LANCOM LCOS SX 4.30 RU6 Release Notes

1. Preface

The LANCOM family of operating systems—LCOS, LCOS SX, LCOS LX, and LCOS FX—forms the trusted basis for the entire LANCOM range of products. Within the scope of the hardware specified by the products, the latest firmware version is available for all LANCOM products and is offered by LANCOM Systems for download free of charge.

LCOS SX 4.30 is the operating system for all LANCOM switches of the series XS-3500, GS-3600, GS-3500, GS-3200, IGS-3000, and GS-2400, as well as for the LANCOM GS-3152(X/XP/XSP) and GS-3126(X/XP).

The following LCOS SX operating systems are also available for other LANCOM switches:

• LCOS SX 5.3x is the operating system for the LANCOM switches CS-8132F and YS-7154CF.
• LCOS SX 5.2x is the operating system for all LANCOM switches of the XS-5100, XS-4500, and GS-4500 series, as well as for the LANCOM XS-6128QF.
• LCOS SX 4.00 is the operating system for the LANCOM GS-3152P.
• LCOS SX 3.34 is the operating system for all LANCOM switches of the GS-2300 and GS-1300 series.

The release notes for these device series can be found as usual on the LANCOM website in the download area of the respective switch.

This document describes the new features of the LCOS SX software release 4.30 RU6 as well as the changes and improvements to the previous version.

Before upgrading your device to a new firmware it is essential to backup your device's configuration. Due to extensive features it is not possible to downgrade to a previous firmware without using the backup configuration. Please note that different firmware files might be available for your device.

2. The release tag in the software name

Release Candidate (RC)

A Release Candidate has been extensively tested by LANCOM and includes new LCOS features. It is suitable for testing and is not recommended for use in productive environments.

Release Version (REL)

The release version has been extensively and successfully tested in practice. It contains new features and improvements over previous LANCOM operating system versions and is therefore recommended for use in productive environments.

Release Update (RU)

A release update is a further development of an initial release version in productive environments and contains minor improvements, security fixes, bug fixes and smaller features.

Security Update (SU)

Contains important security fixes for the respective LANCOM operating system version and ensures that your security level remains very high on an ongoing basis in your productive environment.

3. New features, improvements, and history

LCOS SX 4.30.0302 RU6

For all LANCOM switches of the series XS-3500, GS-3600, GS-3500, GS-3200, and GS-2400, as well as for LANCOM GS-3152(X/XP/XSP), GS-3126(X/XP), and IGS-3510XUP

New features

• Configurability of DHCP option 43 (Discover/Request Messages) for the parameter list of DHCP option 55
• Note: Default = Active; If the function is deactivated, the DHCP option 43 on the interface is no longer accepted by the LMC client, even if it was sent.

Bug fixes

• If a network component that used a transfer rate of 100 Mbps was plugged into one of the combo ports 25 or 26 of a LANCOM GS-2426(P), flapping occurred on the respective port with the default setting 'Dual' (link constantly up/down).
• A connection via a 1G SFP module between a LANCOM GS-24xx / GS-3xxx / XS-3xxx and a LANCOM XS-51xx / XS-6128QF with active auto-negotiation on the SFP port was not possible because auto-negotiation was not supported on the SFP ports of the LANCOM XS-51xx / XS-6128QF. A connection with Static Mode could not be established either, as Static Mode was not working correctly.
• If the switch sent a ping via the console and the ICMP requests were answered by the target, the SSH session was terminated after four successful pings.
• If port 13 was deactivated on LANCOM GS-2400 series switches, this meant that the subsequent port 14 no longer learned any MAC addresses and therefore no communication was possible on this port.
• For switches with 1G ports (e.g. LANCOM XS-3510YUP), the speed '1 Gbps FDX' was not offered as an individual selection in the LMC detailed configuration. If this speed was set on the WEBconfig of the switch, the value "6" was displayed in the LMC detail configuration.
• DHCP requests were sent without DHCP option 43. If the DHCP server in a private LMC scenario sent the private LMC domain via DHCP option 43, this meant that the switch could not establish a connection to the private LMC. DHCP option 43 is now always queried as part of DHCP option 55.

LCOS SX 4.30.0224 RU5

For all LANCOM switches of the series XS-3500, GS-3600, GS-3500, GS-3200, and GS-2400, as well as for LANCOM GS-3152(X/XP/XSP), GS-3126(X/XP), and IGS-3510XUP

New features

• Extension of DHCP option 82 to allow the use of multiple relay addresses (ip dhcp snooping option82 (keep/replace/drop))
• Integration of the LANCOM GS-2400 series

Bug fixes

• On the LANCOM GS-2400 series switches, the system LED flashed green after the device was started, although there was no reason for this.
• The device type designation (e.g. gs-3652xp) was used as the standard DHCP device name and not, as intended, the name 'LANCOM-' followed by the last 3 bytes of the MAC address (e.g. 'LANCOM-1d1000').
• If a configuration table in the local configuration of a switch managed by the LMC was completely emptied and the switch configuration was then saved as 'Start configuration', the deleted entries were still present in the LMC configuration.
• With the LANCOM XS-3510YUP, a Link Aggregation Group (LAG) was not established if it was configured on the 10G ports.
• The auto-logout on the web interface always occurred after 10 minutes, regardless of which value was configured.
• If the switch received a 'DHCP Offer' with an additional DHCP option from the DHCP server when using the DHCP relay with the 'Relay Information Policy Replace' setting, the switch appended the information of this option a second time. This resulted in a 'Malformed Packet', which the switch sent to the client. The DHCP server acknowledged this accordingly by sending DHCP option 52 (option overload).
• A user without any authorizations (Privilege Level 0) was able to log in to the web interface.
• If an attempt was made via the LMC or console to create an SNMP user with the wrong length for the authentication password or privacy password (between 8 and 128 characters are permitted in each case), the process could be carried out but the user was not created.

Bug fixes (continued)

• A batch of LANCOM GS-3126XP was equipped with an incorrect system configuration for Spanning Tree, which always contained the same MAC address as a placeholder. When using several affected devices, this led to the bridge ID in the spanning tree being the same and spanning tree therefore not working correctly.
• In WEBconfig, the option 'Non-Stop PoE' was offered in the menus for restarting and updating the firmware, even if the switch used did not have a PoE function.
• In the 'VLAN NAME Configuration' menu, the 'Start from VLAN' search field had no function after entering a position number.
• When using MSTP, the DHCP helper (always active when using DHCP functions on the switch, e.g. DHCP snooping) checked whether a port on which the switch received a DHCP packet was blocked in any MSTI. In this case, the DHCP helper discarded the DHCP packet. This meant that clients could not obtain an IP address in their VLAN even though their MSTI was not blocked. The DHCP Helper now only takes into account the MSTI associated with the VLAN and only drops the DHCP packets if this MSTI is also blocked.
• If the switch received a DHCPv6 packet that it could not process when DHCPv6 snooping was active, the switch sent this packet again as a multicast to all ports instead of discarding the packet. This could lead to a greatly increased load on the network and therefore also on the CPU.
• After an update to LCOS SX 4.30 RU4, the LANCOM GS-3152XP displayed '24-P GbE RJ45 + 4-P GbE SFP L2 Plus Managed PoE Switch' in its system description instead of the correct description 'Managed L2+ PoE+ Switch, 48x 10/100/1000Base-T ports + 4x 1G/10G SFP+ slots'.
• A VLAN that was removed via the graphical switch widget was still present after the changed configuration was rolled out.
• On the LANCOM XS-3526YUP, the link LEDs for the 10G ports lit up orange instead of green when a 10G connection was active.
• When restoring the factory defaults in WEBconfig, the option 'Keep IP setup' was missing, with which the IP settings of the device could be retained.
• It could happen that during a connection with the LANCOM DAC10-3M / DAC10-1M between a LANCOM R&S Unified Firewall UF-360 and a LANCOM GS-3252P, GS-3652X or the GS-3652XUP the speed in one direction was very slow (approx. 1-20 Mbps).
• If there was a CLI tunnel to the switch during a configuration rollout via the LMC, the tunnel hung up and blocked the rollout. As a result, the switch could no longer be accessed either via the LMC or directly via the web interface. Communication between devices connected to the switch was still possible.

Bug fixes (continued)

• The HTTP server of the web interface delivers - if available - the compressed data from the cache. However, the file identifier for the uncompressed data was also called up and not closed again. This led to the limit of open requests from the HTTP server being reached after a large number of pages were called up in the web interface. In this case, the message "Service Unavailable 503" was displayed in the web browser.
• Packets that were sent directly from the CPU or from the application (e.g. LLDP and IGMP) were not included in the capture when a Wireshark capture was taken via port mirror.
• Optimizations have been made for the search in the MAC address table so that the CPU is no longer so heavily utilized when using DHCP snooping.

LCOS SX 4.30.0147 RU4

For all LANCOM switches of the series XS-3500, GS-3600, GS-3500, and GS-3200, as well as for LANCOM GS-3152(X/XP/XSP), GS-3126(X/XP), and IGS-3510XUP

New features

• Integration of the new LANCOM XS-3500 series
• The LMC autoupdater is now supported.
• The limit of 4 active SSH sessions has been increased to 8.
• SNMPv3 configuration is now also possible via LMC.

Bug fixes

• The LANCOM GS-3652XP/XUP switches displayed the wrong color for 10 Gbps connections on the ports (green instead of blue).
• It could happen that an SSH session was aborted and closed abruptly after long command line outputs (e.g. after the command 'show tech-support').
• If large amounts of data were transferred via an LMC WEBconfig tunnel (e.g. download of 'Tech Support' log data), an endless loop could occur in the LMC client of the switch, causing the LMC WEBconfig tunnel to abort.
• It could happen that a connection with a DAC cable (10 Gbps) between a LANCOM Unified Firewall UF-360 and a LANCOM GS-3652XP was very slow in one direction (approx. 1-10 Mbps). The behavior only occurred with the DAC-10-3M or DAC-10-1M cable on SPF+ ports.
• After updating a LANCOM GS-3126XP or GS-3528XP from LCOS SX 4.00 to LCOS SX 4.30, PoE was not initialized correctly. As a result, the message "budget exceeded" was displayed in the web interface when a PoE device was connected, and the power supply via PoE did not work.
• On LANCOM switches with PoE according to 802.3bt (e.g. GS-3628XUP) the detection of devices via LLDP-MED did not work.
• In a certain batch of LANCOM GS-3628X switches, the compatibility with network cards with Intel i219 chipset was limited due to a firmware error in the installed chipset of the 2.5 Gbps ports. This could result in the negotiation of corresponding end devices on the 2.5 Gbps ports taking a very long time or only being achieved at 100 Mbps. Furthermore, it could happen that the negotiation did not take place at all and therefore no connection was possible.

Bug fixes (continued)

• When trying to activate TACACS+ authorization and / or accounting via the web interface in the 'Security / Management / Auth Method' menu, only the error message "Authorization Error - Invalid agent method" was displayed and the function(s) were not activated.
• When updating the firmware of a LANCOM GS-3126X from LCOS SX 4.00 to LCOS SX 4.30, the logic of the fan controller was not adopted. As a result, the fan was permanently running at a speed of over 6000 rpm after the update.

LCOS SX 4.30.0075 RU3

For LANCOM GS-3200 / GS-3600 series, GS-3126X, GS-3126XP, GS-3510XP, GS-3528X, GS-3528XP, IGS-3510XUP

Bug fixes

• If loop protection was deactivated on a switch port (setting 'no loop protect') and the status value for the loop protection on this port was queried via SNMP, this led to an immediate restart of the device.
• With LLDP activated and an existing LLDP neighbor, entering the command "show lldp neighbors" resulted in an incomprehensible output. If a static route was configured on the switch, entering the command "show lldp neighbors" led to an immediate restart of the device.
• If the LMC was temporarily unavailable (e.g. due to maintenance), switches managed by the LMC could be restarted immediately.

LCOS SX 4.30.0073 RU2

For LANCOM IGS-3510XUP

Bug fixes

• If an SFP module was plugged into an SFP port of an ISG-3510XUP during the boot process, ports 7 (with SFP module in port 9) or 8 (with SFP module in port 10) could not be initialized properly and were therefore without function.

LCOS SX 4.30.0071 RU1

For LANCOM GS-3200 / GS-3600 series, GS-3126X, GS-3126XP, GS-3510XP, GS-3528X, GS-3528XP, IGS-3510XUP

Bug fixes

• If a network device on a switch with several VLANs and active routing was assigned an IP address that did not belong to the VLAN in which the device was located, this device was able to communicate with devices in other VLANs.
• If a 10 GBit SFP+ module was operated in a LANCOM GS-3510XP in port 9, a link was no longer established after an upgrade to LCOS SX 4.30 Rel.
• After updating to LCOS SX 4.30 Rel, PoE no longer worked. In the web interface, the message "budget exceeded" was displayed for the ports in the 'PoE management / PoE status' menu.

LCOS SX 4.30.0071 Rel

For LANCOM GS-3200 / GS-3600 series, GS-3126X, GS-3126XP, GS-3510XP, GS-3528X, GS-3528XP

Please note the following information if a later firmware downgrade from LCOS SX 4.30 REL to LCOS SX 4.00 is performed (only applies to LANCOM switches GS-3200 / GS-3600 series, GS-3126X, GS-3126XP, GS-3510XP, GS-3528X, GS-3528XP):

• A downgrade only works if LCOS SX 4.00 is still in the backup slot of the device. A later downgrade by uploading an LCOS SX 4.00 is no longer possible.
• All users created on LCOS SX 4.30 will be deleted and the admin password, if changed, will be reset to the default value.
• SNMPv1/v2c traps that use the 'Security name' are lost.
• If the configuration is persisted in LCOS SX 4.30, the 'System description' is lost after a downgrade.

New features

• OS harmonization of LANCOM GS-3126X, GS-3126XP, GS-3528X, GS-3528XP and GS-3510XP
• Support for the new LANCOM IGS-3510XUP
• The 802.1X reauth period has been increased from 3600 seconds (1h) to 28800 seconds (8h).
• Syslog messages can now be sent either via TCP or UDP.

Bug fixes

• If a switch lost the connection to the LMC (message "The device ... has lost its connection to the cloud.") and then reconnected to the LMC (message "The device ... is connected to the cloud."), the message "The device ... has reported a boot process." was always displayed in the LMC, even if the device was not restarted.
• If a network device with a port speed of 1 Gbps was connected to a 2.5 Gbps switch port, recurring link loss (flapping) could occur.
• If authentication was performed on a switch port using 802.1X with EAP-TLS and 'Multi 802.1X' mode for two daisy-chained devices (such as a telephone and a computer connected to it) and the second device was disconnected from the network, the MAC address of the second device remained in the switch. This resulted in the switch performing a fallback authentication via MAC address for the device disconnected from the network (Dot1X MAB).

Bug fixes (continued)

• When blocking all data traffic in a network via ACL, DHCP packets were not blocked.
• If the 2.5 Gbps ports of LMC-managed switch models LANCOM GS-3652X, GS-3652XP and GS-3652XUP were set from 'Auto' to a different value, this led to a rollout error.
• A security vulnerability in the SSH protocol has been fixed (Terrapin security vulnerability/CVE-2023-48795).

4. Common advice

Disclaimer

LANCOM Systems GmbH does not take any guarantee and liability for software not developed, manufactured or distributed by LANCOM Systems GmbH, especially not for shareware and other extraneous software.

Support notes & known issues

Latest support notes and known issues regarding the current LCOS SX version can be found in the download area of our website: Common support tips