Professional Documents
Culture Documents
Abstract: This release notes describes the Switch 4500 V3.03.02p11 release with respect to version
Acronyms:
Table of Contents
Version Information········································································································································· 6
Version Number ········································································································································· 6
Version History··········································································································································· 6
Hardware and Software Compatibility Matrix····························································································· 7
Related Documentation································································································································· 60
Software Upgrading······································································································································· 60
Remote Upgrading through CLI ··············································································································· 60
Boot Menu················································································································································ 61
Software Upgrading via Console Port (Xmodem Protocol)······································································ 62
Using TFTP Through an Ethernet Interface····························································································· 64
Using FTP Through an Ethernet Interface ······························································································· 65
Appendix ························································································································································ 66
Details of Added or Modified CLI Commands in V3.03.02p06 ································································ 66
dot1x unicast-trigger ························································································································· 66
Details of Added or Modified CLI Commands in V3.03.02p11 ································································ 66
mac-authentication timer offline-detect ···························································································· 66
bpdu-drop any ·································································································································· 67
List of Tables
Version Information
Version Number
Version Information: 3Com OS V3.03.02s168p11
Note: To view version information, use the display version command in any view. See Note①.
Version History
Table 1 Version history
Item Specifications
Product family Switch 4500 Series
Hardware platform 26-Port/50-Port/26-Port PWR/50-Port PWR
Minimum memory 64 MB
requirements
Minimum Flash 8 MB
requirements
Boot ROM version Version 4.04 (Note: It is required to use V1.00 or later, but V4.00 is
preferred. You can view the version number with the display version
command in any view. Please see Note②)
z When a switch with a new version flash runs V3.01.00, using FTP to upload an application file to
the switch, or performing write operations on the flash of the switch such as executing the
display diagnostic-information command often fails. V3.01.00p01 and later have solved this
problem.
z A device running boot ROM V1.00 may get out of power during startup, which may cause the
loss of the application file. You are recommended to upgrade the boot ROM version to V1.01 to
solve this problem.
<4500>display version
3Com Corporation
Switch 4500 26-Port Software Version 3Com OS V3.xx.xx ------- Note①
Copyright (c) 2004-2008 3Com Corporation and its licensors, All rights reserved.
Switch 4500 26-Port uptime is 0 week, 0 day, 0 hour, 0 minute
Feature List
Hardware Features
Table 3 Hardware features
Category Description
Dimensions (H × W × D) 43.6mm × 440mm × 260mm (1.72 × 17.32 ×10.24 in.) (devices without
PWR)
43.6mm × 440mm× 420mm (1.72 × 17.32 × 16.54 in.) (devices with
PWR)
Weight (full configuration) ≤3.5Kg (7.72 lb.) (26-port devices without PWR)
Software Features
Table 4 Software features
Features Description
Port auto-negotiation Supports both speed and duplex mode auto-negotiation.
Flow control Supports IEEE 802.3x-compliant flow control for full-duplex, and back-
pressure based flow control for half-duplex.
Link aggregation Supports up to 8 aggregation groups, each of which supports up to 8 FE
ports or 4 GE ports.
Port internal/external The port internal loopback test detects the connectivity between switch
loopback test chips and PHY chips. The port external loopback test detects the
connectivity between PHY chips and network interfaces with the help of
Features Description
the self-loop header. The two tests used together can determine whether
a fault is a switch fault or a link fault.
Combo ports
Unicast, multicast and Supports bandwidth ratio- and rate-based suppression modes on ports.
broadcast suppression
VLAN Supports port-based VLANs, and up to 256 IEEE 802.1Q-compliant
VLANs.
MAC address table Supports MAC address learning and up to 8K MAC addresses;
Complies with IEEE 802.1D;
Notifies MAC address changes to ARP.
RSTP Supports STP and complies with IEEE 802.1D.
802.1X authentication Supports PEAP/EAP/TLS/TTLS.
The main purpose of IEEE 802.1X is to implement authentication for
wireless LAN users, but its application in IEEE 802 LANs provides a
method of authenticating LAN users.
SSHv2 Secure Shell (SSH) offers an approach to logging into a remote device
securely. By encryption and strong authentication, it protects devices
against attacks such as IP spoofing and plain text password interception.
A switch can work as an SSH server to support connections with SSH
clients running on PCs.
Voice VLAN The voice VLAN feature adds ports into voice VLANs by identifying the
source MAC addresses of packets. It automatically assigns higher priority
for voice traffic to ensure voice quality. This feature supports two
application modes: manual and automatic.
DHCP relay agent Through a DHCP relay agent, DHCP clients in a subnet can
communicate with a DHCP server in another subnet to obtain valid IP
addresses. In this way, DHCP clients in different subnets can share one
DHCP server. This method saves costs and helps implement centralized
management.
ARP Supports up to 256 static ARP entries.
IP routing Supports static routing and RIP.
IGMP Snooping Internet Group Management Protocol Snooping (IGMP Snooping) is a
multicast constraining mechanism that runs on Layer 2 devices to
manage and control multicast groups.
QoS Bandwidth management;
flow control with 64 bps granularity;
8 sending queues per port;
Traffic classification;
Traffic rate limit;
Port mirroring, which supports only one source mirroring port.
Software upload and Software upload and upgrade through the XMODEM protocol, FTP or
upgrade TFTP
Remote authentication To implement authentication on remote telnet, web, and console users,
you need to configure use names and passwords on a RADIUS server,
June 30, 2010 Page 10 of 67
3COM OS Switch 4500 V3.03.02p11 Release Notes
Features Description
and configure RADIUS authentication on the access switch. When such
a user logs onto the switch, the switch sends the user name and
password to the RADIUS server for authentication. If the user passes
authentication, it can log it to the switch.
FTP, TFTP The switch can only works as a TFTP client.
System configuration Configuration methods supported: CLI, console port, telnet, and Modem;
and management
Features and functions supported: SNMP, remote monitoring (RMON)
1/2/3/9 group MIBs, system logging, hierarchical alarming, Syslog And
NTP.
Network maintenance Filtering, output and collection of alarm/debug information;
Diagnostic tools: Ping, Tracert, and so on;
Remote maintenance through Telnet and other ways
web
Fault diagnostics and Detects and reports hardware/software faults.
alarm output
Fast startup In fast startup mode, a switch can complete a startup process within 60
seconds by skipping the power-on self test (POST) and directly running
the APP program. You can set the startup mode to fast or normal in the
boot ROM menu.
Version Updates
Feature Updates
Syntax
View
Description
Syntax
View
System view
Description
Example
[Switch] undo icmp acl-priority
Command 2:
Syntax
View
System view
Description
Example
[Switch] mirroring stp-collaboration
Command 3:
Syntax
View
Description
Example
Syntax
View
Parameters
Description
Note that:
z If you execute the undo ip address
command without any parameter, the
switch deletes both primary and
secondary IP addresses of the
interface.
z The undo ip address ip-address
{ mask | mask-length } command is
June 30, 2010 Page 19 of 67
3COM OS Switch 4500 V3.03.02p11 Release Notes
Syntax
View
VLAN view
Parameters
Description
Examples
View:
user view
Reason
Syntax
View
Parameters
Examples
Syntax
View
Parameters
Description
Examples
Syntax
View
Any view
Parameters
Description
Syntax
View
Any view
Parameters
Description
Examples
Syntax
port-security enable
undo port-security enable
View
System view
Parameters
None
Description
Caution
Enabling port security resets the following
June 30, 2010 Page 26 of 67
3COM OS Switch 4500 V3.03.02p11 Release Notes
Examples
Syntax
View
Description
Note that:
MIB Updates
Table 7 MIB updates
Configuration Changes
In current version: The syslog records both the user's name and the user's IP address after a WEB
user log in, such as:
%Apr 7 09:20:34:698 2010 switch WEB/5/USER:- 1 -web (1.1.1.1) login succeed
%Apr 7 09:20:37:961 2010 switch WEB/5/USER:- 1 -web (1.1.1.1) logout
Switch serves as DHCP relay. If the packet received by the device whose length less than 300 bytes,
the device does not add padding automatically to make packet length to 300 bytes.
In current version:
Switch serves as DHCP relay. If the packet received by the device whose length less than 300 bytes,
the device add padding automatically to make packet length to 300 bytes.
4) Dot1x free-ip and stack aren't mutually exclusive any longer
DHCP server, DHCP snooping and DHCP Relay can not be enabled at the same time; otherwise PC
can't get IP address successfully.
In current version:
DHCP server, DHCP snooping and DHCP Relay can be enabled at the same time. PC can get IP
address successfully from switch, and of three functions can record its item.
In early version:
In current version:
Executing this command, the mac-address synchronization function will also be enabled besides the
destination-hit function.
2) The change to the 'display mac-address'
In early version:
There is no 'unit id' option, only ‘display mac-address' can be executed to show the mac-addresses
on the current device.
In current version:
The 'unit id' option is introduced. Therefore, the mac-address on every unit can be displayed through
‘display mac-address unit id’.
Specific syslog messages will be sent to log server from every unit in a stack.
In current version:
Specific syslog messages will be sent to log server only from the master unit in a stack.
2) The change to VLAN number
In early version:
In current version:
Executing "Net2Startup" operation in "CONFIG-MAN-MIB", the filename can not contain directory.
In current version:
When the switch is configured as a DHCP client, the option60 field in DHCP discover packets sent by
the switch is filled only with the product series information.
In current version:
When the switch is configured as a DHCP client, the option60 field in DHCP discover packets sent by
the switch is filled with the product series information and other more detailed information.
3) Change to the source MAC address of Loopback-detection packet
From 3.03.02p03, the source MAC address of Loopback-detection packet is changed from the Bridge
MAC of the device to 00e0-fc09-bcf9.
4) The operation about Management address in LLDP packets
In early version:
If the LLDP management-address has not been configured, the IP address of the VLAN with smallest
ID which the port belongs to will be used. And if the IP address of the VLAN with smallest ID which
the port belong to has not been configured, the loopback IP (127.0.0.1) address will be used.
In current version:
(1) If the LLDP management-address has not been configured, the IP address of the smallest
permitted VLAN whose IP is configured will be used;
(2) If the LLDP management-address has been configured, and the port belongs to the VLAN with the
LLDP management-address, the IP address will be used;
Doing 802.1X re-authentication with a RADIUS server. Even if user-name changes, the device just
sends RADIUS Access-Request packet for the latter user-name, but does not send RADIUS
Accounting-Stop packet for the former user-name.
In current version:
Doing 802.1X re-authentication with a RADIUS server. If user-name changes, the device sends
RADIUS Accounting-Stop packet for the former user-name firstly, then sends RADIUS Access-
Request packet for the latter user-name.
After modification, the switch can recognize such modules and output corresponding debug
information .
By default, the IEEE 802.1t standard is used to calculate the default path costs of ports.
In current version:
By default, the legacy standard is used to calculate the default path costs of ports.
The switch will delete the "poe enable" configuration of a port if the port detects overload for three
consecutive times.
After modification:
The switch will not delete the "poe enable" configuration of a port if the port detects overload for three
consecutive times.
The interval for sending 802.1X multicast requests set with the dot1X timer tx-period command is in
the range 10 to 120 seconds. If a port joins the guest VLAN upon receiving no response for an
802.1X multicast request, the shortest time for the port to join the guest VLAN is about 10 seconds.
After Modification:
The interval for sending 802.1X multicast requests set with the dot1X timer tx-period command is in
the range 1 to 120 seconds. If a port joins to the guest VLAN upon receiving no response for an
802.1X multicast request, the shortest time for the port to join the guest VLAN is about 1 second.
After modification:
1) Info-center related configuration is placed at the end part of the configuration file.
2) The vlan-vpn enable command is exclusive with stack configuration only, and can coexist with
other protocols such as STP/GVRP.
3) The device is compatible with line feed characters "\r\n" and"\n", so that it can exchange files with
the TFTP server running on the UNIX system.
4) The ping operation performance is improved, but consequently the real time performance of
displaying port statistics is reduced, that is, a delay occurs when you view port statistics.
5) You can perform port mirroring and mirroring group configuration through the web interface.
6) The device forwards unknown EAP packets rather than discards them.
7) The sequence of matching web files is changed from main, backup, default to default, main,
backup.
8) The device no longer sends PortMstiStateDiscarding trap and log packets when a port goes
down.
ZDD02999
LSOD09955
LSOD09894
LSOD09928
LSOD09920
LSOD09911
LSOD09909
LSOD09745
LSOD09830
LSOD09837
ZDD02827
LSOD09587
interface Ethernet1/0/1
traffic-priority inbound ip-group 2000 rule 0 cos spare
traffic-priority inbound ip-group 2001 rule 0 cos background
z Description: After one ACL rule is removed from the port, the other ACL rules can’t be deleted.
Note: Action traffic-limit/traffic-remark-vlanid has similar problem.
LSOD09728
LSOD09717
LSOD09619
LSOD09678
2. Https use this SSL server policy, example: ip https ssl-server-policy myssl1
3. Undo use this SSL server policy, example: undo ip https ssl-server-policy
z Description: This ssl server policy can't be deleted.
LSOD09700
LSOD09499
LSOD09555
LSOD09550
LSOD09598
LSOD09554
z Condition: The switch enables DHCP snooping and the up-link port of the switch is configured as
the trust port of DHCP snooping. The DHCP server and the user’s PC are connected to the up-
link port of the switch.
z Description: DHCP snooping record the user item on trust port.
LSOD09521
Note: Short-static ND entry is configured by command line. The entry doesn't have port information.
The port information will be learnt by ND packets. When the port information is learnt, the ND entry is
called short-static resolved ND entry.
LSOD09717/LSOD09709
LSOD09572/LSOD09605
LSOD09537
LSOD09483
LSOD09498
LSOD09434
LSOD09447
LSOD09406
LSOD09332
LSOD09048
LSOD09439
z Condition: Configure port-security auto learn mode on port A. Delete all MAC-address and
change the VLAN ID of the port A while there are background traffic.
z Description: The MAC of the old VLAN is left occasionally.
LSOD09268
LSOD09295
LSOD09204
LSOD09167
LSOD09156
LSOD08866
LSOD09143
LSOD09176
LSOD09145
ZDD02152
LSOD08964
LSOD09106
LSOD09080
LSOD08774
LSOD09095
LSOD09097
LSOD09102
LSOD09100
z Condition: Net management software, which is using SNMP, is connected to the slave device in a
stack.
z Description: Execute setting operation; the operation can be succeeding, but the device cannot
send SNMP response to the net management software.
LSOD09045
LSOD08988
LSOD08964
LSOD06917
z Description: The fabric can't ping the PC connected to the mirroring port successfully.
LSOD08776
LSOD08782
LSOD08757
LSOD08753
LSOD08892
LSOD08819
LSOD08905
LSOD08907
LSOD08729
LSOD08843
LSOD08788
LSOD08808
LSOD08738
LSOD08679
LSOD08657
LSOD08665
LSOD08631
LSOD08656
LSOD08713
LSOD08716
LSOD08575
LSOD08674
LSOD08652
LSOD08675
LSOD08678
LSOD08726
LSOD08667
LSOD08673
LSOD08570
LSOD08734
LSOD08284
LSOD08291
LSOD08603
LSOD08460
LSOD08576
LSOD08651
LSOD08655
LSOD08646
LSOD08628
LSOD08193
LSOD08145
LSOD07413
LSOD07744
LSOD07980/ LSOD07531/LSOD07749
LSOD07692
LSOD07939
z Condition: Local user User 1 sets the access-limit to N on the switch. Then, N local users except
for User 1 log into the switch (Local users can be FTP/ LAN-access/SSH/telnet/terminal users. If
a user logs into the switch through 2 ways at the same time, for example, FTP and telnet, the
user is counted as two logged-in users.).
z Description: User 1 cannot log in to the switch.
LSOD08070
LSOD08034
LSOD07962
LSOD08035
LSOD08049
LSOD08101
LSOD08106
LSOD08118
PC1 and PC2 communicate with each other at Layer-3 through Switch 1.
Configure a static ARP entry that has no VLAN ID or outbound interface specified for PC2 on Switch
1. After PC1 and PC2 communicate with each other, the egress port and VLAN ID (VLAN B) of the
ARP entry are learned.
Then change the network as follows:
Remove VLAN B from Switch 1, configure VLAN B on Switch 2, and move PC2 from Switch 1 to
Switch 2.
After that, all PC1, Switch 1, Switch 2 and PC2 communicate with one another at Layer-3.
The new network is shown below:
z Description: The ping operation from PC1 to PC2 fails. To solve the problem, you have to reboot
Switch 1.
LSOD07630
LSOD07571
LSOD07676
LSOD07670
LSOD07668
LSOD07316
LSOD07416/LSOD07422/LSOD07420/LSOD01108
LSOD07375
LSOD07479
LSOD07124
LSOD07425
LSOD07313
LSOD07467
LSOD07460
LSOD07240
LSOD07138
LSOD07145
LSOD07184
LSOD07234
LSOD07128
LSOD07143
LSOD07136
LSOD07140
LSOD06680/LSOD07269
ZDD01517
LSOD06530
LSOD06010
z Condition: Configure a static route with the blackhole attribute on the device, and its next hop
address is a reachable valid IP address. For example, execute the ip route-static 1.1.1.0
255.255.255.0 2.2.2.2 blackhole command.
z Description: IP packets matching the blackhole route are still forwarded normally.
LSOD03115
LSOD02840
OLSD31930
OLSD31973
OLSD29599
OLSD30143
z Description: Some errors occur and command executions fail. For example, if you download a
large file from the FTP server when there is enough space, the following prompt appears:
Local space is not enough !
System will delete the file which has been transferred, please wait...
...Error Writing Local File: not enough space!
On an S4500 device that has an Intel J3D flash installed and runs a version earlier than V3.01.00p01,
performing above-mentioned operations will fail.
Related Documentation
For the most up-to-date version of documentation:
1) Go to http://www.3Com.com/downloads
2) Select Documentation for Type of File and select Product Category.
Software Upgrading
The device software can be upgraded through the console port, TFTP, and FTP.
After getting the new application file, reboot the device to validate it.
Note that if you do not have enough Flash space, upgrade the Boot ROM program first, and then
download the application file to the device.
Boot Menu
Upon power-on, the switch runs the Boot ROM program first. The following information will be
displayed on the terminal:
Starting......
******************************************************************
* *
* Switch 4500 PWR 50-Port BOOTROM, Version 1.00 *
* *
******************************************************************
After the screen displays “Press Ctrl-B to enter Boot Menu...”, you need to press <Ctrl+B> within 5
seconds to access the Boot menu. Otherwise, the system will start program decompression, and then
you have to reboot the switch to access the Boot menu.
Enter the correct password (no password is set by default) to access the Boot menu.
BOOT MENU
Step 2: Enter 3 to select the Xmodem protocol and press <Enter>. The following information appears:
Please select your download baudrate:
1. 9600
2. 19200
3. 38400
4. 57600
5. 115200
6. Exit
Enter your choice (0-5):
Step 3: Select the appropriate download baud rate. For example, enter 5 to select the download baud
rate of 115200 bps. Press <Enter> and the following information appears:
Download baudrate is 115200 bps. Please change the terminal's baudrate to 115200 bps,
and select XMODEM protocol.
Press ENTER key when ready.
Step 4: Configure the same baud rate on the console terminal, disconnect the terminal and reconnect
it. Then, press <Enter> to start downloading. The following information appears:
Are you sure to download file to flash? Yes or No(Y/N)y
Now please start transfer file with XMODEM protocol.
If you want to exit, Press <Ctrl+X>.
Downloading ... CCCCC
After the terminal baud rate is modified, it is necessary to disconnect and then re-connect the terminal
emulation program to validate the new setting.
Step 5: Select [Transfer\Send File] from the terminal window. Click <Browse> in the pop-up window
and select the software to be downloaded. Select Xmodem from the Protocol drop down list.
Step 2: Run the TFTP server program on the PC, and put the program files into a file directory.
Switch 4500 series are not shipped with the TFTP server program.
Step 3: Run the terminal emulation program on the PC, and start the switch, to access the Boot menu.
Step 4: Enter 1 in the Boot menu, and press <Enter> to enter the following menu.
Please set application file download protocol parameter:
1. Set TFTP protocol parameter
2. Set FTP protocol parameter
3. Set XMODEM protocol parameter
0. Return to boot menu
Enter your choice(0-3):1
Step 5: Enter 1 to use TFTP, and press <Enter>. The following information appears:
Switch IP address (This address and the server IP address must be on the same network
segment)
Step 6: Input correct information and press <Enter>. The following information appears:
Are you sure to download file to flash? Yes or No(Y/N)
Step 7: Enter Y to start downloading the files. Enter N to return to the Boot menu. Take entering Y as
an example. Enter Y and press <Enter>, the system begins downloading programs. After downloading
completes, the system starts writing the programs to the flash. Upon completion of this operation, the
screen displays the following information to indicate that the downloading is completed:
Loading ........................................................done!
Writing to flash................................................done!
Step 2: Run the FTP server program on the PC, and put the program files into a file directory.
Step 3: Run the terminal emulation program on the PC, and start the switch to access the Boot menu.
Step 4: Enter 1 in the Boot menu and press <Enter> to access the following menu.
Please set application file download protocol parameter:
1. Set TFTP protocol parameter
2. Set FTP protocol parameter
3. Set XMODEM protocol parameter
0. Return to boot menu
Enter your choice(0-3):2
Step 5: Enter 2 to select FTP and press <Enter>. The following information appears:
Please modify your FTP protocol parameter:
Load File name
Switch IP address
Server IP address
FTP User Name
FTP User Password
Step 6: Input correct information and press <Enter>. The following information appears:
Are you sure to download file to flash? Yes or No(Y/N):
Step 7: Enter Y to start downloading the files. Enter N to return to the Boot menu. Take the first case
as an example. Enter Y and press <Enter>, and the system begins downloading programs. After
downloading completes, the system starts writing the programs into the flash. Upon completion of this
operation, the screen displays the following information to indicate that the downloading is completed:
Loading ........................................................done!
Writing to flash................................................done!
Appendix
Details of Added or Modified CLI Commands in V3.03.02p06
dot1x unicast-trigger
Syntax
dot1x unicast-trigger
View
Default Level
2: System level
Parameters
None
Description
Use the dot1x unicast-trigger command to enable the unicast trigger function of 802.1X on a port.
Syntax
View
Parameters
offline-detect-value: Offline detect timer, which specifies the idle timeout interval (in seconds) for users.
At this interval, the switch checks whether there is traffic from each user. If receiving no traffic from a
user within two consecutive intervals, the switch logs the user out and notifies the RADIUS server.
The value range for the offline-detect-value argument is 0 to 3000000. The default is 300 seconds.
Description
Use the mac-authentication timer offline-detect command to set the offline detect timer for MAC
authentication.
Use the undo mac-authentication timer offline-detect command to restore the default.
Note that:
z The offline detect timer configured in system view applies to all MAC authentication-enabled
ports.
z The offline detect timer configured in Ethernet port view applies to the current port only. You can
set the offline detect timer to different values on different Ethernet ports.
z The offline detect timer configured in Ethernet port view takes precedence over the one
configured in system view.
If the offline-detect-value argument takes the value of 0, the offline detect timer is disabled.
bpdu-drop any
Syntax
bpdu-drop any
View
Parameters
None
Description
Use the bpdu-drop any command to enable BPDU dropping on the Ethernet port.
Use the undo bpdu-drop any command to disable BPDU dropping on the Ethernet port.