Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
Page tree
Skip to end of metadata
Go to start of metadata

These notes summarizes PICOS 2.11 new features, new hardware, known bugs, and bug fixes. Best practices recommend that you read all the content before upgrading to this release. For more detailed feature information, refer to the configuration guides.

New Software Features

Layer 2 and Layer 3

Bug IDReleaseDescription
Disable/Enable IP Routing
Add a command which can globally enable/disable IP routing.By default, IP routing is disabled.
Limit Maximum Number of VRRP Interfaces
User can configure maximum 128 VRRP interfaces which is also the maximum number of L3 interfaces.
Tagged/Untagged with Voice-VLAN
If configured "tagged" on a specific port for voice-vlan, will include voice-vlan in the Network Policy TLV sent to the connected endpoint device such as IP phone.And only frames tagged with voice-vlan are sent out to the connected IP phone. Otherwise, Network Policy TLV doesn't include the voice-vlan. And untagged frames are sent out to the connected IP phone.
PVST Manual-Forwarding
Allow user to configure manual-forwarding on a port enabled PVST.
TACACS+ Failover Enhancement
Try TACACS+ servers one by one to do authentication if number of TACACS+ servers configured. Local authentication is used only if all TACACS+ servers are not reachable. If the TACACS+ server is not reachable for authorization, will go back to Linux shell. But in the case that PicOS enters CLI directly, will log off.
MSH8920 - BPDU & LACP Tunneling on Static LAG
On MSH8920, allow user to configure BPDU & tunneling on static LAG port.
Enhancement for PVST/MSTP information in tech_support
Include complete PVST/MSTP information on each VLAN and interface in the tech_support log file.
Refreshing MAC Learning on MLAG Pair Switches
To make sure consistence of MAC table between the 2 MLAG switches, MAC addresses on one MLAG switch will be refreshed depending on the MAC addresses on the peering MLAG switch every 30 minutes.
Remove SSH/Telnet Connection Number Limiting
The connection number of SSH/Telnet can be unlimited by setting the rate-limit of SSH/Telnet as 0.
PoE - Power Negotiation
To support power provision via PoE for Cisco 8861 VoIP phone with 8860 key expansion, support power negotiation via LLDP optional 802.3 Power-via-MDI TLV.
Show Entire Spanning-tree PVST Infomation
Add new command - "show spanning-tree pvst interface vlan all" - to display the entire spanning tree PVST information in addition to per-VLAN PVST information.
DHCP Snooping over MLAG
With DHCP snooping enabled on the MLAG pair switches, ensure DHCP DISCOVERY can go up to DHCP server via trust ports and similarly DHCP OFFER can go down to hosts via MLAG ports.
Kontron - CDP and LLDP Tunneling
Add CDP and LLDPDU tunneling in addition to BPDU and LACP tunneling.
Boeing - Add new OIDs to UCB MIB
Add new OIDs to UCB SNMP MIB: - CPU - ssCpuRawSystem, ssCpuRawIdle - Memory - memTotalReal, memAvailReal, memTotalFree
OEM - Display timestamp in syslog Message in Millisecond
Keep local syslog message and remote syslog message with consistent format. Format the timestamp into millisecond for the local and remote syslog message.It's an customization feature for Verizon-ITNUC/Boeing.
OEM - Show System Date in Milliseconds
Display the date/time in milli-seconds, which is supported in the OEM version for Verizon-ITNUC/Boeing.
Remark DSCP with ACL Rule
Apply action of DSCP remarking to ACL rule with command alike "set firewall filter xx sequence xx then dscp xx"
Configure rate-limit on Egress Queues
Allow to apply rate-limit on each egress queue of a physical interface. It indicates that the traffic in a specific egress queue that exceeds the configured rate-limit will be dropped.
GE Interfaces on AG5628 and AS7312
Allow to configure the speed of 25G interfaces of hardware models with Tomahalk+ - AS5648 and AS7312 - to 1Gbps.
Send Traps if CPU Utilization Thredhold is Exceeded
For seek of TCA (Threshold Crossing Alarm), switch will send SNMP traps for CPU threshold when - Total CPU utilization rises above high_threshold - Total CPU utilization falls below low_threshold high_threshold and low_threshold can be configured.
Issue a SNMP Trap if L2 Table Threshold is Exceeded
For seek of TCA (Threshold Crossing Alarms), switch will send SNMP traps if threshold of L2 table is exceeded. The threshold is defined as the percentage of maximum capacity of L2 table.User can change the threshold.
Allow Hyphen "-" in VLAN Name
Allow to include hyphen "-" in VLAN name such as following command, admin@Xorplus# set vlans vlan-id 10 vlan-name "office-sales"
Add entPhysicalTable per RFC 6933
Support entPhysicalTable (such as entPhysicalDescr, entPhysicalSoftwareRev, entPhysicalSerialNum, entPhysicalMfgName, entPhysicalModelName) included in SNMP Entity MIB (RFC 6933).


Support UPoE

Support UPoE on N3048EP-ON and AS4610-54P and AS4610-30P.

Configure Rate Limit by Reference of Percentage
Allow user to configure rate limit on a specific port by reference of percentage of the maximum speed which can be supported by the port.
Add auto Mode to Voice VLAN
Add support for voice-vlan "auto" mode in addition to "untagged" and "tagged" modes. By default, auto mode is enabled on a port configured voice VLAN. Under auto mode, for attached endpoint device that are LLDP-MED capable, voice traffic is requested to be tagged with voice VLAN; otherwise, Voice traffic from attached endpoint devices that are not LLDP-MED capable will be untagged.
Disable SNMP Traps Related to LLDP
Add a command to allow user to disable SNMP trap related to LLDP as following: set protocols lldp snmp-trap false
Enhancement on Displaying PoE Information
Add 2 columns, "Reserved" and "PD-Class", to the output of "run show poe interface XXXX".
IGMP Snooping over MLAG
If enable IGMP snooping on both MLAG spine switches, IGMP messages including report and query and leave received from an MLAG port on one spine switch should sync up with the peer spine switch which will updates multicast group information. The sources and clients of one multicast group attached to MLAG spine or leaf switches can communicate with each other.
TACACS+ - Add New Command local-auth-fallback
Configure and enable TACACS+. Login to PicOS On in-band/management interface. If TACACS+ server is not reachable or unavailable, will allow to fallback to local authentication if local-auth-fallback enabled.

Press "Enter" key to stop the process of upgrade2

The process of upgrade2 can be aborted before reboot into the update version of PicOS with the prompt message "PRESS ANY KEY TO STOP REBOOT".


Configure the rate-limit of filter rules by reference of kbps

Allow to configure rate-limit of ACL filter rules by reference of kbps in addition to pps.



Set Auto Negociation Speeds

Allow user to configure the speeds which can be advertised to the connected device under auto-negotiation mode.


Performance Refinement - ARP Handling

Reduce the time to handle the packet-in ARPs. Allow larger number of protocol packets destined to CPU.


Performance Refinement - Sync up ARP on Active-Active VRRP Devices

The time used to syn up ARP on active-active VRRP devices is reduced drastically.


Support VRRPv3

PicOS supports both VRRPv2 and VRRPv3. The advantage of VRRPv3 is that it supports both IPv4 and IPv6 address families.


MLAG - Sync up MAC Addresses Learned on Orphan Ports the Peer Switch

MAC addresses which are learned on the single-homed ports of one spine switch of MLAG should be synchronized to the peer-link port of the other spine switch. 


Add a Description Field after the Command "run request system reboot" 

Add a description field after the command "run request system reboot" and add this text to the log message. This help Operations track the reason for the reboot through log messages.


MSH8920 - Extend L2-transparency to cover LLDP and CDP

L2-transparency is enabled for LLDP and CDP. Namely, If "set protocols lldp||cdp message-in disable true", the frames of LLDP and CDP will be flooded out of the switch instead of being trapped to CPU.


802.1X - Support MAB Authentication, Dynamic VLAN and CoA Function

Extend the 802.1X feature to support MAB authentication, dynamic VLAN and CoA function.


Support 1G speed with DELTA 10G RJ45 Module

Parameters of this module is as following:

Leo Vendor Name : DELTA 

Vendor PartNr : LCP-10GRJ3SRT

Serial Number : 183209100001

Cable Length : 300m


Configure Rate-limit and Burst on Port

Add commands to configure rate-limit and burst to the port on ingress side and egress side. Both L2/L3 and OVS support this new feature.


Hashing with Sorted LAG Member

 In generic, specific traffic will be forwarded out of a LAG member port depending on hashing algorithm with the key configuration. Certain behavior is defined between 2 LAGs with same number of member ports. Assuming ae1 has 4 member ports (1, 2, 3, 4) and ae2 also has 4 member ports (5, 6, 7, 8), with lag_members_sorted enabled, if a traffic is hashed out of port 2 for ae1, the traffic will be hashed out of port 6 for ae2. 


Cable Diagnostics using TDR on RJ45 Interface

Support cable diagnostic function using TDR on RJ45 ports. 


Add a New Command to Configure NAS-IP 

Add a CLI command to let the user configure the NAS-IP address: 
"set protocols dot1x aaa radius nas-ip x.x.x.x" 
This command is to set the nas-ip field in RADIUS access-request message.

OVS and OpenFlow

Bug IDReleaseDescription
OVS 2.6 Upgrade
The base code of OVS is upgraded to open source OVS 2.6. There are some feature differences with open source OVS 2.3. We add command which used to switch to the base code of open source OVS 2.6. Have the details at,
Enable/Disable CoS with VLAN PCP
Under OVS mode, frames can go to different egress queues depending on CoS mapping with VLAN PCP (Priority Code Point). For example, if PCP value 5 is mapped to queue 6, the frame with PCP value 5 will enter egress queue 6. By default, the CoS mapping with VLAN PCP is disabled. All frames of which the PCP values are changed to 0 are put in queue 0.
Add New Match Modes
Add new match modes for LuxarTech NPB application such as mac_x, ip_x and l2l4. Have details at,
VNTAG Support
User can match VNTAG fields in a flow entry. Additionally, ECMP and LAG hashing can be calculated based on VNTAG fields.
Configure Polling Interval on Interface/Flow Counter
Allow user to set the update interval of counters of interface or flow.

Set Rate-limit on Port under OVS Mode 

Limit maxmum rate on specific port under OVS mode.


Command "switch-to-ovs-2.6" Fails 

PicOS 2.11.x has 2 versions of OVS - 2.3 and 2.6. Command "switch-to-ovs-2.6" is used to switch to OVS 2.6 from OVS 2.3. 


Support L2GRE on AS4610

Enable L2GRE under OVS/OpenFLow mode on AS4610.

Linux Platform

Bug IDReleaseDescription
upgrade2 - New Way of Upgrade
Add an extra upgrade tool - upgrade2. If upgrade goes wrong with upgrade2 because of unexpected reason, will return to the current version of PicOS.
Kontron - Upgrade Linux Kernel to LTS Version
Upgrade the Linux Kernel to a long-term support version - 4.14.3.
Kontron - Dump Binary Data of FPGA
Provide access to the whole register for FPGA in sysfs, admin@Xorplus$hexdump -C -s 0x31 -n 1 /sys/class/fpga/fpga0/raw
Add New Option to upgrade2
Upgrade2 takes the current configurations and moves to upgrade version. It's possible that there are deprecated or unsupported configurations from a version change such as from 2.12 to 2.11. Provide new option and allow upgrade version to ignore the deprecated or unsupported configurations. Additionally, allow picos-rollback to take the current configuration to previous version. And the previous version can also ignore the deprecated or unsupported configurations.
Display Content of System EEPROM
Add a new sysfs file - /sys/class/hwinfo/onie-syseeprom - to display the content of system EEPROM.

Enable OverlayFS on N3048EP-ON

OverlayFS is a memory based file system, which can cache any write operation without write the data onto the underlying physical storage. OverlayFS is a different way to load PicOS on the switches which do not come with USB based NAND such as N3048EP-ON.

Update Authentication Behavior of TACACS+/RADIUS
Authentication behavior of TACACS+/RADIUS is updated as following: On console port, if TACACS+/RADIUS service is reachable, user can only be authenticated against TACACS+/RADIUS server. Otherwise if TACACS+/RADIUS service is unreachable, issue a log message and fallback to local authentication. On management interface, whether in-band or out-of-band, if TACACS+/RADIUS service is reachable, user can only be authenticated against TACACS+/RADIUS server. Otherwise if TACACS+/RADIUS service is unreachable, issue a log message and do nothing else.
Disable upgrade1 on MSH8920
On MSH8920, upgrade1 is disabled. Only upgrade2 is available. Additionally, the step in upgrade2 to prepare backup partition is removed because that might take much longer to trigger watchdog to reboot. And the backup partition is only needed for upgrade1.

convert the pica_startup.boot to 2.7.2S1F

Add a tool - convert-conf - which is used to remove the configuration items in pica_startup.boot which are unknown for 2.7.2S1F.  Add an option to upgrade2 to allow user to specify the startup configuration file which will be brought back to 2.7.2s1f.


Add PoE checking to system-diag

PoE checking is added system-diag which is executed before starting PicOS. 


Keep Specified Backup Files when Upgrade to New Version

Add an option to upgrade/upgrade2 to allow user to specify a file list which will be kept when upgrade to new version.After add and delete multicast route


MSH8920 - Upgrade2 is Broken by Watch Dog Resetting

The watch dog is started in uboot on MSH8920. It takes so long to prepare the backup partition due to upgrade2 that watch dog resets the CPU and then reboots the system. So a watch dog refreshing demon is added to send keeping alive messages to the watch dog immediately after Linux platform boots up.


MSH8920 - Add Wtmp Rotation to Crontab

By default, CRON will check the size of /tmp/log/wtmp every 5 minutes. If its size is larger than 5M, rotation will be executed. User can adjust the interval and the size for /tmp/log/wtmp by modifying  /etc/crontab and /etc/logrotate2.conf. 


Secure Password

Secure the password by importing tally2 and cracklib into rootfs.


Bug IDReleaseDescription

Port to Dell N3048EP-ON

Please refer to the document N3048EP-ON Switch Port Name Description.

Support DELL S4148F-ON

The S4148F-ON supports 48 x 10G SFP+, and 4 x 100G / 6 x 40G QSFP physical layer interfaces with PICOS.

Fixed Issues

System Management

Bug IDReleaseDescription
Support AG7648
The AG7648 is top of rack (ToR) switch designed for data centers.It has 48 10GbE SFP+ ports and six 40GbE QSFP ports.The AG7648 provides comprehensive hardware capability on supporting layer 2 and layer 3 features.
Clean up the Data when Remove an User
Clean up the corresponding data at /pica/config if an user is removed.
MSH8920 - Configure FEC on 10G Febric
Enable/Unable FEC on 10G fabric ports, which is only available on MSH8920.
Indicate That the Interface is Down Due to BPDU Guard
If an interface is brought down by BPDU guard, include the information in the output of "show interface ......".
Kontron - Present portmap Running Configuration
Present portmap setting even if default value - 9x40G_FABRIC - configured with "show | display all".
Kontron - keep executing the rest of the commands in the execution file even if encounter the "same value"
The execute CLI command stops when there exist "WARNING: The same value ..." message. Kontron asks to continue executing the rest in the file.
Power Outages Cause Corruption of pica_start.conf 
The file pica_start.conf is damaged because it is updated by but not flushed to the flash when outage happens.Boot process hangs with the damaged pica_start.conf.
Clean up Associated ACL Rules When Delete MLAG
When delete a MLAG, the associated ACL rules should be removed. Otherwiese, specific traffic from the peer link will be dropped.
 DHCP Request are Send When ZTP is Disabled and IP is Configured Statically
DHCP DISCOVERY should not be sent out if ZTP is disabled and static IP address is configured to management interface.
Boot Failure Caused by Configuration File Corrupted
It is possible that PicOS hangs up if power outage happens during boot process, which might damage the config files which is being written.
More Than 2 wtmp Files
It's possible to have more than 2 wtmp files in /tmp/log/wtmp. That does not work as designed.
 Do not Remark Voice Traffic DSCP by Default
It will not update the DSCP of voice packet to 46 by default. User can remark the DSCP of voice traffic with command, # set vlans voice-vlan dscp [0..63]
Management Interface eth0 is Up even if No cable Plugged in
There is no cable plugged into switch's management interface eth0. But the management interface is up when use Linux tool such as "ifconfig" to display the status of eth0.
Voice VLAN - Remove Default OUIs
OUI is used to identify the attached voice devices such as IP phone. By removing the default OUIs, allow user to configure up to 10 different OUIs.
Kernel Log-Level is Decoupled from the XorPlus Log-Leve
PicOS keeps sending the "kern.debug" messages to syslog server even though the log-level is Info set in XorPlus CLI. The root cause of the problem is because the log-level in XorPlus does not apply to Kernel.
PoE - threshold-mode Setting Does not Work
It does not work to set threshold-mode to 1 on all PoE ports with command "set poe interface all threshold-mode 1".
Corruption of Startup Configuration File
It's possible that startup configuration file pica_startup.boot could be corrupted if power cycle or power outage happens during PicOS boot process. To fix this issue, firstly, will not write back to pica_startup.boot when PicOS boots up. Secondly, will load backup configuration if pica_startup.boot is corrupted.

Remove Date Checking of the License if Downgrade to Previous Version

It does not make sense to check the date of end support of license when downgrade to previous version.


upgrade2 is Broken if There is a Large File in /home/admin

If there is a large file in /home/admin, upgrade2 might be broken by an error of out of memory when tar and compress the file and copy to the second partition. To fix this issue, on the one hand, copy the backup files to the target partition directly instead of tar & gzip & untar; on the other hand, clean up cache memory with /proc/sys/vm/drop_caches.

Layer 2 and Layer 3 Features

Bug IDReleaseDescription
Mac Leaning Command Does Not Work at Once
When disable MAC learning on a specific port such as, admin@XorPlus# set interface gigabit-ethernet xe-1/1/2.1 mac-learning false MAC entries do not disappear from the mac table immediately.
MSH8920 - Add option to allow BPDU & LACP to Bypass CPU
On MSH8920, BPDU & LACPDU can be flooded out of switch instead of being trapped to CPU.
PICOS stops host load balance if VRRP is configured

PICOS used to trap all of the VRRP packets to CPU even if they are the host VRRP Keepalive packets for load balance. The fix is to add source MAC address matching field to the VRRP filter.
IGMP Snooping Does NOT Work
After enabling IGMP Snoop, the client is unable to join the group any more.
Duplicate SNMP Traps of LLDP Update
In case of neighbor device with multiple sub-interfaces,the switch will send out an SNMP traps if receive a LLDP PDU including a different port ID with previous one. Eventually,ton of SNMP traps are issued.
Dropping LLDP frames with unknown TLVs
If receive a LLDP PDU with an unknown TLV, the unknown TLV should be skipped instead of dropping the total LLDP frame.
Status of Voice VLAN is Not Correct
If the voice VLAN ID is changed on a specific port, in certain circumstance, the status of voice VLAN is always "working" even the LLDP neighbor is disappeared.
Ignore VRRP Authentication Packets
PicOS does not support VRRP authentication. Issue explicit syslog message if receive VRRP Authentication Packets.
LLDP Frames Dropped by LLDP Module
LLDP module can only process one packet per 1 second in state machine,so there will be packets dropped when more than 1 packet per 1 second per interface. In case of peer device with sub-interfaces configured, the switch sometimes ages out and then re-adds LLDP neighbors even though it is receiving regular LLDP updates for each neighbor every 30 seconds.
IGMP Snooping - Source MAC Address of IGMP Leave Message
If enable IGMP snooping on a switch, because the IGMP leave message sent out of mrouter interface(s) is generated by IGMP snooping, the source MAC address of the IGMP leave message should be the MAC address of the switch instead of the multicast client host.
PIM neighbor can not be Established Between two PIM Router
With IGMP snooping enabled, PIM protocol packets are trapped to CPU. IGMP snooping uses PIM hello message to learn mrouter interfaces automatically. And then, PIM protocol packets are dropped. To fix this issue, PIM protocol packets are flooded out of the switch meanwhile duplicate copies are destined to CPU.

Configure IP address to management interface before starting PicOS

If the static IP address is confiured to management interface, the static IP address will be activated on eth0 before starting PicOS. Ensure that user can access the hardware model even if PicOS is failed to boot up. 


Migrate UDLD fix of 2.7.2S1G to

This version ( of Verizon-ITNUC release will always send out UDLD PDU with Pica8 OUI (0x486E73). But it needs to use the OUI in the UDLD PDU to figure out if the peer device is PICOS 2.7.2S1F (OUI=0x486E73) or Cisco (OUI=0x00000C), and use the corresponding method to calculate the checksum. Anyway, can talk to both 2.7.2S1F (backward compatible) and the future release (forward compatible) via UDLD.


Enable and disable a port when STP is turned on interrupts the traffic

When disable the port with traffic, it switches to the other port after ~550-600ms. But when enable it again, it interrupts the whole traffic.The mac entries are messed up. 


Buffer Management - Refine Headroom and Flow Control

The maximum size of headroom is increased.  If enable flow control and configure speed of the port, the size of headroom is 0.


MLAG - Traffic is Broken when Bring Up One Down MLAG Link

Initially one link of a MLAG is down. And then bring it up, the traffic from upstream device is broken for 5 - 6 seconds.


MLAG - Traffic is Broken when Master Spine Shuts Down

With reload delay configured, the traffic from downstream device is broken for 12 seconds when the master spine shuts down.


Root Guard

If enble root guard on a port, the port will be blocked if received a BPDU with high bridge priority. That can deny devices behind such ports from participation in STP. The blocking is removed as soon as the device ceases to send superior BPDUs. 


VLAN Membership Issue with DHCP Discovery Packets

If enable DHCP snooping, DHCP DISCOVERY packets with unexpected VLAN ID can be received on a port and flooded out of the ports configured with different VLAN memberships. For example, an DHCP DISCOVERY packet tagged with VLAN 608 can ingress ge-1/1/2 and then egress on te-1/1/49 even thought the VLAN608 is only configured for te-1/1/49. e expected only tagged packets on VLAN 19 and VLAN 20 to be allowed to ingress on ge-1/1/2.


CLI Session Hangs Due to PoE Display

CLI hangs when execute command "show poe interface all".


STP Process Crashes on 2.11.5.cloudistics.0/as5812_54x

Cloudistics reports problems related to STP process (pica_mstp) crash. User can restart STP feature from CLI, but the CLI show the protocol is MSTP instead of the configured STP. User has to delete the current force-version and set it back. Then, the show and configuration are consistent.


Don't Allow to Configure Different Filters to the Same VLAN Interface

Add the configuraiton checking which does not allow to configure different firewall filters to the same VLAN interface on ingress side or egress side.


"set system hostname" Does not Update /etc/hostname

Boeing reported that the hostname in /etc/hostname file is not updated with “set system hostname” command,  this causes DHCP requests sent on eth0 to advertise as “” since the hostname in /etc/hostname is "xorplus"


RR Scheduler Does not Work

The RR (Round Robin) scheduler configured to the egress queues behaviors as the mode of SP (Strict Priority) scheduler.


MSH8920 - Fail to activate LACP and BPDU L2-transparency

If "set protocols lacp||stp message-in disable true", the frames of BPDU and LACP are not flooded out of the switch instead of being trapped to CPU.


Xorp_policy Crash

If configure static routes, xorp_policy will crash and generate coredump file when it shuts down.


Maximum Power Setting on UPoE Ports

The Maximum power that can be provided by an UPoE power of AS4610-54P is 51 watts instead of  64 watts. So the range of max-power of a specific port is changed to [1..51].


The Default Value of lldp-negotiation is TRUE

To symplify the PoE configurtion, the default value of lldp-negotiation for the setting of global/all and local/per-port is changed to true.  


Phone classified as CDP If LLDP Enabled Capabilities are not Set Correctly

Verizon has phones which do not set LLDP Enabled Capabilities:Telephone correctly (Not Enabled), but the LLDPDU includes Network Policy TLV requesting policy for Voice application. PICOS LLDP/CDP would classify these phones as CDP phones and send untagged voice related traffic to these phones, which is not expected by the phones because of the LLDP-MED negotiation. PICOS should classify the device as a LLDP-MED phone, if the switch receives LLDPDUs from the phone with LLDP-MED Network Policy TLVs for Voice, EVEN IF the base LLDP has “Enabled Capabilities::Telephone=NO”. The logic is that if the device is requesting LLDP-MED Network Policy for Voice, then it must be a phone, and this overrides the fact that Enabled-Capability::Telephone=NO.

PoE Power Provision Error If the Phone Has Different Chassis IDs with Different IP Addresses

The attached phone sends LLDPDUs with 2 different Chassis IDs which are the values of the IP addresses. Initially, the Chassis ID/IP address is and then becomes such as 104..255.99.11 when the phone gets an actual IP address from the DHCP sever. The initial LLDPDU with requests 12.1 watt. And the following LLDPDU with 104..255.99.11 requests 15.1 watt. Unfortunately, the LLDPDU with 104..255.99.11 is ignored. PicOS switch should continuously check the the TLV of Power Via MDI and provide the power requested by the TLV from the incoming LLDPDU.

Add ifSpeed and ifHighSpeed for Port with 25G and 100G Speed

ifspeed/ifhighspeed MIB value for port with 25G and 100G is not the value as expected, so we add ifSpeed and ifHighSpeed for port with 25G and 100G speed to make the MIB value correct.


Add VLAN Display in Dot1x MAB Table

Present dynamic VLAN of the connected deviced authenticated by MAB. 
admin@Xorplus# run show dot1x mab interface 
Interface Mac Authenticated Dynamic-Vlan 
-------------- ----------------- ------------- ------------ 
ge-1/1/33 00:00:06:00:00:07 true 20 


802.1x Precedes MAB 

To follow the behavior of Cisco, 802.1x will precede MAB if both 802.1x and MAB are available. 


Add the Service Type Attribute in Access Request Message 

Add Service Type attribute in the access request messages sent out to RADIUS to differentiate MAB and 802.1x.


[AS4610-54P]Phone won't power up randomly after disabling & reenabling PoE on UPOE ports. 

Cisco 8845 IP Phone was powered up and working properly on a UPoE ports (ports ge-1/1/44, ge-1/1/48). After disabling and reenabling PoE, somehow it's possible the phone will no longer power up. 


 Don't Allow to Configure 802.1X to LAG Member Port 

Add config checking to prevent LAG member port from being enabled 802.1X.


ECMP max Path Should not Be Changed When Disable Symmetric Hashing

After commit "delete interface ecmp hash-mapping symmetric" successfully, CLI will prompt message "ECMP max path has been changed, please reboot the system for changes to take effect!". It should not change the ECMP max path if disable symmetric hashing. 


Port is not Deleted when Change the User Status

A port is secured by 802.1X and configured with a dynamic VLAN such as VLAN 8. And then the dynamic VLAN is changed to VLAN 9 on the side of RADIUS server such as PacketFence. The re-authentication doesn't change the dynamic VLAN of the port to VLAN 9 on the side of Pica8 switch.

Routing Protocols

Bug IDReleaseDescription
Error BGP Statistics
When create both IPv4 and IPv6 sessions between 2 BGP peering switches, the number of BGP routes including received prefixes and accepted prefixes and active prefixes is incorrect.

Open vSwitch and OpenFlow

Bug IDReleaseDescription
Statistics Error on Tunnel Packets
Drop counter on ingress side still goes up even if the tunnel packets are forwarded out of switch correctly.
Command ovs-pica-save/ovs-pica-load does not Work Occasionally
Command ovs-pica-save/ovs-pica-load is not so reliable. It is possible that ovs-pica-save/ovs-pica-load fails even though it shows successfully.
DHCP Cycle in CrossFlow Mode
Under CrossFlow mode, with DHCP snooping enabled, DHCP control packets might cycle on a self-loop connection.
Install the Flow Entry to ASIC Even If User Try to Set DSCP to 0
PICOS/OVS is not allowed to install the flow entry to ASIC with "set_field:0-\>ip_dscp" as following: $ ovs-ofctl add-flow br0 in_port=2049,ip,actions=set_field:0-\>ip_dscp,normal Additionally, PICOS/OVS is not allowed to configure a flow entry to ASIC with action such as "set_field:24-\>ip_dscp" which has the same value of in match criteria "ip_dscp=24" as following: ovs-ofctl add-flow br0 in_port=2049,vlan_tci=0x1000/0x1000,ip, ip_dscp=24,actions=set_field:24-\>ip_dscp,normal
Linux is in Panic
It's possible that Linux runs into panic due to a null pointer referenced in Fan driver code under the circumstance of race condition of different threads.

ARP Proxy Does not Work on Tunnel Port

If enable ARP proxy enable on tunnel's network port, it will send out arp reply packet which has a tunnel header.

Support 6k Flow Entries for AS5812 and AS6812

Allow to configure maximum 6k flow entries on AS5812_54T and AS5812_54X and AS6812.

AS5812 OVS Sflow Function Fails to Generate Flow Samples

In OVS 2.6, sflow only generates counter samples (CNTR) but not flow samples (FLOW).  

Refine the Performance by Adding Large Amount of Flow Entries

In case of same priority, the time to add 4k flow entries is reduced dramatically on AS5812.

It Takes Too Long to Deletes 6k Flows on AS5812 and AS6812

It takes 20 minutes to delete 6k flow entries. It's too long.

Convert OVSDB to Match New Schema in Upgrade2

PicOS OVS uses OVSDB to restore the configurations. It's possible that the schema of the OVSDB would be changed because new cofinguation commands might be added to the new version of PicOS. To bring the OVSDB into the new version of PicOS by upgrade2, the OVSDB should be converted to adapt the the new schema of the new version of PicOS. 

Enable In-band under Match Mode 

OpenFlow in-band controller connection is enabled under match mode. 


Update Action in the Hardware Flows if Delete/Add Port to the Bridge

Delete a port from the bridge, the action of the hardware flows with the specific port as output should be updated as "drop". If the port is added back to the bridge, the hardware flows should come back to the original ones. 


Bug IDReleaseDescription
Apply Policer to Aggregate Traffic
If configure a policer to a couple of ACL rules, the policer will applied to the aggregate traffics instead of each traffic matching specific ACL rule independently.


Bug IDReleaseDescription
Issue SNMP Trap if LAG Member Port Links Up/Down
As a common physical port, if a member port of a LAG is up or down, an SNMP trap should be issued.
Protocol Packets are Counted to Discarded
L2 protocol frames and L3 protocol packets including bpdu, lacp, lldp, mlag, bgp, bfd, ospf, RIP, dhcp, igmp, pim, arp, which are trapped to CPU but not replicated and sent to egress side, are counted to Discarded packets.
SNMP - Value of ifLastChange is Always 0
The value of ifLastChange (OID: should be the time the interface being in the current operational state.
SNMP - Value of sysUpTime is not in Timetick
The value of sysUpTime (OID: should be in timetick instead of integer.

[AG9032] PICOS Can't Boot up 

PICOS 2.11.16 cannot boot up on AG9032. Certain Delta switches such as AG9032 request to reset MAC via CPLD from software when reboot system by "reboot -f".

  • No labels