	ProLiant BL p-Class GbE2 Interconnect Switch Firmware		
		Customer-Level Release Notes
			Version 3.0.1
			  3/15/2006

A. Description -

	This version of ProLiant BL p-Class GbE2 Interconnect Switch Firmware
	contains new layer three (L3) features and other enhancements.

B. Upgrade Requirement -

	Not-Critical.

C. New Features since version 2.2.1 (see the Application Guide for details) -
	
	1) Layer 3 Features
		IP Forwarding

		128 IP interfaces 

		4096 ARP entries

		Global default route

		Static routing support with 128 routing table entries

		Dynamic routing support with entries in routing table (4K 
		entries) Routing protocol
			RIP v1
			RIP v2
			OSPF

	2) Layer 2 Enhancements
		Manual entry of MAC address in forwarding table

		Broadcast, Multicast, and DA Unknown Storm Suppression

		QoS 802.1p 
			Metering  policing or shaping 
			Commit rate
			Packet marking
			Queuing

		Fast Uplink Convergence 

		Port Fast-Forwarding

		LACP (IEEE 802.3-2002) 

		Configurable Trunk Hash algorithm

	3) Management Enhancements
		Upgrade Firmware via FTP client

		Secondary NTP Support

	4) Security Enhancements
		PortX Security based 802.1x  

		ACL Filtering (SMAC, DMAC, SIP, DIP, Sport, Dport)
		SSH v2
		SNMP v3 
		HTTPS Secure BBI 

	5) High Availability Enhancements
		Router Redundancy via VRRP

	6) The command menu structure in the CLI (Command Line Interface) has 
	changed in 3.0.0.  For example, the /cfg/stp command has been moved to 
	/cfg/l2/stp and /info/log has been moved to /info/sys/log.  Please see 
	the Command Reference for an overview of the new command layout.  Most 
	commands can be entered into the CLI interactively using the old 
	syntax, they will be accepted and translated into the new syntax.  The 
	translated syntax will be seen when the configuration is output to a 
	file (/cfg/ptcfg) or dumped to the screen (/cfg/dump).

	Configuration files are upwardly compatible from 2.x to 3.0.0, but 
	3.0.0 configuration files are not supported with previous versions of 
	the firmware.   When upgrading to 3.0.0, please archive your current 
	configuration first.  Then, when the new 3.0.0 firmware is installed, 
	the configuration will be automatically translated into the new syntax.
	When downgrading from 3.0.0 firmware to previous versions of the 
	firmware, you must reset the configuration to factory defaults before 
	the firmware downgrade operation.

	7) MSTP differences between the 2.2, 3.0 and 3.0.1 releases:

	2.2:
		Any vlan can be moved to CIST.
		VLAN1 can not be moved from CIST.
		Default action when switching to MSTP: vlan 1 moved to CIST.
		Default region revision: 1

	3.0:
		No VLAN allowed to CIST.
		VLAN1 can be moved to any STG.
		Default action when switching to MSTP: no action performed.
		Default region revision: 0

	3.0.1:
		Any VLAN can be moved to CIST.
		VLAN1 can be moved to any STG.
		Default action when switching to MSTP: vlan 1 moved to CIST.
		Default region revision: 1

	Although in 2.0 you can move VLANs to CIST there are a lot of issues 
	generated by this movement. 3.0.1 solves these issues.  Also a lot of 
	different MSTP issues have been solved in 3.0 and 3.0.1.

	The only high level difference between 2.0 and 3.0.1 is that
	VLAN1 can be moved to any STG and isn't stuck in CIST as in 2.0.

	Please note that in the 2.0 Application Guide it is written that
	when you turn on MSTP, the switch automatically moves all VLANs
	from STG 1 to CIST, which is not true.  Only Vlan 1 is moved to CIST.


D. Problems Fixed -

	1) The switch appeared to hang when a port was removed from a large 
	number of VLANs (e.g., "/cfg/port tag dis"), but eventually returned.


E. Known Problems -

	1) The SAN cube option number displayed in both the CLI and BBI is 
	"321745- 21" but should be "321745-B21".

	2) Under some circumstances the "/i/l2/igmp/dump" CLI command may
	include ports that are no longer valid.  A port that has been blocked
	by STP will no longer transmit/receive the igmp packets and will
	eventually time out and be dropped from the group.

	3) Contrary to the CLI, when the user assigns an address for IP
	interface 1 through the BBI, BOOTP is automatically disabled.

		How Bootp works: 
		--------------- 
		1. Bootp is enabled by default. It is expected that user will 
		configure their BOOTP/DHCP server to issue both IP interface
		and gateway address upon request.

		2. Bootp assigned addresses will override IP interface 1 and 
		gateway 1. 

		3. Bootp assigned addresses will not be saved to the
		configuration dump. 

		4. If user manually configures an IP interface 1 or gateway 1
		through CLI, Bootp will NOT be automatically disabled; but the
		Bootp process will also be re-initiated when the apply is done.
		Note that if Bootp addresses become available, #2 and #3 above
		will still apply; otherwise, the configuration will be updated
		with the user assigned addresses as they become active.

		5. Bootp assigned addresses will be automatically applied while
		user assigned addresses will need to be applied.
 
		6. Bootp can be disabled manually. Any manually configured IP 
		interface and gateway addresses will be saved to the
		configuration.

		NOTES: 
		------- 
		- When Bootp addresses are assigned, if Bootp is then disabled,
		the current assigned addresses are still active 

		- When going from Bootp enabled/dynamic address assigned, to
		Bootp disabled/static addresses assigned, then doing a revert
		apply takes configuration back to Bootp enabled but the
		addresses must be reassigned by the Bootp server.

		- If Bootp is enabled, user assigned addresses get saved only
		if they haven't been overwritten by a dynamic BootP address yet
		(see #4 above) 

		- User assigned addresses cannot be the same as Bootp assigned 
		addresses.

	4) The commands IF and IFCLEAR under /stat should be under "port"
	according to RFC 1573.  This change has been incorporated into the CLI
	but is not yet incorporated into the BBI and SNMP.

	5) For a port that belongs to multiple VLANs, a configuration change 
	from tagged to non-tagged results in the port remaining only in the
	VLAN specified in the pvid rather than remaining only in the default
	VLAN as reported.  If the port needs to belong to the default VLAN, 
	make sure PVID is 1 before changing the port tagged field.

	6) If the switch is configured for UFD and RSTP mode with the LtM port 
	down, it is possible for one of the LtD ports to be marked as link UP 
	after a reboot even as the LtM is marked link DOWN.  Use the log 
	messages to find two consecutive messages to determine that port x is 
	the port still showing link UP status with /i/ufd.  For example:
		Jun  8 15:32:19 NOTICE  system: link up on port x
		Jun  8 15:32:19 WARNING ufd: Link to monitor is down
	In order to force the port link status to the proper state of disabled,
	use the "/cfg/ufd off" command (and "apply") to see all the LtD ports' 
	link state return to UP.  Then use the command "revert apply" so that 
	ufd is re-enabled resulting in all the LtD ports returning to a link 
	state of disabled.

	7) If a port has been configured as one of the LtD ports and the LtM 
	port is down, any configuration change of the port's 
	speed/mode/autonegotiation/flowcontrol will causes a port link 
	transition resulting in the port being marked as link UP even as the 
	LtM is marked link DOWN.  Use the /oper/port x/disable command to force
	the link back to disabled to be consistent with an LtM state of down.

	8) Statistics for Broadcast and Multicast Jumbo frames are not reported 
	correctly. Jumbo frames statistics are displayed under 
	"dot3StatsFrameTooLongs" instead of displaying as valid Ethernet frames.

	9) When Uplink Fast is enabled, it increases the bridge priority to 
	65500 for all Spanning Tree instances and path cost by 3000 for all 
	external Spanning Tree ports.  When you disable Uplink Fast and 
	enable RSTP (Rapid Spanning Tree) followed by the disable operation, 
	the default spanning tree bridge priority and path cost are not 
	restored.  Manually reconfigure the bridge priority and path cost to 
	default value or a newly desired value.

	10) Performing a revert apply after making MSTP configuration changes 
	may result in error messages ("bcm_stg") being displayed.  These debug 
	messages may be ignored.

	11) Switching between active/backup config block images and the factory 
	config block will cause the active/backup config block image to be lost.

	12) The preferred management interface is the Command Line Interface 
	(CLI), since the browser (BBI) and SNMP interfaces do not provide
	full functionality.


F. Notes -

	1) The following are default setting values for various features.  The
	values are either not previously documented, have changed, or are 
	corrected here.  All other values can be found in the "HP ProLiant BL 
	p-Class GbE2 Interconnect Switch User Guide".

	Feature			Parameter/Setting	Default
	-------			-----------------	-------
	ACL			global			None
				Statistics	L	Disabled
	ACL filter - IPV4 	SIP/DIP Mask		255.255.255.255
	ACL filter - Ethernet	SMAC/DMAC Mask 		ff:ff:ff:ff:ff:ff
	ACL filter - Ethernet	VLAN Mask		0xfff
	ACL filter - TCP/UDP	Sport/DPort Mask	0xffff
	ACL filter - TCP/UDP	Flag Mask		0x3f

	IP Forwarding					Disabled

	RIP			global			Disabled
	RIP (enabled)		Update interval		30 sec
	RIP (enabled) Interface	RIP Version		2
				Listen			Enabled
				Supply			Enabled
				Default route		None
				Poison			Disabled
				Trigger Updates		Enabled
				Multicast 		Enabled
				Metric			1
				Authentication		None
				Key			None


	Spanning Tree Port Fast	Port Fast		Enabled on 1-16
							Disabled on all others

	Uplink Fast		global			Disabled
	Uplink Fast (enabled)	Update Rate		40
				STP Bridge Priority	65500 for STP X (1<X<16)
				STP Path cost (17-24)	initial path cost +3000

		Note: In order to enable Uplink Fast the following settings
		MUST be OFF:

			LACP	Disabled	/cfg/l2/lacp/port X/mode off
			MSTP	Disabled	/cfg/l2/mrst/off
			RSTP	Disabled	/cfg/l2/mrst/off


	LACP			global			Disabled
	LACP (enabled)		System Priority		32768
				Timeout scale		long (90 seconds)
				Port Priority		32768
				Admin key		Port index (#)

	THASH			global			Enable with Sip&Dip

	SNMPv1, v2		Read community string	public
				Write community string	private
				state machine timeout	5
				Authentication traps	disabled
				UFD traps		disabled
				Link up/down traps	enabled
				v1/v2 access		enabled
	SNMPv3			access			Read/write enabled
				v1v2 access		enabled
	SNMPv3 users		adminmd5	authentication=md5, privacy=des
				adminsha	authentication=sha, privacy=des
				v1v2only      authentication=none, privacy=none
	SNMPv3 access groups	admingrp		level=authPriv
							users=adminmd5,adminsha
							rview, wview, nview=iso
				v1v2grp			level=noAuthNoPriv
							users=v1v2only
							rview, wview=iso
							nview=v1v2only
	SNMPv3 vacm tree views	iso			subtree=1, included
	SNMPv3 			v1v2only		subtree=1, included
					       subtree=1.3.6.1.6.3.15, excluded
					       subtree=1.3.6.1.6.3.16, excluded
					       subtree=1.3.6.1.6.3.18, excluded


	802.1x			global			disabled
	802.1x (enabled)	mode			force-auth
	 			qtperiod		60
				txperiod		30
				suptmout		30
				svrtmout		30
	 			maxreq			2
				raperiod		3600
				reauth			off

		NOTE: Minimum requirements to enable 802.1x and to have it 
		functional:

			802.1x	/c/l2/8021x/ena		enabled
			Port x	/c/l2/8021x/port x/mode auto	auto
			RADIUS	/c/sys/radius/prisrv	0.0.0.0
				/c/sys/radius/secret	password (the same as 
							the one on the server)
				/c/sys/radius/port	1645 or 1812  are 
							recommended (same as 
							the one configured on 
							the server)


	MCAST/BCAST/UCAST	Storm suppression	off
		(enabled)	/cfg/port X/mrate	0-262143
				/cfg/port X/brate	0-262143
				/cfg/port X/drate	0-262143


	OSPF			global			Disabled
	OSPF (enabled)		Interface #		0.0.0.0, enabled
				L3 forwarding		on
				Area #	enabled
				OSPF interface #	Enabled

	Once above enabled other defaults that come into play:

	OSPF Area 		Area type		transit
				Authentication		none
				Metric			1
				SPF			10
	OSPF Interface		Area Index		0
				Priority		1
				Cost			1
				Hello			10
				Dead			40
				Transmit		1
				Retransmit		5
				Key			none

	NTP			global			Disabled
	NTP (enabled)		
		Primary or secondary NTP server configured	0.0.0.0
		Primary or secondary NTP secret configured	0.0.0.0
				state			enabled

		Once above enabled other defaults that come into play:

				resync Interval		1440 minutes
				timezone offset		-8:00
				daylight savings time	disabled


	FTP 			Server port		21 (not configurable)


	VRRP 			global			OFF
	VRRP (enabled)		vr (virtual router)	enabled
 				vrid(virtual router id)	1
 				adver(advertisement interval)	1 sec
 				preem			enabled
				prio (priority)        	100


	2) Access Control List (ACL) examples:

	The following ACL filter configuration examples illustrate how to use 
	ACLs to block traffic. These basic configurations illustrate common 
	principles of ACL filtering.

 	NOTE: Each ACL filters traffic that ingresses on the port to which the 
	ACL is added.  The egrport classifier filters traffic that ingresses 
	the port to which the ACL is added, and then egresses the port 
	specified by egrport. In most common configurations, egrport is not 
	used. 

	Example 1: Use this configuration to block traffic to a specific host. 
		>> Main# /cfg/acl/acl 1			(Define ACL 1)
		>> ACL 1# ipv4/dip 100.10.1.116 255.255.255.255
		>> Filtering IPv4# ..
		>> ACL 1# action deny
		>> ACL 1# /cfg/port 19/aclqos		(Add ACL to port 19)
		>> Port 19 ACL# add acl 1
		>> Port 19 ACL# apply
		>> Port 19 ACL# save

	In this example, all traffic that ingresses on port 19 is denied if it 
	is destined for the host at IP address 100.10.1.116.

	Example 2:  Use this configuration to block traffic from a network 
	destined for a specific host address. 

		>> Main# /cfg/acl/acl 1			(Define ACL 1)
		>> ACL 1# ipv4/sip 100.10.1.0 255.255.255.0 
		>> ACL 1# ipv4/dip 200.20.1.116 255.255.255.255
		>> Filtering IPv4# ..
		>> ACL 1# action deny
		>> ACL 1# /cfg/port 19/aclqos		(Add ACL to port 19)
		>> Port 19 ACL# add acl 1
		>> Port 19 ACL# apply
		>> Port 19 ACL# save

	In this example, all traffic that ingresses on port 19 with source IP 
	from the class 100.10.1.0/24 and destination IP 200.20.1.116 is denied. 

	Example 3: Use this configuration to block all traffic from a network 
	that is destined for a specific egress port. 
 
		>> Main# /cfg/acl/acl 1			(Define ACL 1)
		>> ACL 1# ipv4/sip 100.10.1.0 255.255.255.0
		>> Filtering IPv4# ..
		>> ACL 1# egrport 3
		>> ACL 1# action deny
		>> ACL 1# /cfg/port 19/aclqos		(Add ACL to port 19)
		>> Port 19 ACL# add acl 1
		>> Port 19 ACL# apply
		>> Port 19 ACL# save

	In this example, all traffic that ingresses on port 19 from the 
	network 100.10.1.0/24 and is destined for port 3 is denied.


----------------------------------------------------------------------------

Usage information can be obtained from the following documentation:

    HP ProLiant BL p-Class GbE2 Interconnect Switch User Guide
    HP ProLiant BL p-Class GbE2 Interconnect Switch Application Guide
    HP ProLiant BL p-Class GbE2 Interconnect Switch Command Reference Guide
    HP ProLiant BL p-Class GbE2 Interconnect Switch Browser-based Interface
	Reference Guide 

This documentation is downloadable from http://www.hp.com/support

----------------------------------------------------------------------------

Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information in this document is provided 
"as is" without warranty of any kind and is subject to change without notice.
The warranties for HP products are set forth in the express limited warranty 
statements accompanying such products. Nothing herein should be construed as 
constituting an additional warranty.

(c) 2002-2006 Hewlett-Packard Development Company, L.P.
