
            S O F T W A R E - R E L E A S E - D O C U M E N T
            
                 Hirschmann Automation and Control GmbH
            
            	       MACH4002XG Release 09.1.08
            		
             		      2022/12/12
            		
                           C O N T E N T S
                           ===============


    1.   Limitations of the release MACH4002XG 09.1.08
    2.   Hardware Considerations
    3.   History of Changes

   

This document is delivered with the software in the file 
"Readme_MACH4002XG.09.1.08.txt".



 -----------------------------------------------------------------------------
| For superior functions like software update,                                |
| supported web browser and limitations of the platform release 09.1.08       | 
| please read the document Readme_09.1.08.txt.                                |
 -----------------------------------------------------------------------------



1. Limitations of the release MACH4002XG 09.1.08
================================================
(01) The device can be managed by means of its agent's IP address as well as by
     those of its router interfaces.
     The agent's IP address must not be located in the same subnet of any of
     the router interfaces. If a router interface is assigned an IP address
     located in the agent's subnet, the agent's IP address will automatically
     be deleted.
     The agent's management VLAN ID must not be identical with any of the
     router interfaces' VLAN IDs. 
(02) VLAN based router interfaces are always displayed as operating at a
     speed of 10 Mbps. This has no effect on the router's real routing speed.
     However, in combination with OSPF, this may cause other paths being
     preferred in the routing decision. If this is not desired, the OSPF
     costs of a VLAN based router interface may be altered manually.
(03) SNTP multicasting (224.0.1.1) is not supported for router interfaces.
(04) IEEE-1588 is not supported for VLAN based router interfaces.
(05) It is not recommended to create more than 256 VRRP instances (virtual 
     router interfaces).
(06) If you enable IGMP support, IGMP snooping is also enabled. Generally it is 
     recommended to activate IGMP and IGMP snooping together.
(07) To activate multicast routing, you have to enable multicast forwarding, IGMP
     and a multicast routing protocol (PIM-DM or DVMRP) on a global basis and per
     router interface.
     This is necessary even if only one router is involved.
(08) You can only enable PIM-DM or DVMRP separately. The protocols cannot be run
     simultaneously.
(09) Routed multicasts are flooded over all ports of VLAN based router interface.
(10) If you change the prune/assert holdtime for PIM-DM, you should do this on all
     involved routers.
(11) From the software release 02.0.00 on, when prioritization via ACL
     (assign-queue) is used, frames are send with the modified VLAN priority. 
     This simplifies the system-wide prioritization. 
(12) From the SW Release 02.0.02, the RIP update interval is configurable (range
     1 to 1000 seconds). This can improve the RIP convergence time significantly.
     However, update intervals shorter than 10 seconds should be used only for small
     networks.
     Recommendation:
         Update interval:  1 sec. -> max. no. of routes: <=  250
         Update interval:  5 sec. -> max. no. of routes: <=  600
         Update interval: 10 sec. -> max. no. of routes: <= 1000
     The other RIP timers are set accordingly:
         Timeout           :  6 times the update interval
         Garbage Collection: 10 times the update interval
(13) The "Single-MAC-Mode" for VLAN-Router Interfaces will not be supported
     on MACH4002XG due to the fact that the MAC addresses for sending and 
     receiving are the same.
(14) On MACH4002XG IP-based and MAC-based ACLs are possible simultaneously 
     on one interface.
(15) For the MACH4002XG the queue management (concerning scheduler-type, minimum bandwith,
     maximum bandwith) can only be configured globally.
(16) On the MACH4002XG is an additionally trust-mode supported (trust-ip-dscp),
     so that priorisation using IP DSCP field is supported on this device.
(17) The Multicast Stream Detection (Handling of unknown multicasts)
     supports maximal 500 multicast addresses.
     If more addresses are used, the Multicast Stream Detection is switched off.
     The addresstable shows the unknown multicasts, that are detected by the
     Multicast Stream Detection.
     Non IP Multicasts are flooded always. 
(18) After replacing a media module with a media module of another type, 
	 check the settings of the corresponding ports and adapt the settings if necessary.

     
2. Hardware Considerations
==========================
This platform software release 09.1.08 is released exclusively for the 
following hardware:

- Software m4002xgL2P.bin supports L2P, L3E and L3P hardware variants
- Software m4002xgL3E.bin supports L3E and L3P hardware variants
- Software m4002xgL3P.bin supports L3P hardware variant

- MACH4002-48G+3X     (Since SW 02.1.00)
- MACH4002-48G        (Since SW 02.1.00)
- MACH4002-24G+3X     (Since SW 02.1.00)
- MACH4002-24G        (Since SW 02.1.00)
 + ACA 21-USB         (Since SW 02.1.00)
 + ACA 22-USB         (Since SW 02.1.00)
 + ACA 22A-USB        (Since SW 02.1.00)
 + M-XFP-SR/LC        (Since SW 02.1.00)
 + M-XFP-LR/LC        (Since SW 02.1.00)
 + M-XFP-ER/LC        (Since SW 02.1.00)
 + M-XFP-ZR/LC        (Since SW 02.1.00)
 + M-SFP-SX/LC        (Since SW 02.1.00)
 + M-SFP-MX/LC        (Since SW 02.1.00)
 + M-SFP-LX/LC        (Since SW 02.1.00)
 + M-SFP-LX+/LC       (Since SW 02.1.00)
 + M-SFP-LH/LC        (Since SW 02.1.00)
 + M-SFP-LH+/LC       (Since SW 02.1.00)
 + M-SFP-BIDI         (Since SW 02.1.00)
 + M-SFP-TX/RJ45      (Since SW 04.1.00)
 + M-FAST SFP-MM/LC   (Since SW 02.1.01)
 + M-FAST SFP-SM/LC   (Since SW 02.1.01)
 + M-FAST SFP-SM+/LC  (Since SW 02.1.01)
 + M-FAST SFP-LH/LC   (Since SW 02.1.01)

- M4-8TP-RJ45         (Since SW 02.1.00)
- M4-FAST 8TP-RJ45-PoE(Since SW 02.1.00)

- M4-GIGA 8SFP        (Since SW 02.1.00)
 + M-SFP-SX/LC        (Since SW 02.1.00)
 + M-SFP-MX/LC        (Since SW 02.1.00)
 + M-SFP-LX/LC        (Since SW 02.1.00)
 + M-SFP-LX+/LC       (Since SW 02.1.00)
 + M-SFP-LH/LC        (Since SW 02.1.00)
 + M-SFP-LH+/LC       (Since SW 02.1.00)
 + M-SFP-BIDI         (Since SW 02.1.00)
 + M-SFP-TX/RJ45      (Since SW 04.1.00)
 + M-FAST SFP-MM/LC   (Since SW 02.1.01)
 + M-FAST SFP-SM/LC   (Since SW 02.1.01)
 + M-FAST SFP-SM+/LC  (Since SW 02.1.01)
 + M-FAST SFP-LH/LC   (Since SW 02.1.01)

- M4-FAST 8-SFP	      (Since SW 02.1.01)	
 + M-FAST SFP-MM/LC   (Since SW 02.1.01)
 + M-FAST SFP-SM/LC   (Since SW 02.1.01)
 + M-FAST SFP-SM+/LC  (Since SW 02.1.01)
 + M-FAST SFP-LH/LC   (Since SW 02.1.01)
 + M-FAST-SFP-TX/RJ45 (Since SW 04.1.00)
 
- M4-S-AC/DC 300W     (Since SW 02.1.00)
- M4-S-24VDC 300W     (Since SW 02.1.00)
- M4-S-48VDC 300W     (Since SW 02.1.00)

- M4-POWER            (Since SW 02.1.00)
 + M4-P-AC/DC 300W    (Since SW 02.1.00)
 + M4-P-24VDC 300W    (Since SW 02.1.00)
 + M4-P-48VDC 300W    (Since SW 02.1.00)

- M4-AIR              (Since SW 02.1.00)



3. History of Changes
=====================

Software Release 02.1.00
------------------------
All features of L2P:
- Autonegotiation or manual port configuration
- Store and Forward Switching, Flow Control
- VLANs (256 out of 4042), Prioritization (8 Queues), Tagging
- 8 Strict Priority Queues per port
- Independant VLAN learning
- Dynamic Unicast address entries (up to 8000)
- Static Unicast and Multicast address entries (up to 100)
- Dynamic Multicast address entries (up to 1000)
- IGMP-Snooping (v1, v2, Querier, Forward All)
- Rapid Spanning Tree
- HIPER-Ring
- Redundant Coupling of HIPER Rings and network segments
- Port Mirroring (1 source port to 1 monitoring port)
- 2 signal contacts for status monitoring and manual configuration
- Interface-Statistics, RMON (1,2,3,9)
- BOOTP/DHCP with auto configuration
- Management Address Conflict Detection
- BOOTP/DHCP relay with option 82
- Fast aging on linkdown
- TFTP (software update, loading and saving the configuration)
- Auto Configuration Adapter ACA 21-USB (software update, loading and saving the 
  configuration)
- SNMP v1, Traps
- SNMP v2c, v3
- SNMPv3 Authentication + Data Encryption
- V.24 (System Monitor, Command Line Interface)
- Telnet (Command Line Interface)
- SSHv1 (DES)
- Web Based Management
- Diagnosis and self test function on cold start
- Error logging local
- SysLog support
- ACA21-USB password protection
- Address-based port-security
- HiDiscovery
- IEEE 1588 client without hardware support
- Egress broadcast limiter per port
- Additional Ingress and Egress Paketlimiter
- IAONA Security Data Sheet
- LLDP
- SFP management
- HTTP Update
- SNTP Client + Server
- Batterybuffered Realtime Clock
- Telnet Client (Outbound Telnet)
- Unterstuetzung for traceroute
- CLI Scripting
- 802.1x security
- GMRP
- Cable test (copper only)
- Link Aggregation (7 groups with 4 ports for each group), each dynamic(LACP)
  or static
- VLAN 0 mode to forward of priorityOnlyTagged frames

Additional features of L3E:
- Full wired speed IPv4 routing with low latency
- CIDR (CLassless Inter Domain Routing)
- port based router interfaces (up to 28)
- vlan based router interfaces (up to 32)
- single MAC-address mode for VLAN router interfaces
- Multinetting (ALiasing)
- Static routing with ECMP (Equal Cost Multiple Path)
- Up to 2048 ARP entries
- Up to 1680 routing entries
- up to 256 static routing entries
- RIPv1,RIPv2, configurable RIP update interval
- VRRP
- ICMP Router Discovery (IRDP)
- Layer 2 Access Control Lists (ACLs) or
  Standard + Extended ACLs (Layer 3 / Layer 4).
  Up to 100 lists each with up to 10 rules. Up to 20 rules per port
- Enhanced CoS Queue Management (Strict Priority, Weighted Round Robin with
  configurable minimum and maximum bandwidths)
- Traffic shaping per interface and queue

Additional features of L3P:
- maximum number of ACL rules per port increased from 20 to 100
- OSPFv2
- protocol based VLANs
- extension to 128 vlan based router interfaces
- IP multicast routing
- support for 512 IP multicast routing entries 
- IGMPv1,IGMPv2,IGMPv3
- PIM-DM
- DVMRP 


Software Release 02.1.01
------------------------
- support of FAST-SFPs
- Bugfixing: Link-Aggregation


Software Release 03.0.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- Automatic configuration undo
- Access to Management from all VLANs
- HTTP config file transfer
- MRP (Media Redundancy Protocol - IEC Ring)
- Loginname and password up to 32 characters
- Transmission of oversize packets up to 1552 bytes (over SNMP activateable)
- Device status indication
- Disable Learning
- Telnet client in webinterface
- Configuration as script load/save
- GMRP Forward all
- Dynamic VLAN configuration protocol GVRP
- Customer specific preconfiguration (script)
- IGMP Multicast Stream Detection for PowerMICE/MACH4000
- POE functionality enhancements

Software Release 03.1.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- Ethernet/IP Protocol
- Merging of HIPER-Ring and MRP webinterface dialog
- Enhancement of portsecurity to 10 addresses per port
- 1588 Clock Optimizations

Software Release 04.0.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- IGMP Snooping Enhancements (Automatic query ports, query ports to portmask configurable)
- Not in sync display if configuration in Flash/ACA and running config are different
- Configurable priority of the management agent answers
- QoS: TOS/DSCP prioritization
- Shared VLAN Learning
- Config rollback function: Show IP Address of the monitoring station
- Activation of long frames in WEB interface
- PROFInet IO Protokoll

New functions of L3E:
- VRRP acceleration < 1 s
- VRRP tracking
- Interface Tracking

Software Release 04.1.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- RAM Test on/off (with new Bootcode)
- IGMP Snooping Improvements
- RSTP actualization to 802.1D-2004
- Activation of long frames (1552/1632) in CLI interface
- MRP with 200ms ring recovery
- HIPER-Ring: Option to reduce maximum ring recovery time.
- DHCP server per port

New functions of L3E:
- VRRP Improvements

New functions of L3P:
- Multicast routing and IGMP Unknown Multicast Filtering can be enabled at the same time 

Software Release 04.2.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- LLDP Enhancement to detect some configuration errors
- Cable Crossing for MACH4000

New functions of L3E:
- ARP Table Enhancement to 4K entries

Software Release 05.0.00
------------------------
Bugfixes (see issuelist)

New functions of L2E:
- Profinet Version 2.2 (PDEV) for all devices
- Profinet: GSDML file generator enhancements
- Profinet: Standalone GSDML generator
- Profinet: Automatic device exchange with Engineering Station
- Profinet: PnP functionality of port modules
- Profinet: Completion of LLDP-Implementation for PNIO-MIB
- Profinet: Transmission of switch data in Profinet I/O data
- Further boot time speed ups (New bootcode required)
- IEEE1588 (PTP) Version 2
- Optimization of Link detection (Hardware dependend)
- RSTP enhancement (Port Auto Edge)
- RSTP and MRP Ring in combination
- No reset configurable in case of error
- Ethernet/IP: Transmission of DIP switch status in I/O data
- MAC based port security: Ranges with a bitmask configurable

New functions of L2P:
- Show CPU / Memory utilization in CLI
- Configure RMON alarms in CLI
- SNMPv3 Authentication over RADIUS

New functions of L3E:
- Ping / Static route / Logic tracking

Software Release 06.0.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- Port-Mirroring N:1
- Trap for Configuration Saving and Changing
- Address Relearn Detection
- Duplex Mismatch Detection
- SNTP Client and Server separately configurable
- Removed Security Data Sheet (IAONA)
- Configurable CLI banner
- Switch Dump: Download System Information in one ZIP File
- SNMP Logging
- Configure Syslog Settings over WEB
- Profinet: MRP Configurable over Simatic S7
- Profinet: LLDP Extensions
- Automatic Software Update over ACA21
- Multiple Spanning Tree (MSTP)
- RSTP Standard MIB
- Restricted Management Access
- Sub Ring Protocol (Multi Ring) for PowerMICE and MACH4002

New functions of L3E:
- Netdirected Broadcasts

New functions of L3P:
- Double VLAN Tagging / VLAN Tunneling

Software Release 07.0.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- LLDP-MED
- Voice VLAN
- PoE+ Management
- 802.1x Multi Client Authentication
- Guest VLAN / Unauthenticated VLAN for 802.1x
- RADIUS VLAN Assignment
- New configuration check dialog
- Offline configuration
- Port Monitor (Link flap & CRC)
- Advanced Ring Configuration & Diagnostics for MRP
- Port Security with up to 50 MACs per port
- Reload/Reboot with configurable delay
- SFP power also shown in dBm
- Switch to backup SW via Web
- Automatic script load from ACA21 on boot
- Double VLAN Tagging / VLAN Tunneling

Software Release 07.0.01
------------------------
Bugfixes (see issuelist)

New functions of L3P:
- DVMRP Update (Draft-ietf-idmr-dvmrp-v3-10)
- PIM-DM Update (RFC3973)
- PIM-SM / SSM (RFC4601)
- IGMP v1/v2/v3 Update

Software Release 07.1.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- HTTPs Web login

Software Release 08.0.00
------------------------
Bugfixes (see issuelist)

- Ethernet/IP: Configurable TTL and EDS AOP support
- Configuration Signature
- DHCP-Relay per port configuration
- Pre-Login-Banner
- DHCP Option 43 support
- DHCP Server configurable ping check.
- Overload detection (as part of Port Monitor)
- Auto Disable
- Port Mirroring Extensions
- MAC notification
- SSH Version 2
- Strong encryption for HTTPS
- Disable module slots

New functions of L3E / L3P:
- ACLs supporting Layer 4 fragments

Software Release 08.0.05
------------------------
Bugfixes (see issuelist)

New functions:
- Removed Rx Power State for SFPs.
- Device Status extended by Sub-Ring monitoring.

Software Release 09.0.00
------------------------
Bugfixes (see issuelist)

New functions of L2P:
- HiDiscovery v2 support
- DHCP Relay per Interface
- Configurable number of addresses per interface for Port Security
- Admin State for System Monitor 1
- Link Speed and Duplex Monitor in port monitor 
- Auto-disable for Link / Duplex Monitor
- Auto-disable for Port Security
- Configurable CLI banner via CLI
- Configurable SNMP v1/v2 community synchronization
- Profinet GSDML File Version 2.3
- Configuration locking if Profinet AR is active. 

New functions of L3P:
- Increase Static unicast routes to 512

Software Release 09.0.06
------------------------
Bugfixes (see issuelist)

New functions:
- Increase number of Subring instances to 8

Software Release 09.0.12
------------------------
Bugfixes (see issuelist)

New functions of L3P:
- PIM-DM static entries support

Software Release 09.1.00
------------------------
Bugfixes (see issuelist)

New functions:
- Changed defaults: SNMPv1 and SNMPv2 are disabled.
- Password change on first login
  Protocols that require a login (e.g. SNMPv3) remain deactivated until the password is changed. 

Software Release 09.1.02
------------------------
Bugfixes (see issuelist)

New functions:
- Removed ProfiNET functionality from L3P Software.
- SSH Version 1 was removed.
- The insecure OpenSSH option "diffie-hellman-group1-sha1 Key Exchange" was removed.

Software Release 09.1.04
------------------------
Bugfixes (see issuelist)

New functions:
- Added 1000ms ring recovery for MRP.
- Added 1000ms ring recovery for Sub-Ring.

Software Release 09.1.06
------------------------
Bugfixes (see issuelist)

New functions of L2P, L3E and L3P:
- Option to encrypt the exported file containing the device configuration.

Software Release 09.1.08
------------------------
Bugfixes (see issuelist)
