, see Upgrading to Ethernet Routing Switch 8600 Software Release 4.1 316674-C.

Hot-swapping the CPU/SF module or I/O modules

When hot-swapping the active CPU/SF module in an Ethernet Routing Switch 8600 with redundant CPU/SF modules, wait until the redundant CPU/SF module is stabilized before inserting any other modules. The redundant CPU/SF module will display a login prompt on the console screen. If no console connection is available, wait for at least thirty seconds before inserting the replacement CPU/SF module or before reinserting the removed CPU/SF module.

317177-D Rev 00

High Availability 53

In addition, during a CPU/SF failover, do not hot swap I/O modules until the new CPU/SF becomes the master CPU/SF.

To perform a CPU/SF failover, use the following procedure:

1 Reboot the master CPU/SF from the console, followed by a remote Telnet/SSH session.

2 Allow the hot standby CPU/SF take over as the new master CPU/SF.

3 As required, remove the rebooted master CPU/SF after the new master CPU/SF is online.

High Availability

The following protocols, features and modules are not available with High Availability mode:

• WSM and SDM modules

Caution: Do not hot-swap or insert modules in a Ethernet Routing Switch 8000 Series chassis while the switch is booting. Doing so may cause the module not to be recognized and may cause module initialization failure.

Caution: Nortel strongly recommends that you make the backup CPU/SF the master before removing the master CPU/SF in an HA configuration. Removing the master directly could generate traffic distortion.

Note: If a dual CPU/SF system has HA-CPU mode enabled, the following procedure will minimize packet loss. If the CPU/SF is in warm standby mode, because most of the hardware will be rebooted, packet loss cannot be avoided; however, the procedure will minimize downtime.


54 Upgrading SNMP

• SSL Acceleration module• ATM and POS• BGP and all redistribution parameters (policies) related to BGP • Multicast dynamic routing protocols (DVMRP, PIM-SM, PIM-SSM, PGM)• VRRP Fast Advertisement Interval • IPX routing

If you want to use High Availability (HA) mode, verify that the link speed/duplex mode for the CPU module are 100Mb/s and Full Duplex. Use the following CLI commands to configure and verify the link speed and duplex mode:

config bootconfig net cpu2cpu infoconfig bootconfig net cpu2cpu speed 100config bootconfig net cpu2cpu fullduplex true

If the link is not configured in 100Mb/s and Full Duplex mode, either you will not be able to synchronize the two CPUs or the synchronization may take a long time. Error messages may appear on the console. (Q00839619)

Layer 3 considerations

In HA mode, Nortel recommends that you not configure the OSPF hello timers less than a second, and the dead router interval less than 15 seconds.

Upgrading SNMP

Before you upgrade SNMP to Release 4.1.0, note the following SNMP upgrade considerations.

Note: Existing SNMP policies can affect switch access if policies are present and enabled in configurations before an upgrade. See the examples in Important Security Information for the Ethernet Routing Switch 8600 314997-E to update configurations for SNMP access.

317177-D Rev 00

Upgrading SNMP 55

SNMP upgrade considerations• Starting with Release 3.7, the CLI command save config file creates a

hidden and encrypted file that contains community table information. For security purposes, the save config file command also removes references to the existing SNMP community strings in the newly created configuration file.

• If you have one CPU only and a pre-4.1.0 configuration file, and if you swap the CPU, all the password files, including the hidden file, will be lost. You must reconfigure your trap receivers and community strings every time you change the CPU module. (Q00878458)

• With Release 4.1.0, changes within the SNMP agent prevent JDM from registering for traps. (Q00880590)

• With Release 4.1.0, the trap receiver concept has been replaced by the notification originator application. This application monitors a system for specific events or conditions, and generates Notification-Class messages, based on these events or conditions. For more information about configuring the notification originator application, see Configuring Network Management or Configuring and Managing Security.

• The ability to edit certain SNMP parameters, such as community strings, using the CLI command config sys set snmp is no longer available. For instructions on creating an SNMPv1, SNMPv2, or SNMPv3 user, or changing the default community strings, see Configuring and Managing Security.

• When upgrading from Release 3.7 to Release 4.1.0, read-only (ro) user is mapped into ReadView with read-only access. (Q00889700)

• After performing the upgrade, Nortel strongly recommends that you change the password for USM user initial.

Upgrading SNMP from Release 4.0.x to Release 4.1.0

Note: If you are using the Data Encryption Standard (DES) for SNMP v3, please note the new image name: p80c4100.aes.


56 Upgrading SNMP

In the Ethernet Routing Switch 8600 Release 4.0.x, you set SNMP community strings by using the following command (this command is now obsolete):

config sys set snmp community rwa <commstring>

After you save the configuration, this command will NOT appear in the configuration file. However, the community strings are stored in a hidden file. This behavior has changed in Release 4.1.0. The upgrade procedure is detailed below.

Non-High Availability1 In CLI mode, before performing the upgrade, change and save the bootconfig

options to the appropriate Release 4.1.0 image by entering the following commands:

config bootconfig primary choice /flash/p80a4100.img save bootconfig

2 Boot up the chassis and upgrade the boot-monitor by entering the following command:

boot /flash/p80b4100.img

The SNMP upgrade procedure loads the SNMP configuration into runtime configuration.

3 After the reboot, save the configuration by entering the following command:

save config file /flash/config1.cfg

When you enter this command, the following activities occur:

• Configurations related to SNMP trap receivers are automatically mapped into Release 4.1.0-compatible commands in config1.cfg.

• For users upgrading from Release 3.5 or 4.0: configurations related to SNMP community strings are ported from a hidden file to another hidden and encrypted file. This file must exist for you to access the chassis via SNMP. From this point forward, information regarding SNMP community strings will be stored ONLY in this hidden file and WILL

317177-D Rev 00

Upgrading SNMP 57

NOT be found in configuration files. If you choose to swap the existing CPU Module with a new CPU Module, you must copy all hidden files to the new module, in addition to the regular files, in order for the SNMP strings to work correctly.

• Default strings such as “public” and “private” are translated as is.• The default string “secret” for rwa is no longer applicable in Release

4.1.0.• All “l1”, “l2”, “l3”, and “rwa” SNMP strings are now “rw.” (Q00894703)

High Availability

Follow the standard procedure for HA upgrade. The upgrade process creates identical hidden files on both CPUs.


58 Configuring SNMP traps

Configuring SNMP traps

In the Ethernet Routing Switch 8600 switch Release 4.0.x, you configured traps by using the following command (this command is now obsolete):

config sys set snmp trap-recv <ipaddr> v2c public

where ipaddr is the IP address of the trap receiver.

With Release 4.1.0, you configure traps by creating SNMPv3 trap notifications, creating a target address to which you want to send the notifications, and specifying target parameters. Nortel provides two default entries in the notify table: Inform and Trap. The tag values for these entries are informTag and trapTag, respectively. For more information about configuring SNMP traps in Release 4.1.0, see Configuring Network Management or Configuring and Managing Security.

1 Configure an SNMP notification, using the following command:

config snmp-v3 notify create <Notify Name> [tag <value>] [type <value>]

In this example, the DefNotify identifies the notification and DefTag identifies the tag value that will be to used to select entries in the snmpTargetAddrTable:

config snmp-v3 notify create DefNotify tag DefTag type trap

2 Configure an SNMP target address, using the following command:

config snmp-v3 target-addr create <Target Name> <Ip addr:port> <Target parm> [timeout <value>] [retry <value>] [taglist <value>] [mask <value>] [mms <value>]

In this example, you create the target parameter ID (TparamV2) along with the target address ID (TAddr1), link them with the taglist (DefTag) that you created in step 1, and define the trap receiver’s IP address (198.202.188.207). You also specify 162 as the default UDP port used to send traps, a timeout of 1500, a retry of 3, a mask value of ff:ff:00:00:00:00, and specify a maximum message size (MMS) of 484.

317177-D Rev 00

Upgrading SDM software 59

config snmp-v3 target-addr create TAddr1 198.202.188.207:162 TparamV2 timeout 1500 retry 3 taglist DefTag mask ff:ff:00:00:00:00 mms 484

3 Specify SNMP target parameters, using the following command:

config snmp-v3 target-param create <target param name> mp-model <value> sec-level <value> sec-name <value>

In this example, you first specify that target parameter ID, TparamV1, is linked to the user name, readview, define the model as SNMPv1, and specify a security level of noAuthNoPriv. Next, you specify that target parameter ID, TparamV2, is linked to the user name, readview, define the model as SNMPv2c, and specify a security level of noAuthNoPriv.

config snmp-v3 target-param create TparamV1 mp-model snmpv1 sec-level noAuthNoPriv sec-name readview

config snmp-v3 target-param create TparamV2 mp-model snmpv2c sec-level noAuthNoPriv sec-name readview

Upgrading SDM software

For instuctions on how to upgrade SDM software, see Firewall and Intrusion Sensor User’s Guide, 217315-B.

Upgrading the SDM TPS software

Before you can upgrade the SDM TPS software, you must configure the IP address and connect to the SDM-TPS browser based interface (BBI) for the first configuration and add a license. For instructions on connecting to the SDM-TPS BBI, see Firewall and Intrusion Sensor User's Guide.

Note: Because Release 4.0.x supports only SNMPv1/SNMPv2c trap configurations, when you upgrade to Release 4.1.0, the trap configurations are in SNMPv1/SNMPv2c.


60 Upgrading SDM software

From your web browser, complete the following:

1 Open a https session and enter the TPS eth0. <MgmtVlanID> IP address in the URL field of the web browser.

2 The Logon web page appears. Type admin as the login name and the new password. The new password is the password you changed after the first login. Click Login.

TPS is ready for configuration.

3 Select Operations > Update.

The Patch Update Management page appears.

4 Click Upload Update to browse to the update you downloaded from the Nortel Support web site (https://support.nortel.com) and then click Upload.

The update is saved on the Intrusion Sensor and appears in the Select an Update list. This list shows the type of update, the version number, the date and time the update was generated and indicates whether or not you must reboot the system after the update completes.

5 Select the update that you want to apply and click Install.

Caution: Upload update files directly from the Nortel Support web site or by clicking Update. Do not use email to transfer them, as they may become corrupted during transmission.Nortel recommends that you download the MD5 file along with the upgrading patch and check for any errors.

Note: If you are installing an update that requires a system reboot, a message appears confirming that you should restart the system. Click OK to continue with the upgrade or Cancel to cancel the update

317177-D Rev 00

Extended CP Limit 61

The update begins, and the software installs. You can verify that the update is complete by reloading the page and checking to see if the correct version appears in the title bar of the web browser and in the Currently running software version line on the Update View page. If the update is a patch and not a major upgrade to a new version, the software is installed. An uninstaller update appears, allowing you to uninstall the update, if necessary.

Extended CP Limit

The CP Limit function protects the CPU by shutting down ports sending Multicast or Broadcast traffic to the CPU at a rate greater than desired through one or more ports. The Extended CP Limit functionality is configurable and can be used to protect the switch from being overwhelmed by any kind of traffic. To make use of the Extended CP Limit functionality, configuration must take place at the chassis and port level.

The set of ports to check for a high rate of traffic must be predetermined, and configured as either SoftDown or HardDown.

HardDown ports are disabled immediately once the CPU is congested for a certain period of time.

SoftDown ports are monitored for a specified time interval, and are only disabled if the traffic does not subside. The user configures the maximum number of monitored SoftDown ports.

Note: After rebooting you may need to add the network configuration in CLI again using the command addif.

Note: The Extended CP-limit features differs from the rate-limit feature by monitoring only packets that are sent to the CPU (control plane), instead of all packets that are forwarded through the switch (data plane).


62 Extended CP Limit

Extended CP Limit Chassis Configuration

To enable this functionality and set its general parameters, configuration must take place at the chassis level first. Select Edit > Chassis > Ext. CP Limit from the Device Manager menu.

Enter the appropriate information in the fields provided and click Apply. For an explanation of the fields on this tab, see Table 16.

Table 16 Chassis Ext. CP Limit Tab Fields

Extended CP Limit Port Configuration

After you enable this functionality at the chassis level, configure each port individually to make use of it. Select Edit > Port > Ext. CP Limit from the Device Manager menu, and select the Port Extended CP Limit tab.

Enter the appropriate information in the fields provided and click Apply. For an explanation of the fields on this tab, see Table 17.

Field name Description

Enable Select this checkbox to enable the Extended CP Limit functionality. De-select it to disable.

MinCongTime Sets the minimum time the system octapid has to remain in a congested state before triggering the congestion algorithm. Default value is 3000 ms.

MaxPorts Sets the total number of ports that need to be analyzed from the may-go-down port list. Default value is 0

PortCongTime Sets the time duration after which a port is disabled, if it remains at the congestion threshold. Default value is 5 s.

TrapLevel Sets the manner in which a SNMP trap is sent if a port becomes disabled. The three values are: • None - no traps are sent (default value). • Normal - sends a single trap if ports are disabled. • Verbose - sends a trap for each port that becomes disabled.

317177-D Rev 00

Fixed CRs from Releases 4.0.5, 4.0.6, and 4.0.7 63

Table 17 Port Ext. CP Limit Tab Fields

Fixed CRs from Releases 4.0.5, 4.0.6, and 4.0.7

This section lists CRs fixed in Ethernet Routing Switch 8600 Releases 4.05, 4.0.6 and 4.0.7 in the following areas:

• Hardware• Software

Hardware

This section lists fixed CRs in the following areas:

• Platform• ATM

Platform

Table 18 lists CRs found in Hardware Platform.

Field name Description

CplimitConf Sets the manner in which the individual port participates in the Extended CP limit functionality. Select one of the following values for the port:

None - port is not checked (default value).

SoftDown - port belongs to "may-go-down" port list.

HardDown - port belongs to "must-go-down" port list.

CplimitUtilRate Sets the threshold percentage at which bandwidth utilization triggers the monitoring algorithm.


64 Fixed CRs from Releases 4.0.5, 4.0.6, and 4.0.7

ATM

Table 19 lists CRs found in ATM.

Software


• Platform• Layer 2• IPv4 Layer 3• QoS and Filters• Multicast• Security• Management

Platform

Table 20 lists switch management CRs.

Table 18 Hardware platform

CR references Description

Q01242772 When the switch takes an I/O card offline due to excessive hardware errors, the ports corresponding to that slot are now be taken offline.

Q01345064-01 When you configure a port mirror on an 8630GBR port to enable a TPS system connection, TCP throughput is decreasing by 50 percent.

Table 19 ATM


Q01244017-01 The élan-stats and poll-period for ATM cards are now saved across a reboot.

317177-D Rev 00


Layer 2


• MAC• VLAN• MLT• Link Aggregation (802.3ad)• SMLT

Table 20 Switch Management


Q01278794 SNMP get bulk requests on certain OIDs no longer cause DRAM utilization to increase.

Q01274969-01 Saving the configuration file no longer causes delayed processing of control packets.

Q01282173 The LEDs on the 8648GTR module, when running the port speed at 10/100 with auto-negotiation disabled, are shut down correctly when the ports go down as a result of removing the CPU/SF card in a single CPU/SF system. This is a cosmetic change only, and does not affect link operation.

Q01226568-02 Q01226564-01

Saving the configuration file in verbose mode no longer results in errors.

Q01220864 The Ethernet Routing Switch 8600 switch now sends traps for each 2 degree rise in temperature above 40 degrees Celsius.

Q01343042-03 In certain combinations of port states, the switch becomes unstable.

Q01219948-01 In certain situations, the switch stops responding and requires manual intervention from the user.

Q01303839-02 The switch does not recognize the Baystack 3510. The topology table shows a 3510 as unknown.

Q01306767-01 The switch allows you, in CLI or Device Manager, to disable autonegotiation on a 1000BASE-T.

Q01239860-02 Boot messages are added to the SMP log after the MaxLogfileSize is exceeded.

Q01303838-02 The switch does not recognize the Baystack 5530. The topology table shows 5530 as unknown.

Q01336920-01 The switch loses entries in the notify table when you perform a "save config verbose" and then boot the switch.

Q01291036-01 The PM tables display information for all ports, rather than selected port types.



• SFFD

Table 21 lists MAC CRs.

Table 22 lists VLAN CRs.

Table 23 lists MLT CRs.

Table 21 MAC


Q01225064-01 The switch now updates the remote flag of a MAC address properly, once the address moves from one switch to another. This is a minor display issue with no impact on functionality.

Table 22 VLAN


Q01189528 While configuring the source MAC based VLANS through CLI/Device Manager, the color parameter supplied is now assigned properly.

Q01228421-01 You can no longer add locked ports to policy-based VLANs.

Q01343940-01 The switch leaks DecOther traffic, and forwards it to the default VLAN on the 8648GTR module.

Q01306666-01 The “VLAN ERROR svlanInsertBridgeMacAddress: rarAddMacAddress failed with -100” error message appears in certain situations when you enable HA mode.

Table 23 MLT


Q01182089 MLT designated port information is cleared correctly when MLT ports are removed due to removal of the I/O module. In addition, when you add ports from another I/O module to the same MLT, the STP state of the MLT ports is no longer corrupted.

Q01277624 On an Ethernet Routing Switch 8600, it is now possible to add non-R module ports with multicast/broadcast rate-limiting enabled, to an MLT.

Q01124269 In an SMLT set-up, the ARP entries on the core switches no longer incorrectly point to the IST when the corresponding FDB entry is pointing to SMLT.

317177-D Rev 00


Table 24 lists Link Aggregation CRs.

Table 25 lists SMLT CRs.

Table 26 lists SFFD CRs.

Table 24 Link Aggregation (802.3ad)


Q01342263-01 Certain STGs do not converge on LACP-enabled ports when you set the timeout-scale to 1.

Table 25 SMLT


Q01259139 A loss of connectivity, lasting less than five minutes, occurs in fully meshed SMLT environments (using R-modules), when you manually remove the standby CPU card from one of the core-switches. Please see known limitations sections for further enhancements to this change.

Q01306405 IGMP messages received on IST ports are no longer forwarded on SMLT ports.

Q01324899 In a SMLT environment with PIM on the core switches and both source and receiver connected to the edge switch, traffic is no longer stopped when the link between an edge switch and the core switch is disconnected and reconnected.

Q01219224 Aggregate switches in a square-SMLT setup no longer lose connectivity after a reboot/power cycle, when using SLT (single port SMLT). Nortel recommends that customers use SLT in a square SMLT setup to upgrade to Release 4.0.5.0.

Q01247173-01 The switch incorrectly marks certain FDB entries for a learned MAC as Remote "False" over IST.

Q01343280-02 The switch stops operating when you delete an IST VLAN-id that forwards Hellos.

Table 26 SFFD


Q01241880 Release 4.0.5 reintroduces the support for Single Fiber Fault Detection (SFFD) feature on the 8630GBR.NOTE: SFFD should only be used in situations where one or more of the interfaces for connectivity do not support auto-negotiation. In configurations where both modules fully support auto-negotiation on all ports and port types, auto-negotiation enabled is the recommended configuration, rather than SFFD. Using auto-negotiation enabled implies the use of mechanisms within this link-level protocol for remote end fault indication (RFI/FEFI), and there is no need to enable or use SFFD.



IPv4 Layer 3


• VRRP• ECMP• OSPF• BGP• High Availability (HA)• Route Policies

Table 27 lists VRRP CRs.

Table 28 lists ECMP CRs.

Table 29 lists OSPF CRs.

Table 27 VRRP


Q00591476 When you remove more than 8000 MACs from a VLAN, and the switch relearns the MACs following an STP Topology change, all VRRP instances on the switch become unstable.

Table 28 ECMP


Q01287882 When you enable ECMP on multiple routes, with a combination of routes with less specific and more specific masks, the routes with less specific masks are now programmed correctly, preventing random loss of connectivity.

Table 29 OSPF


Q01280963 The Ethernet Routing Switch 8600 now generates an LSA for a more specific route instantly after receiving a less specific route for the same network, and schedules LSA generation for less specific routes within the next MinLSInterval.

317177-D Rev 00


Table 30 lists BGP CRs.

Q01249334 The switch no longer loses OSPF neighbor adjacency when a port is down in the VLAN and a multicast protocol is enabled on a switch.

Q01223264-01 In configurations with a redistribute policy advertising BGP routes to OSPF, with a route-policy that matches ASpath: if the BGP route goes down, the route is now matched correctly and placed in the withdrawn route list. This deletes the route from the routing table.

Table 30 BGP


Q01282397-02 The default-local-preference now updates properly on imported BGP routes.

Q01273305-01 The Ethernet Routing Switch 8600 now clears the ATOMIC_AGGREGATE attribute on a less specific route, after receiving a withdrawn route update for a more specific rejected route.

Q01252400 When two or more BGP speakers advertise the same prefix to two EBGP speakers, the BGP peer no longer sets the route status to BEST when the route source is removed and then restored.

Q01299234-01 When a new member is added to a BGP peer group, the individual peer now inherits all parameters, except originate-default-route, from the peer group. If remote-as is not configured in the peer, then the remote-as on the peer group is inherited by the peer.Please note that individual peer group members are not allowed to override any option that affects outbound updates.

Q01273305-01 The Ethernet Routing Switch 8600 now clears the ATOMIC_AGGREGATE attribute on a less specific route, after receiving withdrawn route update for more specific rejected route.

Q01318795 When BGP in Ethernet Routing Switch 8600 is externally peered with any other vendor BGP and an IN route-policy is set in Ethernet Routing Switch to drop a particular route, then all the routes received from the peer which exist in the advertisement below that particular route are longer be dropped.

Q01242167-01 In a configuration with two or more BGP speakers, that are IBGP peers, advertising the route with the same prefix: when the prefix is removed, the prefix is now removed from the RIB-in and the Local- RIB and RIB-out. This prevents the prefix from being advertised to the EBGP peers incorrectly.

Table 29 OSPF




Table 31 lists High Availability CRs.

Table 32 lists Route Policies CRs.

QoS and Filters


• General Qos and Filter CRs• Legacy modules• R modules (ACE/ACLs)

Table 33 lists General QoS and Filter CRs.

Table 31 High Availability (HA)


Q01334993-01 In certain HA configurations, the slave CPU and the master CPU stop responding.

Table 32 Route Policies


Q01251325-01 The Route-Policy parameter “match-protocol” can now announce the BGP routes (EBGP & IBGP) in the OSPF redistribute policy. In previous releases, this parameter was used only for RIP Announce purposes. When configuring OSPF redistribute policy with match-protocol “EBGP”, “IBGP” routes were no longer advertised.

Table 33 General Qos and Filter CRs


Q01334631-02 Rebooting the switch corrupts IP Filters.

317177-D Rev 00


Table 34 lists CRs for legacy modules.

Table 35 lists CRs for R modules.

Multicast

Table 36 lists IGMP CRs.

Table 34 Legacy modules


Q01209415 The IP traffic filter statistics are now displayed correctly for inactive filters.

Q01162361-02 On an Ethernet Routing Switch 8600, if you modify the QOS value corresponding to Ingress DSCP and save the configuration, and then create filter with DiffservModifyDSCP enabled, the new QOS value is now applied to the filter.

Table 35 R modules (ACE/ACLs)


Q01248824 An ACE (Access Control Entry) with redirect-next-hop is now restored across a reboot.

Q01346218-01 When you configure an R module filter with the "redirect-next-hop" entry, the switch does not save the corresponding value for redirect-next-hop after you perform a "save con" and reboot.

Q01343114-01 The CPU generates error messages for the default ACT IDs.

Table 36 IGMP


Q01258484 You can now create an IGMP access policy on the Ethernet Routing Switch 8600.



Security

Table 37 lists Security CRs.

Management


• MIBs• SNMP• Device Management

Table 38 lists MIBs CRs.

Table 37 Security


Q01268776 You can no longer configure the following TCP ports for use as an SSH port: • Port 0-1024 (except port 22)• Port 1100• Port 4095• Port 5000• Port 5111• Port 6000• Port 9999

Q01301651-01 Radius authentication fails when you configure the source IP for the Radius server.

Table 38 MIBs

Cr references Description

Q01325813-01 The MIB text for rcRadiusPaePortNumber contains the following spelling error: "happenned" rather than “happened.”

317177-D Rev 00


Table 39 lists SNMP CRs.

Table 40 lists Device Management CRs.

Table 39 SNMP


Q01293436-01 You must configure entries in the Group Member table for both SNMPv1 and SNMPv2 for entries to function properly.

Table 40 Device Management


Q01207359 The default egress-queue sets are now displayed in Device Manager.

Q01206093-01 If you configure SNMP Ping Control in Device Manager and leave the system running for four days, Device Manager displays the RttSumOfSquares value as negative if the value becomes too large.


74 Known limitations and considerations in this release

Known limitations and considerations in this release

Table 41 lists issues known to exist in the Ethernet Routing Switch 8600 Software Release 4.1and include the following topics:

Table 41 Known issues and considerations in this release

Issue category sub-category Page

Hardware and platform 75

SDM 79

Software Platform CLI 82

Switch Management 83

PCAP/Platform 84

Layer 2 VLANs 85

SMLT/STP 85

Link Aggregation Group (MLT/802.3ad) 86

802.1w (RSTP) - 802.1s (MSTP) 87

SLPP 88

VLACP 89

IPv4 Layer 3 IP 90

OSPF 90

BGP 91

HA (High Availability Mode) 91

IPX 93

Qos/Filters 93

IPv6 Layer 3 97

Multicast 98

Management MIBs/Management 100

Device Management 101


317177-D Rev 00

Hardware 75

Hardware

This section lists CRs relating to the following hardware areas:

• Hardware and platform• SDM

Hardware and platform

When hotswapping the active CPU/SF module in an Ethernet Routing Switch 8600 with redundant CPU/SF modules, wait until the redundant CPU/SF module is stabilized before inserting any other modules. The redundant CPU/SF module will display a login prompt on the console screen. If no console connection is available, wait for at least 30 seconds before inserting the replacement CPU module or before reinserting the removed CPU/SF module.

In addition, during a CPU fail over, do not hot swap the CPU or I/O modules until the new CPU becomes the master CPU.

When performing a hot insert of multiple I/O modules, before inserting a new I/O module, wait until the previous I/O module is installed and running and the online LED is solid green.

Caution: Do not hotswap or insert modules in an Ethernet Routing Switch 8600 chassis while the switch is booting. Doing so may cause the module not to be recognized and cause module initialization failure.

Note: Nortel strongly recommends that you configure access policies to reduce the risk of a network loop generating excess traffic on the out of band interface.


76 Hardware

Table 42 lists CRs found in Hardware and Platform.

Table 42 Hardware and Platform


Q01268044 In certain situations, such as in scaled environments, the loop-detect feature does not function properly. If you encounter loop-detect issues, contact your support engineer immediately.

Q01220157 Power supply information is not available when you power down a power supply.

Q00949959 The "show port error stats" CLI command does not display short packets on PR ports.

Q01157696 The “dpmGetActivityBit:ltrSyncSend FAILED” message appears when you reset switch with traffic running.

Q01151394 Wildcards for filenames are not functioning properly.Workaround: Use the complete filename.

Q01150029 You cannot remove a file larger than 40 characters from the flash memory. Workaround: Do not create files longer than 40 characters.

Q01150027, Q01150027-01

ATM and POS version strings require an update to Release 4.0.1.0./4.1.0. Workaround: Ignore message, proper version is downloaded.

Q01149063 ACL-Test traffic drops statistics, and counts statistics incorrectly.

When an R module replaces an existing pre-E, E or M module in the system, the switch resets the existing slot configuration to the default, and you must reconfigure the R module.

Q01028648 When a port receives broadcast/multicast control traffic at rate near the cp-limit threshold, and the R module is hot-swapped, the cp-limit can shut down the port on certain occasions. Any packet processing delayed during R module hot insertion causes packet processing rate overs. Workaround: Do not enable cp-limit on IST ports.

Q01273161-01 When copying files from the master to the standby CPU, you must enter the IP address of the peer, rather than the peer keyword. An example of an IP address for a peer of slot 5 is the IP address for slot 6.

Q01329845 Nortel strongly recommends that you enable autonegotiation on IST links to increase the speed of recovery time after failures. You can also set the speed either manually, or in duplex mode, which allows one side with autoneg, and the other side with a fixed speed. Duplex can cause longer convergence times.

Q01339891 Do not pull out the MASTER SF/CPU in HA mode. Reset the Master through software, triggering the HA failover.

Q01239850-01 The idle cell stats counters for OC-12 MDA in an ATM card do not update correctly. The counters are not in sync with the out-cells counter.

Q01348984 The "S_nfsLib_NFSERR_NOSPC close 0x30001c" error message appears during bootup when the PCMCIA is full.

Q01333465-01 You must reset the Multicast client after a the primary SLT link recovers from a failure.

317177-D Rev 00

Hardware 77

Q01351103 If an image file is corrupted, the switch may not boot properly. You must re-download the image and reboot.

Q01347241-01 In certain situations, an aggregation switch disables an SMLT upon CPU fail-over.

Q01279047-01 The 1000Base-T SFP Gbic remains enabled when you disable autonegotiation.

Q01274567-01 The switch interprets flow-control pause frames received on 8630GBR ports as errored frames.

Q01291155-01 A switch with the control-record-optimization flag enabled writes hardware records are for non-existent VLANs.

Q01349288-01 If network 223.x.x.x is reachable thru a 8648GTR, all traffic routed to this network is lost on the switch, except the Ethernet Routing Switch 8600 VLAN IP address. No connectivity is possible. The issue is resolved if the 8648GTR is replaced with a non R-module.

Q01347146-01 In certain situations, following a port down event, the operational state for other ports on the switch fluctuates.

Q01343746-01 When you configure an R-Module with port mirroring as RX or both, traffic is lost in certain situations.

Q01290320-01 When the switch detects link oscillations on a fiber port, it stops sending light signals and reports the action in the log. The port operational state remains up.

Q01329519-01 In a failover situation, multiple VRRP transitions occur on the slave VRRP before it initializes as the master.

Q01071646 The IPX protocol is not supported on R-Modules.

Q01094657 The switch functionality is affected when users reach scaling limits.

Q01082733 The “IPMC ERROR ipmSysArAddIpmcDestMacStreamRec:can't add MAC address Record” error appears when the switch exceeds the raru record space and continues to learn more records, such as route updates.

Q01333631 In a configuration between two switches, where ports on one switch have Auto-neg enabled, and ports on the other switch have Auto-neg disabled: if you enable the ports, ports on the switch with Auto-neg enabled remain disabled.

Q01309602 The System Task Monitor reboots the switch when certain tasks lock up.

Q01356095 Due to instability that occurs in HA mode, if the communication between both CPUs stops, the switch does not accept the “config bootconfig net mgmt cpu2cpu disable” command.

Q01356749 If you have an 8616GT installed, the “HW WARNING mdio timeout on read 2/8 regnum=0” message appears. The message indicates no issue with hardware functionality.

Q01354932 If you enable R mode on modules that do not support R mode, R mode is not enabled, but the runtime config displays R mode as enabled.

Table 42 Hardware and Platform (continued)



78 Hardware

Q01360682 If the default action is set for by-mac in Access Policies to deny, you must add an entry that includes the mac address of the master CPU. Adding the master CPU mac address avoids a failure when you save the configuration to the standby CPU when HA is enabled.

Q01359501 In certain configurations, the switch displays “ICMP Destination Unreachable” messages.

Q01358575 Reverse Path Checking is not supported while in strict mode on IST ports.

Q01365201 Before upgrading firmware, and the XSVF files in particular, Nortel strongly recommends that you verify the MD5 signature. File corruption during the transfer can affect I/O module functionality, and require a return manufacturing agreement (RMA).

Q01371737 In certain situations, hardware messages appear at bootup, and the switch stops operating. If this situation occurs every time you boot up the switch, there is an issue with the 8692CP/SF.

Q01281923-01 Q00977431Q01351108

To use IPV4/IPV6 jumbo frames forwarding, the system level MTU value must be set to 9600. For IPv6 only, you must also set the Path MTU at the interface level to 9600.For IPV6 control plane applications such as Ping, Telnet, DNS, SSH, SCP, SNMP and OSPFv3, Jumbo frames are not supported.

Q01376484 The Device Manager command to monitor the buffer utilization from the CPU ("show sys perf," when using the CLI ) does not function properly.

Q01377920 When you enable IPFIX on a switch that has an out-of-band collector, and the exporter IP is either the CLIP IP or Mgmt-virtual-IP, the IP is not reflected in the collector.

Q01378584 Using a string longer than 64 characters when configuring the PPP attributes for the modem connection can impact other modem configuration parameters.

Q01386717 Hot-swapping an 8681 module with an 8683 module corrupts the run-time configuration because the 8681 module configuration does not clear completly. Therefore, the 8683 ports are disabled even though the link is up and the remote end is up. The ports will not come up after they are disabled.Workaround: Disable the slot containing the 8681 module before you hot-swap with the 8683 module. Enable the slot after the 8683 module loads.

Q01395294 In some extremely rare cases, the following error message displays: “CPU [5|6] [ [date] [time]] HW INFO <module type> card on slot <slot number> bootup timeout. Related configuration will be lost”. This error message displays after a reboot. The side effect is that the ports of this module use the default configuration. If you experience such conditions, please contact your Nortel representative immediately.

Table 42 Hardware and Platform (continued)


317177-D Rev 00

Hardware 79

SDM

Table 43 lists CRs found in SDM.

Table 43 SDM


Q01340065 Nortel strongly recommends that the VLAN ID 4094 not be used as the Management VLAN. This value is used internally by the system.

Q01345739 SDM is supported with R-modules, but not with R mode enabled. You can use R-modules in a switch with SDM and a mix of R-modules and E or M modules. However, you cannot enable R-mode with an SDM module installed. The main difference between normal mode and R-mode is the supported number of records. R-mode, supports a maximum of 256k records and non R-mode supports a maximum of 128 k records. Note: If you boot the Ethernet Routing Switch 8600 with R mode enabled, all SDM cards will be taken off-line.

Q01345746 Multicast mode is not supported in the current SDM release.

Q01304648 If two SDM cards are installed in the chassis, the second card is booted only after first card completes a reboot sequence and registers with the CPU.Ethernet Routing Switch 8600 requires up to 1 minute and 10 seconds to reboot the second card. The switch reboots the second card only when it receives the following message from the first card: "switch_A:5# CPU5 [02/05/06 08:38:43] HW INFO Slot 1 BCM 5690 Init Done."Note: The master synchronizes the SDM-related information to the slave only after the message is displayed.

Q01305603 You must change the default IP and the TPS name to facilitate differentiation before adding multiple ISes to a DC.

Q01206314 SDM_FW: The maximum length of system name is 31 characters.

Q01152585-01 SDM_FW: Users are not warned with a Yes/No dialog box before moving to the next wizard.

Q01234443 SDM_FW:[BBI & CLI]:The switch does not prevent users from adding a broadcast IP as a Proxied IP.

Q01234467 When you enter the “/i/fwmon” command to upload exported data from the backup iSD to an ftp server, the upload fails and the switch displays the “Connection attempt time-out. Upload failed” error message.Workaround: Add two static routes on the FTP server to ensure the FTP server can reach the SSI hosts (two iSD host IPs).

Q01233317 BBI info is not displayed properly after more than 24 hours of inactivity.

Q01245309 An SFTP transfer for tech support dump, and/or a remote backup does not function properly when you place special characters (such as #) in the password.

Q01240365 SDM-FW:[GRE] You cannot create the fifth GRE tunnel on an single IF.


80 Hardware

Q01245591 SDM-FW:[Radius Authentication] An error message appears when you add more than 3 servers.

Q01245220 SDM_FW:[GRE] Modifying the GRE SIP IP disables OSPF MD5 on the iSD.

Q01250379 SDM_FW: The switch does not display an error message when an SFTP upload of exported log information fails due to incorrectly-entered login information.

Q01272434 SDM_FW: SecureID does not function properly when you configure Client Authentication - Fully Automatic Sign On with a service “Any” rule.

Q01277718 SDM_FW: The source Ip addresses of RTP packets are not changed to Hide NAT. Addresses are still the original IP addresses.

Q01256317 SDM_FW: The switch shows a link as "up" for port 3 after you unplug the cable from port 3.

Q01276159 SDM_FW:VOIP H323 - GateKeeper to GateKeeper - without the enforce handover rule is not functioning properly.

Q01277629 SDM_FW: ClusterXL - Load Sharing Mode, Static NAT for the internal phone: VOIP-H323 is not functioning properly when placing the call from an internal phone to an external phone.

Q01275211 SDM_FW: VOIP H323 - GateKeeper in DMZ network - without enforce handover rule, Hide and Static NAT for an internal phone, does not function properly.

Q01280999 You must disable and enable synchronization if you remove, and reconfigure a synchronized VLAN.

Q01263258 SDM_FW: FTP, HTTP and Telnet sessions are lost in a failover from powering down the master iSD.Workaround: modify the FTP timeout value to facilitate Windows FTP servers.

Q01274279 VOIP H323 - GateKeeper in a public network - without the enforce handover rule: Hide and Static NAT does not function properly.

Q01234453 SDM_FW:[BBI] A runtime error appears when using Internet Explorer 5.0.

Q01316824-01 After disabling the web service (http), the “/info/clu” or “ps -A|grep httpd” command shows that the web service is still running.

Q01319328-01 The SNMP trap source IP is not correct when you set the trap source to MIP.

Q01245603 Sending traps for GRE events is not supported.

Q00893507-01 SDM_FW: VPN Client-to-Site does not support DH group #1 and DH group #5.

Q01234876 SDM_FW: The switch does not display a confirmation message upon a successful reset of the SIC connection.

Q01274254 SDM_FW: The switch does not display the CPU usage correctly or consistently from commands entered for different iSDs.

Q01280216 The switch experiences a complete or partial traffic loss when you disable ports (IST and SMLT) on an aggregation switch.

Table 43 SDM (continued)


317177-D Rev 00

Hardware 81

Q01357033 When you enter the "config naap minislot disable" command, the SDM console is set to the last minislot that was disabled, even if you configure the console to a specific minislot.

Q01365541 SDM_TPS(SF): RNA is not supported in SDM-TPS 4.5.1 on Ethernet Routing Switch 8600 Release 4.1.0.

Q01367525 SDM_TPS(DM): You cannot open TPS home page from Device Manager.

Q01373513 The Null pointer error message is shown on the TPS console if you select the eth2 port from the TPS Interface Set page. Do not select eth2 from the available interface options.

Q01374050 On Ethernet Routing Switch 8600 modules, you can add only one port per lane to a IS cluster.

Q01374884 SDM_FW: The switch allows you to configure the same IP address for two radius authentication servers that have different secret keys.

Q01375715 SSH and Telnet sessions are not removed from the system when you disable SSH and Telnet services.

Q01376150 The switch does not capture port mirroring changes when you manually halt or reboot one of the ISDs in an IS cluster with two ISDs as members.

Q01366564 SDM_FW: The Abstraction command fails if you enter the command when another user is logged onto the iSD.

Q01374537 Once a rsh session is initiated through the CLI Abstraction feature on the Ethernet Routing Switch 8600, any other rsh client can communicate to the FW using rsh. There is currently no method available to restrict this access.

Q01361788 You cannot open more than one simultaneous browser to view the TPS task status.

Q01377793 Do not set OPSEC Response Timeout to zero.

SmartPortal is not supported.

Wait five to seven minutes between successive reboots of Ethernet Routing Switch 8600 to ensure that all ISDs boot up completely. Waiting five to seven minutes prevents the switch from resetting the ISDs during the booting process.

Q01388620 SDM_FW: Firewall cluster creation fails in Device Manager if you specify a cluster sync VLAN. Workaround: Do not specify a cluster sync VLAN in Device Manager when creating a Firewall cluster. You can add the cluster sync VLAN after you create the cluster.

Q01388725 SDM_FW: The system may panic under high stress when all protections of SmartDefense are enabled.

Q01328882-01 TPS loses default gateway after network setting from GUI change.

Table 43 SDM (continued)



82 Software

Software

This section lists CRs that refer to software in Release 4.1.0.

• Software Platform• Layer 2• IPv4 Layer 3• IPX• Qos/Filters• IPv6 Layer 3• Multicast• MIBs/Management• Device Management

Software Platform

This section lists CRs in the following areas:

• CLI• Switch Management• PCAP/Platform

CLI

Table 44 lists CRs for the CLI.

Table 44 CLI CRs


Q01378598 The "config cli loginprompt <string 1-1536>" and "config cli passwordprompt <string 1-1536" commands provide options for changing the string length within the range 1-1536. The command only accepts a maximum of 20 characters.

317177-D Rev 00

Software 83

Switch Management

Table 45 lists CRs for Switch Management.

Q01392477 Nortel strongly recommends that you do not enable the CLI logging feature when you have a large configuration file. If you do so, it can severly impact the boot time.

Q01392893 Before setting an ACE defining a mirroring action, the configuration of the mirroring port (and enabling the mirroring function) must be setup properly. Not doing so will redirect the traffic on the mirrored port.

Table 45 Switch Management

CR Reference Description

Q00786952-01 Q01094368-01

SNMP authentication through RADIUS is not currently supported.

Q01094368Q01094361

SNMP authentication/accounting do not function properly.

Q01273161 The CLI "copy to peer" command is not working properly. Workaround: use TFTP/FTP from a remote station

Q01288496-01 The "@" character cannot be used when creating SNMP community strings.

Q01258567-02 In certain situations, the switch restricts SNMPv3 access.

Q01319670 Nortel strongly recommends that you do not disable the management IP address when sessions, such as telnet and rlogin, are established. When you disable the management IP address, the sessions stop functioning until the CLI timeout closes the sessions.

Q01338891-01 When the PCMCIA is full, and you enter the “show clilog file tail” command the switch stops operating.

Q01272531 SNMP traps configured with non-default target parameters do not function properly.

Q01266696 The switch generates no SNMP traps or logs for an unauthorized logon.

Q01256235-01 The SNMPv1 user can view and modify SNMPv3 object tables.

Q01359530 When the rlogin flag is set to false, and you attempt an rlogin to the debug environment, a protocol error message is displayed rather than the expected warning message and timeout.

Q01335611-01 Setting the SNMP attribute "rcSysAction" to 13 results in no configuration save to flash. rcSysAction has been modified. To save the runtime configuration, enter a value of 7 for rcSysActionL1.

Table 44 CLI CRs



84 Software

PCAP/Platform

Table 46 lists CRs that result from the Packet Capture (PCAP) feature in relation to the hardware platform.

Layer 2


• VLANs• SMLT/STP• Link Aggregation Group (MLT/802.3ad)• 802.1w (RSTP) - 802.1s (MSTP)• SLPP• VLACP

Q01365594 If you establish an FTP session to a switch through the management port, and close the session through the client, the session remains in a time-wait state, rather than being cleaned up.

Q01374546 When creating a new SNMP group, do not use special characters, such as blanks.

Table 46 PCAP and platform

CR Description

Q00998894-01 PCAP is not supported on switches with a Supermezz module installed.

Q01010261 If you enable PCAP on more than one port on an R-module, the message SW ERROR dpmSetMirrorIngressEnable: slot # already has mirroring enabled for pim_port # appears, even though the ports are configured correctly.

Q01365179 In HA mode, you must use the CLI to configure PCAP. Device Manager does not currently support the proper configuration of all parameters.

Table 45 Switch Management (continued)

CR Reference Description

317177-D Rev 00

Software 85

VLANs

Table 47 lists CRs found in VLANs.

SMLT/STP

Table 48 lists SMLT/STP CRs.

Table 47 VLANs


Q01283554 The “Get Mac Address” error message appears when you scale 1972 PIM Vlans.Workaround: Nortel does not recommend building configurations with more than 500 PIM VLANs.

Q01095317 If the VLAN or port interface does not have an IP address configured, control packets received on that interface are sent to the CPU with QOS 7.

Caution: In an SMLT-VRRP setup, with critical-IPs for VRRP configured within both IST core switches, routing between directly-connected subnets ceases to work when connections from each of the Ethernet Routing Switch 8600 switches to the exit router (critical-ip) fail. Nortel recommends that you not configure VRRP critical IPs within SMLT or R-SMLT environments, as SMLT operation provides the same level of redundancy automatically.

Table 48 SMLT/STP


Q01296215 The recovery time in a RSMLT configuration is longer than one second when using 1000BaseT SFPs.

Q01331038Q01334059

In certain situations, in an SMLT configuration, the designated port appears as null if the spanning tree is disabled on designated ports; there is no negative impact to the system.

Q01269495 If the operational state of the last link fluctuates (flaps), traffic stops for 154 seconds.

Q01334839 When you enable or disable STP on ports, the switch does not display the port status correctly.


86 Software

Link Aggregation Group (MLT/802.3ad)

Table 49 lists Link Aggregation Group (MLT/802.3ad) CRs.

Q01366973-01 The CLI show command displays an inaccurate value for SMLTs when you assign 32 or more SMLTs to the same RSMLT VLAN.

Q01365866 In certain situations, the “show ip rsmlt info” command does not display single-port SMLT IDs.

Note: When you are building a network between two 8600 switches, or any other Nortel switch supporting MLT, Nortel recommends using MLT. 802.3ad is recommended when a different vendor switch is connected to the 8600 switch. The convergence time for MLT is less than the convergence time for 802.3ad. With the shortest supported timers, LACP offers a convergence time of 1.2 seconds. With MLT or SMLT, the typical convergence time is below one second.

Note: By design, the 802.1q tagging status of an MLT is linked to the configuration of port members when LACP is enabled on ports and the MLT. If a change in tagging is made at the port level, the tagging configuration of the associated MLT or LAG follows the change. If the LACP status of an MLT is disabled, the 802.1q tagging state changes to the default setting: disable.

Table 49 Link Aggregation Group (MLT/802.3ad)


Q01157421 You must enable multicast distribution on all MLTs on a VLAN to allow proper multicast distribution.

Q01141374 You must create VLANs prior to creating MLTs. Workaround: Always provide a name for MLT1

Table 48 SMLT/STP


317177-D Rev 00

Software 87

802.1w (RSTP) - 802.1s (MSTP)

Table 50 lists 802.1w (RSTP) - 802.1s (MSTP) CRs.

Q01141379 You must name MLT 1 before you can create additional MLTs.

Q01051356 When you create a L3 mcast mac filter, you cannot add ports or MLT under L3. You must add ports/mlt through L2 commands, as an L2 entry is created along with the L3 mcast mac filter.

Q01194685-01 The current release does not support standby mode for aggregation groups larger than 8 ports.

Q01349956 The switch displays the LACP key range incorrectly in the config command. There is no negative impact to the operation.

Q01349937 When you remove a port from an LAG, the port is not aggregated, and is still displayed as part of the MLT.

Q01359706 In the current implementation, ports of different card types cannot be assigned the same key. If ports are already in one aggregator, add ports from a different card type for the same aggregator asfollows:1. Assign a different key to all the ports (that previously had the same key as the aggregator). This action removes the ports from the current LAG.2. Assign the same key to the new ports. After enabling LACP on the ports, ports belong to the aggregator with the matching key.

Q01342790 Do not change the port speed or mode after you configure LACP. The following error message appears in certain situations:edge13:6# CPU6 [03/28/06 15:36:35] LACP INFO lacpOperDisablePort: LACP operationally disabled on port 3/21 because the port's capability doesn't match key 1236 's capability

Caution: Because the VLAN configuration in RSTP/MSTP mode uses a different syntax (config vlan <vlan-id> created byport-mstprstp <sid>, saving the configuration and rebooting the switch in default spanning tree mode fails. The command is not valid in previous releases. You must save previous configuration files before upgrading your switch in RSTP/MSTP mode.

Table 49 Link Aggregation Group (MLT/802.3ad)



88 Software

SLPP

Table 51 lists SLPP CRs.

Table 50 802.1w (RSTP) - 802.1s (MSTP)


Q01283546 RSTP does not converge on MLT ports between the Cisco 6500 and Ethernet Routing Switch 8600 when the Cisco switch is the root. RSTP does not converge with CatOS, but converges with IOS.

Q01271523 You can affect switch functionality when you enable RSTP. You must Reboot the switch to change the flag.

Q01359458 The switch displays default STP information in the CLI when you configure RSTP.

Note: When using a cross cable (upon reception of a self originated SLPP-PDU), the SLPP packet-Rx threshold is not respected as per design. Whenever a port x receives one SLPP PDU, it will send a notification to port y since they're in the same group (MLT/SMLT). Port y will increase its SLPP-Rx counter by one. If the threshold is not exceeded, port y won't be shut down - while at the same time, port y is also receiving one SLPP PDU from port x through the cross cable.

Table 51 SLPP


Q01297558 With SLPP enabled, the "SW WARNING slppRx: SLPP packet was received on Port x/y on VLAN xxx, but the packet is originated on VLAN yyy from SRC-Mac xx:xx:xx:xx:xx:xx" error message appears occasionally.

Q01244404 SLPP is supported only on port-based VLANs. MAC-based, Protocol-based or IP subnet based-VLANs are not supported.

Q01231383 SLPP and 802.3.ad are mutually exclusive. SLPP is also not supported on LACP-based SMLTs.

317177-D Rev 00

Software 89

VLACP

Table 52 lists VLACP CRs.

IPv4 Layer 3


• IP• OSPF• BGP• HA (High Availability Mode)

Note: You cannot modify the default MAC address or the Ethertype for a VLACP port.

Table 52 VLACP


Q01352932 If the fast timers allow sub 100ms in a pure layer 2 point-to-point configuration, faster convergence is not supported when ECMP is implemented on the top of the link. Nortel recommends that you maintain a simple configuration, with routed VLANs, but without ECMP.

Q01361752 A warning message starting with "HAL WARNING BAL" appears on certain occasions when you disable VLACP.

Q01363879 Nortel strongly recommends that you use the short VLACP timers in Ethernet Routing Switch 8600 to Ethernet Routing Switch 8600 connections in core networks (square/full meshed configurations). Systems are tested and optimized for these configurations.

Q01389709 VLACP link up messages can display in the log file when you enable VLACP short timers. There is no negative impact to the switch.


90 Software

IP

Table 53 lists CRs found in IP.

OSPF

Table 54 lists CRs for OSPF

Table 53 IP


Q01213107-01 The ARP table can become corrupt in SMLT when the CPU processes other messages.

Q01183545 The remote mirroring configurations are not displayed in web management.

Q01340902 You must enable ICMP redirect for both IPv4 and IPv6 for proper functionality.

Q01348336 icmp-error-interval is not functioning properly.

Q01348974 The "IP ERROR rcIpAddRoute: addIpRoute failed with -102" error message appears in certain situations.

Table 54 OSPF

CR reference Description

Q01270415-01 In certain situations, routes are still displayed in the LSDB table after an OSPF adj state recycles through the exch/ex-start.

Q01337055-01 The "match-tag" parameter accepts the Automatic Tag value, such as 0x9000FC00, but does not function properly.

Q01337026-02 When the "set-automatic-tag" value is set to ASN, the Next-Hop-AS value does not appear in the OSPF tag.

Q01336761-02 The switch generates Automatic Tags when the “set-automatic-tag” value is set to DISABLE.

Q01341373-01 When the switch, configured with ECMP, learns two OSPF external routes for the same destination from two neighbors, the switch installs only one route in the routing table instead of the expected two. This issue occurs only when the ASE forward address is set.

Q01084845 The switch cannot learn 400 ARPs when scaling with 6 areas/16 adjacencies/6000 routes.

Q01084844 In certain situations, when using TeraRouting to inject areas/adjacencies/ IP routes that exceed the supported record limit for normal mode, the switch continuously prints errors and stops the TeraRouting.

317177-D Rev 00

Software 91

BGP

Table 55 lists CRs found in BGP

HA (High Availability Mode)

Note: Nortel strongly recommends that you install the 256 MB DRAM upgrade package in order to use BGP.

Note: BGP is not supported in HA layer 3 mode.

Table 55 BGP


Q00985509 When a BGP route enters the Dampened-paths table, Device Manager displays the initial Flap Penalty correctly. Then, as the Penalty is decreased, further refreshes do not update the Penalty. Once the route enters the reuse state, Device Manager then sets the penalty to 512 (the reuse threshold) even thought the penalty will continue to decrease.

Q01260784-01 The "show ip bgp neighbor advertised-route" CLI command output is not complete.

Q01088936 Adding a “no-export community announce” policy does not withdraw flooded routes.

Q00975576 Not all BGPv4 MIB standards from RFC 1657 are implemented.

Q01326122-01 In certain situations, the switch stops operating when you delete BGP peers from a peer group.

Q01347912-02 When you set the default-local-pref setting to 0, the switch rejects external peers routes on the side where you set the preference.

Q01336541-01 When you configure the "set-origin" parameter, it has no effect on the BGP route origin.

Note: Nortel Networks does not currently support ATM and POS modules in the High Availability Mode.


92 Software

Table 56 lists CRs for High Availability (HA)

Note: If you plan to use HA, verify that the backdoor bus used between the 2 CPUs is configured in FULL DUPLEX mode. Access this parameter in the CLI with the following command:

config bootconfig net cpu2cpu infoconfig bootconfig net cpu2cpu speed 100config bootconfig net cpu2cpu fullduplex true

If the link is not configured in 100Mb/s & full duplex mode, the synchronization of the 2 CPUs will not be possible, or will take a long time. Some errors will pop up on the console (Q00839619).

Note: BGP is NOT supported in HA mode. All redistribution parameters (policies) are not synchronized in HA (Q00786353).

Note: Due to certain technical considerations, Ethernet Routing Switch 8600 Software Release 4.1.0 does not support the VRRP Fast Advertisement Interval. A consistency check prevents you from enabling the feature.

Note: L3 multicast routing protocols are not HA-capable (includes DVMRP, PIM-SM, PIM-SSM, and all features related to these protocols) (Q00108384).

317177-D Rev 00

Software 93

IPX

Table 57 lists CRs found in IPX.

Qos/Filters


• QoS• Filters

Table 56 High Availability (HA)

CR reference Description

Q01365582 If you disable a line card manually, you cannot enable the line card after a failover. You must restart the card to enable it.

Q01381230 HA-CPU does not support EAP.

Q01399802 For protocols with short timers (typically 802.3ad, VLACP, 802.1w/s, VRRP), the HA transition between both CPUs does not provide sub second failover, generating some protocols to re-converge. Nortel recommends that you use the long timers for the 802.3ad protocol (as well as for VLACP). A transition will most likely occur between bridges (802.1w/s) and gateways (VRRP). Please note that in some cases, upper layer protocols can be impacted as well depending on the duration of the re-convergence (for example, OSPF).

Table 57 IPX


Q01250711-01 IPX delay timer and pace values are linked as follows: Pace = 1000/DelayTimer.Pace is the variable that signifies how many packets are sent per second. This value cannot be a fraction. If you enter the value as 250, the pace is 4. If you enter the value as 251, the pace is 3. The switch recalculates the delay time each time the delay timer is modified.


94 Software

QoS

Table 58 lists CRs found in QoS.

Filters

Table 59 lists CRs found in legacy module filters.

Table 60 lists CRs that relate to R module filters.

Table 58 QoS


Q00994849 If you configure a traffic policer on a port or VLAN, the download throughput of TCP-based applications varies 20% to 40% from the configured Peak Rate.

Q01014278 The multimedia feature does not function properly or satisfy the CS1000 requirement.

Table 59 Legacy module filters


Q01140881 There is inconsistency in behavior of non-zero destination/source filters when the port mode is drop and filter mode is forward.

Q00501427 You can enable only one multimedia filter, and only two different multimedia filters on the system simultaneously.

Q01286984-01 In certain situations, IP Filters do not function properly after an HA-CPU switch-over.

Table 60 R module filters


Q01153170 The current release does not support egress queue redirection on R-modules for multicast/broadcast/unknown-dest-mac traffic.

Q01093907 The current release does not support remarking DSCP and/or 802.1p bits using Outport/OutVLAN ACLs.

Q01059744 Dropped packets are not mirrored if you apply ingress filtering and egress mirroring.

Q00988302 The ability to police all incoming traffic on a port using a filter (default action), is not currently available. Workaround: Classify incoming traffic using an ACE, and bind the ACE to a traffic policy.

Q01052770 Memory use information for filter configuration is not available from the ACL info CLI command.

317177-D Rev 00

Software 95

Q01225796-01 When you disable a default QoS port configuration (DiffServ), an ACL with a permit/remark-dscp action drops IGMP joins if the joins match the ACL.

Q01253022 In certain situations, when you create an ACL with type “inVLAN” that uses an ACT based on the source IP address, the ACL does not function properly after the ARP aging time. This issue does not create a security breach. Workaround: See QoS and Filtering for R Modules 318637-B for configuration instructions.

Q01376304 Dynamically created filters with redirect next hop do not function properly until you save the config and reboot the switch, even though the next hop is reachable.

Q01390758 For R Modules, you cannot use SNMP set to configure an egress ACL when the ACE mode is set to deny and it uses the default redirect action (0.0.0.0). Workaround: Use the CLI.




96 Software

Q01359657 The legacy global fdb filter command "config fdb fdb-filter" is not applicable or supported for R Modules. If you use this command in the Ethernet Routing Switch 8600 running 4.1.0.0 software containing R Modules, you may notice the following error messages logged in the log file. COP-SW ERROR Slot 4: ercdDeleteArpRecordByKey: rcdRadixLookup failed. key = 0xX XXXXXXXX

[04/11/06 12:59:41] COP-SW ERROR Slot 4: ercdProcArpRecMsg: Failed to Delete Arp Record for Ip X.X.X.X

[04/11/06 12:59:48] COP-SW ERROR Slot 4: ercdAddIpRecord: ARP rcdRadixLookupEntry failed.

[04/11/06 12:59:48] COP-SW ERROR Slot 4: ercdProcArpRecMsg: Failed to Add Arp Record for Ip X.X.X.X

[04/11/06 12:59:57] COP-SW ERROR Slot 4: ercdDeleteArpRecordByKey: rcdRadixLookup failed. key = 0xX XXXXXXXX.

Workaround: Use the ACL based filters.

Q0137997 There is a limited amount of memory reserved for the creation of ACL based filters on R Modules. When this limit is reached, the following error message(s) may be logged into the log file:

CPU5 [05/23/06 10:51:08] COP-SW WARNING Slot 3: ercdAddCollapseBin: Warning: more than 20 bins in cIngressBinList

CPU5 [05/23/06 10:51:08] COP-SW ERROR Slot 3: ercdAddCollapseBin: rcdRspMalloc failed for INGRESS RSP memory allocation

CPU5 [05/23/06 10:51:08] COP-SW ERROR Slot 3: ercdGetCollapseNode: collapse node creation failed

CPU5 [05/23/06 10:51:08] COP-SW ERROR Slot 3: ercdFilterRdxResultUpdate: ercdGetCollapseNode() Failed !!

Please follow the suggested recommendation to avoid reaching memory limits: When you configure a new ACT, choose only the attributes you plan to use when setting up the ACEs. For each additional attribute included in an ACT, an additional lookup must be performed. Therefore, to enhance performance, keep the ACT attribute set as small as possible. For example, if you plan to filter on source and destination IP addresses and DSCP, only these IP attributes should be selected. Note that the number of ACEs within an ACL does not impact performance.



317177-D Rev 00

Software 97

IPv6 Layer 3

Table 61 lists CRs found in IPv6. Nortel strongly recommends that you contact the PLM team if you plan to configure IPv6 in your production network. Nortel requests the opportunity to review your planned configuration, and assess whether your network will support the configuration.

If your IPv6 configuration supports High Availability mode, the synchronization applies only to the configuration. During a failover, all protocols restart, causing a complete table recalculation and an impact on traffic.

Contact the PLM team for additional IPv6 CRs not listed in Table 61.

Table 61 IPv6


Q01293960 There is no specific command to display the operational status for a tunnel interface.Using Device Manager you cannot view the operational status of a configured tunnel. Use the CLI to view Tunnel operational status.Workaround: Nortel recommends using the CLI command "show ipv6 tunnel interface" to view the tunnel operational status.

Q01265304 The “show ipv6 interface info” CLI command displays incorrect data when the SuperMezz is installed on the switch.

Q01248313 The switch performs the duplicate address detection (DAD) function each time an LACP-enabled port is added to a link aggregation group.

Q01349149 The ace operator "ne" in src-ipv6 and dst-ipv6 not functioning properly.

Q01337236 IPv6 does not currently support a legacy interface (Non E/E/M modules) routing an IPv6 tunnel. Use R modules to open, terminate, and transport the configured tunnel.

Q01194721 On certain occasions, the IPv6 filter does not take the required action when encountering an exception bit.

Q01349945 The "replaceIpv6NbrRecordToBinTable" appears after you inject OSPFv3 routes or reboot the switch.

Q01366271 When you configure and IPv6 filter with a TCP value for nextHdr, the switch does not route traffic properly.

Q01351108 Q01342734

For IPv6 interfaces, the supported MTU range is 1280-1500, and 9600 only. 9600 is for jumbo frames forwarding only. The MTU value must be set at both the system level and at the interface level.

Q01239542 IPv6 does not support the Ping and Trace Route MIB.


98 Software

Multicast

This section contains CRs in the following areas:

• Multicast• Multicast SMLT

Q01375803 The switch reports an incorrect data fragment size between the destination and source switches for packets larger than 37000 bytes.

Q01281923-01 Q00977431Q01351108

To use IPV4/IPV6 jumbo frames forwarding, the system level MTU value must be set to 9600. For IPv6 only, you must also set the Path MTU at the interface level to 9600.For IPV6 control plane applications such as Ping, Telnet, DNS, SSH, SCP, SNMP and OSPFv3, Jumbo frames are not supported.

Q01294378 IPV6 tunnel stats are currently not available.

Q01391534 The console hangs when showing the OSPF link-state database table if you specify a link-state advertisement type of 2 or 3.

Q01388683 When Ingress Records In-Use exceeds the Ingress Threshold with the trap option enabled, the following message can display: Warning: The Number of Ingress Records greater than configured threshold.

This message is repeated xxx times. Then the following message displays: CPU5 [06/06/06 14:33:20] IPMC WARNING The Number of Ingress Records greater than configured threshold

To prevent any issue with Telnet and Device Manager, Nortel strongly recommends that you disable the trap option as follows:1. From the Device Manager menu bar, select IP > Multicast. 2. Select the Resource Usage tab (on far right).3. In the Resource Usage tab there are three options for traps and logging:

SendTrapOnly, SendTrapAndLog, and LogMsgOnly. Make sure that you disable the SendTrapOnly and SendTrapAndLog options.

Table 61 IPv6 (continued)


317177-D Rev 00

Software 99

Multicast

Table 62 lists CRs found in Multicast.

Multicast SMLT

Table 63 lists CRs for Multicast SMLT.

Table 62 Multicast


Q01095491 The full IGMPv3 implementation is not available. Workaround: A partial IGMPv3 implementation is supported for PIM-SSM

Q00943236 In highly scaled multicast environments and mixed chassis deployments, you must place the Multicast senders on E or M modules, and the Multicast receivers on E,M, or R modules.

Q01081220, Q01072973

With DVMRP on multiple VLANs over SMLT/IST, the maximum number of supported source and multicast group is reduced to 500.

Q00978649 Traffic stops when you insert a port into an MLT with mcast distribution enabled.Note: When an MLT port goes down with Multicast redistribution disabled, only the affected streams are distributed on the remaining active ports. When the inactive port becomes active, traffic will not redistribute on that link/port.

Q01334752-02 MC-PIM: The Multicast stream does not return to the primary path correctly following a Spanning Tree fail-over. That is, after STP reconverges and returns traffic back to the Multicast primary path.

Q01089146 The switch drops PIM traffic is when you disable a non SPT/RPT link.

Q01346058-01 Routed multicast streams are disallowed when you configure an IGMP static entry.

Q01073235-03 Set FwdCacheTimeout to a value more than or equal to 3.5 times the JoinPruneInterval interval to avoid intermittent packet loss.

Q01007414 Release 4.1.0 does not support Multicast Source Discovery Protocol.

Q01365553 In certain situations, manually disabling PIM on a non-RP/non-BSR switch results in significant traffic loss.

Q01386666 8648GTR MLT configurations are only allowed with other 8648GTR ports, either on the same 8648GTR module, or between different 8648GTR modules within the same chassis. Configurations to 8630GBR ports, even if using a TX SFP, or any classic module ports are not allowed.

Q01387898 If you remove or add a port to a MLT/LAG that already includes ports, all of the ports go through the update process. You will notice a traffic loss until the update completes.


100 Software

Management


• MIBs/Management• Device Management

MIBs/Management

Table 64 lists CRs for MIBs/Management

Table 63 Multicast SMLT CRs


Q01270581 In certain situations, the switch duplicates traffic on IST ports. Consult Network Design Guidelines 313197-E for additional information.

Q01338665-01 In networks with more than three nodes, with SMLT up, the switch makes no active receiver or static IGMP entries on Bondi nodes.

Q01359698 In an RSMLT configuration, packet loss can occur when one of the core switches stops functioning.

Q01370959 When two aggregation switches boot in a square SMLT configuration, the switch generates duplicate traffic in certain situations.

Table 64 MIBs/Management


Q01142068 Device Manager currently receives and processes RMON SNMP traps incorrectly.

Q01095157 The switch currently receives RMON traps as SNMPv1 only.

Q01340275-02 The switch corrupts RMON alarm packets on certain snmp packet fields. Trap receivers then drop the packets.

Q01346327-01 The 64-bit mib counters are not formatted properly.

Q01296387 The IpNetToMedia table does not maintain the critical port info that is available in the ARP table.

Q01290263 A MIB walk fails when multiple paths lead to the same destination, and the alternative route feature is enabled or ECMP is enabled.

Q01396080 SNMP MIB object "ospfLsdbAdvertisement" results in a segmentation fault.

317177-D Rev 00

Software 101

Device Management

Table 65 lists CRs found in Device Management and the CLI.

Table 65 Device Management


Q01242524 With the current Device Manager build, Device Manager allows a mismatch of management port IP addresses.

Q01059825 You must organize ports in groups of 16 to display group statistics in Device Manager Workaround: Use the CLI instead.

Q01136723 CPU utilization remains at 100% when you view ARP entries through Device Manager. Workaround: Use the CLI.

Q00986195 If you attempt to log in to Device Manager using an invalid privacy password, a Timeout message is displayed. Workaround: Use the CLI instead.

If the CPU use is 100%, the log messages written to the system log files are rate limited. A message is added to the log file indicating the number of missed messages.

Q01058050 The CLI operation and responsiveness slows down when the trace log option is enabled.

Q01281917 The taskbar does not show the Device Manager icon when multiple instances are grouped together.

Q01329237 The txFilter and bothFilter options are missing on the Device Manager PCAP tab for a port.

Q01351507-01 If the switch has dual CPUs, and Device Manager is left running on the switch IP, the switch generates MainTask yielding violations in the READOP for VRRP, LACP, and VLACP.

Q01291094-01 Device Manager displays an incorrect value for “EAPOL session time.”

Q01272448-01 Device Manager allows you to configure MGMT IP on the same subnet as an existing VLAN IP.

Q01351670-01 When you configure an MLT or a port as aggregatable (LACP), Device Manager continues to display the MLT or port as 'MLT/LACP..." in the LACP table.

Q01321079 Device Manager does not support wildcards for purging ranges of the MAC addresses and VLANs.

Q01359466 Device Manager displays incorrect port STG information when you enable RSTP.

Q01367942 When you open Device Manager, the "snmpIoWrite sendto failed : bufSize = 97,pRemote = 0x84965824, pLocal = 0x0" error message appears on certain occasions. The message is not the result of an issue with switch functionality.

Q01375932 Device Manager does not display legacy IP filter statistics properly. The CLI displays statistics properly.


102 Related publications

Related publications

For more information about the Ethernet Routing Switch 8600 Software Release 4.1, refer to the publications listed in this section.

Q01378126 Device Manager does not allow you to change the following values for the net management port: Mask, "AdminStatus", "AutoNegotiate" and "EnableBootp."

Q01378203 Device Manager lacks the option to configure the connect-retry-interval for BGP peer groups.

Q01378337 For R modules, the following command has been added to display the path for specific IP traffic based on the source/destination addresses: getEcmpRoute src-ip <value> dest-ip <value>

Q01375041 On the 8010co chassis, the power supply LEDs in Device Manager are not updated correctly when an event occurs. Please consult the trap event log for a complete description of events.

Q01375258 The displayed power consumption does not change when you remove a card. Consult the installation guides for a complete description of the power requirement/consumption values for each Ethernet Routing Switch 8600 module.

Q01381414 Device Manager allows you to modify the rate limit for R modules. The two commands in the CLI that change the rate limit: "config ethernet <port> broadcast-rate-limit <value> [<enable|disable>]" and "config ethernet <port> multicast-rate-limit <value> [<enable|disable>] are not available for R modules. Do not attempt to modify the rate limit for R modules in Device Manager.

Q01374909 The Ping and Trace Route implementations in Device Manager are incomplete.

Q01381421 When you make a change related to the console/modem parameters (speed, mode) you must reboot the switch. Nortel recommends that you change these parameters during an upgrade window.

Q01386581 The DNS server is not currently working with Device Manager.Workaround: Use the CLI instead.

Q01387980 The Device Manager MSTP MSTI port tab displays meaningless values when you create a MLT. It should display the MLT ID.

Installation and User Guides

Table 65 Device Management (continued)


317177-D Rev 00


These guides provide instructions for installing the chassis and its components, install-ing and getting started with the Device Manager software, and using the diagnostic tools on the 8600 switch interfaces.

Adding MAC addresses to the 8600 Series Chassis 212486-C

Installing the 8600 Service Delivery Module (SDM) f 217314-B

Installing the Breaker Interface Panel for the 8010co Chassis 312755- G

Installing Ethernet Routing Switch 8600 Switch Modules 312749-K

Installing an AC Power Supply in an Ethernet Routing Switch 8000 Series Chassis

312751-D

Installing a Fan Tray in a Ethernet Routing Switch 8000 Series Chassis

312752-E

Installing a DC Power Supply in an Ethernet Routing Switch 8000 Series Chassis

313070-D

Getting Started 313189-F

Installing the Web Switch Module for the Ethernet Routing Switch 8600

314969- D

Using the Packet Capture Tool (PCAP) 315023- E

Using the Ethernet Routing Switch 8600 10 Gigabit Ethernet Modules

315893-E

Installing and Maintaining the Ethernet Routing Switch 8000 Series Chassis

316314-F

Upgrading to Ethernet Routing Switch 8600 Software Release 4.1. 316674-C

Installing and Using Device Manager 316341-D

Installing SFP & XFP Transceivers & GBIC’s 318034-D

Reference and configuration guidesThese guides provide reference and configuration information, including...


104 Hard-copy technical manuals

Hard-copy technical manuals

You can print selected technical manuals and release notes free, directly from the Internet. Go to the www.nortel.com/support URL. Find the product for which you need documentation. Then locate the specific category and model or version for your hardware or software product. Use Adobe* Acrobat Reader* to open the manuals and release notes, search for the sections you need, and print them on most standard printers. Go to Adobe Systems at the www.adobe.com URL to download a free copy of the Adobe Acrobat Reader.

Using the 8672ATM and 8672ATMM Modules 209195-G

Network Design Guidelines 313197-E

Configuring IP Routing Operations 314720-F

Configuring BGP Services 314721-E

Configuring Network Management 314723-E

Configuring and Managing Security 314724-E

Configuring VLANs, Spanning Tree, and Link Aggregation 314725-E

Managing Platform Operations 315545-E

Configuring Internet Group Membership Authentication Protocol (IGAP).

316343-D

Configuring QoS and IP Filters for Ethernet Routing Switch 8600 Legacy Modules

316433-E

Using Diagnostic Tools 317359-D

Configuring QoS and IP Filters for Ethernet Routing Switch 8600 R Modules

318637-B

Configuring IPV6 Routing Protocols 321585-A

317177-D Rev 00

http://www.nortel.com/support


http://www.adobe.com

How to get Help 105

How to get Help

This section explains how to get help for Nortel products and services.

Getting Help from the Nortel Web site

The best way to get technical support for Nortel products is from the Nortel Technical Support Web site:


This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products. More specifically, the site enables you to:

• download software, documentation, and product bulletins• search the Technical Support Web site and the Nortel Knowledge Base for

answers to technical issues• sign up for automatic notification of new software and documentation for

Nortel equipment• open and manage technical support cases

Getting Help over the phone from a Nortel Solutions Center

If you don’t find the information you require on the Nortel Technical Support Web site, and have a Nortel support contract, you can also get help over the phone from a Nortel Solutions Center.

In North America, call 1-800-4NORTEL (1-800-466-7835).

Outside North America, go to the following Web site to obtain the phone number for your region:

http://www.nortel.com/callus



http://www.nortel.com/callus

106 How to get Help

Getting Help from a specialist by using an Express Routing Code

To access some Nortel Technical Solutions Centers, you can use an Express Routing Code (ERC) to quickly route your call to a specialist in your Nortel product or service. To locate the ERC for your product or service, go to:

http://www.nortel.com/erc

Getting Help through a Nortel distributor or reseller

If you purchased a service contract for your Nortel product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller.

317177-D Rev 00

http://www.nortel.com/erc

Release Notes for the Ethernet Routing Switch 8600 Release...

Documents

Transcript of Release Notes for the Ethernet Routing Switch 8600 Release...