INSTALLATION MEDIA FILES FOR CONSOLE SERVER V3.8.1 November 2006 ===================================================================== Please read the release notes before attempting to install this product. PRODUCTION RELEASE STATUS ========================= This release is intended to be scheduled into Console Server unit production. CONTENTS ======== This release contains the Version 3.8.1 of the Console Server firmware. This Console Server release notes contains the description of features, enhancements and bug fixes for this version. You should only upgrade to this version of firmware if your product was not shipped with this version AND you require to use one or more of its features. INSTALLATION ============ Firmware version 3.8.1 should be upgraded from previous versions by using TFTP or the JETLOAD/JETLOAD32 utility (see appendix D of User Guide). Version 3.8.1 ============= Features that were added to the CS9000 - Add a services flag for SNTPD and ICMPD Issues Resolved in this release - CS9000 would not allow to pass NULL characters to the serial port for a reverse telnet session. - PPP with roaming callback does not work with Windows 2000 or XP clients. After entering the number to use to call back, an error is reported in Windows and the client retries to make the connection, instead of waiting for the callback - When connecting using reverse telnet, the telnet ECHO and SGA options are continuously sent and received. Version 3.8.0 ============= Features that were added to the CS9000 - Currently the CS9000 only support classfull routing tables and subnetting based upon RFC950. In version 3.80 release, supernetting (CIDR) feature was implemented according to RFC 1519. RFC0950 is obsolete and the new RFC1519 incorporates the RFC950 within the RFC 1519 implementation. This will be implemented for the Ethernet, PPP and SLIP interfaces for the CS9000 which currently support RIPv1. - For full CIDR support, implementation of the RIP V2 protocol is required for support of CIDR and will be implemented according to RFC 2453. Configuration of the RIP v2 prototol will allow for send RIPv1, RIPv2, RIPv1 compatible and none and for receive is RIPv1, RIPv2, both or none. This allows the overall existing RIP support within the CS9000 more flexible to customer’s environment. - For RIP v2, MD5 Authentication, according to RFC 2082 was implemented to allow for the administrator to stored up to 4 passwords within to be used within fixed time duration. The current CS9000 supports RIP protocol on a PPP/SLIP connection when the RADIUS user configuration enabled the routing protocol “framed routing”. This will be maintained for RADIUS users but will support both RIPv1 and RIPv2 based upon the global server RIP protocol configuration. Additional RIP protocol support will be provided for PPP and SLIP interfaces with users that are authenticated locally. Configuration for the routing protocol for locally authenticated users will be provided in CLI, menu, HTML and SNMP. - For RIP v2 SNMP Mib Extension, according to RFC 2082, will be implemented to allow for reading the RipV2 configuration parameters through an SNMP Manager. SNMP configuration and statistical parameters are read-only in the CS9000 which will be maintained. Issues Resolved within this Release - Character control sequences are displaying in the fields within the screen configuration when repeating cursor key quickly. - User is unable to get port menu when on a "rev telnet" port with security disabled. - The error message "user not authorized" is not display when a user logs into a "rev telnet" port that he does not have access rights for. - Unit would crash when scanned by "LanGuard" program. (was sending an invalid HTTP request). - Cannot reset port using Kill or restart if the port is not already set to a cslogin (after a reboot) - Killing a line configured for REV SSH will not work. - HTML configuration for gateways shows "active" checkbox values opposite to what they should be. - CS9000 + RADIUS security if client telnet's to TCP port 23 the NAS-Port value = 1. - Invalid enumerations in MIB files. - Logout from a telnet session results in PuTTY displaying a "Fatal Error" message. - Received ICMP redirects to a new destination cause a GPF. Version 3.7.0 ============== Features that were added to the CS9000 - SNTP (RFC 2030) feature was addded to synchronzie the CS9000 with SNTP or NTP servers on the LAN. The feature allows for configuration to communicate to a primary and secondary NTP server on the LAN through various mode like multicast, unicast and anycast. The internal clock is adjusted and the time is updated based upon the network packets received from the NTP server. - Timestamping of the synchronized or manually configured clock is configurable for the local and/or remote port buffers - Features associated with the time configuration such as daylight savings time (summertime) and timezone permit the administrator advanced features for maintaining their CS9000 - Port Buffering configuration has been moved from the server menu screens to its own configuration menu screen for readability and ease of use Issues Resolved within this Release - LAN packets with less than 64 bytes of actual data (padded frames) were potentially padded with data from previous or active sessions. This was resolved by ensure padded data is zero. Version 3.6.0 ============== Features that were added to the CS9000 - Multisession support was introduced in this version which allows multiple users to connect to the same device on a serial port simultaneously. Multiple users are allowed access through the line access configuration which specifies which ports they are permitted to and what type of access mode for that particular port. Access modes include Read/Write (RW), Read Input (RI), Read Output (RO) and Read Both (RI & RO). - In addition to multiple user access on a port, a multisession menu is available to all users connected to the same port that allows them to send messages to all other users, kill sessions ( users with RW access modes only) and dynamically switch viewing access modes. Issues Resolved within this Release - When Rev SSH to port and pressing certain key sequences, CS9000 crashes. - Fixed problem with loosing characters coming into the unit from a modem connected at 2400 baud. - Fixed problem with opening more than the maximum number of supported sessions on the unit causing the unit to fail - Fixed key mapping for problem associated with terminal emulation vt100 connection - Under some conditions, the unit would not allow a "rev raw" connection to a serial port. - A xmodem file transfer from a serial device to the host on the ethernet would not work. This transfer was done in a rlogin session. Version 3.5.0 ============== Features added to this release include: - Although the CS9000 supported radius authentication for all connections types in previous firmware versions, this latest version support full authentication attributes that are applicable to the CS9000. Previously the CS9000 performed Radius authentication with only the User-Name and Password attributes from the Radius server. This firmware release enhanced the Radius authentication but support additional Radius server attributes that are applicable to the CS9000 - Radius accounting for all connection types has been added to the CS9000. Although Radius accounting messages were sent to the Radius server for cslogin line service types, this CS9000 firmware release enhances the accounting message to encompass connection types like reverse SSH, reverse Telnet, telnet. Issues that were resolved within this release include: - The CS9000 would crash (GPF exception) when using an invalid custom terminal definition. - Last character in the "break" string during an SSH session would be sent to host after the break signal. This character ('k') would be taken as an input to the hosts "break" mode. - Special strings (~view, ~break and ~menu ) do not work, if multiple reverse connections exist. - Account Request Message always states NAS Port value = 1 (not the port number) - Changing line port settings, telnet, ppp or slip, and then pressing ESC to exit without saving...the changes were still there. - Modifying any fields in the port, ppp, slip, or telnet settings will cause immediate modification to the RAM copy of the configuration regardless of whether the user decides to press ESC to abort all changes. If the user will inadvertently save configuration changes that he/she thought was aborted if he decides to save to flash. - In the "change user" and "line access" windows, the user name in the heading changes to "admin" if an "accept and exit" is aborted with the escape key. Version 3.4.1 =============== The following issues were resolved in this release: - CS9000 may not respond on the Ethernet interface after a LAN error condition occurs. - Enable ability to TELNET from one serial port to another. - SSH session between the CS9000 and a system running an openssh client will lock up after 32K of data is transmitted to the client. Version 3.4.0 ============================ The following feature have been added to this release. Easy Port Access Due to the current configuration of the CS9000 it is difficult for administrators to know what is connected to what ports/lines without keeping written lists. To eliminate the record keeping of the network devices attached to all the ports for numerous CS9000, version 3.4 allows a user to connect to the CS9000 via Telnet or SSH and be offered a menu (this does not apply to the administrator login of the CS9000). This menu will offer options for the following: ·A list of ports showing the line name descriptor field. They can then select a port to be connected to and they will then be automatically connected to the port. ·A log off option When the user is connected to the port to manage the attached device, they should also be able to view the local port buffer for that particular port by using a configured key string. The user will then be able to toggle between communicating with the device on the port and viewing its associated buffer. When the user has completed their activity on the network device, they can enter a configurable string (~menu by default) that allows them to disconnect from the port and return to the Easy Port Access menu to connect to another devices or logoff the CS9000 unit. User Line Access Rights The administrator of the CS9000 will now be able to specify which ports/lines a user will be offered connection to within the internal user database. This allows administrators to setup users with different access rights for as they often have responsibility for different systems. These access rights are reflected in the ports/lines available to the user when viewing the Easy Port Access screen and applied to direct connection to the network device. This feature does NOT apply to any user who can only be authenticated via Radius. Configurable Login Prompt The CS9000 v3.4.0 now allows the administrator to specify the server name to appear in the login and shell prompt which allows easy identification of multiple CS9000 units Authentication Priority The CS9000 user authentication method is now capable of allowing to specify priority in the authentication method used. When authentication selection is set to "Both(local+Radius)" the local user database is requested first and upon failure the RADIUS host is requested user authentication. To have the RADIUS host requested first followed by the local user database, a new configurable parameter "Both(RADIUS + local)" configures the authentication method in this priority. SNMP Mib Updated SNMP to RFC 2578. Updated the CS9000 SNMP Mib file from version 1.0.2 CS9000.MIB to version 3.3.1 PERLE-CS.MIB. This latest version of PERLE-CS.MIB is only compatible with version 3.4.0 firmware and forward. The older version CS9000.MIB version 1.0.2 is only compatible with CS9000 version 3.3.0 firmware and older. Version 3.3.0 ============================ The following features have been added to this release. Remote Port Buffering The feature of remote port buffering is required by administrators to remotely capture important information from the devices attached to the CS9000. Data from these devices is transmitted across the LAN interface (encrypted or in the clear) to remote files on an NFS host. This feature allows an administrator to archive the data from these devices to be viewed at any time. Encrypted files can be converted to readable format using the Decoder utility available for DOS/WIN9X/NT/ME/2K/XP, Linux, Solaris SPARC (32bit & 64 bit) and Solaris x86. Version 3.2.0 ============================ The following features have been added to this release. Local Port Buffering The feature of local port buffering is required by administrators to capture important information from devices attached to CS9000. Currently data coming from a device can only be seen if the administrator is connected to the port at the time. Local port buffering will allow administrators to view activity on a specific port to assess the latest activity of the device attached without being directly connected at any specific time. Version 3.1.0 ============================ The following features have been added in this release: ROUTED, DHCP, TELNETD, SSHD, HTMLD, and SNMP processes can be enabled/disabled individually to allow administrators to customize secure features on the CS9000. Enabling and disabling break signal generation on reverse telnet and SSH serial ports can now be controlled by configuring either the OEMmode or the new server's break option. For reverse SSH users, a configurable key sequence can be used to send to a break signal to the serial port. While in a reverse SSH session, the server continually scans for this key sequence and checks the server's break status before sending a break signal. Configuration files saved through netsave will now be encrypted. Version 3.00 and newer configuration files that are not encrypted, will also be supported. Additional feature of trusted IP host filtering will allow the admin user to configure source IP address filtering for up to 20 hosts. IP frames from other IP hosts that are not in the host table, will be dropped. CLI command 'show line' has been modified to indicate security enabled or disabled for each line. New status of "in use" when security is off and the reverse service port is being used. FIXES IN THIS RELEASE ===================== The following fixes were incorporated into this release 1) CERT SNMP Advisory indicated that certain network devices could experience failures. All issues associated with SNMP and the CS9000 were resolved and fixed within this release. 2) "netload nowrite software " option fixed which previously caused a system crash or rendered the serial ports unusable. 3) "No pseudo device available" error message occured because TCP keepalives for admin/cslogin sessions were disabled. They are now set to 5 minutes.