EdgeMAX EdgeSwitch software release v1.3.0

by Previous Employee UBNT-ancheng ‎12-10-2015 03:37 PM - edited ‎01-18-2016 11:24 AM

New EdgeMAX software version v1.3.0 for EdgeSwitch products (all current models ES-48-750W, ES-48-500W, ES-48-Lite, ES-24-500W, ES-24-250W, ES-24-Lite, and ES-16-150W) is available on our download site:

 

https://www.ubnt.com/download/edgemax/default/default/edgeswitch-firmware-v130

(SHA1: e76d6ae9c57a74f157dd04b84200588f49cc9804)

 

This release adds a "Basic" tab in the Web UI for more commonly used features to simplify the basic UI workflow, support for direct VLAN "trunk" port configuration, and other enhancements/fixes (details in release notes below), most of which are based on feedback, bug reports, etc. from community members. Thanks everyone for helping us make the products better!

 

 

[Release Notes v1.3.0]

 

Changelog

 

Changes since v1.1.2

 

New feature

 

  • [Web UI] Add "Basic" tab in the UI to make some commonly used functions easier to access. Currently this includes Port Summary, VLAN (wizard), Port Channel (LAG), Port Mirroring, Firmware Upgrade, and Restart Switch:
    basic.png

    Note that at the moment these are the same pages as the corresponding "original" pages (which can still be navigated using the other tabs). These can be adjusted in the future, e.g., different/more pages can be included, content can be modified for the "basic" context, etc. So please give it a try and let us know any feedback/suggestions.

  • [VLAN] Add "VLAN trunk port" support. Now the "switchport mode trunk" and "switchport mode access" interface configuration settings have been added, which may be more familiar to users who are used to switches from certain other vendors. Here is a summary of how VLAN can be configured now with the new changes:
    • "Original" VLAN configuration settings: By default, each interface is "switchport mode general", in which case the original VLAN configuration settings can still be used, for example:
      (UBNT EdgeSwitch) #configure 
      (UBNT EdgeSwitch) (Config)#interface 0/11
      (UBNT EdgeSwitch) (Interface 0/11)#switchport mode general 
      (UBNT EdgeSwitch) (Interface 0/11)#vlan participation include 101,102
      (UBNT EdgeSwitch) (Interface 0/11)#vlan tagging 101,102              
      (UBNT EdgeSwitch) (Interface 0/11)#exit
      (UBNT EdgeSwitch) (Config)#interface 0/12
      (UBNT EdgeSwitch) (Interface 0/12)#switchport mode general 
      (UBNT EdgeSwitch) (Interface 0/12)#vlan participation exclude 1
      (UBNT EdgeSwitch) (Interface 0/12)#vlan participation include 101
      (UBNT EdgeSwitch) (Interface 0/12)#vlan pvid 101                 
      (UBNT EdgeSwitch) (Interface 0/12)#
      
      In the above example, interface 0/11 would allow both tagged VLANs 101 and 102, while 0/12 would be untagged VLAN 101. (Note also that "switchport mode general" is the default, so setting it is not required and it's just shown here for clarity.)

    • New "trunk" configuration settings: Instead of the original settings, "switchport mode trunk" and "switchport mode access" can be used, for example:
      (UBNT EdgeSwitch) #configure 
      (UBNT EdgeSwitch) (Config)#interface 0/11
      (UBNT EdgeSwitch) (Interface 0/11)#switchport mode trunk 
      (UBNT EdgeSwitch) (Interface 0/11)#exit
      (UBNT EdgeSwitch) (Config)#interface 0/12
      (UBNT EdgeSwitch) (Interface 0/12)#switchport mode access
      (UBNT EdgeSwitch) (Interface 0/12)#switchport access vlan 101
      (UBNT EdgeSwitch) (Interface 0/12)#
      
      In the above example, interface 0/11 is set to "trunk" mode, so it would allow all VLANs. Interface 0/12 is set to "access" mode with access VLAN 101, which means it is untagged VLAN 101, i.e., basically equivalent to the interface 0/12 settings in the previous "general" mode example (using the "original" VLAN settings).

      The difference between 0/11 in "trunk" mode and the previous "general" mode example is that trunk mode implicitly means "all" VLANs, whereas in general mode each VLAN needs to be explicitly configured using the original VLAN settings (participation, tagging, etc.). Note that in either mode, VLAN 1 is untagged by default.

    • In addition to basic "trunk" mode, "allowed VLAN" and "native VLAN" can also be configured on a trunk port. For example:
      interface 0/11
      switchport mode trunk
      switchport trunk allowed vlan 2-4093
      switchport trunk native vlan 102
      
      would exclude VLAN 1 from the port and also make VLAN 102 untagged (all other VLANs are allowed and tagged).

    • The new trunk port functionality can also be configured in the Web UI "Basic > VLAN" page now. Here is an example screenshot:
      vlan.png

      The trunk port config for the ports is at the top of the VLAN wizard. When trunk mode is enabled for a port, "Exclude" would correspond to the "trunk allowed" setting, while "Untagged" would correspond to the "trunk native" setting.
    The limitations of the original VLAN settings and trunk port support have been discussed with community members including @Ernani @paszczus @petecarlson , for example here.

 

Enhancements and bug fixes

 

  • [System] Fix PoE LED status issue introduced in v1.1.2, which caused the PoE LEDs to display incorrect status in some cases. Reported by @himcrucified @waheuler @BajaMnstr and others here and here.
  • [System] Fix DNS lookup-related issues which were potentially causing various symptoms including system hang during config output/save, telnet/SSH/Web UI not working, etc. These have been reported by and discussed with community members including @HamerTech @Stryker777 @wqeqweqwe @wyopno @nmap @kpanic @BajaMnstr @brubaker @nop @lacelle @videoman2 @nickwhite @dison4linux , for example in these threads: 1 2 3 4 5 6 7 8. Thanks!
  • [System] Fix some text encoding issue in log messages.
  • [System] Reduce logging verbosity for adding VLAN to MST instance.
  • [System] Make "enable" require password by default. I.e., the "aaa authentication enable enableList enable local" setting is now enabled by default. This means level-1 (read-only) user cannot go into "enable" mode by default. To disable this (so that "enable" does not require password), use the following configuration command:
    aaa authentication enable enableList enable none
    
    Discussed with @JerryUbi .
  • [System] Fix DHCP snooping log messages text.
  • [Web UI] Add "System > Port > SFP Information" page which displays detailed information about SFP modules, for example:
    es-ui-sfp.png

  • [Web UI] Fix edit issue with DNS server on the "System > Advanced Configuration > DNS > Configuration" page. Reported by @razr here.
  • [Web UI] Fix login issue caused by special characters (e.g., "+") in user password. Reported by @nsemov  here.
  • [Web UI] Fix additional places ("System > Management Access > HTTPS" and "System > Management Access > SSH") in the Web UI where download/upload icons were reversed and causing confusion. Originally reported by @dn3033 here.
  • [Web UI] Add Dashboard message indication when the Diffie-Hellman (DH) parameters files are being generated, for example after "reset to defaults" procedure has been performed. This operation takes a long time and consumes most/all of the CPU resources so it is good to provide an indication for the user that it is ongoing. (Note that the CPU usage does not affect the actual traffic switching which is done by dedicated switch chip, not the CPU.)
  • [Web UI] Fix button status issue on "Switching > Private VLAN > Interface" page.
  • [Web UI] Fix selection issue on "System > AAA > Authentication Selection" page.
  • [Web UI] Fix some text encoding issue in help text.
  • [Web UI] Add a column for port description to the "System > Port > Summary" page. Suggested by and discussed with @Psychor here.
  • [Web UI] Clarify error message when failing to enable SSH due to missing keys. (The same for enabling HTTPS will be done as well but not yet in this beta release). Reported by and discussed with @telmateXmen @rjh2805 @twinkie76y here.
  • [Web UI] Add port description column to the "Switching > DHCP Snooping > Base > Interface Configuration" page. Suggested by @mikemol here.
  • [Web UI] Remove password column on the "System > Advanced Configuration > Email Alerts > Server" page. Discussed with mikemol here.
  • [Web UI] Add missing help page for the "Switching > VLAN > Switchport Summary" page. Reported by @cxselph77 here.
  • [Web UI] Add help page for the PoE configuration page
  • [Web UI] Clarify error message when enabling HTTPS without certificates (on "System > Management Access > HTTPS" page). Reported by and discussed with @telmateXmen @rjh2805 @twinkie76y  here.
  • [CLI] Change the term "reset" to "restart" to make it more clear when restarting the switch. Suggested by @cxselph77 here.
  • [CLI] Add the following CLI commands:
    • The command below can be used to clear entries from the event log (which is persistent):
      clear eventlog
      
    • These commands below can be used to clear the MAC addresses learned by the switch:
      clear mac-addr-table all
      clear mac-addr-table interface 
      clear mac-addr-table vlan 
      clear mac-addr-table  
      
  • [RADIUS] Add support for custom "NAS Identifer" for RADIUS authentication. This can be configured using the following CLI command:
    [no] radius server attribute 32 <nas-identifier>
    
    or on the "Security > RADIUS > Configuration" page in the Web UI. Suggested by @UBNT-Bane .
  • [MST] Remove unnecessary restriction of 255 VLANs for MST instance. Reported by @danysek here.
  • [Interface] Fix secondary IP address assignment on a routing VLAN interface. Reported by @wvanlooy here.