
            S O F T W A R E - R E L E A S E - D O C U M E N T
            
                 Hirschmann Automation and Control GmbH
            
            	       MACH4002 Release 09.1.11
            		
             		      2024/04/02
            		
                           C O N T E N T S
                           ===============


    1.   Limitations of the release MACH4002 09.1.11
    2.   Hardware Considerations
    3.   History of Changes

   

This document is delivered with the software in the file 
"Readme_MACH4002.09.1.11.txt".



 -----------------------------------------------------------------------------
| For superior functions like software update,                                |
| supported web browser and limitations of the platform release 09.1.11       | 
| please read the document Readme_09.1.11.txt.                                |
 -----------------------------------------------------------------------------



1. Limitations of the release MACH4002 09.1.11
==============================================
(01) The device can be managed by means of its agent's IP address as well as by
     those of its router interfaces.
     The agent's IP address must not be located in the same subnet of any of
     the router interfaces. If a router interface is assigned an IP address
     located in the agent's subnet, the agent's IP address will automatically
     be deleted.
     The agent's management VLAN ID must not be identical with any of the
     router interfaces' VLAN IDs. 
(02) VLAN based router interfaces are always displayed as operating at a
     speed of 10 Mbps. This has no effect on the router's real routing speed.
     However, in combination with OSPF, this may cause other paths being
     preferred in the routing decision. If this is not desired, the OSPF
     costs of a VLAN based router interface may be altered manually.
(03) SNTP multicasting (224.0.1.1) is not supported for router interfaces.
(04) IEEE-1588 is not supported for VLAN based router interfaces.
(05) It is not recommended to create more than 256 VRRP instances (virtual 
     router interfaces).
(06) If you enable IGMP support, IGMP snooping is also enabled. Generally it is 
     recommended to activate IGMP and IGMP snooping together.
(07) To activate multicast routing, you have to enable multicast forwarding, IGMP
     and a multicast routing protocol (PIM-DM or DVMRP) on a global basis and per
     router interface.
     This is necessary even if only one router is involved.
(08) You can only enable PIM-DM or DVMRP separately. The protocols cannot be run
     simultaneously.
(09) Routed multicasts are flooded over all ports of VLAN based router interface.
(10) If you change the prune/assert holdtime for PIM-DM, you should do this on all
     involved routers.
(11) From the software release 02.0.00 on, when prioritization via ACL
     (assign-queue) is used, frames are send with the modified VLAN priority. 
     This simplifies the system-wide prioritization. 
     Please note that IPv4 packets will also have their DSCP field modified:
     Assign Queue 0 -> User priority 0, DSCP:CS0 ( 0) 
     Assign Queue 1 -> User priority 1, DSCP:CS1 ( 8) 
     Assign Queue 2 -> User priority 2, DSCP:CS2 (16) 
     Assign Queue 3 -> User priority 3, DSCP:CS3 (24) 
     Assign Queue 4 -> User priority 4, DSCP:CS4 (32) 
     Assign Queue 5 -> User priority 5, DSCP:CS5 (40) 
     Assign Queue 6 -> User priority 6, DSCP:CS6 (48) 
     Assign Queue 7 -> User priority 7, DSCP:CS7 (56)
(12) From the SW Release 02.0.02, the RIP update interval is configurable (range
     1 to 1000 seconds). This can improve the RIP convergence time significantly.
     However, update intervals shorter than 10 seconds should be used only for small
     networks.
     Recommendation:
         Update interval:  1 sec. -> max. no. of routes: <=  250
         Update interval:  5 sec. -> max. no. of routes: <=  600
         Update interval: 10 sec. -> max. no. of routes: <= 1000
     The other RIP timers are set accordingly:
         Timeout           :  6 times the update interval
         Garbage Collection: 10 times the update interval
(13) In normal operating mode, packets that routed over VLAN router interfaces, are
     not sent with the VLAN router interface's MAC address as the source MAC
     address but with the physical port's MAC Address. This is compliant with the
     standard. Some terminal devices with incorrect IP implementation may have
     problems with that situation, resulting in them being unreachable via a VLAN
     router interface. For that reason, the SW Release 02.0.02 introduces the
     feature "Single MAC Mode". In this mode, all VLAN interfaces and all physical
     ports (except the port based router interfaces) use the same MAC address.
     It is recommended to use this "Single MAC Mode" only in combination with the
     setting "Independent VLAN Learning Switches".
(14) The Multicast Stream Detection (Handling of unknown multicasts)
     supports maximal 500 multicast addresses.
     If more addresses are used, the Multicast Stream Detection is switched off.
     The addresstable shows the unknown multicasts, that are detected by the
     Multicast Stream Detection.
     Non IP Multicasts are flooded always. 
(15) After replacing a media module with a media module of another type, 
	 check the settings of the corresponding ports and adapt the settings if necessary.
     
2. Hardware Considerations
==========================
This platform software release 09.1.11 is released exclusively for the 
following hardware:

- Software m4002L2P.bin supports L2P, L3E and L3P hardware variants
- Software m4002L3E.bin supports L3E and L3P hardware variants
- Software m4002L3P.bin supports L3P hardware variant

- MACH4002-48+4G     (Since SW 01.0.00)
- MACH4002-48+4G     (HW version x.x.05 / x.x.06 since SW 02.0.00)
 + ACA 21-USB        (Since SW 01.0.00)
 + ACA 22-USB        (Since SW 01.0.00)
 + ACA 22A-USB       (Since SW 01.0.00)
 + M-SFP-SX/LC       (Since SW 01.0.00)
 + M-SFP-MX/LC       (Since SW 01.0.00)
 + M-SFP-LX/LC       (Since SW 01.0.00)
 + M-SFP-LX+/LC      (Since SW 01.0.00)
 + M-SFP-LH/LC       (Since SW 01.0.00)
 + M-SFP-LH+/LC      (Since SW 01.0.00)
 + M-SFP-BIDI        (Since SW 01.0.00)
 + M-SFP-TX/RJ45     (Since SW 04.1.00)

- M4-8TP-RJ45        (Since SW 01.0.00)
- M4-FAST 8TP-RJ45-PoE (Since SW 02.0.00)

- M4-FAST 8-SFP      (Since SW 01.0.00)
 + M-FAST SFP-MM/LC  (Since SW 01.0.00)
 + M-FAST SFP-SM/LC  (Since SW 01.0.00)
 + M-FAST SFP-SM+/LC (Since SW 01.0.00)
 + M-FAST SFP-LH/LC  (Since SW 01.0.00)
 + M-FAST-SFP-TX/RJ45 (Since SW 04.1.00)
 
- M4-S-AC/DC 300W    (Since SW 01.0.00)
- M4-S-24VDC 300W    (Since SW 01.0.00)
- M4-S-48VDC 300W    (Since SW 01.0.00)

- M4-POWER           (Since SW 01.0.00)
 + M4-P-AC/DC 300W   (Since SW 01.0.00)
 + M4-P-24VDC 300W   (Since SW 01.0.00)
 + M4-P-48VDC 300W   (Since SW 01.0.00)

- M4-AIR             (Since SW 01.0.00)



3. History of Changes
=====================

Software Release 01.0.00
------------------------
All features of L2P:
- Autonegotiation or manual port configuration
- Store and Forward Switching, Flow Control
- VLANs (256 out of 4042), Prioritization (8 Queues), Tagging
- 8 Strict Priority Queues per port
- Independant VLAN learning
- Dynamic Unicast address entries (up to 8000)
- Static Unicast and Multicast address entries (up to 100)
- Dynamic Multicast address entries (up to 1000)
- IGMP-Snooping (v1, v2, Querier, Forward All)
- Rapid Spanning Tree
- HIPER-Ring
- Redundant Coupling of HIPER Rings and network segments
- Port Mirroring (1 source port to 1 monitoring port)
- 2 signal contacts for status monitoring and manual configuration
- Interface-Statistics, RMON (1,2,3,9)
- BOOTP/DHCP with auto configuration
- BOOTP/DHCP relay with option 82
- Fast aging on linkdown
- TFTP (software update, loading and saving the configuration)
- Auto Configuration Adapter ACA 21-USB (software update, loading and saving the 
  configuration)
- SNMP v1, Traps
- SNMP v2c, v3
- V.24 (System Monitor, Command Line Interface)
- Telnet (Command Line Interface)
- Web Based Management
- Diagnosis and self test function on cold start
- Error logging local
- SysLog support
- ACA21-USB password protection
- Address-based port-security
- HiDiscovery
- IEEE 1588 client without hardware support
- Egress broadcast limiter per port
- LLDP
- SFP management
- HTTP Update
- SNTP Client + Server
- Batterybuffered Realtime Clock
- Telnet Client (Outbound Telnet)
- Support for traceroute
- CLI Scripting
- 802.1x security
- GMRP
- Cable test (copper only)
- Link Aggregation (7 groups with 4 ports for each group), each dynamic(LACP)
  or static

Additional features of L3E:
- Full wired speed IPv4 routing with low latency
- CIDR (CLassless Inter Domain Routing)
- port based router interfaces (up to 28)
- VLAN based router interfaces (up to 32)
- Multinetting (ALiasing)
- Static routing with ECMP (Equal Cost Multiple Path)
- Up to 2048 ARP entries
- Up to 2048 routing entries
- up to 256 static routing entries
- RIPv1,RIPv2
- VRRP
- ICMP Router Discovery (IRDP)
- Layer 2 Access Control Lists (ACLs) or
  Standard + Extended ACLs (Layer 3 / Layer 4).
  Up to 100 lists each with up to 10 rules. Up to 20 rules per port
- Enhanced CoS Queue Management (Strict Priority, Weighted Round Robin with
  configurable minimum and maximum bandwidths)
- Traffic shaping per interface and queue

Additional features of L3P:
- OSPFv2
- protocol based VLANs
- extension to 128 VLAN based router interfaces
- extension to 4096 routing entries

Software Release 01.5.02
------------------------
L2E,L2P,L3E,L3P:
- IGMPv3 Snooping + Query support 
- Bugfixes (see issuelist)

L3P:
- number of ACL rules per port increased from 20 to 100
- IP Multicast Routing support
- up to 256 IP Multicast Routing entries
- IGMPv1,IGMPv2,IGMPv3
- PIM-DM
- DVMRP 
- VRRP Multinetting configuration via Web Interface

Software Release 01.5.03
------------------------
- IEEE-1588 (PTP) management via CLI
- Rudimental support of the POE module M4-FAST 8TP-RJ45-PoE
- Bugfixes (see issuelist)

Software Release 02.0.00
------------------------
Bugfixes (see issuelist)

New functions:
- New VLAN Mode for switching of priority only tagged frames.
- Modified handling for the prioritisation via ACL (see above)
- Support of POE module
- Additional ingress and egress paket limiter
- Bridge-MIB: dot1dTpFdbTable supports addresses from all VLANs
- Security Data Sheet from IAONA integrated
- Management Address Conflict Detection
- Optimization of broadcast limiter
- Enhancement of private MIB
- SNMPv3 Data Encryption
- SSHv1 (DES)

Software Release 02.0.02
------------------------
Bugfixes (see issuelist)

- Configurable RIP update interval (see above)
- "Single MAC mode" for VLAN Router interfaces (see above)

Software Release 03.0.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- Automatic configuration undo
- Access to Management from all VLANs
- HTTP config file transfer
- MRP (Media Redundancy Protocol - IEC Ring)
- Loginname and password up to 32 characters
- Transmission of oversize packets up to 1552 bytes (over SNMP activateable)
- Device status indication
- Disable Learning
- Telnet client in webinterface
- Configuration as script load/save
- GMRP Forward all
- Dynamic VLAN configuration protocol GVRP
- Customer specific preconfiguration (script)
- IGMP Multicast Stream Detection for PowerMICE/MACH4000
- POE functionality enhancements

New functions of L3P:
- Support for 512 IP multicast routing entries

Software Release 03.1.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- Ethernet/IP Protocol
- Merging of HIPER-Ring and MRP webinterface dialog
- Enhancement of portsecurity to 10 addresses per port
- 1588 Clock Optimizations

Software Release 04.0.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- IGMP Snooping Enhancements (Automatic query ports, query ports to portmask configurable)
- Not in sync display if configuration in Flash/ACA and running config are different
- Configurable priority of the management agent answers
- QoS: TOS/DSCP prioritization
- Shared VLAN Learning
- Config rollback function: Show IP Address of the monitoring station
- Activation of long frames in WEB interface
- PROFInet IO Protokoll

New functions of L3E:
- VRRP acceleration < 1 s
- VRRP tracking
- Interface Tracking

Software Release 04.1.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- RAM Test on/off (with new Bootcode)
- IGMP Snooping Improvements
- RSTP actualization to 802.1D-2004
- Activation of long frames (1552/1632) in CLI interface
- MRP with 200ms ring recovery
- HIPER-Ring: Option to reduce maximum ring recovery time.
- DHCP server per port

New functions of L3E:
- VRRP Improvements

New functions of L3P:
- Multicast routing and IGMP Unknown Multicast Filtering can be enabled at the same time

Software Release 04.2.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- LLDP Enhancement to detect some configuration errors
- Cable Crossing for MACH4000

Software Release 05.0.00
------------------------
Bugfixes (see issuelist)

New functions of L2E:
- Profinet Version 2.2 (PDEV) for all devices
- Profinet: GSDML file generator enhancements
- Profinet: Standalone GSDML generator
- Profinet: Automatic device exchange with Engineering Station
- Profinet: PnP functionality of port modules
- Profinet: Completion of LLDP-Implementation for PNIO-MIB
- Profinet: Transmission of switch data in Profinet I/O data
- Further boot time speed ups (New bootcode required)
- IEEE1588 (PTP) Version 2
- Optimization of Link detection (Hardware dependend)
- RSTP enhancement (Port Auto Edge)
- RSTP and MRP Ring in combination
- No reset configurable in case of error
- Ethernet/IP: Transmission of DIP switch status in I/O data
- MAC based port security: Ranges with a bitmask configurable

New functions of L2P:
- Show CPU / Memory utilization in CLI
- Configure RMON alarms in CLI
- SNMPv3 Authentication over RADIUS

New functions of L3E:
- Ping / Static route / Logic tracking

Software Release 06.0.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- Port-Mirroring N:1
- Trap for Configuration Saving and Changing
- Address Relearn Detection
- Duplex Mismatch Detection
- SNTP Client and Server separately configurable
- Removed Security Data Sheet (IAONA)
- Configurable CLI banner
- Switch Dump: Download System Information in one ZIP File
- SNMP Logging
- Configure Syslog Settings over WEB
- Profinet: MRP Configurable over Simatic S7
- Profinet: LLDP Extensions
- Automatic Software Update over ACA21
- Multiple Spanning Tree (MSTP)
- RSTP Standard MIB
- Restricted Management Access
- Sub Ring Protocol (Multi Ring) for PowerMICE and MACH4002

New functions of L3E:
- Netdirected Broadcasts

Software Release 07.0.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- LLDP-MED
- Voice VLAN
- PoE+ Management
- 802.1x Multi Client Authentication
- Guest VLAN / Unauthenticated VLAN for 802.1x
- RADIUS VLAN Assignment
- New configuration check dialog
- Offline configuration
- Port Monitor (Link flap & CRC)
- Advanced Ring Configuration & Diagnostics for MRP
- Port Security with up to 50 MACs per port
- Reload/Reboot with configurable delay
- SFP power also shown in dBm
- Switch to backup SW via Web
- Automatic script load from ACA21 on boot

Software Release 07.0.01
------------------------
Bugfixes (see issuelist)

New functions of L3P:
- DVMRP Update (Draft-ietf-idmr-dvmrp-v3-10)
- PIM-DM Update (RFC3973)
- PIM-SM / SSM (RFC4601)
- IGMP v1/v2/v3 Update

Software Release 07.1.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- HTTPs Web login

Software Release 08.0.00
------------------------
Bugfixes (see issuelist)

- Ethernet/IP: Configurable TTL and EDS AOP support
- Configuration Signature
- DHCP-Relay per port configuration
- Pre-Login-Banner
- DHCP Option 43 support
- DHCP Server configurable ping check.
- Overload detection (as part of Port Monitor)
- Auto Disable
- Port Mirroring Extensions
- MAC notification
- SSH Version 2
- Strong encryption for HTTPS
- Disable module slots

Software Release 08.0.05
------------------------
Bugfixes (see issuelist)

- Removed Rx Power State for SFPs.
- Device Status extended by Sub-Ring monitoring.

Software Release 09.0.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- HiDiscovery v2 support
- DHCP Relay per Interface
- Configurable number of addresses per interface for Port Security
- Admin State for System Monitor 1
- Link Speed and Duplex Monitor in port monitor 
- Auto-disable for Link / Duplex Monitor
- Auto-disable for Port Security
- Configurable CLI banner via CLI
- Configurable SNMP v1/v2 community synchronization
- MAC Address conflict detection
- Profinet GSDML File Version 2.3
- Configuration locking if Profinet AR is active. 

Software Release 09.0.12
------------------------
Bugfixes (see issuelist)

New functions of L3P:
- PIM-DM static entries support

Software Release 09.1.00
------------------------
Bugfixes (see issuelist)

New functions:
- Changed defaults: SNMPv1 and SNMPv2 are disabled.
- Password change on first login
  Protocols that require a login (e.g. SNMPv3) remain deactivated until the password is changed. 

Software Release 09.1.02
------------------------
Bugfixes (see issuelist)

New functions:
- Removed ProfiNET functionality from L3P Software.
- SSH Version 1 was removed.
- The insecure OpenSSH option "diffie-hellman-group1-sha1 Key Exchange" was removed.

Software Release 09.1.04
------------------------
Bugfixes (see issuelist)

New functions:
- Added 1000ms ring recovery for MRP.
- Added 1000ms ring recovery for Sub-Ring.

Software Release 09.1.06
------------------------
Bugfixes (see issuelist)

New functions of L2P, L3E and L3P:
- Option to encrypt the exported file containing the device configuration.

Software Release 09.1.11
------------------------
Bugfixes (see issuelist)
