Westermo Ibex-RT-630 Firmware

Type
Firmware
Software 6 Release Notes
Release 6.9.4-RC0
Westermo Network Technologies AB
January 20, 2021
Contents
1 General Information 3
2 Release Highlights 4
2.1 RC0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3 Limitations 4
4 Configuration Parameter Changes 4
5 Modules Modified 5
6 Changed Configuration Parameter Descriptions 5
6.1 MIB Reference: WESTERMO-SW6-MIB . . . . . . . . . . . . . . . . . . . . . . . . 5
6.2 MIB Reference: WESTERMO-SW6-GNSS-MIB . . . . . . . . . . . . . . . . . . . . 8
2 of 8
1 General Information
Company
Westermo Network Technologies AB
Contact Support
www.westermo.com
Release Number
6.9.4-RC0
Software Build Number
0b140ae697573793a23b0b0ab41b4f7b145af91f
Date of this build
January 20, 2021
3 of 8
2 Release Highlights
2.1 RC0
IPsec: Implement additional options
IPsec: Block traffic destined to the remote subnet(s) when the tunnel is not up
Ibex-RT-610: add support for ACS (Automatic Channel Selection)
Bugfix: Fix /48 mask for whitelist and blacklist (ACL)
3 Limitations
When the device is reconfigured to Mesh with SAE as encryption, the device has to be rebooted
after applying the configuration
Multi-SSID with DFS channels is not working (802.11n products only)
4 Configuration Parameter Changes
The following configuration items have been added/changed/removed:
cfgVpnIpsecCloseAction (added)
cfgVpnIpsecReauth (added)
hwCellFwVersion (added)
cfgGnssDevMsgsNmeaEnabled (added)
cfgGnssDevMsgsUbxEnabled (added)
cfgWlanAclBlackMask (changed)
cfgWlanAclWhiteMask (changed)
cfgRouteTableGateway (changed)
4 of 8
cfgRouteTableSource (changed)
5 Modules Modified
6 Changed Configuration Parameter Descriptions
6.1 MIB Reference: WESTERMO-SW6-MIB
6.1.1 cfgVpnIpsecCloseAction
Action When Link is Closed by Remote Peer
Defines the action to take if the remote peer unexpectedly closes a CHILD_SA. This may happen
when the remote site is reconfigured, or goes down for maintenance. A closeaction should not be
used if the peer uses reauthentication (see
cfgVpnIpsecReauth
) or uniqueids checking, as these
events might trigger the defined action when not desired.
Available actions are:
none(0) No action is taken. This disables the Close Action.
clear(1) The connection is closed with no further actions taken.
hold(2)
Installs a trap policy, which will catch matching traffic and tries to re-negotiate the
connection on demand.
restart(3) Will immediately trigger an attempt to re-negotiate the connection.
Enumeration none (0), clear (1), hold (2), restart (3)
Access readwrite
Status current
OID 1.3.6.1.4.1.16177.1.400.1.1.1003.2.1.1.114
6.1.2 cfgVpnIpsecReauth
Reauthentication of Peer During Rekeying
Whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is
always done.
In IKEv2, a value of:
5 of 8
disabled(0) Rekeys without uninstalling the IPsec SAs
enabled(1) Creates a new IKE_SA from scratch and tries to recreate all IPsec SAs
Enumeration disabled (0), enabled (1)
Access readwrite
Status current
OID 1.3.6.1.4.1.16177.1.400.1.1.1003.2.1.1.115
6.1.3 cfgWlanAclWhiteMask
Mask of the MAC Address
Allows the use of ranges of MAC addresses. To be used like CIDR notation of IP addresses.
Examples:
To match a single MAC address, specify a mask of 48.
To match a vendor OUI, specify a mask of 24.
Applies to AP. 802.11n products only.
Access readwrite
Status current
Range 1 - 48
OID 1.3.6.1.4.1.16177.1.400.1.1.3.7.1.5
6.1.4 cfgWlanAclBlackMask
Mask of the MAC Address
Allows the use of ranges of MAC addresses. To be used like CIDR notation of IP addresses.
Examples:
To match a single MAC address, specify a mask of 48.
To match a vendor OUI, specify a mask of 24.
Applies to AP. 802.11n products only.
Access readwrite
Status current
Range 1 - 48
OID 1.3.6.1.4.1.16177.1.400.1.1.3.8.1.5
6 of 8
6.1.5 cfgRouteTableGateway
Gateway to Destination Network
Specify the IP address of the gateway over which the destination specified in
cfgRouteTableDestinationNetwork
is reachable.
Alternatively options are:
unreachable
: Create a route that blocks traffic and responds with ICMP code 1 (Host unreach-
able)
prohibit
: Create a route that blocks traffic and responds with ICMP code 13 (Communication
administratively filtered)
blackhole: Create a route that silently drops all traffic
Access readwrite
Status current
Type DisplayString
Range 5 - 50
OID 1.3.6.1.4.1.16177.1.400.1.1.4.2.1.5
6.1.6 cfgRouteTableSource
Source for Traffic to Destination Network
Optional, use only if you have multiple possible sources.
Access readwrite
Status current
Type DisplayString
Range 5 - 50
OID 1.3.6.1.4.1.16177.1.400.1.1.4.2.1.6
6.1.7 hwCellFwVersion
Cellular Module Firmware Version
Access readonly
Status current
Type DisplayString
Range 0 - 255
OID 1.3.6.1.4.1.16177.1.400.1.5.50.5
7 of 8
6.2 MIB Reference: WESTERMO-SW6-GNSS-MIB
6.2.1 cfgGnssDevMsgsNmeaEnabled
Enable or Disable NMEA Sentences
Applies to cellular products only.
Enumeration disabled (0), enabled (1)
Access readwrite
Status current
OID 1.3.6.1.4.1.16177.1.400.2.10.1.1.2.3.1.1.4
6.2.2 cfgGnssDevMsgsUbxEnabled
Enable or Disable UBX Messages
Applies to cellular products only.
Enumeration disabled (0), enabled (1)
Access readwrite
Status current
OID 1.3.6.1.4.1.16177.1.400.2.10.1.1.2.3.2.1.4
8 of 8
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8

Westermo Ibex-RT-630 Firmware

Type
Firmware

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI