Contents Supported devices ......................5 Summary of enhancements ..................5 Summary of enhancements in R07.2.00a ....................5 Summary of enhancements in FSX R07.2.00 ................... 5 Summary of enhancements in FCX R07.2.00 ................... 8 Summary of enhancements in FGS R07.2.00 ................... 9 CLI differences in IronWare release R07.2.00a..................10 Configuration notes and feature limitations ..................10 New limit for IPv4 system-max ip-cache ........................
Page 4
Supported full Layer 3 features .........................27 Supported IPv6 management features ....................29 Unsupported features............................30 Software image files for IronWare release R07.2.00a ........32 Factory pre-loaded software ........................32 Upgrading the software .................... 33 Important notes about upgrading or downgrading the software ..........33 Upgrading the software to the new release ...................34 Upgrading the boot code ..............................
Supported devices This software release applies to the following Brocade FastIron switches: FastIron X Series: FastIron Edge Switch X Series (FESX) FastIron Edge Switch X Series Expanded (FESXE) FastIron SuperX Switch (FSX) FastIron SX 800, 1600, and 1600-ANR FastIron GS (FGS) and FastIron LS (FLS) FastIron GS-STK (FGS-STK) and FastIron LS-STK (FLS-STK) FastIron CX (FCX) FastIron WS (FWS)
Page 6
Feature Description Refer to the FastIron Configuration Guide, section entitled... Hitless management: This release adds support for Layer 2 and Layer Hitless management on the FSX 3 hitless failover as well as Layer 3 hitless OS 800 and FSX 1600 Layer 2 and Layer 3 upgrade.
Page 7
Feature Description Refer to the FastIron Configuration Guide, section entitled... QoS for the SX-FI48GPP The SX-FI48GPP module supports QoS for Configuring Quality of Service module packets in an oversubscribed environment. QoS configuration and functionality is different on the SX-FI48GPP compared to other interface modules.
Summary of enhancements in FCX R07.2.00 Table 2 lists the enhancements in software release 07.2.00 for FCX devices. Table 2 Enhancements in FCX R07.2.00 Feature Description See the FastIron Configuration Guide, section entitled... Hitless stacking: Hitless stacking is a high-availability feature set FCX hitless stacking that enables the Standby Controller to take Layer 2 and Layer 3...
Feature Description See the FastIron Configuration Guide, section entitled... DHCP Server with IP helper DHCP server and IP helper address are DHCP Server supported together on the same port. Configuring an IP helper address Ability to disable DHCP Server You can configure the DHCP Server to silently Disabling DHCP Server on the on the management port discard DHCP client requests received on the...
Feature Description See the FastIron Configuration Guide, section entitled... New SNMP MIBs SNMP MIB support has been added for the IronWare MIB Reference Guide following features: Dynamic ARP Inspection DHCP snooping IP Source Guard EMCP CLI differences in IronWare release R07.2.00a The FastIron Configuration Guide and the section “Configuration notes and feature limitations”...
IronView Network Manager (INM) limitation INM version 3.3.01 and later does not support download of the 07.2.00 router images (SXL07200.bin and SXR07200.bin). Also, with INM version 03.3.01 and later, it will take approximately six minutes to upload the Layer 2 switch image (SXS07200.bin) from the FastIron switch to a TFTP server. ACL Statistics on FGS, FLS, and FWS devices The FGS, FLS, and FWS do not support the use of traffic policies for ACL statistics only (CLI command traffic-policy <TPD name>...
FastIron(config-if-e1000-3/1)# no ip address 10.10.10.10/24 Syntax: no ip address <ip-address> 2. Assign a new IP address to the interface. For example, enter a command such as the following. FastIron(config-if-e1000-3/1)# ip address 10.10.2.1/24 Syntax: ip address <ip-address> 3. To save the configuration, enter the write memory command on the CLI as displayed in the following example.
Note regarding US-Cert advisory 120541 In order to address the SSL and TLS vulnerability issue discussed in US-Cert advisory 120541, the Web server re-negotiation feature has been disabled in this release so that SSL re-negotiation requests will not be honored by the Brocade IP device Web server. Based on Cert advisory 120541, the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are vulnerable to Man-In-The-Middle (MITM) attacks.
Feature support These release notes include a list of supported features in IronWare software for the FastIron devices supported in this release. For more information about supported features, refer to the manuals listed in Additional resources. Supported management features Table 4 lists the supported management features. These features are supported in the Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software images.
Page 15
Category and description FESX FGS-STK FLS-STK FSX 800 FSX 1600 Hitless management: Yes (FSX See next 800 and line item Hitless switchover FSX 1600 Hitless failover only) Hitless OS upgrade Hitless stacking management: Hitless stacking switchover Hitless stacking failover IronView Network Manager (optional standalone and HP OpenView GUI) Remote monitoring (RMON) Retaining Syslog messages after a soft...
Category and description FESX FGS-STK FLS-STK FSX 800 FSX 1600 Specifying the maximum number of entries allowed in the RMON Control Table Specifying which IP address will be included in a DHCP/BOOTP reply packet Traffic counters for outbound traffic Web-based GUI Web-based management HTTPS/SSL Supported security features Table 5 lists the supported security features.
Page 17
Category and description FESX FGS-STK FLS-STK FSX 800 FSX 1600 Authentication, Authorization and Accounting (AAA): RADIUS TACACS/TACACS+ Denial of Service (DoS) attack protection: Smurf (ICMP) attacks TCP SYN attacks DHCP Snooping Dynamic ARP Inspection EAP Pass-through Support HTTPS IP Source Guard Local passwords MAC address filter override of 802.1X MAC address filtering (filtering on source...
Category and description FESX FGS-STK FLS-STK FSX 800 FSX 1600 DHCP snooping with dynamic ACLs Denial of Service (DoS) attack protection Source guard protection ACL-per-port-per-VLAN Multi-device port authentication password override Multi-device port authentication RADIUS timeout action Secure Copy (SCP) Secure Shell (SSH) v2 Packet filtering on TCP Flags DHCP Relay Agent information (DHCP Option 82)
Page 19
Category and description FESX FGS-STK FLS-STK FSX 800 FSX 1600 32,000 MAC addresses per switch ACL-based mirroring ACL-based fixed rate limiting ACL-based adaptive rate limiting ACL filtering based on VLAN membership or VE port membership ACL logging of denied packets (IPv4) ACL statistics ACLs to filter ARP packets Auto MDI/MDIX detection...
Page 20
Category and description FESX FGS-STK FLS-STK FSX 800 FSX 1600 Flow control: Responds to flow control packets, but does not generate them Inbound rate limiting (port-based fixed rate limiting on inbound ports) Foundry Discovery Protocol (FDP) / Cisco Discovery Protocol (CDP) Generic buffer profile Layer 2 hitless switchover and Layer 2 hitless failover...
Page 21
Category and description FESX FGS-STK FLS-STK FSX 800 FSX 1600 Power over Ethernet (POE) (POE- (FGS-POE (FGS-POE- (FWS-POE (FCX-S- enabled only) STK only) and FWS- HPOE Interface G-POE only) modules only) with POE power supply) Power over Ethernet (POE)+ with 2:1 Yes (SX- oversubscription FI48GPP...
Supported Layer 2 features Layer 2 software images include all of the management, security, and system-level features listed in the previous tables, plus the features listed in Table 7. Table 7 Supported Layer 2 features Category and description FESX FGS-STK FLS-STK FSX 800 FSX 1600...
Page 23
Category and description FESX FGS-STK FLS-STK FSX 800 FSX 1600 Interpacket Gap (IPG) adjustment IP MTU (individual port setting) Jumbo frames: Up to 10240 bytes, or Up to 10232 bytes in an IronStack Link Aggregation Control Protocol (LACP) Link Fault Signaling (LFS) for 10G MAC-Based VLANs, including support for dynamic MAC-Based VLAN activation Metro Ring Protocol 1 (MRP 1)
Page 24
Category and description FESX FGS-STK FLS-STK FSX 800 FSX 1600 Super Aggregated VLANs Trunk groups: Trunk threshold for static trunk groups Flexible trunk group membership Option to include Layer 2 in trunk hash calculation (FGS, FLS, FWS only) Topology groups Uni-directional Link Detection (UDLD) (Link keepalive) Uplink Ports within a Port-Based VLAN...
Category and description FESX FGS-STK FLS-STK FSX 800 FSX 1600 VSRP timer scaling Supported base Layer 3 features Base Layer 3 software images include all of the management, security, system, and Layer 2 features listed in the previous tables, plus the features listed in Table 8. NOTE: FCX devices will not contain a base Layer 3 image.
Page 26
NOTE: Edge Layer 3 images are supported in the FastIron (hardware) models listed in Table 9. These features are also supported with software-based licensing. For details, refer to the chapter “Software- based Licensing” in the FastIron Configuration Guide. Table 9 Supported edge Layer 3 features Category and description FGS-EPREM FLS-EPREM...
Supported full Layer 3 features Full Layer 3 software images include all of the management, security, system, Layer 2, base Layer 3 and edge Layer 3 features listed in the previous tables, plus the features listed in Table 10 . NOTE: Full Layer 3 features are supported in the FastIron (hardware) models listed in Table 10.
Category and description FESX-PREM FSX-PREM FSX 800-PREM FSX 1600-PREM Routes in hardware maximum: FESX4 – up to 128K routes FESX6 – up to 256K routes FESX6-E – up to 512K routes FSX – up to 256K routes FCX – up to 16K routes Static ARP entries Yes (up to 6,000) Yes (up to...
Category and description FESX FGS-STK FLS-STK FSX 800 FSX 1600 DNS server name resolution HTTP/HTTPS Logging (Syslog) RADIUS SNMP SNMP traps SNTP TACACS/TACACS+ Telnet TFTP Unsupported features Table 12 lists the features that are not supported on the FastIron devices. If required, these features are available on other Brocade devices.
Page 31
System-level features not supported VLAN-based priority Layer 3 features not supported AppleTalk routing BGP4+ Foundry Standby Router Protocol (FSRP) IPv6 Multicast Routing IPX routing IS-IS Multiprotocol Border Gateway Protocol (MBGP) Multiprotocol Label Switching (MPLS) Network Address Translation (NAT) IronWare Software Release 07.2.00a for Brocade FastIron switches Release Notes v 1.0 Page 31 of 55...
Software Images Model Primary Flash Secondary Flash Layer 2 Base Layer 3 FGS-STK FLS-STK FGS EPREM Edge Layer 3 Layer 2 FLS EPREM FWS EPREM Layer 2 Layer 3 Upgrading the software Use the procedures in this section to upgrade the software. Important notes about upgrading or downgrading the software NOTE: For other important notes that may apply when upgrading or downgrading the software, refer to Configuration notes and feature limitations on page 10.
Note the following when downgrading from software release 07.2.00a: FCX-F devices require software release 06.1.00 or later. If software-based licensing is in effect on the device and the software is downgraded to pre-release 07.1.00, software-based licensing will not be supported. If FCX units In an IronStack are downgraded from software release 07.2.00 to release 06.0.00, in some instances, the units may not be able to form a stack.
3. Verify that the code has been successfully copied by entering the following command at any level of the CLI. show flash The output will display the compressed boot ROM code size and the boot code version. 4. Upgrade the flash code as instructed in the following section. Upgrading the flash code To upgrade the flash code, perform the following steps.
5. For FGS-STK and FLS-STK devices equipped with upgraded memory DIMMs, EEPROM, or both, if you encounter a problem after reloading the software, make sure the device has the correct boot code version and the following (if applicable) are installed correctly: EEPROM Memory DIMM NOTE: If the stacking EEPROM is missing or is not installed correctly, or if you have installed the...
Technical support Contact your switch supplier for the hardware, firmware, and software support, including product repairs and part ordering. To expedite your call, have the following information immediately available: 1. General Information Technical Support contract number, if applicable Device model Software release version Error numbers and messages received Detailed description of the problem, including the switch or network behavior immediately...
Defects This section lists the closed and opened defects in this release. Customer reported defects closed with code in Release R07.2.00a The following table lists the customer defects fixed in this release. Defect ID: DEFECT000310725 Technical Severity: Medium Summary: Deploying an ACL that has already been imported in INM fails. Symptom: After Importing the ACLs that are configured on the device using INM, re-deploying the same ACLs to the device fails.
Page 40
VRRP-E timer scale Reported In FI 07.2.00 Service Request ID: 00264000 Release: Defect ID: DEFECT000322232 Technical Severity: Critical Summary: The switch may reload when the "qd-descriptor" command is removed from the configuration file. Symptom: The switch reloads. Workaround: Downgrade to 7.0.01c code. Probability: High Feature: FCX Layer1 features Function: Dynamic buffer allocation...
Customer reported defects closed with code in Release R07.2.00 The following table lists the customer defects fixed in this release. Defect ID: DEFECT000274991 Technical Severity: Medium Summary: DHCP snooping is not working when the interface has a permit ACL configured. Symptom: DHCP Snooping is not working.
Page 42
Summary: In the base Layer3 and Layer3 software, when sflow is enabled, packets with priority 1 that are destined to the CPU are dropped. Symptom: In the base Layer3 and Layer3 software, when sflow is enabled, packets with priority 1 that are destined to the CPU are dropped.
Page 43
Defect ID: DEFECT000298345 Technical Severity: Medium Summary: sflow does not work for stacked units for IPV6 sflow collector. Symptom: sflow does not work for FGS stacked units (stack unit 2 and more) if sflow collector is configured for IPv6. Probability: High Feature: FCX Network Management Function: sFlow Reported In Release: FI 07.0.01...
Page 44
Defect ID: DEFECT000301950 Technical Severity: High Summary: Access point advertisements may not be forwarded correctly. Symptom: Access point advertisements are not forwarded correctly. Probability: High Feature: SX Layer 3 Forwarding - IPV4 and IPV6 Function: Data Forwarding Reported In Release: FI 07.0.01 Defect ID: DEFECT000301985 Technical Severity: Medium Summary: In certain situations, replies to DNS queries are not acknowledged by the system.
Page 45
Defect ID: DEFECT000302453 Technical Severity: Medium Summary: With SSH enabled, the router may reload when reading an invalid memory location. Symptom: Router reload Probability: Low Feature: SX Layer 3 Forwarding - IPV4 and IPV6 Function: Host Networking stack (IPV4 and IPV6) Reported In Release: FI 05.1.00 Service Request ID: 251208 Defect ID: DEFECT000302583...
Page 46
Defect ID: DEFECT000303853 Technical Severity: High Summary: Unable to configure VRRP in base layer 3 code. Feature: SX Layer3 Control Protocols Function: VRRP/VRRP-E and slow-start timer- VRRP-E timer scale Reported In Release: FI 07.1.00 Defect ID: DEFECT000304263 Technical Severity: Medium Summary: UDP port 1027 is open to IPv6 on FESX Symptom: UDP port 1027 is open to IPv6 on FESX Probability: High...
Page 47
Defect ID: DEFECT000306952 Technical Severity: High Summary: Ports are removed from the running VLAN configuration. Feature: FCX L2 Forwarding Function: VLAN Manager Reported In Release: FI 07.1.00 Defect ID: DEFECT000307116 Technical Severity: Critical Summary: The FGS may reload when performing "write mem" when snmpv3 user profile is configured. Feature: FCX Network Management Function: SNMP V4/V6 Reported In Release: FI 07.1.00...
Page 48
Defect ID: DEFECT000318038 Technical Severity: Medium Summary: The switch may reload if you issue “no owner prio <pri>” command before you configure “owner”. Feature: SX Layer3 Control Protocols Function: VRRP/VRRP-E and slow-start timer- VRRP-E timer scale Reported In Release: FI 07.1.00 Defect ID: DEFECT000278649 Technical Severity: Medium Summary: The command 'gig-default auto-gig' does not appear in the running configuration.
Defect ID: DEFECT000310243 Technical Severity: High Summary: “Show ip dhcp-server flash” and “Show ip dhcp-server bind” does not use page-view. Feature: FCX DHCP Function: Server Reported In Release: FI 07.2.00 Defect ID: DEFECT000310245 Technical Severity: High Summary: When you have a server with 500+ clients active in the binding database, the command “show ip dhcp-server bind”...
Page 50
Defect ID: DEFECT000319621 Technical Severity: High Summary: On SX 800/1600 with zero port management module and only SX-48GC line modules, multicast over GRE tunnels is not functional. Symptom: On SX 800/1600 with zero port management module and only SX-48GC line modules, multicast over GRE tunnels is not functional.
Page 51
Defect ID: DEFECT000278971 Technical Severity: Medium Summary: After the ASBR creates a summary LSA, the more specific LSAs are not flushed from neighbor routers. Symptom: Customer creates summary for external routes to conserve system resource, but they will not achieve the goal until the LSAs are aged out on neighbor routers, and the maximum waiting time could be 1800 seconds.
Page 52
Defect ID: DEFECT000288329 Technical Severity: Medium Summary: BGP Route Reflector NEXT_HOP attribute in BGP update packet is overwritten to reflector's ip address instead of originator's ip address when reflecting iBGP route to another iBGP peers, if next-hop-self is configured toward those IBGP peers Symptom: BGP Route Reflector NEXT_HOP attribute in BGP update packet is overwritten to reflector's ip address instead of originator's ip address when reflecting iBGP route to another iBGP peers, if next-hop-self is configured toward those IBGP peers...
Page 53
Defect ID: DEFECT000296833 Technical Severity: Medium Summary: Device will close down a telnet management session as soon as it receives a FIN even if output is pending. Symptom: Device will close down a telnet management session as soon as it receives a FIN even if output is pending.
Page 54
Defect ID: DEFECT000311921 Technical Severity: Medium Summary: When trial license and permanent license are installed on the system, the trial license will never expire but keeps sending syslog messages. Symptom: Customer will see that license is going to expire for every one hour . This happens only when the valid trial license and permanent license are present on the box.
Page 55
Defect ID: DEFECT000320773 Technical Severity: Medium Summary: On Stacking Member Units, modifying an ACL while it is applied by 802.1x dynamic ACL clients will not be effective. Symptom: On Stacking Member Units, modifying an ACL while it is applied by 802.1x dynamic ACL clients will not be effective.