Part No. 217316-A Rev 00 March 2005 4655 Great America Parkway Santa Clara, CA 95054 Release Notes for the Passport 8600 Release 3.7.
Copyright © Nortel Networks Limited 2005. All rights reserved. The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks Inc.
Contents About this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Text conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Hard-copy technical manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Bandwidth management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 ATM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Layer 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Layer 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
About this document The Nortel Networks* Passport* 8000 Series switch is a flexible and multifunctional switch that supports a wide range of network architectures and protocols. These release notes provide procedures for setting up and starting the Passport 8600 switch. Text conventions These release notes use the following text conventions: angle brackets (< >) Indicate that you choose the text to enter based on the description inside the brackets. Do not type the brackets when entering the command.
Text conventions brackets ([ ]) Indicate optional elements in syntax descriptions. Do not type the brackets when entering the command. Example: If the command syntax is show ports info config [], you can enter either: show ports info config or show ports info config. ellipsis points (. . . ) Indicates that you repeat the last element of the command as needed. Example: If the command syntax is ethernet/2/1 [ ]...
Hard-copy technical manuals 7 Hard-copy technical manuals You can print selected technical manuals and release notes free, directly from the Internet. Go to the www.nortel.com/support URL. Find the product for which you need documentation. Then locate the specific category and model or version for your hardware or software product. Use Adobe* Acrobat Reader* to open the m0anuals and release notes, search for the sections you need, and print them on most standard printers. Go to Adobe Systems at the www.
How to get help How to get help If you purchased a service contract for your Nortel Networks product from a distributor or authorized reseller contact the technical support staff for that distributor or reseller, for assistance. If you purchased a Nortel Networks service program, contact Nortel Networks Technical Support. To obtain contact information online, go to the www.nortel.com/contactus URL, then click Technical Support.
Release notes Introduction These release notes describe the hardware and software capabilities for the Nortel Networks* 8600 Series Switch Software Release 3.7.6. Limitations for Release 3.7.6 are integrated with the Firewall iSD limitations in this document. Nortel Networks 8600 Series Switch Software Release 3.7.6 introduces a new Hardware platform for the 8600 Series Switch named the Service Delivery Module (SDM).
Non-supported software capabilities in Release 3.7.6 Topic Page SMLT network design considerations 30 Bugs fixed in this release 32 Known limitations and considerations in this release 32 Reading path 54 For information on how to upgrade your switch, see Upgrading to Passport 8000 Series Switch Software Release 3.7.6 (318843-A). For information on how to upgrade your version of Device Manager, see Installing and Using Device Manager (320096-A).
File names for this release 11 File names for this release Table 1 describes the Passport 8600 Series Switch Software Release 3.7.6 software files. Table 1 Passport 8600 Series Switch Software Release 3.7.6 files (Sheet 1 of 2) Module or file type Description File name File size (bytes) Passport 8000 series switch files Boot monitor image CPU and switch fabric firmware for the p80b3760.img Passport 8600 routing switch. Run-time image The Passport 8600 image. 747377 p80a3760.
File names for this release Table 1 Passport 8600 Series Switch Software Release 3.7.6 files (Sheet 2 of 2) Module or file type Description File name File size (bytes) Web Switching Module (WSM) files WebOS binary WSM WebOS binary image. wsm1003210_bin.img 1376256 WebOS firmware image WSM WebOS firmware image. wsm 1003210_mp.img 808668 WebOS boot image WSM WebOS boot image. wsm1003210_boot.img 43004 Device Manager v5.8.8.0 software image for Windows NT, Windows 98, and Windows 95.
New hardware supported in Release 3.7.6 13 New hardware supported in Release 3.7.6 Table 2 describes the new Service Delivery Module (SDM) hardware in this release. Table 2 New hardware in Release 3.7.6 New hardware Module part number 8660 SDM – FW1 DS1404104 The 8660 SDM is a combination of dedicated hardware and software that addresses the needs for security, performance, and ease of use.
Supported software and hardware capabilities Supported software and hardware capabilities Table 3 lists the supported software and hardware capabilities of the Passport 8600 Series Switch Software Release 3.7.6. Table 3 Supported capabilities in Release 3.7.6 (Sheet 1 of 2) Feature Maximum number supported Hardware records Non E / E Modules: 25 000 records M Modules : 125 000 records1 M Modules Nortel Networks strongly recommends using 8691SFs or 8692SFs with M Modules 10GE Release 3.7.
Supported software and hardware capabilities Table 3 15 Supported capabilities in Release 3.7.6 (Sheet 2 of 2) Feature Maximum number supported DVMRP Interfaces 500 DVMRP Routes 2500 PIM Interfaces 500 Multicast source subnet trees 500 Multicast (S,G) DVMRP 1980 Multicast (S,G) PIM 500 IPX Interfaces 100 IPX RIP 5000 IPX SAP 7500 VRRP Interfaces 255 Spanning Tree Groups 252 Aggregation Groups - IEEE 802.
Supported software and hardware capabilities SMLT-on-single-CP functionality Release 3.7.6 provides Split MultiLink Trunking (SMLT) support of a switch that has a single CPU/Switch Fabric 869x module installed. This enhancement, also referred to as SMLT-on-single-CP functionality, is provided through a combination of new Ethernet I/O module revisions and a new control plane functionality.
Supported standards, RFCs, and MIBs 17 Note: The Passport 8608SXE Routing Switch Module - 8 port 1000BASE-SX Gigabit Ethernet (part number DS1404036) is not supported with this feature. If the I/O modules you have are not of the required hardware revision level and you want to use the new SMLT-on-single-CP functionality, you can order an upgrade for your existing hardware using the part number A0537499.
Supported standards, RFCs, and MIBs Table 6 lists the protocol RFCs supported in this release.
Supported standards, RFCs, and MIBs 19 Table 6 Supported protocol RFCs (Sheet 2 of 2) Supported protocol RFCs RFC 2131 Dynamic Host Control Protocol (DHCP) RFC 2338 Virtual Router Redundancy Protocol RFC 2362 PIM-SM RFC 3208 (draft-speakman-pgm-spec-04) PGM RFC 3569 (draft-ietf-ssm-arch-03.
Supported standards, RFCs, and MIBs Table 8 lists the network management MIBs and standards supported in this release. Table 8 Supported network management MIBs Supported MIBs RFC 1155.mib SMI RFC 1157 SNMP RFC1213.mib MIB for networks management of TCP/IP-based internets MIB2 RFC 1215.mib A convention for defining traps for use with the SNMP RFC 1493.mib Definitions of management objects for bridges RFC 1573.mib Interface MIB RFC 1643.
Upgrading SNMP 21 Upgrading SNMP Note: Systems using Simple Network Management Protocol (SNMP) from Release 3.3 or 3.5 must upgrade to Release 3.7 before moving to 3.7.6. When upgrading SNMP from Release 3.3 or 3.5 to Release 3.7, note the following SNMP upgrade considerations. Note: Windows users should always select Save when prompted to open or save installation or upgrade files from the Nortel website. SNMP upgrade considerations • • • • • Starting with Release 3.
Upgrading SNMP • • When upgrading from Release 3.5 to Release 3.7, read-only (ro) user is mapped into ReadView with read-only access. (Q00889700) After performing the upgrade, Nortel Networks strongly recommends that you set a password for the initial USM. Upgrading SNMP from Release 3.3 to Release 3.7 In the Passport 8000 Series Switch Release 3.
Upgrading SNMP 23 NOT be found in configuration files. If you choose to swap the existing CPU Module with a new CPU Module, you must copy all hidden files to the new module, in addition to the regular files, in order for the SNMP strings to work correctly. — Default strings such as “public” and “private” are translated as is. — The default string “secret” for rwa is no longer applicable in Release 3.7. — All “l1”, “l2”, “l3”, and “rwa” SNMP strings will now be “rw.
Upgrading SNMP 2 Boot up the chassis and upgrade the boot-monitor by entering the following command: boot /flash/p80b3760.img The SNMP upgrade procedure loads the SNMP configuration into run-time configuration. 3 After the reboot, save the configuration by entering the following command: save config file /flash/config1.cfg When you enter this command, the following activities occur: — Configurations related to SNMP trap receivers are automatically mapped into Release 3.
Configuring SNMP traps 25 Configuring SNMP traps In the Passport 8000 Series Switch Release 3.3 or 3.5, you configured traps by using the following command (which is now obsolete): config sys set snmp trap-recv v2c public where ipaddr is the IP address of the trap receiver. With Release 3.7.6, you configure traps by creating SNMPv3 trap notifications, creating a target address to which you want to send the notifications, and specifying target parameters.
Configuring SNMP traps config snmp-v3 target-addr create TAddr1 198.202.188.207:162 TparamV2 timeout 1500 retry 3 taglist DefTag mask ff:ff:00:00:00:00 mms 484 3 Specify SNMP target parameters, using the following command: config snmp-v3 target-param create mp-model sec-level sec-name In this example, you first specify the settings for target parameter ID TparamV1.
Upgrading SDM Firewall iSD software 27 Upgrading SDM Firewall iSD software The SDM Firewall iSD software is pre-installed on new Firewall iSDs, so no upgrades are required. Alteon Firewall software reinstall options The Alteon Firewall software image is available as an .img file, installed from an ftp or tftp server using the boot user login with the ForgetMe password. The .img image overwrites the current software version. Note: For .img installations, all configuration parameters, logs, etc. are lost.
Extended CP Limit To reset the passwords, enter the following command at the boot monitor prompt: reset-passwd To change the passwords, enter the following commands: config cli password Enter the old password: Enter the new password: Re-enter the new password: Note: All passwords are case-sensitive.
Extended CP Limit 29 Extended CP Limit Chassis Configuration To enable this functionality and set its general parameters, configuration must take place at the chassis level first. Select Edit > Chassis > Ext. CP Limit from the JDM menu. Enter the appropriate information in the fields provided and click Apply. For an explanation of the fields on this tab, see Table 9. Table 9 Chassis Ext.
High Availability Layer 3 considerations Enter the appropriate information in the fields provided and click Apply. For an explanation of the fields on this tab, see Table 10. Table 10 Port Ext. CP Limit Tab Fields Field name Description CplimitConf Sets the manner in which the individual port participates in the Extended CP limit functionality. Select one of the following values for the port: • None - port is not checked (default value). • SoftDown - port belongs to "may-go-down" port list.
SMLT network design considerations • 31 Use the following procedure when designing an SMLT network. For more information, refer to Network Design Guidelines (313197-D). 1 To ensure proper IST connectivity, define a separate VLAN for the IST protocol: config mlt 1 ist create ip vlan-id Note: Do not enable a routing protocol on this VLAN.
Bugs fixed in this release Bugs fixed in this release This section describes the bugs fixed from Release 3.7 to 3.7.6. If upgrading from a release below 3.7, check Release Notes for the Passport 8000 Series Switch Software Release 3.7 (317177-A) to see a complete list of fixes in Release 3.7. All bug fixes from Release 3.7.5 are also included in this release. For details, check Release Notes for the Passport 8000 Series Switch Software Release 3.7.5.0 (p80rn3750) from www.nortel.com/support.
Known limitations and considerations in this release 33 SDM limitations Passport 8660 • • • • NAAP Peer numbers are not automatically reassigned after removing intermediate NAAP Peers. If you want to reassign NAAP Peer numbers, the assignment command must be entered manually. (Q00972344) Each management VLAN is associated with exactly one cluster ID, and cannot be shared between multiple clusters.
Known limitations and considerations in this release • • • If all policies are unloaded from a Firewall iSD enabled with HA and SYNC, the /maint/diag/fw/ldplcy command does not work correctly and generates a time out error. (Q01033794) When using SmartDefense, some FTP commands restricted by the FTP Security Server feature are still accessible by the user. Examples include: type, help, pwd, and byte.
Known limitations and considerations in this release • 35 Before removing a card, ensure that all ports from that card have been removed from the NAAP VLAN. Adding non-Firewall iSD ports to the NAAP VLAN makes those ports Inter-Chassis-Link (ICL) members. Removing the card without removing ports from the NAAP VLAN leaves invalid port entries in the ICL list. (Q01028606) • • The VRRP sleeps if the system is left running for a long time without traffic.
Known limitations and considerations in this release General limitations (based on ASF 5100 release 2.2.7.0) Note: When a Firewall iSD is deleted from a cluster, an error message is generated by the BBI for the port configuration on the remaining Firewall iSD. Since you must reconfigure the Firewall iSD once it is deleted from the cluster anyway, this error message does not affect functionality.
Known limitations and considerations in this release • 37 To join a cluster after a /boot/delete process, use the following steps: 1 Before you use /boot/delete, make sure all the HA options (ha, aa, and clusterxl in the /cfg/sys/net/vrrp/ menu) are disabled. 2 After the /boot/delete, make sure that you do not see the deleted host in the /cfg/sys/cluster/cur menu.
Known limitations and considerations in this release Figure 1 Checking for read-only partitions mount |grep "(ro)" You should not see any partitions. If some partitions are read-only, please disable and enable the SmartUpdate Mode again. • When you disable the SmartUpdate Mode, all the disk partitions must become read-only. In some instances, this may not happen. Please verify that all disk partitions are read-only by executing the command from Figure 2 at the root prompt.
Known limitations and considerations in this release • • • • • 39 If you have Hide NAT enabled on a network connected to one of the VRRP interfaces, you must add special manual NAT rules to avoid VRRP packets being affected by NAT. Please contact technical support for a document (5100_nat_plus_vrrp.doc) which explains how to do this. OSPF does not work in an Active-Standby setup. If the Firewall does not restart automatically after installation, reboot the SDM module.
Known limitations and considerations in this release To halt the Firewall iSD processes: 1 From Passport console, select a Firewall iSD to work using the command: Set_console For example: Set_console 3 1 2 From the SDM console, use the following commands: Main# /boot/halt Confirm action 'halt'? [y/n]: Power down 3 y Repeat step 1 and step 2 to halt the Firewall iSD process for each hard disk on the SDM board. Once the disk drives have powered down, the CPU LEDs are off.
Known limitations and considerations in this release • • • • • 41 Nortel Networks does not recommend using the CLI command trace level 4 4. This command, which provides some very low-level information about chassis manager tasks, can impact the overall behavior of the system. (Q00896409) Any I/O Module that comes up as faulty on the master CPU is not synchronized to the backup CPU. All configurations associated with this I/O board are also not synchronized between the master and the backup CPU.
Known limitations and considerations in this release • If a copper gigabit port is connected to a fast Ethernet port, then the link light on the appliance does not light up. The /info/host/link command shows the actual status of the port. Switch management Caution: SNMP community Index length of up to 10 characters and SNMP community string length of up to 30 characters are currently supported. (Q00899521) Caution: The default community string “secret” for rwa user in Release 3.
Known limitations and considerations in this release • • • • • 43 The usmUserStorageType object is not supported in Release 3.7.6. (Q00799662) The MIB mib-2.80.1.1.0 is not supported in Release 3.7.6; consequently, the snmp walk reply shows “noSuchInstance” for this MIB. (Q00849687, Q00849691) Because of security concerns, community strings in the community table are now shown as ********* strings.
Known limitations and considerations in this release Bandwidth management Filters • When you enable filters on ports, the filters may affect ports other than those on which the filters were configured. This problem exists when the Filter Mode is set to Forward and the Port DefaultAction is set to Drop.
Known limitations and considerations in this release • 45 If a DS3 ATM MDA is not seated properly on the ATM module baseboard, DS3 port status, port administrative status and port LED status may appear in an “up” states, however, the PVCs may remain in a down state. For troubleshooting purposes, use these suggested steps to verify if the MDA is properly seated (once the F5-OAM loopback feature is enabled, it can be used to detect such conditions): 1 Create an STG on the switch or use an existing group.
Known limitations and considerations in this release SMLT limitations • • Multicast routing with PIM and DVMRP enabled is not supported on the edge switch of a Triangle SMLT configuration. In addition, IP multicast routing is not supported on SMLT square and cross configurations. However, IGMP snooping is supported and queries for a given VLAN must be placed on one switch only. (Q00072438) End-to-end multicast traffic stops after reconnecting the broken half of a square/cross SMLT.
Known limitations and considerations in this release • • 47 Match Community/AS Path only works in OSPF redistribution when the same route policy is coupled with BGP. If you do not need this BGP redistribution, you may choose to mark its state as disabled. (Q00693853, Q00173743-01) The maximum limit of “Max-prefix” from the command: config ip bgp neighbor is shown as 2147483647, but the actual value is 999999.
Known limitations and considerations in this release • • • • • • • • Nortel Networks recommends that you do not enable or disable I/O slots during an HA failover. Wait for the system ready message on the master CPU before enabling or disabling an I/O slot. (Q00885940) If you change the ha-cpu flag, the switch saves the change to /flash/boot.cfg only on both the master and backup CPUs, even though both CPUs were booted up using pcmboot.cfg.
Known limitations and considerations in this release • • • • • • • • • 49 If you use LACP in an SMLT/Square configuration, LACP must have the same keys for that SMLT/LAG (Link Aggregation Group). Otherwise, the aggregation may fail if a switch failure occurs. Nortel Networks recommends that the same key be used for the two devices participating in the SMLT/LAG.
Known limitations and considerations in this release • the broadcast to 10. If the rate limit value is changed to 500 on the disabled port of the MLT, the rate limit value of the active port changes to 500, but this port still limits the broadcasts to 10 rather than allowing 500. This behavior continues even if the disabled port is later enabled. (Q00805123) While copying a large file from the PCMCIA to flash, the SMLT/LACP ports may transition.
Known limitations and considerations in this release 51 VRRP Caution: Do not perform management using the VRRP interface. Use actual IP addresses for management purposes. (Q00971864) • • VRRP hotstandby (with WebOS software version 10.0.29.0) is not supported in this release. (Q00249554) Nortel Networks does not recommend using the same IP address for the VRRP logical IP interface and the physical IP interface.
Known limitations and considerations in this release DVMRP • • Scaling with 500 DVMRP interfaces and 1980 VLANs with 512 neighbors or more results in a high CPU utilization that could reach 100%. If you need to configure a large number of interfaces with DVMRP neighbors, the interfaces cannot be attached to LANs without routers running DVMRP. (Q00646615) Before configuring DVMRP on an interface using Device Manager, please be sure that DVMRP has been globally and successfully configured.
Known limitations and considerations in this release 53 The source->upstream on R1 becomes NULL, because it is getting data locally through 1/2. When R2 comes back up, traffic starts flowing on 1/1 to R2. However, if the unicast route to the source subnet still lies through R1 (since R2 rebooted), any joins to the source go to R1 instead of R2. To receive traffic, R1 must send a join to R2, but because the source->upstream is NULL the join is never sent.
Reading path Reading path This section lists the documentation related to the Passport 8600 Switch Series platform. You can find your documentation on the Nortel Networks customer support Web site, www.nortel.com/support. Select the Browse product support tab, and use the Product Finder selection screen. In Step 1, ensure Product Families is selected from the Select from drop-down menu, and then select Passport from the list of available products. In Step 2 (...choose a product...
Reading path 55 Related publications This section lists common documentation related to the Passport 8600 switch. For a list of documents specific to the Passport 3.7.6 release, refer to Getting Started (320095-A). For additional configuration examples and information, Technical Configuration Guide Service Delivery Module Firewall v1.0 is also available from the Nortel website.
Reading path Installation and User Guides (Sheet 2 of 2) Installing an AC Power Supply in an 8000 Series Switch 312751-C Installing a Fan Tray in an 8000 Series Switch 312752-C Installing Gigabit Interface Converters 316342-A Installing Media Dependent Adapters (MDAs) 302403-G Installation and Networking Guidelines for Optical Routing 212257-B Installing the 8661 SSL Acceleration Module (SAM) for the 8600 Series Switch 316315-A Installing the Web Switching Module for Passport 8600 Series Swi
Reading path 57 Reference and Configuration Guides These guides provide reference and configuration information for the Passport 8660 SDM. System Messaging Platform Reference Guide 315015-D (Alteon) Web OS Switch Software 10.0 Command Reference 212778-A (Alteon) Web OS Switch Software 10.0 Application Guide 212777-A Understanding the Passport 8600 & Web Switching Module (WSM) 316437-A Network Design Guidelines 313197-D Upgrading to Passport 8000 Switch Series Software Release 3.7.
Reading path 217316-A Rev 00