Westermo RedFox-5528-F16G-T12G-HV Firmware

Type
Firmware
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
WeOS 5.15.1
Release Notes
Contents
1 SummaryofChanges.................................... 5
1.1 Newsin5.15.0...................................... 5
1.1.1 NewLinuxKernel ................................. 5
1.1.2 New Product Platform (Envoy) . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1.3 Dagger Platform Support Temporarily Excluded . . . . . . . . . . . . . . . . . . 5
1.1.4 FRNTv2Supported................................. 5
1.1.5 IEEE 802.1X and MAC Authentication Supported . . . . . . . . . . . . . . . . 6
1.1.6 Updates to WESTERMO-EVENT-MIB and Alarm Traps . . . . . . . . . . . . . 7
1.1.7 Updated IGMP Snooping Behaviour and Settings . . . . . . . . . . . . . . . . . 7
1.1.8 Updates to Static FDB Filter Commands . . . . . . . . . . . . . . . . . . . . . . 7
1.1.9 Flood to CPU Setting Removed . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.1.10 Changes in PoE Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.1.11 Increased Number of VRRP Instances and Synchronization Groups . . . . . . . 9
1.1.12 New Bootloader Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.1.13 IEC 61375 Not Recommended With WeOS 5.15.0 . . . . . . . . . . . . . . . . 9
1.1.14 RiCo Support Temporarily Removed . . . . . . . . . . . . . . . . . . . . . . . . 9
1.1.15 Energy Efficient Ethernet (EEE) disabled . . . . . . . . . . . . . . . . . . . . . 10
1.2 Newsin5.15.1...................................... 10
1.2.1 Dagger Platform Support Included . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.2.2 New Default Bootloader for Dagger and Coronet Products . . . . . . . . . . . . 10
1.2.3 IEC 61375 Train Protocol Support Included . . . . . . . . . . . . . . . . . . . . 10
1.2.4 Updated FRNT Alarm Trigger and Trap support . . . . . . . . . . . . . . . . . . 11
1.2.5 Improved LED Support and Documentation . . . . . . . . . . . . . . . . . . . . 11
1.2.6 IEEE 802.1X and MAC Authentication Updates . . . . . . . . . . . . . . . . . . 12
1.2.7 Listen Setting for NTP Server Reintroduced . . . . . . . . . . . . . . . . . . . . 12
2 FixedIssues......................................... 13
2.1 WeOS5.15.0....................................... 13
2.2 WeOS5.15.1....................................... 15
Copyright © 2023 Westermo Network Technologies AB 1
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
3 KnownLimitations..................................... 17
3.1 PortAccessControl ................................... 17
3.2 Login........................................... 17
3.3 SettingDateManually.................................. 17
3.4 Available ports for boot specific functionality . . . . . . . . . . . . . . . . . . . . . . 17
3.5 Routing Hardware Offloading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.6 SNMP .......................................... 18
3.7 FRNT .......................................... 18
3.8 RSTP........................................... 18
3.9 IEC61375 ........................................ 19
3.10LLDP........................................... 19
3.11PortMonitoring ..................................... 20
3.12 Media Redundancy Protocol (MRP) . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.1310GSFPPorts...................................... 20
3.14 Search function in User Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4 KnownIssues........................................ 22
4.1 Listofknownissues................................... 22
4.2 #18163: Work-around for OSPF NSSAs convergence issue . . . . . . . . . . . . . . 23
5 QuickStartGuide...................................... 24
5.1 Default User and Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.2 General.......................................... 24
5.3 CLI............................................ 25
6 FirmwareUpgrade ..................................... 27
6.1 WeOSImage....................................... 27
6.2 BootLoader ....................................... 27
7 Significant differences between WeOS 4 and WeOS 5 . . . . . . . . . . . . . . . . . . . 28
2 Copyright © 2023 Westermo Network Technologies AB
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
Legal Information
The contents of this document are provided “as is”. Except as required by applicable law, no war-
ranties of any kind, either express or implied, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose, are made in relation to the accuracy and reliability
or contents of this document. Westermo reserves the right to revise this document or withdraw it at
any time without prior notice. Under no circumstances shall Westermo be responsible for any loss of
data or income or any special, incidental, and consequential or indirect damages howsoever caused.
More information about Westermo at http://www.westermo.com
Copyright © 2023 Westermo Network Technologies AB 3
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
Important User Information
This section details important user information, directed in particular to new users of WeOS 5:
WeOS 5.15.1 has been interoperability tested with WeOS 4.32.5.
When using WeConfig to manage WeOS 5.15, WeConfig 1.17.2, or later is recommended.
For help with getting started using WeOS 5, refer to the Quick Start Guide in section 5.
User Guide
In WeOS 5, the primary user documentation is referred to as the WeOS 5 User Guide. Compared
to the WeOS 4 Management Guide, the User Guide is a web first publication focusing on use-cases,
documented in stand-alone “HowTo:s”, and configuration guides for all supported sub-systems.
The User Guide is included in the release Zip file in the sub-directory: user-guide/. To access the
documentation, open the following file in your web browser:
file://Downloads/WeOS-5.15.1/user-guide/index.html
The User Guide is also available online at https://docs.westermo.com/weos/weos-5/.
4 Copyright © 2023 Westermo Network Technologies AB
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
1 Summary of Changes
This section details new features added in this major release.
Users new to WeOS 5 are recommended to read section 7 carefully, as it high-lights some of the major
differences between WeOS 4 and WeOS 5.
1.1 News in 5.15.0
The subsections below describe news in WeOS 5.15.0. In addition, section 2.1 includes information
on fixed issues.
1.1.1 New Linux Kernel
The kernel used by WeOS has been upgraded from Linux 4.19 to Linux 5.17. By basing WeOS on a
newer kernel, WeOS can utilise advances in Linux services and hardware support. An example is the
product platform (Envoy), which is enabled by the new kernel.
The kernel upgrade has implied substantial adaptions in WeOS and in its hardware abstraction layer.
Some services have not been fully migrated, see sections 1.1.13 (IEC 61375) and 1.1.14 (RiCo) for
more information. Furthermore, products based on the Dagger platform are excluded in WeOS 5.15.0,
see section 1.1.3. (Support for Dagger products is included in 5.15.1 and onward, see section 1.2.1.)
1.1.2 New Product Platform (Envoy)
WeOS 5.15.0 is the first release with products based on the Envoy platform, starting with the Lynx-3500
series. Detailed information about product launches is handled through the regular Westermo sales
channels.
1.1.3 Dagger Platform Support Temporarily Excluded
Support for the Dagger products (RedFox-5700/7500 and Lynx-5500/5600 series) is not included in
5.15.0. Note: Dagger support is included in 5.15.1 and onward, see section 1.2.1.
1.1.4 FRNTv2 Supported
FRNTv2 was first introduced in WeOS 4.28, and is now also supported on WeOS 5! With FRNTv2,
advanced ring and sub-ring layer-2 topologies can be created. The example below creates an FRNTv2
instance as focal point with ring ports eth1 and eth2.
example:/#> config
example:/config/#> frnt 1
example:/config/frnt-1/#> version 2
example:/config/frnt-1/#> port eth1
Copyright © 2023 Westermo Network Technologies AB 5
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
example:/config/frnt-1/port-eth1/#> end
example:/config/frnt-1/#> port eth2
example:/config/frnt-1/port-eth2/#> end
example:/config/frnt-1/#> show
FRNT version : 2
Ring ID : 1
Mode : Focal Point
Guarded-recovery : Enabled
Ring-interval : 500 ms
Blocking-port : eth1
Port : eth1
hello-time : 500 ms
Port : eth2
hello-time : 500 ms
example:/config/frnt-1/#> leave
example:/#>
For more information on configuring FRNT, see the WeOS User Guide section Configuration Guides
Bridging/Switching FRNT.
1.1.5 IEEE 802.1X and MAC Authentication Supported
WeOS 5.15.0 includes support for port access control with IEEE 802.1X and MAC authentication.
A WeOS unit can act as IEEE 802.1X authenticator, relaying EAP exchanges between connecting
hosts (supplicants) and a backend RADIUS server. For MAC Authentication, WeOS can keep a local
whitelist of MAC addresses to grant access, or let a backend RADIUS server authorise the MAC
addresses. The latter is referred to MAC Authentication Bypass (MAB).
The example below shows how to configure WeOS to act as IEEE 802.1X authenticator on ports
eth1-eth4, with a RADIUS authentication server at address 10.0.1.5.
example:/#> config
example:/config/#> aaa
example:/config/aaa/#> remote-server 1
example:/config/aaa/remote-server-1/#> address 10.0.1.5
example:/config/aaa/remote-server-1/#> password MySecr3t
example:/config/aaa/remote-server-1/#> end
example:/config/aaa/#> end
example:/config/#> port-access
example:/config/port-access/#> port eth1..eth4
example:/config/port-access/#> dot1x
example:/config/port-access/dot1x/#> authentication-server 1
example:/config/port-access/dot1x/#> leave
example:/#>
For more information on configuring port access control, see the WeOS User Guide section Configu-
6 Copyright © 2023 Westermo Network Technologies AB
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
ration Guides Bridging/Switching 802.1X & MAC-Auth.
1.1.6 Updates to WESTERMO-EVENT-MIB and Alarm Traps
The WESTERMO-EVENT-MIB includes status information on alarm triggers and SNMP trap defini-
tions of alarm triggers. The MIB has been modified significantly to include more status information
and more informative and coherent alarm trap definitions. In addition, trap support for MRP and FRNT
is now included via a common “ring traps” (ringNotificationOK och ringNotificationWarning).
For detailed information on changes, see the REVISION information in the WESTERMO-EVENT-
MIB file included in the release zip.
1.1.7 Updated IGMP Snooping Behaviour and Settings
WeOS 5.15.0 introduces major changes to how multicast is handled. The reasons for this are a bug
reports caused by chipset limitations on some products, and a wish to align the WeOS 5 IGMP snooping
support with Linux kernel facilities and with the snooping behaviour in WeOS 4 (4.29.0 and later).
A new setting is introduced, [no] multicast-flood-unknown [PORTS] which by default
is enabled on all ports.
example:/#> config
example:/config/#> ip
example:/config/ip/#> show multicast-flood-unknown
ALL
example:/config/ip/#>
Enabling multicast-flood-unknown implies that IP multicast will be flooded until there is
a subscriber (once there is a subscriber, traffic will be filtered/sent towards the subscriber). It also
implies that if a learned address cannot be stored in the hardware chipset, traffic to that address will
still reach the subscriber as it is treated as unknown and therefore flooded. This solves issue #17982,
see section 2.1.
For more information on configuring IGMP snooping, see the WeOS User Guide section Configura-
tion Guides Bridging/Switching IGMP Snooping.
1.1.8 Updates to Static FDB Filter Commands
The arguments for the mac and group commands in the forwarding database (FDB) configuration
context is updated.
Static MAC filters: [no] mac <ADDR> [vlan VID] port <PORTS,cpu|all,cpu>
Use the mac command for static MAC multicast addresses. However, MAC addresses corre-
sponding to IP multicast (01:00:5e:00:00:00 – 01:00:5e:7f:ff:ff) can no longer be used with mac
command. Instead, use the group command for IP multicast, see below.
Copyright © 2023 Westermo Network Technologies AB 7
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
example:/config/fdb/#> mac 01:23:45:01:01:01 port eth1,eth3..eth5
example:/config/fdb/#> mac 01:23:45:01:01:02 vlan 1 port all
example:/config/fdb/#> show mac
Static MAC Entries VLAN Port(s)
01:23:45:01:01:01 ALL eth1, eth3..eth5
01:23:45:01:01:02 1 ALL
example:/config/fdb/#>
Static IP Group filters: [no] group <ADDR> [vlan VID] port <PORTS|all>
Use the group command for static IP multicast address filters.
example:/config/fdb/#> group 226.1.1.1 port eth3
example:/config/fdb/#> group 227.2.2.2 vlan 1 port all
example:/config/fdb/#> show group
IP Multicast Groups VLAN Port(s)
226.1.1.1 ALL eth3
227.2.2.2 1 ALL
example:/config/fdb/#>
Note: In earlier releases it has been possible to use the mac command for addresses in the IP multicast
range (01:00:5e:00:00:00 – 01:00:5e:7f:ff:ff). These configuration entries are ignored when upgrading
to WeOS 5.15.0.
There are two current limitations for the group command:
Static IP group filters only apply if IGMP snooping is enabled.
Static IP filters cannot be specified within the 224.0.0.X range
For more information on configuring static FDB filters, see the WeOS User Guide section Configura-
tion Guides Bridging/Switching Transparent Bridge.
1.1.9 Setting for Flooding Unknown Unicast/Multicast to CPU Removed
In WeOS 5.14.0 and earlier there was an explicit setting for controlling flooding of unknown uni-
cast and multicast to the CPU ([no] flooding [unicast | multicast]) within system
configuration context.
This setting is now removed, and its configuration entry is ignored when upgrading to WeOS 5.15.0.
In 5.15.0 flooding of unknown unicast and multicast to CPU is always active.
In future WeOS-5 releases this will be controlled according to what services are running in the device.
As an example, having a bridged layer-2 VPN port (ssl1) configured in the device would enable flooding
of unknown uni- and multicast to the CPU.
8 Copyright © 2023 Westermo Network Technologies AB
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
1.1.10 Changes in PoE Default Settings
For products with Power Over Ethernet (PoE) support, two PoE port settings have new default values
in 5.15.0. The change is done to align WeOS 4 and WeOS 5 PoE default settings.
PoE enabled by default: PoE ports now have PoE enabled by default
Priority low: The PoE port priority setting now has priority low by default.
For more information on configuring PoE, see the WeOS User Guide section Configuration Guides
Ethernet/LAN Ports PoE.
1.1.11 Increased Number of VRRP Instances and Synchronization Groups
The following VRRP parameters have been increased:
Maximum number of configurable VRRP instances (32 50)
Maximum number of configurable VRRP sync groups (10 25)
For more information on configuring VRRP, see the WeOS User Guide section Configuration Guides
Routing VRRP.
1.1.12 New Bootloader Versions
Products shipped with WeOS 5.15.0 have the following bootloader:
Viper (Coronet): Barebox 2017.12.0-10
(In WeOS 5.14.0, Vipers were shipped with 2017.12.0-8.)
Lynx 3500 Series (Envoy): Barebox 2022.08.0-1
(Lynx 3500 are the first products using a revision of Barebox 2022)
For more information, see associated Barebox release notes included in the WeOS 5.15.0 release zip.
1.1.13 IEC 61375 Not Recommended With WeOS 5.15.0
The IEC 61375 protocol stack has not been fully stabilized after the kernel upgrade. The use of IEC
61375 is not recommended with WeOS 5.15.0.
1.1.14 RiCo Support Temporarily Removed
Support for FRNT Ring Coupling (RiCo) has not yet been adapted to the new kernel introduced in
5.15.0. Customers are recommended to instead use FRNTv2 to manage ring and sub-ring layer-2
topologies.
Copyright © 2023 Westermo Network Technologies AB 9
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
1.1.15 Energy Efficient Ethernet (EEE) disabled
Up to WeOS 5.14, Energy Efficient Ethernet (EEE) was enabled on copper ports on Lynx, RedFox and
Viper-A products, which has caused issues with 3rd party products not supporting EEE (see #18637
in section 2.1). EEE is now disabled on all WeOS 5 products, however, ability to enable may become
available in later WeOS 5 versions.
1.2 News in 5.15.1
The subsections below describe news in WeOS 5.15.1. In addition, section 2.2 provides the list with
fixed issues. The release also contains various security improvements related to the Web interface.
1.2.1 Dagger Platform Support Included
Support for the Dagger products (RedFox-5700/7500 and Lynx-5500/5600 series) was excluded in
5.15.0, but included in 5.15.1 and onward.
This means that new features introduced in 5.15.0, such as FRNTv2, IEEE 802.1X Authenticator and
MAC-Authentication, are now also available on Dagger Products. See section 1.1 for more information
on news in 5.15.0.
Note: Dagger products are strongly recommended to have their bootloader upgraded before upgrading
to WeOS 5.15.1, see below.
1.2.2 New Default Bootloader for Dagger and Coronet Products
Products of the Dagger Platform (RedFox-5700/7500 and Lynx-5500/5600 series) and Coronet Plat-
form (Viper) have a new Bootloader, Barebox 2017.12.0-11.
Note: Existing Dagger products are strongly recommended to have their bootloader upgraded to
Barebox 2017.12.0-11, before upgrading to WeOS 5.15.1 or later; otherwise the unit may not be able
to boot WeOS after upgrade.
The improvements made only concern Dagger products, thus existing Coronet products (Viper) need
not upgrade to Barebox 2017.12.0-11.
For more information, see associated Barebox-2017 release notes included in the WeOS 5.15.1 release
zip.
1.2.3 IEC 61375 Train Protocol Support Included
The IEC 61375 train protocol implementation has been migrated to the new kernel, and is supported
in WeOS 5.15.1. See remarks in sections 3.5 and 3.9.
10 Copyright © 2023 Westermo Network Technologies AB
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
1.2.4 Updated FRNT Alarm Trigger and Trap support
With WeOS 5.15.1, the alarm ring trigger can be used both for FRNTv0/FRNTv2 alarms in addition
to MRP alarms. Use of frnt trigger for FRNTv0 alarms is still supported, but deprecated.
When specifying a ring trigger, state the protocol (FRNT or MRP) and the associated ring ID. For
FRNTv0, use ring ID ’0’ (zero). The example below shows how to create a ring alarm trigger for an
FRNT(v2) ring with ring ID ’1’, and the associated alarm status when the ring is broken.
example:/config/#> alarm
example:/config/alarm/#> trigger ring
example:/config/alarm/trigger-1/#> protocol frnt
example:/config/alarm/trigger-1/#> ring-id 1
example:/config/alarm/trigger-1/#> leave
example:/#> show alarm
NO TRIGGER ENA ACT REASON
1 Ring YES YES FRNTv2 ring 1 is Broken
example:/#>
For more information on ring trigger configuration, see the WeOS User Guide section Configura-
tion Guides Alarm/LEDs and Logging Alarm.
With 5.15.1, support for SNMP Traps for FRNTv2 ring triggers is included, in addition to SNMP Traps
for triggers of FRNTv0 and MRP rings. See WESTERMO-EVENT-MIB included in release zip for
more information on alarm traps.
1.2.5 Improved LED Support and Documentation
Products with an FRNT LED now shows summary alarm status for all existing FRNT rings. Earlier,
the FRNT LED only showed status of FRNTv0 (if present). Products with a RING LED now shows
summary alarm status for all ring/redundancy protocols (FRNTv0/FRNTv2/MRP/RSTP), see below.
Copyright © 2023 Westermo Network Technologies AB 11
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
LED Status Description
FRNT OFF FRNT disabled
GREEN FRNT OK
RED FRNT error
BLINK Unit configured as FRNT focal point
RING OFF All ring protocols are disabled
GREEN All ring protocol are OK
GREEN BLINK All ring protocol are OK. A ring protocol acts as master/focal-
point/root.
RED A ring protocol has error
RED BLINK A ring protocol has error. A ring protocol acts as master/focal-
point/root.
For more information on LED functionality, see User Guide of your product, or the WeOS User Guide
section Configuration Guides Alarm/LEDs and Logging LED.
1.2.6 IEEE 802.1X and MAC Authentication Updates
Support for IEEE 802.1X and MAC Authentication was introduced in 5.15.0, see section 1.1.5. With
5.15.1 a security enhancement is introduced with respect to egress of broadcast traffic and multicast
on a controlled port.
With 5.15.1, Broadcast and ’unknown’ multicast will be blocked from egressing on a controlled port
until there is at least one MAC address authenticated on this port. For unknown multicast to egress a
port at all, the ‘Multicast Flood Unknown’ setting must be enabled on this port.
Restricting egressing of broadcast and unknown multicast limits the ability for attackers to eavesdrop
such traffic on controlled ports. An implication is that Wake-on-LAN is currently not possible on
controlled ports.
1.2.7 Listen Setting for NTP Server Reintroduced
The ’listen’ setting for NTP Server has been reintroduced (it was removed in WeOS 5.12.0).
example:/#> configure
example:/config/#> ntp
example:/config/ntp/#> server
example:/config/ntp/server/#> listen vlan1
example:/config/ntp/server/#>
For more information on NTP functionality, see the WeOS User Guide section Configuration Guides
Network Services NTP Server.
12 Copyright © 2023 Westermo Network Technologies AB
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
2 Fixed Issues
2.1 WeOS 5.15.0
Fixed issues in WeOS 5.15.0 (as relative to 5.14.0).
Issue Category Description
#18976 Link Aggregation Link aggregation daemon (teamd) still trying to start after removing
aggregate
#18964 VPN SSL VPN tunnel still running after being removed from configuration
#18944 WEB AAA Server Group without any assigned remote servers is accepted
by Web but results in invalid startup config
#18876 Documentation WeOS Licenses document not clear regarding Linux-PAM-1.2.1
#18872 TCN Leading status not synced between active and backup ECSP, causing
IEC 61375-2-3 inauguration upon ECSP failover
#18865 TCN DNS request for TCN-DNS URI spams logfile
#18864 System Routing between port interfaces not working
#18860 TCN TRDP comId 101 sent multiple times during TTDB generation
#18859 TCN TRDP comId 101 not aligned with comId 100 and 121
#18857 TCN ttdbSrvState and dnsSrvState in comid 121 should use value ’Leader’
instead of ’Error’
#18842 WEB Web help incorrect for VLAN and how ports are associated
#18825 WEB No edit button for Firewall rules in web
#18816 Documentation Civetweb license is not formatted correctly (third party license doc)
#18800 WEB File injection in ’import certificate’ web page
#18797 WEB Issue creating new VLANs via WEB when FRNT or MRP is enabled
#18773 AAA It is possible to lock users out by change role on current logged in
user
#18769 Documentation The text in help for copy is incorrect
#18756 VPN Configuring SSL-VPN client identity/password results in corrupt con-
figuration file
#18753 HW SFP DDM temperatures in ’show ports’ are not displayed correctly
for sub-zero temperatures
#18705 TCN Memory leakage when using TTDP and manual DNS settings
#18665 NTP NTP server refuses client request when rebooted after first being syn-
chronized
#18651 CLI Show/Delete alarm triggers is not working by type
#18637 Ports Gbit copper link does not come up after reboot towards some third-
party products
Continued on next page
Copyright © 2023 Westermo Network Technologies AB 13
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
Continued from previous page
Issue Category Description
#18620 TCN etbTopoCnt sometimes inconsistent within ETBN upon device recon-
figuration
#18530 WEB Compressed log files downloaded via Web can not be opened
#18479 TCN Asymmetric ECN configuration in consists with ’inverse’ orientation
results in incorrect inauguration results
#18471 Kernel New kernel log warnings at boot in WeOS 5.12.0 and later (Viper)
#18374 IGMP IGMP and Link aggregates with member ports on multi-switchcores
has problems with runtime changes (Viper-112A/212A)
#18164 Documentation VLAN priority listed as setting although not supported
#18147 IP Multicast Multicast reception or local multicast receiver applications breaks 5
minutes after device boot
#18127 TCN Topology frames may not be sent out on the backbone if a lag in
direction 2 is physically up but logically down
#18068 QoS Signalling protocols from unit gets PCP priority ’0’
#17986 Documentation User guide lists non-supported alarm sources
#17982 IGMP IGMP snooping may occasionally fail to store learnt group MAC
addresses in FDB (Viper-TBN)
#17668 Alarm Alarm action targets "port" and "iface" not properly documented
Comments on specific issues:
#17982: Solved by using the new ’multicast-flood-unknown’ setting (enabled by default).
#18705: Fixed already in WeOS 5.14.0, but was incorrectly listed as a ’known issue’ 5.14.0
Release Notes
14 Copyright © 2023 Westermo Network Technologies AB
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
2.2 WeOS 5.15.1
Fixed issues in WeOS 5.15.1. In addition, the release contains various security improvements related
to the Web interface.
Issue Category Description
#19182 System Device might reboot when disabling and enabling system watch-
dog
#19178 WEB Problem with config. DHCP server in the WEB
#19131 System Periodic high CPU load when discover/ssdp enabled
#19110 Any Lynx-3510 reports to be a member of the family "Envoy", and not
the expected "Lynx" on 5.15.0
#19098 TCN Maximum number of functions in static consist information too
low (255)
#19095 NTP NTP Server ’listen interface’ option not working
#19063 Logging Webserver logs unnecessary debug information to
’/var/log/www’, risking to fill up RAM disk
#19051 TCN Leading request in Dir-2 cancelation makes state Rule-C indicat-
ing a coupling event to happen
#19050 TCN Leading request without giving values to leading vehicle makes
system use Rule E Dir 1 regardless of direction requested
#19046 Routing Issues with configuring static default routes in Web and CLI
#19044 Port Access Control Authorized MAC addresses may fail to be removed from hardware
after ageing out
#19043 Port Access Control An unauthorized MAC may cause continuous CPU interrupts
(MAC Authentication)
#19025 FRNT Not possible to create alarm trigger for FRNTv2 ring
#19018 LED FRNT LED only reflects status of FRNTv0
#19017 General Upgrading primary gives warning that CRC checking of secondary
is ongoing even when finished
#19009 TCN Leading request accepted without giving values to leading direc-
tion and leading vehicle
#19002 LED RING LED does not consider FRNTv2, MRP or RSTP (Lynx-
3500)
#18952 AAA Too short password max length for AAA Remote Server (Web)
#18940 WEB FRNT and MRP sections are blank under system.txt from Tech
Support Bundle
#18928 TCN TTDP may fail to correctly set routing entries after multiple ETB
inaugurations
Continued on next page
Copyright © 2023 Westermo Network Technologies AB 15
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
Continued from previous page
Issue Category Description
#18912 TCN The failure of an ETBN in a redundant consist causes an inaugu-
ration if inhibit is not set
#18906 DHCP DHCP-Relay does not perform DHCP-Snooping (’Coronet’ and
’Envoy’ platform products)
#18895 RSTP Slow RSTP failover time when using multiple OpenVPN L2 tun-
nels
#18863 Logging Using Chromium-based browser to enter HTTPS web UI generates
SSL error messages
#18820 WEB RSTP status shows no values via WEB
#18735 IP Multicast Multicast packet loss when routing in network with IGMP, FRNT
and VRRP
#18166 IGMP Delayed loss of IGMP multicast in FRNT ring when switch in ring
restarts
#18160 IGMP Loss of IGMP multicast in FRNT ring when switch in ring restarts
Issues #18906, #18735, #18166 and #18160 were fixed already in 5.15.0, but incorrectly listed as
’known issues’ in the 5.15.0 Release Notes. Issue #18160 is solved by enabling ’multicast-flood-
unknown’ on FRNT ring ports. This setting was introduced in 5.15.0, see section 1.1.7.
16 Copyright © 2023 Westermo Network Technologies AB
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
3 Known Limitations
This section describes known limitations in WeOS.
3.1 Port Access Control (IEEE 802.1X and MAC Authentication)
Wake-on-LAN is currently not possible on controlled ports. The reason is that broadcast traffic is not
allowed to egress a controlled port until there is at least one MAC address authenticated on the port.
3.2 Login
Known limitations related to the Login service.
Side-effect of disabling console login
When disabling login from console, login via telnet is also prohibited (even when telnet login is
enabled).
SSH Public Key Lost When Disabling Built-in User
WeOS 5.13.0 introduces support for importing SSH public key for built-in users, as well as the ability
to enable/disable a user. When disabling a user, the intention is that the user shall be prohibited from
logging in, while other user configuration is till kept in the configuration file.
However, the disabling of a user currently implies that any SSH public key associated with the user is
removed and needs to be imported again upon enabling the user.
3.3 Setting Date Manually
Setting a manual date on the WeOS unit before 1 January 2000 will render an error message.
3.4 Available ports for boot specific functionality
The boot loader rescue mode only supports regular copper ports, not SFP ports. On RedFox-5528,
ports 1-4 are also not supported until the system has booted.
3.5 Routing Hardware Offloading
The routing hardware offloading support for Viper-TBN introduced in WeOS 5.8 has shown to have
instabilities. In particular, when used with dynamic routing, there are issues not yet solved. Therefore
hardware offloading has temporarily been disabled by default. For use cases with static routing setups,
hardware offloading can be enabled as shown in the example below.
Copyright © 2023 Westermo Network Technologies AB 17
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
viper:/#> configure
viper:/config/#> ip
viper:/config/ip/#> offload
viper:/config/ip/#> leave
When offloading is enabled, regular IPv4 forwarding is handled in hardware with some exceptions,
see the WeOS 5 User Manual for details (section ’Configuration Guides’/’Routing’/’Offloading’).
Use of the WeOS Firewall together Hardware Offloading is not supported and the behaviour of doing
so is undefined. The exception is when firewall configuration is limited to filter input rules.
Hence, if the Firewall is use to configure filter forwarding rules, NAPT rules or port forwarding rules on
a Viper-TBN, it is necessary to disable the hardware offloading (opposite steps to the example above).
viper:/#> configure
viper:/config/#> ip
viper:/config/ip/#> no offload
viper:/config/ip/#> leave
viper:/#>
3.6 SNMP
SNMP in WeOS 5 is read-only.
When configuring SNMPv3 authentication it will not inform the user if the password length is valid
(minimum of 8 characters).
The MIBs folder in the release ZIP-file contains a conformance folder listing all supported MIBs and
OIDs.
3.7 FRNT
Fastlink must be enabled manually for FRNT (gigabit Ethernet) ring ports.
Fastlink is a unique feature of Westermo products to optimise gigabit Ethernet link-down fail-over
times in layer-2 redundancy protocols such as FRNT.
3.8 RSTP
WeOS 5 supports RSTP, compliant to IEEE 802.1D-2004. Due to limitations in the WeOS 4 implemen-
tation of RSTP, a WeOS 4 unit will keep ports in blocking mode longer than needed when connected
to a WeOS 5 node.
Hence, mixing WeOS 4 and WeOS 5 units in RSTP topologies may exhibit relatively long periods with
limited connectivity during topology changes, this applies to both link failure and when a link comes
up again.
18 Copyright © 2023 Westermo Network Technologies AB
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
Link aggregate path-cost use the configured port speed value(s) and not the negotiated speed value.
This can lead to RSTP making the non-optimal path selection. Work-around this issue by setting a
fixed path-cost in the spanning-tree port configuration.
3.9 IEC 61375
In this release, not all of the recovery use cases, nor the optional cases, are supported.
It is possible to manually configure DNS rules when the train protocols are enabled. But the manually
added rules, will be removed when train protocols updates the DNS configuration after inauguration.
Thus, manually added DNS configuration currently cannot co-exist with the IEC 61375 support.
TTDP and non-TTDP multicast can be used simultaneously in this release, but is considered unstable
and is strongly recommended to be avoided.
"Automatic Gap Insertions", when several vehicles have the same name, can lead to unexpected
behaviour. This is also true when Ethernet speed on backbone ports is set to Gigabit speed.
When recovery-mode is set to deferred/wait, an ECSC must be running on the configured multicast
address. If no ECSC is running and sending data on the configured multicast address, no node will
come up at all.
Gigabit speed on backbone ports limits the handling of lost and recovering middle nodes.
Since hardware offloading was introduced in WeOS 5.8.0, Viper TBN can now route data at a faster
rate than the CPU could previously, leading to a potential of overloading the CPU during the time when
the offloading tables are being set up. Since this happens during TTDP train inauguration, it is strongly
recommended to enable inauguration inhibition on all nodes to reduce spurious re-inaugurations and
guarantee a stable train communication.
The “ECSP inhibit sync” function should only be enabled in consists with simple or straightforward
ECN configurations. In complex configurations with non-symmetric ETBN/ECN connections and/or
configurations where different ETBNs are master routers for different ECNs simultaneously, the backup
ETBNs will not be able to unambiguously determine which ETBN is the master router/ECSP, which
can in turn lead to unexpected behaviour with regards to the local inauguration inhibition value. In
these cases, manually setting the local inauguration inhibition values on the backup ETBNs, via the
ETBN_CTRL telegram, should instead be performed.
3.10 LLDP
When using Link Aggregation, the individual member ports will transmit LLDP frames using the MAC
address of the link aggregation interface, i.e. all member links in an aggregate will be using the same
MAC address.
Copyright © 2023 Westermo Network Technologies AB 19
Document
Release Notes WeOS 5.15.1
Date Document No
April 28, 2023 224004-ga0cb1b24ed
3.11 Port Monitoring
It is not possible to utilise port monitoring directly on a link aggregation port interface. However it is
still fully possible to monitor the individual member ports that constitute any given link aggregate.
Therefore, in order to fully monitor an aggregate, monitoring must be configured for each of the
aggregate member ports.
3.12 Media Redundancy Protocol (MRP)
MRM not supported for MRP 30 profile: WeOS 5 units can be configured to operate in MRP
200 or MRP 30 profile. However, for MRP 30 profile, configuring the WeOS 5 unit as MRP
Master (MRM) is not supported. A WeOS 5 unit can be used as MRP Client (MRC) with MRP
30 profile with MRMs from other vendors.
More details: When a link comes up between two MRP clients, the clients send link-up messages
to the MRP master. The MRP 30 ms profile only gives the MRP master 4 ms to block its secondary
port from the time the MRP clients send their first link-up message. The WeOS 5 MRP Master
is not always capable of doing that, resulting in a short transient loop in the MRP ring when the
ring is healed.
To avoid this, it is recommended to use the MRP 200 ms profile instead. For link-down scenarios,
MRP 200 ms profile conducts failover as fast as the 30 ms profile, given that MRCs in the ring
are capable of sending MRP link-down messages (WeOS units have this capability).
Use of MRP with virtual L2 ports (SSL VPN ports): MRP is specified for use with Ethernet ports
(full duplex, 100 Mbit/s or higher). WeOS enables the use of running MRP over SSL L2 VPNs,
but requires the VPN to run over a high-performance network to work well. Furthermore, only
the MRP ’200 profile’ can be used with SSL VPNs.
3.13 10G SFP Ports
The 10G SFP ports on RedFox-7528 have the following limitations:
IEEE 1588/PTP is currently not supported on 10G SFP ports.
10G SFP ports are only to be used for 10G Fiber SFPs or 1G Fiber SFPs, not copper SFPs or
100 Mbit/s Fiber SFPs.
Status of MDI/MDIX and polarity shows value ’Invalid’ (’N/A’ or ’Not Applicable’ would be
more appropriate).
20 Copyright © 2023 Westermo Network Technologies AB
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28

Westermo RedFox-5528-F16G-T12G-HV Firmware

Type
Firmware

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI