advertisement
50 Minuteman Road
Andover, MA 01810 (USA)
Tel: (978) 684-1000
CUSTOMER RELEASE NOTES
Enterasys RoamAbout
®
Wireless Switch 8xx0 Release
Firmware Version
6.0.4.4
October 17, 2007
INTRODUCTION:
The RBT-8xx0 family of wireless switches include the following: 1) the RBT-8100 and RBT-8110, which have the ability to control up to 24 access points; 2) the RBT-8200 and RBT-8210, which have the ability to control
24/48/72 access points; and 3) the RBT-8400, which has the ability to control 40/80/120 access points. The
RoamAbout Switch Manager (RASM) can manage all of these devices.
Enterasys recommends that you thoroughly review this document prior to installing or upgrading this product.
NOTE: Enabling Direct Path Forwarding (also known as local switching) for a given AP affects the number of ACEs that can be applied within a single ACL policy to a user connecting to that AP.
When local switching is enabled on an AP in version 6.0.4.4 of RBT switch firmware, up to 16
ACEs in an ACL policy can be applied to a user of that AP. In a future release of the firmware, the number of available ACEs per ACL policy will increase to approximately 25. For more information,
see the Known Restrictions and Limitations section of these release notes.
NOTE: At the time of this release, there is an open LED issue with the RBT-82x0 switches, where ports 1 and 2 could show an incorrect connection status after a device reboot when there are no cables attached.
This does not affect the performance for ports in any way, and will be resolved in a future release.
NOTE: The 5.0.9.2 RoamAbout Wireless Switch Firmware, and future released firmware, support the RBT-8210, the new small form factor switch that replaces the larger RBT-8200. The RBT-8210 uses the RBT-8200 firmware and commands. The RBT-8210 prompt is displayed as RBT-8200.
NOTE: If you are using a 4.x firmware image/software, Enterasys recommends that you upgrade the
RoamAbout Switch Manager (RASM) to firmware version 5.0.12.2 BEFORE upgrading your RBT-8xx0
wireless switches to firmware version 5.0.12.2.
NOTE: If you are upgrading a pre-existing RBT-4102 or RBT-4102-EU model Access Point from 4.1.4 or earlier, please read the instructions listed in the Firmware Release 4.1.5.0 section of the Firmware Changes
and Enhancements section of the RoamAbout Switch Manager (RASM) 6.0.4.4 Release Notes.
NOTE: For the calendar year 2007, please be aware that the United States Daylight savings time period begins
March 11, 2007, and ends November 4, 2007. R efer to the “Configuring and Managing Time
Parameters ” chapter, section “Configuring the Summertime Period”, in the Mobility System Software
Configuration Guide for more detailed instructions.
NOTE: For the 6.0.4.2 release and beyond, the „DAP‟ term has been replaced with „AP‟.
Subject to Change Without Notice Page: 1 of 21 10/17/07 P/N: 9038177-17
F0615-O
CUSTOMER RELEASE NOTES
FIRMWARE SPECIFICATION:
Status
Current Release
Previous Release
Previous Release
Previous Release
Previous Release
Previous Release
Previous Release
Previous Release
Version No.
6.0.4.4
6.0.4.2
5.0.12.2
5.0.11.4
5.0.10.3
5.0.9.3
5.0.9.2
5.0.6.1
Type
Customer
Customer, added TRPZ-MP-620 support
Customer, added TRPZ-MP-422 support.
Includes DFS2 Support for North
American Models:
RBT-1002 Rev 6A (AP ID: AP1002C),
RBT-4102 Rev 6A (AP ID: AP4102C),
RBT-1602 Rev 6A (AP ID: AP1602C)
Customer
Customer – Patch
Customer
Customer, added
RBT-8210 support
Customer, added
TRPZ-MXR-2 support
Release Date
October 2007
September 2007
June 2007
April 2007
March 2007
February 2007
January 2007
December 2006
Previous Release
Previous Version
Previous Version
Previous Version
Previous Version
Previous Version
Previous Version
4.2.5.1
4.1.11.0
4.1.5.0
4.1.4.0
4.0.21.0
4.0.20.0
4.0.18.0
Customer, added
RBT-8110 and
TRPZ-MP-620 support
Customer
Customer
Customer, added RBT-8200 support
Customer
Customer
Customer
October 2006
June 2006
April 2006
February 2006
January 2006
December 2005
November 2005
Previous Version
Previous Version
Previous Version
4.0.16.0
4.0.7.0
4.0.4.0
Customer, added RBT-8400 support
Customer
Customer, added RBT-8100 support
September 2005
August 2005
July 2005
information.
HARDWARE COMPATIBILITY:
Switches:
- RBT-8100, RBT-8110, RBT-8200, RBT-8210, RBT-8400, and TRPZ-MXR-2.
Thin Access Points:
- RBT-1002, RBT-1002-EU, RBT-1602, thin-RBT-4102, thin-RBT-4102-EU, thin-RBT3K-AG, MP-372, the outdoor TRPZ-MP-620 Access Point, TRPZ-MP-422, and the APxxxxC ID Access Points for DFS2 support: RBT-1002 rev 6A, RBT-4102 rev 6A, and RBT-1602 rev 6A.
Standalone Access Points:
- RBT-4102, RBT-4102-EU, and RBT3K-AG.
NETWORK MANAGEMENT SOFTWARE SUPPORT:
NMS Platform
RoamAbout Switch Manager 50 Access Point User License
RoamAbout Switch Manager 200 Access Point User License
Version No.
6.0.4.4
6.0.4.4
Module No.
RBT-NMS-50
RBT-NMS-200
Subject to Change Without Notice Page: 2 of 21 10/17/07 P/N: 9038177-17
F0615-O
NMS Platform
RoamAbout Switch Manager unlimited User License
RoamAbout RF Planning Tool
RBT-8400 Platform
RBT-8400 40 Additional Access Point Upgrade License
RBT-8400 80 Additional Access Point Upgrade License
RBT-82x0 Platform
RBT-82x0 24 Additional Access Point Upgrade License
RBT-82x0 48 Additional Access Point Upgrade License
CUSTOMER RELEASE NOTES
Version No.
6.0.4.4
6.0.4.4
Version No.
6.0.4.4
6.0.4.4
Version No.
6.0.4.4
6.0.4.4
Module No.
RBT-NMS-UNL
RBT-RFPLAN
Module No.
RBT-8400-40
RBT-8400-80
Module No.
RBT-8200-24
RBT-8200-48
SUPPORTED FUNCTIONALITY:
Please refer to the RoamAbout Mobility System Software Configuration Guide and the RoamAbout Software
Management Interface Reference for more details on the new enhancements and overall functionality.
RF Load Balancing
Local Switching – also known as Direct Path
New Product Features
Mesh Services
Wireless Bridging
Forwarding
Enforceable Beacon Data Rate Control
MX Seed Redundancy
Logout for Web Authentication
Password Management
NOTES:
Local switching is only available in RBT firmware version 6.0 and higher.
Restricting Layer 2 forwarding for a VLAN is not supported if the VLAN is configured for local switching.
The DHCP restrict feature is not supported for locally switched clients.
Web Portal is not supported for locally switched clients.
On a directly attached MP, when the set port type command is used to specify a port, cannot be configured to perform local switching. However, a directly connected MP with an unspecified port can perform local switching.
IGMP snooping is not supported with local switching.
Locally Switched APs can only support 16 ACL rules, total of inbound and outbound.
For Wireless bridging, here are some best practice guidelines: o When connecting a Mesh Portal to the network, use only ethernet port 1 on the AP. o Because all AP CPU cycles are devoted to bridging, make other arrangements for service coverage in the bridge area as the endpoints cannot provide other wireless services. o A single radio must be devoted to maintaining the bridge.
WebView 2 – updated Web interface
AirDefense software support on APs
Persistent VLAN assignment for roaming clients
RF Auto-Tuning enhancements
Existing Product Features
RBT-RBT security (also called RAS-RAS security)
AeroScout RFID tag support
Simplified Web-Portal and last-resort configuration
Unscheduled Automatic Powersave Delivery (U-APSD) support
Local software images on APs
RADIUS accounting enhancements
Increased life span of new self-signed certificates
DHCP server enhancements
Support for special characters in SNMP community names
Web Interface to RASM services
Page: 3 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
Web-Start Client
Sygate On-Demand Agent (SODA)
Configurable data rate settings for clients
Static Class of Service
Network Planning and Site Survey
SSID (Wireless Service)
Load Sharing
Spanning Tree – PVST
ACLs
RF detection
Countermeasures
Site policies
Image repository and deployment
L2 traffic restriction
On-demand countermeasures
Configurable timeout for the RoamAbout Switch CLI sessions
Existing Product Features
Static IP configuration for APs
Broadcast settings per Wireless profile
Session Based Call Admission Control
User Session Timers per SSID
Management services
Radio and Service profiling
802.1Q VLANs
AAA/802.1X
IP services
Rogue detection
Client and AP monitoring
Reporting
Auto-AP configuration
Default AAA attributes for each SSID
Network Domains
Configurable CoS to QoS mappings
INSTALLATION AND CONFIGURATION NOTES:
In general, the RoamAbout Wireless Switch RBT-8xx0 has been, or is being, shipped to you with a previous firmware version. Please refer to the appropriate RBT-8xx0 Quick Start or the RBT-8xx0 Installation Guide for
upgrading information and procedures.
UPGRADING THE RBT-8XX0 SWITCHES FROM PREVIOUS 4.0.X VERSIONS:
Minimum RBT Switch Requirements for Upgrade
Product
RBT-8100
Minimum RBT switch version required Upgrade Path
4.0.4.0 4.0.4.0 5.0.12.2 6.0.4.x
RBT-8200
RBT-8110, RBT-8210
RBT-8400
4.1.4.0
4.2.5.1
4.0.16.0
4.1.4.0 5.0.12.2 6.0.4.x
4.2.5.1 5.0.12.2 6.0.4.x
4.0.16.0 5.0.12.2 6.0.4.x
Note: You must upgrade to RBT switch Version 5.0 or later before upgrading to RBT switch Version 6.0.
Preparing the RBT Switch for the Upgrade
Note: The following upgrade procedures refer to all RBT-8xx0 switches.
Caution!
Save the configuration, and then create a backup of your RBT switch files before you upgrade the switch.
Enterasys Networks recommends that you make a backup of the switch, before you install the upgrade. If an error occurs during the upgrade, you can restore your switch to its previous state. If you later decide to downgrade the switch, commands with newer syntax in future RBT switch versions might not be converted correctly.
Page: 4 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
1. Use the following command to save the configuration. Unsaved changes will be lost during the upgrade procedure.
RBT-8xx0# save config [filename]
2. The following command should be used to back up the switch‘s files:
RBT-8xx0# backup system [tftp://ip-addr/]filename [all | critical]
3. To restore a switch that has been backed up, use the following command:
RBT-8xx0# restore system [tftp://ip-addr/]filename [all | critical] [force]
The ―Upgrade Scenario‖ listed below shows an example use of the backup command. For more information about these commands, see the ―Backing Up and Restoring the System‖ section in the ―Managing System Files‖ chapter of the RoamAbout Mobility System Software Configuration Guide.
Note: If you have made configuration changes but have not saved the changes, use the save config command to save the changes, before you back up the switch.
If the RAS is running an earlier version of firmware, use the copy tftp command to copy files from the switch onto a TFTP server.
Upgrading an Individual Switch Using the CLI:
1. Save the configuration, using the save configuration command.
2. Back up the switch, using the backup system command.
3. Copy the new system image onto a TFTP server.
For example, login to http://www.enterasys.com/download/ using a web browser on your TFTP server and download the image onto the server.
4. Copy the new system image file from the TFTP server into a boot partition in the switch‘s nonvolatile storage. You can copy the image file only into the boot partition that was not used for the most recent restart. For example, if the currently running image was booted from partition 0, you can copy the new image only into partition 1.
5. Set the boot partition to the one with the upgrade image for the next restart. a. To verify that the new image file is installed, type show boot.
6. Reboot the software. a. To restart an RBT switch and reboot the software, type the following command:
RBT-8xx0# reset system [force]
After resetting the RBT switch, the switch boots using the new image. The RBT switch also sends the AP version of the new boot image to the configured APs and restarts the APs. After an AP restarts, it checks the version of the new AP boot image to make sure the boot image is newer than the boot image currently installed on the AP. If the boot image is newer, the AP completes installation of its new boot image by copying the boot image into the AP ‘s flash memory, which takes about 30 seconds, then restarts again. The upgrade of the AP is complete after the second restart.
Subject to Change Without Notice Page: 5 of 21 10/17/07 P/N: 9038177-17
F0615-O
CUSTOMER RELEASE NOTES
Upgrade Scenario:
To upgrade an RBT-8xx0 switch from one RBT switch Version to another, type commands such as the following.
Note: This upgrade scenario uses the firmware image file 6.0.4.4 to show the download features. Please follow these procedures for any of the 4.0.x, 4.1.x, 4.2.x, and 5.0.x firmware images.
Note: This example copies the image file into boot partition 1. On your switch, copy the image file into the boot partition not used for the last restart. For example, if the switch booted from boot partition 1, copy the new image into boot partition 0. To see boot partition information, type the show boot command.
RBT-8200# save config success: configuration saved.
RBT-8200# backup system tftp:/[ip-addr]/sysa_bak success: sent 28263 bytes in 0.324 seconds [ 87231 bytes/sec]
RBT-8200# copy tftp://[ip-addr]/R2060404.REL boot1:R2060404.REL success: received 11159702 bytes in 18.391 seconds [606802 bytes/sec]
RBT-8200# set boot partition boot1 success: Boot partition set to boot1.
RBT-8200# show boot
Configured boot version: 6.0.4.4.0
Configured boot image: boot1: R2060404.rel
Configured boot configuration: file:configuration
Backup boot configuration: file:backup
Booted version: 5.0.12.2.0
Booted image: boot0:R2050C02.REL
Booted configuration: file:configuration
Product model: RBT-8200
Upgrading an Individual Switch Using the RoamAbout Switch Manager (RASM)
Please refer to the chapter ―Managing and Monitoring Your Network‖, section ―Distributing Image and
Configuration Files‖ in the RoamAbout Switch Manager User’s Guide when upgrading the RBT-8xx0 switch to the released version.
SYSTEM PARAMETER SUPPORT:
RoamAbout System Parameters:
Parameter:
RBT switches in a single Network Domain
RBT switches in a single Mobility Domain
Roaming VLANs per RBT switch
VLANs per Mobility Domain
Supported Value:
500
32
300
Does not include local statically configured VLANs
400
DAPs per RBT switch
This number consists of 300 roaming VLANs plus 100 local statically configured VLANs
RBT-81x0: 60 configured, 24 active
RBT-82x0: 180 configured, 72 active
RBT-8400: 300 configured, 120 active
SSIDs per radio 8
Minimum link speed within a Mobility Domain 128 Kbps
Page: 6 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
Network Parameters:
Parameter:
Forwarding database entries
Statically configured VLANs
Virtual ports (sum of all statically configured
VLAN physical port memberships)
Spanning trees (STP/PVST+ instances)
ACLs and Location Policies
IGMP Streams
Supported Value:
RBT-81x0: 8192
RBT-82x0: 8192
RBT-8400: 16383
128
256
64
ACEs per switch
RBT-81x0: 700
RBT-82x0: 700
RBT-8400: 2308
ACEs per ACL:
RBT-81x0: 25
RBT-82x0: 25
RBT-8400: 267
Locations Policies per switch:
All models: 1
The Location Policy can have up to 150 rules.
ACL rules (ACE‘s) with Local Switching (Direct Path
Forwarding) enabled: 16
500
Note: Replications of a stream on multiple VLANs count as separate streams on each VLAN.
Management Parameters:
Parameter:
Maximum instances of the RoamAbout
Software Management system simultaneously managing a network
Telnet management sessions
Supported Value:
3
RBT-81x0: 8
RBT-82x0: 8
RBT-8400: 8
Note: The maximum combined number of management sessions for Telnet and SSH together is 8 for the RBT-8400,
RBT-81x0, and the RBT-82x0.
SSHv2 management sessions
Telnet client sessions (client for remote login) RBT-81x0: 8
RBT-82x0: 8
RBT-8400: 8
NTP servers
SNMP trap receivers
Syslog servers
RADIUS servers
RBT-81x0: 8
RBT-82x0: 8
RBT-8400: 8
3
8
4
100 configured on the switch
10 in a server group
4 server group in a AAA rule
Page: 7 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
Client and Session Parameters:
Parameter: Supported Value:
Authenticated and associated clients per radio 100
Clients who are authenticated but not yet associated are included in the total
Active clients per radio 50
Total number of active clients simultaneously sending or receiving data
Active AAA sessions (clients trying to establish active connections) per RAS switch
RBT-81x0: 600
RBT-82x0: 1800
RBT-8400: 2500
AAA users configured in local user database RBT-81x0: 999
RBT-82x0: 999
RBT-8400: 999
FIRMWARE CHANGES AND ENHANCEMENTS:
Firmware Release 6.0.4.4:
Resolved an issue where a bit on the non-mesh supported Access Points could be randomly set, causing the
APs to reset several times.
Resolved an issue where an external antenna attached to the TRPZ-MP-422 Access Point was not transmitting the configured power.
Resolved an issue for the RBT-8400 where system generated core crash files were truncated and unreadable.
Firmware Release 6.0.4.2:
Added support for the TRPZ-MP-620 Outdoor Access Point. Direct Path Forwarding (Local Switching), Mesh
Services, and Wireless Bridging are only supported on the TRPZ-MP-620 and TRPX-MP-422 Access Points.
The RBT-8400 image is smaller than previous releases due to a shared library format introduced in the 6.0 firmware. Statically linked executables, which called to individual library functions, were replaced with run-time calls, reducing the total number of individual library routines to be opened, and reducing the overall size of the firmware required to operate the network switch. This format also increases the amount of memory available for data transfer and table maintenance.
Resolved the issue where the Static IP configuration and deployment for the AP4102 and AP3000 did not remain persistent with the AP upon reboot.
Resolved the erroneous message error printed to the CLI when the RBT-8400 reboots with 5.0.12.2:
Bootloader upgrade 5.0.x to 5.0.x needed. (x could be any number)
cp: /boot0/bload: No space left on device
Resolved an issue where the TRPZ-MP-422 Access Point image does not load with the 6.0.x code.
Resolved an issue where the configured APs in a network plan would crash upon RBT firmware upgrade due to a DNS update entry on the RBT switch.
Resolved an issue where the Radius CLASS attribute was not sent with stop packets.
Resolved an issue where the RBT switch spoofed a DNS reply with a 169.254.x.x if the DNS server took more than 3 seconds to respond. Certain Linux and Vista users will drop this packet causing everything to fail
Resolved an issue where the configured APs would crash with various exception messages, including TLB data miss and sigtrap.
Resolved an issue where an expired password could be used to log into the system.
Resolved an issue where the APs may reset if the traffic load to the RBT switch host IP address exceeds
200Mb/s.
Resolved an issue where the configured AP name is not shown in the SNMP trap.
Resolved an issue where IP addresses were transposed in MIB queries that returned IP address information.
Page: 8 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
Firmware Release 5.0.12.2:
Added support for the TRPZ-MP-422 Access Point.
Added support for the following DFS2 compliant North American model Access Points:
RBT-1002 Rev 6A (AP ID: AP1002C), RBT-4102 Rev 6A (AP ID: AP4102C), RBT-1602 Rev 6A (AP ID:
AP1602C). Please see the DFS2 Tech Tip on page 16 for further information.
Resolved an issue where the RBT switch can lock-up when a Nessus scan is deployed against the switch.
Resolved an issue where the RBT switch sends the NAS port attribute four (4) times in a RADIUS request.
Resolved an issue where the MX tunnel functionality would fail to report the status of other RB switch members in the network domain.
Resolved an issue where the VLAN member information was not added to the RBT switch configuration when using the WebView Quickstart for initial configuration.
Resolved a WebView issue where a second VLAN ‘s interface IP information would display an error if the bit mask were set for less than 8 bits.
Firmware Release 5.0.11.4:
Resolved a DAP crash issue where a buffer in the Access Point is being written past the end with too much data and corrupting the header of the following buffer.
Resolved an issue where the RBT-8400 CPU utilization increases due to a DHCP request packet looping issue with the port- trunk functionality.
Resolved an ASSERT and exception DAP crash due to a corrupted link header when the DAP is rebooting.
This issue occurred when a packet entered the AP through the Ethernet MAC, and the Access Point stored this packet in memory spot in which the operational code needed zeroed out.
Resolved an issue where the RBT-1002 Ethernet port would transition to half-duplex under heavy traffic load
(approximately 25 Mbps throughput).
Resolved an issue where the WebAAA login page would not resolve due to a certificate failure on a client using the Vista OS and Microsoft Internet Explorer version 7. The workaround is for the client to open the Internet
Explorer browser as ―Administrator‖ and accept the WebAAA certificate.
Resolved an issue where a client using the Vista OS and Microsoft IE 7 failed to get the WebAAA login page when the Common Name in the RBT switch Web certificate equals ‗*.<domain>.com‘.
Resolved an issue where the radio information was not displayed after issuing the ―show sessions‖ command.
Resolved an issue where the RBT-8400 locked-up due to a processor losing entries in the FDB, and over time, the processor would lose the CPU entry, causing the lock-up.
Resolved an issue where DAP‘s were crashing due to Filter Database issues and causing ASSERT errors on the RBT switch.
Resolved an issue where the message ―radar is no longer detected‖ would continuously scroll across a console screen when the DAPs auto-tuned the channel from a DFS channel to a non-DFS channel.
Resolved an issue when the RBT8400 would show ‗Username: IP=127.0.0.1‘ after a switch reboot.
Resolved an issue where the auto-configuration setting changes for the B/G radio via WebView were not shown in the active RBT switch configuration.
Resolved an issue when the DAP reboots with an ASSERT error when WMM-powersave is enabled.
Functionality description for an open issue where the DAP system uptime is changing, but the DAP has not rebooted. DAP‘s that change from a low bias switch to a high bias switch are expected to reset without showing a system log error.
Resolved an issue where the DAP would crash when countermeasures attempted to use an 11a radio to attack a rogue on an 11b channel.
Resolved an issue where AP_Handshakes errors continuously scrolled across the console connection.
Resolved an issue with a DAP Exception when the DAP tried to tune 11a radio to an 11bg channel.
When configuring the Web portal and saving the default login page, remove everything between the quotes in the Action value of the form tag in the HTML code.
Resolved an issue where the Access Point buffers were filling up with Rogue Detection messages.
Resolved an issue when a wireless client was previously connected to an SSID (WebAAA, last-resort), then switched to a new bonded auth SSID, the machine auth phase was skipped.
Page: 9 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
Firmware Release 5.0.11.4:
Resolved an issue when rebooting the RBT switch via th e CLI command ―reset system‖ does not generate a
'warm start' SNMP. Instead, a 'cold start' trap is sent.
Resolved an issue when clients who authenticated to a switch with a low bias DAP moved to the high bias switch when the switch became available.
Resolved an issue where using the same port for SSH and Telnet access caused the RBT switch to reboot.
Resolved an issue where setting ports as a port group, then changing one port to wired-auth type, caused the
RBT switch to become unresponsive.
When downgrading from 5.0 to 4.1 (and earlier releases), changes may be required in the 4.1 configuration if the 5.0 configuration had a service profile with last-resort or web-portal access. Specifically, an authentication access rule must be added for last-resort users and the correct VLAN (and other attributes) may need to be set for the last-resort-<ssid>, web-portal-<ssid> special users. Earlier 4.2 versions contain a script that sets the special user attributes and the last-resort access rule on downgrade from 5.0. It is highly recommended in any case to back up the 4.x configuration before upgrading to 5.0.
Resolved an issue where using the ―monitor port counter receive-errors‖ command displays statistics in wrong order.
Firmware Release 5.0.10.3:
Resolved an issue with the RBT-4102 not coming back online if connected to a non-PoE switch and power or reset cycle was initiated to on host RBT-8xxx controller switch.
Based upon the previous resolution, the thin DAP boot-loader number has been incremented, so the new bootloader code will be automatically downloaded to the DAP.
Resolved an issue where the Client MAC address was not flushed from the FDB after a DAP disconnect.
Resolved an issue where corrupted TAPA packets from configured DAPs were causing the RBT switch to core crash.
Resolved an issue where a DAP is broadcasting a DHCP request to every IP address renewal. If two DHCP servers are on the same segment this could cause a different DHCP server to send a DHCP response. When this happens it will reboot the DAP even if it already received a DHCP acknowledgement from the correct DHCP server (which was used previously).
Resolved an issue where the RBT switch generated excessive ROGUE_AP_ALERT:rfslave_handle_packet messages, possibly affecting the DAPs to run countermeasures.
Resolved an issue with multiple core crashes on RBT switches with ―ASSERT‖ errors and DAP loss due to increased traffic spikes in the network.
Firmware Release 5.0.9.3:
Resolved an issue for a performance problem with one of the encryption methods used in the supported access points. Due to a change to the Atheros radio driver code, the WPA/TKIP protocol was executed in software instead of in hardware. This led to a reduction in throughput of approximately 33% for that encryption type. This problem also brought with it a chance of CPU over utilization that could lead to the access point rebooting while under heavy WPA/TKIP traffic load.
Resolved an issue where connection loss occurred between the Intel 3945 Internal Wireless NIC and the nonbroadcasting SSID from the RoamAbout Switch system.
Resolved an issue where the RBT switch reported a ―DAP: Recv Seq Cntr Failure‖ error message from clients using WPA-TKIP authentication, causing some clients to lose wireless connections to the network.
Firmware Release 5.0.9.2:
Added support for the RBT-8210. This RBT switch, along with the current RBT-8200, will be known as the RBT-
82x0 family.
Resolved an issue where DAPs would reset with an ASSERT error, due to traffic spikes in the network.
Resolved an issue where the RBT-1002-EU would crash with an ASSERT error after an image download.
Resolved an issue where a custom web page was not displayed after the client successfully authenticated against the Access Point.
Resolved an issue where blank DNS and IP Router Fields in WebView resulted in a WebView IP Services error.
Resolved an issue where VLAN ports could not be selected in WebView.
Page: 10 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
Firmware Release 5.0.9.2:
Resolved an issue where the RBT switch would core dump after querying the rbtwsSysDataObjects MIB branch.
Resolved an issue where the RBT-4102-EU and the RBT-1002-EU were not supported in the country code
Hong Kong.
Resolved an issue when the RBT switch would report an SSL error or System communication errors after generating a certificate signing request via WebView.
Resolved an issue when the current RBT switch configuration was not cleared after using the Quickstart feature via WebView.
Resolved an issue where clients using a Macbook Pro could not connect to the RBT switches.
Resolved an issue where the Web portal login screen would not propagate to the client after a successful authentication
Resolved an issue where one RBT switch configured for DAP load balancing and redundancy with a second
RBT switch continually reset after losing contact with configured DAPs.
Resolved an issue where the sixth (or more) DAP would crash using the Quickstart feature.
Resolved an issue when the switch received an ARP packet with a source address of all zero‘s, it would cause a tunnel crash.
Firmware Release 5.0.6.1:
Added support for the TRPZ-MXR-2 switch.
Resolved an issue where the DAP Operational Power was showing a N/A value for the country code Argentina.
Resolved an issue where an error message reading ―EAP_STORE_ERR‖ would appear on the CLI console of the RBT-8110.
Resolved an issue where extra characters were added to the banner MOTD after a firmware upgrade on the
RBT switch.
Fixed an issue where a possible unicast flood condition could occur with redundant RBT-8400 switches.
Firmware Release 4.2.5.1:
Static IP configuration for DAPs – These settings are only available through the CLI interface on the switch. The user now can set a static IP address, RBT switch name or RBT switch address, and VLAN on the Access
Points. These settings are persistent on the RBT-1602 and the RBT-1002 Access Points only for the current
4.2.5.1 firmware.
Resolved an issue where the RBT-4102 and the RBT3K-AG would not boot due to an RSA fingerprint match failure.
Resolved an issue with the WPA sequence number used to help sync up the per-packet keys between the Intel
3945 A/B/G chipsets and any Access Point in the RBT switch system. Clients would authenticate successfully against the RADIUS server, but not have any connectivity to the network.
Resolved an issue where extra carriage returns in the banner MOTD would cause the RBT switch to fail an upgrade and constantly reboot.
Resolved an issue where the RBT-8400 would core crash and lose part of the active configuration upon upgrade.
Resolved an issue where t he RBT switch core crashed after cutting and pasting a ―set port group‖ CLI command.
Resolved an issue where the Quickstart configuration helper was automatically creating an admin password.
Fixed the length of the CLI entry for the mobility domain name from 16 to 32 characters.
Resolved a CLI command issue where the CLI would lock up after rapidly entering a ―show load‖ command (3-5 times within 5-10 seconds).
Resolved an issue where ―set dap‖ commands would not return a ―succeed: changes accepted‖ notification.
Resolved an issue where a switch reset with multiple core files after a system upgrade. Core resets were attributed to the enabling of rogue detection in the fabric.
Page: 11 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
Firmware Release 4.1.11.0:
Added support for the following countries in the RBT-4102-EU and RBT-1002-EU AP models: (NOTE: Check the regulatory requirements or local Enterasys personnel to insure that the product is certified in your country.)
AU AUSTRALIA VN VIETNAM
CN CHINA EG EGYPT
IN
JP
INDIA
JAPAN (W52/W53)
KW KUWAIT
IL ISRAEL
KR KOREA, REPUBLIC OF SA
MY MALAYSIA AE
SAUDI ARABIA
UNITED ARAB EMIRATES
NZ NEW ZEALAND
PH PHILIPPINES
SG SINGAPORE
TW TAIWAN
AR
BR
VE
ZA
ARGENTINA
BRAZIL
VENEZUELA
SOUTH AFRICA
TH THAILAND
Added support for the RBT-4102 North American Access Point.
Resolved an issue where RBT-1602s would reset every 18 hours and report a fingerprint mismatch error.
Resolved an issue where the RBT-1602 would report a power level outside its regulatory limits, causing a configuration mismatch.
Resolved an issue where the RBT-1002 DAPs would not boot up due to a switch and homologation configuration download timing issue (switch DAP configuration would get pushed down before the homologation information had finished processing).
Resolved an issue where WPA2 clients roaming through the mobility domain would resend their RADIUS authentication information, forcing a re-association.
Resolved an issue where the RBT-8100 would core dump after processing a serial debug command.
Resolved an issue where the RBT-8400 eeprom (nvram) settings were corrupted after code upgrade.
RBT-1602 Access Point.
Firmware Release 4.1.5.0:
The AP1102 and AP1102-EU names have been changed to RBT-4102 and RBT-4102-EU. If you are installing this code onto pre-existing RBT-4102-EU models (with 4.1.4.0 firmware), then please refer to the RoamAbout
Switch Manager (RASM) 4.1.5 Release Notes for complete instructions to upgrade your AP correctly.
Resolved an issue where the DAPs were not responding to the bias settings correctly for AP redundancy.
Firmware Release 4.1.4.0:
Added support for the RBT-8200 RAS, and the RBT-1002-EU and RBT-4102-EU Access Points.
Resolved an issue where the RBT-8100 would crash after a dot1x authentication using MSCHAPv2.
Resolved an open issue dealing with the configuration and operation of Third-Party APs.
Resolved an issue where the Called-Station-ID RADIUS attribute was not returning from the RoamAbout
Switches.
Resolved an issue where the RBT-8100 Ethernet ports could be enabled for PoE (ETS only supports Distributed
Access Points, and while the directly connected access point configuration will work, it is not a supported configuration).
Resolved a tunnel:core dump issue which occurred after issuing a reset DAP command.
Resolved a DNS memory issue when the DNS functionality was disabled and the RBT-8100 auto-configuration was enabled.
Page: 12 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
Firmware Release 4.0.21.0:
Resolved an issue where ACLs were not properly assigned to users due to the incorrect parsing of the
Enterasys filter ID string (Enterasys:version=1:policy=<policy name>) returned from a RADIUS server.
The default MAC authentication RADIUS password has been changed from ‗nopassword‘ to ‗NOPASSWORD‘.
Firmware Release 4.0.20.0:
Added support for the RBT-1602 Access Point.
Increased the limit of local mac authenticated users from 75 to 2400 (this fix was originally listed in the 4.0.18.0
Firmware Release section, but the implementation did not occur until this 4.0.20.0 release).
Resolved the issue where a WebAAA user would not be redirected to a web page if the proxy setting were enabled.
Firmware Release 4.0.18.0:
MTU for Tunneled traffic was too long — Previous versions of MSS required an IP Path MTU (PMTU) of
1484 bytes for tunneled traffic, and used a non-standard implementation of IP Fragmentation to transport IP datagrams larger than that PMTU. Because of the non-standard fragmentation, tunnel IP datagrams could be dropped by devices attempting to validate packets for proper formatting. The current MSS version fixes this issue. IP Fragmentation is supported in accordance with RFC 2003. This change allows third-party devices in the communication path to validate properly fragmented tunnel IP datagrams. In addition, the maximum packet size is smaller. In the current MSS version, the PMTU requirement has been reduced to 1384 bytes, to allow devices along the communication path to encapsulate further the tunnel packets without introducing additional fragmentation.
Resolved an issue where associated clients (to clear SSID) could access WebView and changing system configurations.
Firmware Release 4.0.16.0:
Added support for the RBT-8400 RAS and the RBT-1002 Access Point.
Resolved an issue where MAC addresses would be dropped from the Filter Database without the session timing out (fdb hashing error in the database).
Resolved an issue where the RBT-8100 would have a core dump after trying to save a configuration file with a name longer than 16 characters.
Resolved an issue where a user would not get a DHCP address using WebAAA and the internal DHCP server on the RBT-8100.
Resolved the password recovery method, where the ―Esc‖ prompt during the RBT-8100 boot-up cycle appeared too late in the boot-up cycle.
Resolved an issue where the Service Profile would only allow a 16-character name.
Firmware Release 4.0.7.0:
Resolved an issue where Distributed APs would reset across a routed network.
Resolved an issue with RBT-8100 port auto-negotiation.
Resolved an issue when an RBT-8100 would display the wrong prompt values after clearing the system configuration.
Firmware Release 4.0.4.0:
Initial Release for the RBT-8100 RAS and the RBT3K-AG Access Point in thin mode.
You should check our web site on a regular basis for updates at http://www.enterasys.com/products/wireless/ .
Page: 13 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
KNOWN RESTRICTIONS AND LIMITATIONS:
Firmware Release 6.0.4.4:
Upgrading to RBT switch Version 6.0 and Certificate Issue: Customers may experience issues with Certificates or Private keys installed on RBT switches after upgrading to newer 5.0 and 6.0 releases. Error messages relating to this issue may include the following:
- HTTPD Aug 14 16:32:13.648823 ERROR HTTPD: SSL connection failure (bad cert?);
- Admin client 145.36.245.51 EAP Aug 14 16:32:14.110502 ERROR EAP_STORE_ERR: No EAP key pair.
Cannot do PEAP
Affected services may include SSH, Web-portal, PEAP-offload, WebView, and RASM administrative access and/or Domain Security.
You can prevent this issue by generating new private keys and any related Certificates prior to upgrading to a newer version of the RBT switch. Third party Certificates should be exempt from this issue provided a new private key was explicitly generated before the CSR request generation. If you are unsure, whether a new private key was generated before the initial CSR, the best course of action may be to request a replacement certificate from your provider using a new private key.
Customers that encounter this issue can follow the same process to restore normal operation. Details on generating private keys, self-signed Certificates and certificate requests can be found in the Enterasys
RoamAbout Mobility System Software Configuration Guide.
There is an open issue where clients connected to the network using an Intel 2100 wireless network card may be disconnected from the network during large file transfers.
The 6.0.4.4 release only supports 16 ACL rules (ACEs) per ACL, total of inbound and outbound, to be mapped to the user if the AP has Direct Path Forwarding (Local Switching) enabled. There can be more than one ACL, with 16 ACEs, applied to multiple users on the AP. If an ACL with 17 or more rules is mapped to the user with
Local Switching enabled, the users in the network will not connect or authenticate to that wireless network.
Enterasys Networks recommends creating separate ACL profiles to be used for those users who are authenticated into the Local Switching VLAN profile.
There is an open issue where the Access Point strips off the VLAN header from a tagged packet before the
Tunnel encapsulation from the AP to the RBT switch. This occurs with Direct Path Forwarding (Local Switching) enabled on the Access Point.
There is an open endian issue where an ICMP ACL rule (ACE), with either the source or destination IP address fields and masks configured, will not get applied to an authenticated user with Direct Path Forwarding (Local
Switching) enabled. The workaround is to set the rule to any IP address.
The set ap <apnum> boot-configuration switch switch-ip cannot be set at the same time as set ap <apnum> boot-configuration switch name <switch-name> dns <ip addr>. The commands overwrite each other when used.
The Web-portal ACL does not work on IPv6 traffic. IPv6 clients are not able to authenticate using Web Portal unless the clients also run IPv4. This issue affects Web-Portal authentication only. The other authentication types (802.1X, MAC, and Last Resort) can be used with IPv6 clients.
The LED radio designation for the RBT-4102-thin is not the same as the RBT-4102 in a standalone mode. In the thin mode, the LED labeled ―1‖ should be associated with the B/G band, and LED ―2‖ is associated with the
―A‖ radio band.
In the RBT switch User Guides and Configuration manuals, the syntax for the ‗set dap boot-ip‘, ‗set dap bootswitch‘, and ‗set dap boot-vlan‘ commands is incorrect. The actual commands in the RBT switch firmware version 5.0 are ‗set dap boot-configuration ip‘, ‗set dap boot-configuration switch‘, and ‗set dap bootconfiguration vlan‘. In 6.0.x.x, these commands are ‗set ap boot-configuration ip‘, ‗set ap boot-configuration switch‘, and ‗set ap boot-configuration vlan‘.
At the time of this release, there is an open LED issue with the RBT-82x0 switches, where both ports could show an incorrect connection status after a device reboot when there is no cable attached. This does not affect the performance for either port in any way.
Page: 14 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
Firmware Release 6.0.4.4:
Router redundancy protocol on intermediary devices between RBT-8xx0 switches in a Mobility Domain can interfere with communication among the switches. The workaround to this issue is to set the FDB timer (default
300 seconds) and the ARP timer (default 1200 seconds) to the same values on the RBT switches. Enterasys
Networks recommends using 300 seconds as the value for both timers.
Mixing Autonegotiation with full-duplex mode on a link causes slow throughput and can cause an RBT-8xx0 port to stop forwarding. The slow throughput occurs because the side that is configured for autonegotiation falls back to half-duplex. A stream of large packets sent to an RBT-8xx0 port in such a configuration can cause forwarding on the link to stop.
The RBT switch allows ** to be specified as a MAC address glob, but this is invalid for MAC globs.
There is an open issue when deploying the command ―set port disable 1‖ does not disable the port on the RBT-
8100.
The RBT-8400 mishandles fragmented packets from the XSR router due to a limitation in the network processor.
Clients using the RBTBG/RBTBJ wireless client card with the RBTBX-PC wireless PCI NIC adapter have experienced extended periods of traffic loss (up to 33% ping loss over a ten-minute time span).
The external antenna names for the RBT-1602 AP have not been converted to the Enterasys specific naming
for an RBT-1602 Access Point.
If a location policy (ACL) is added to an SSID that is using Web Authentication, the preconfigured portal ACL will be overwritten and fail to load the logon page. It is strongly recommended not to adjust settings on the preconfigured web portal ACL.
Disabling the dot1x authcontrol function may cause authentication issues. This is a global setting, reaching many portions of the authentication code. It should remain enabled at all times unless specifically directed to disable it. This does NOT turn on dot1x on any of the SSIDs.
ACL names can contain special characters (/,\,-,_), but they cannot contain spaces. ACL names must also begin with a letter and not a number.
Due to a hardware limitation for the RBT3K, the lowest achievable power setting is 10 dB (lowest setting).
The RBT-8400 4 front panel ports are 1Gb ports copper or fiber (default) only.
The unmanaged RBT3K (fat-AP) may encounter conversion upgrade issues to managed mode (thin-AP) across a routed network.
A single "*" used for User Glob does not work when using TLS.
WEP keys cannot be entered in ASCII format. HEX format is currently the only supported input.
The RBT-1002 does not support the automatic generation of RSA values (fingerprints). The dynamic creation of the fingerprint occurs on Access Points that are ‗fat-to-thin‘ conversion types.
Tech Tip for Choosing External Antenna Types for the RBT-1602
When you select an antenna type for the RBT-1602, the menu choices displayed are listed in the left-hand column in the table below. Use the antenna part numbers listed the right-hand column to identify the correct menu choice.
RASM/RBT Antenna Choice: Enterasys Antenna Part Number:
ANT1060
ANT1120
ANT1180
ANT5060
RBTES-BG-S1060
RBTES-BG-S07120
RBTES-BG-S06180
RBTES-AW-S1460
ANT5120
ANT5180
RBTES-AW-S12120
RBTES-AW-S10180
For the most up-to-date information concerning known issues, go to the Global Knowledgebase section at http://www.enterasys.com/support/ . To report an issue not listed in this document or in the Global
Knowledgebase, contact our Technical Support Staff.
Page: 15 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
Tech Tip for the Channel availability for the new DFS2 model Access Points
DFS2 compliant Access Points support fewer channels than non-DFS2 compliant Access points. The following tables list the available channels for Access Points.
Pre DFS2 regulations: 13 Channels supported. Support includes all APs that do not have the AP ID of ―C‖ designation.
FREQUENCY RANGE in GHz # of CHANNELS CHANNELS
4 36,40,44,48 5.15 - 5.25 INDOOR ONLY
50mW
5.25 - 5.35
5.725 – 5.825
4
5
52,56,60,64
149, 153, 157, 161,165
DFS2 compliant regulations: Enterasys supports the following channels on any APxxxx designated with an AP
ID ―C.‖ There are nine (9) total channels supported, and the DFS2 channels have been disabled.
FREQUENCY RANGE in GHz # of CHANNELS CHANNELS
5.15 - 5.25 INDOOR ONLY
50mW
5.725 – 5.825
4
5
36,40,44,48
149, 153, 157, 161,165
IETF STANDARDS PROTOCOL SUPPORT:
Groups
Supported RFC No. / Title
Security and AAA RFC 2246
RFC 2284
RFC 2315
RFC 2548
RFC 2716
RFC 2759
RFC 2865
RFC 2866
RFC 2868
RFC 2869
RFC 2986
RFC 3580
RFC 3546 draft-josefsson-pppext-eap-tls-eap draft-kamath-pppext-peapv0-00.txt draft-kamath-pppext-eap-mschapv2
Description
Transport Layer Security (TLS)
EAP
PKCS #7: Cryptographic Message Syntax
Version 1.5
Microsoft RADIUS VSAs
PPP EAP-TLS Authentication Protocol
Microsoft PPP CHAP Extensions, Version 2
RADIUS Authentication
RADIUS Accounting
RADIUS Attributes for Tunnel Protocol Support
RADIUS Extensions
PKCS #10: Certification Request Syntax
Specification Version 1.7
IEEE 802.1X RADIUS Guidelines
Transport Layer Security (TLS) Extensions
Protected EAP Protocol (PEAP)
IEEE
CHAP extensions v2
IEEE Std 802.1X-2001
IEEE Std 802.11i
IEEE Std 802.11h
Microsoft PEAP
Microsoft EAP
Port-Based Network Access Control
Enhanced Security for 802.11 Wireless
Networks Based on AES
Subject to Change Without Notice Page: 16 of 21 10/17/07 P/N: 9038177-17
F0615-O
CUSTOMER RELEASE NOTES
Groups
Supported
Encryption
General
IP Multicast
Quality of Service
RFC No. / Title
IEEE Std 802.11d
WEP and TKIP: RC4 40-bit and 104-bit
SSL and TLS: RC4 128-bit and
RSA 1024-bit and 2048-bit
Description
CCMP: AES 128-bit (FIPS-197)
RFC 1122 Host Requirements
RFC 1393 Traceroute
RFC 1519 CIDR
RFC 1591 DNS (client)
RFC 1769 SNTP
RFC 768 UDP
RFC 783 TFTP
RFC 791 IP
RFC 792 ICMP
RFC 793 TCP
RFC 826 ARP
IEEE 802.1D Spanning Tree
IEEE 802.1Q VLAN Tagging
IEEE 802.3ad (Static Config)
RFC 1112 IGMPv1
RFC 2236 IGMPv2 draft-ietf-idmr-igmp-mrdisc-09.txt draft-ietf-magma-snoop-05.txt
RFC 2472 DiffServ Precedence
RFC 2597 DiffServ Assured Forwarding
RFC 2598 DiffServ Expedited
Forwarding
STANDARD MIB SUPPORT:
NOTE: MIB support for the RoamAbout System is for monitoring only.
RFC No:
RFC 1213
RFC 2863
RFC 1493
RFC 2674
RFC 2620
RFC 2618
RFC 3418
Title:
RFC1213-MIB
IF-MIB
BRIDGE-MIB
Q-BRIDGE-MIB
RADIUS-ACC-CLIENT-MIB
RADIUS-AUTH-CLIENT-MIB
SNMPv2-MIB
Page: 17 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
ENTERASYS NETWORKS PRIVATE ENTERPRISE MIB SUPPORT:
Title: rbtws-system-mib rbtws-trap-mib rbtws-root-mib rbtws-port-mib rbtws-info-rf-detect-mib rbtws-external-server-mib
Title: rbtws-basic-mib rbtws-ap-tc rbtws-ap-status rbtws-registration-mib rbtws-client-session-mib rbtws-client-session-tc
RADIUS STANDARD AND EXTENDED ATTRIBUTES SUPPORT:
For more information on the supported RADIUS attributes, please refer to the appendix entitled ―Supported
RADIUS Attributes ‖ in the Mobility System Software Configuration Guide.
For more information on assigning authorization attributes, please refer to the chapter entitled ―Configuring
AAA for Network Users‖ in the Mobility System Software Configuration Guide.
RADIUS Authentication and Authorization Attributes
Attribute:
Called-Station-Id
RFC Source:
RFC2865, RFC3580
Calling-Station-Id
CHAP-Password
Class
Event-Timestamp
RFC2865, RFC3580
RFC2865
RFC2865
RFC2869
Filter-Id
NAS-Identifier
NAS-IP-Address
NAS-Port-Id
Reply-Message
Service-Type
Session-Timeout
State
RFC2865, RFC3580
RFC2865, RFC3580
RFC2865, RFC3580
RFC2865, RFC3580
RFC2865
RFC2865, RFC3580
RFC2865, RFC3580
RFC2865
Tunnel-Private-Group-ID
User-Name
User-Password
Vendor-Specific
RFC3580
RFC2865, RFC3580
RFC2865
See table below
RADIUS Accounting Attributes
Attribute:
Acct-Authentic
RFC Source:
Acct-Delay-Time
Acct-Input-Gigawords
Acct-Input-Octets
Acct-Input-Packets
Acct-Multi-Session-Id
Acct-Output-Gigawords
Acct-Output-Octets
Acct-Output-Packets
Acct-Session-Id
RFC2866
RFC2866
RFC2866
RFC2866
RFC2866
RFC2866
RFC2866
RFC2866
RFC2866
RFC2866
Subject to Change Without Notice Page: 18 of 21 10/17/07 P/N: 9038177-17
F0615-O
RFC2866
RFC2866
CUSTOMER RELEASE NOTES
RFC Source: Attribute:
Acct-Session-Time
Acct-Status-Type
Vendor Specific Attributes
Attribute:
VLAN-Name
Mobility-Profile
Encryption-Type
Time-Of-Day
SSID
End-Date
Start-Date
URL
SNMP TRAP SUPPORT:
SNMP Trap
APBootTraps
APTimeoutTraps
AuthenTraps
AutoTuneRadioChannelChangeTraps
AutoTuneRadioPowerChangeTraps
ClientAssociationFailureTraps
ClientAuthorizationSuccessTraps
ClientAuthenticationFailureTraps
ClientAuthorizationFailureTraps
ClientClearedTraps
ClientDeAssociationTraps
ClientDot1xFailureTraps
ClientRoamingTraps
CounterMeasureStartTraps
CounterMeasureStopTraps
DAPConnectWarningTraps
DeviceFailTraps
DeviceOkayTraps
LinkDownTraps
LinkUpTraps
10/17/07 P/N: 9038177-17
F0615-O
Type, Vendor ID, Vendor Type :
26, 14525, 1
26, 14525, 2
26, 14525, 3
26, 14525, 4
26, 14525, 5
26, 14525, 6
26, 14525, 7
26, 14525, 8
Description
Generated when an access point boots.
Generated when an access point fails to respond to the
RoamAbout Switch.
Generated when the RoamAbout S witch‘s SNMP engine receives a bad community string.
Generated when the RF Auto-Tuning feature changes the channel on a radio.
Generated when the RF Auto-Tuning feature changes the power setting on a radio.
Generated when a client‘s attempt to associate with a radio fails.
Generated when a client is successfully authorized.
Generated when authentication fails for a client.
Generated when authorization fails for a client.
Generated when a client‘s session is cleared.
Generated when a client is dissociated from a radio.
Generated when a client experiences an 802.1X failure.
Generated when a client roams.
Generated when MSS begins countermeasures against a rogue access point.
Generated when MSS stops countermeasures against a rogue access point.
Generated when an AP whose fingerprint has not been configured in MSS establishes a management session with the switch.
Generated when an event with an Alert severity occurs.
Generated when a device returns to its normal state.
Generated when the link is lost on a port.
Generated when the link is detected on a port.
Page: 19 of 21 Subject to Change Without Notice
SNMP Trap
MichaelMICFailureTraps
MobilityDomainJoinTraps
MobilityDomainTimeoutTraps
CUSTOMER RELEASE NOTES
Description
Generated when two Michael message integrity code (MIC) failures occur within 60 seconds, triggering Wi-Fi Protected
Access (WPA) countermeasures.
Generated when the RoamAbout Switch is initially able to contact a mobility domain seed member, or can contact the seed member after a timeout.
Generated when a timeout occurs after a RoamAbout Switch has unsuccessfully tried to communicate with a seed member.
PoEFailTraps Generated when a serious PoE problem, such as a short circuit, occurs.
RFDetectAdhocUserTraps
RFDetectRogueAPTraps
RFDetectRogueDisappearTraps
Generated when MSS detects an ad-hoc user.
Generated when MSS detects a rogue access point.
Generated when a rogue access point is no longer being detected.
RFDetectClientViaRogueWiredAPTraps
RFDetectDoSPortTraps
RFDetectDoSTraps
RFDetectUnAuthorizedOuiTraps
RFDetectUnAuthorizedSsidTraps
ApNonOperStatusTraps
ApOperRadioStatusTraps
Generated when MSS detects, on the wired part of the network, the MAC address of a wireless client associated with a third-party
AP.
Generated when MSS detects an associate request flood, reassociate request flood, or disassociate request flood.
Generated when MSS detects a DoS attack other than an associate request flood, reassociate request flood, or disassociate request flood.
Generated when an interfering device is detected. RFDetectInterferingRogueAPTraps
RFDetectInterferingRogueDisappearTraps Generated when an interfering device is no longer detected.
RFDetectSpoofedMacAPTraps Generated when MSS detects a wireless packet with the source
MAC address of an Enterasys AP, but without the spoofed AP‘s signature (fingerprint).
RFDetectSpoofedSsidAPTraps Generated when MSS detects beacon frames for a valid SSID, but sent by a rogue AP.
RFDetectUnAuthorizedAPTraps Generated when MSS detects the MAC address of an AP that is on the attack list.
Generated when a wireless device that is not on the list of permitted vendors is detected.
Generated when an SSID that is not on the permitted SSID list is detected.
Generated to indicate an MP radio is nonoperational.
Generated when the status of an MP radio changes.
Page: 20 of 21 10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
GLOBAL SUPPORT:
By Phone: 978-684-1000
1-800-872-8440 (toll-free in U.S. and Canada)
For the Enterasys Networks Support toll-free number in your country: http://www.enterasys.com/support/
By Email: [email protected]
By Web: http://www.enterasys.com/support/
By Fax: 978-684-1499
By Mail: Enterasys Networks, Inc.
50 Minuteman Road
Andover, MA 01810 (USA)
For information regarding the latest software available, recent release note revisions, or if you require additional assistance, please visit the Enterasys Networks Support web site.
10/17/07 P/N: 9038177-17
F0615-O
Subject to Change Without Notice Page: 21 of 21
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement