SWR2311P Firmware V2.02.27

• Please read before updating the firmware.
  Security measures were strengthened for accessing the unit.
  
  https://manual.yamaha.com/pa/interfaces/swr2311p/Rev_2_02_27/en/basic/index.html#!/notice_login_security 
• The following OpenSSL vulnerabilities were addressed.
  CVE-2021-3712 (JPCERT/CC JVNVU#99612123)
• The following OpenSSL vulnerabilities were addressed.
  CVE-2022-0778 (JPCERT/CC JVNVU#90813125)

How to update the firmware

For details, please refer to the "Yamaha LAN Monitor User Guide" and the Web GUI help menu.

1. Connect the SWR2311P-10G and the computer with a LAN cable.
   Please connect to a port of SWR2311P-10G set as VLAN1.
2. Start the Yamaha LAN Monitor.
3. Select the SWR2311P-10G to be updated in the tree view.
4. Click the [Web GUI] button on the device detail view.
   With the factory settings, the username and password are not specified, so entering a username and password would be unnecessary in that case.
5. Select [Management] -> [Maintenance] -> [Update firmware], then click the [Next] button on "Update firmware from PC."
6. Click the [Select a file] button, then select the downloaded and decompressed firmware file with extension .bin.
7. Click the [OK] button.
8. Click the [Execute] button.

Wait until completing the update. SWR2311P-10G will automatically restart and become ready to use.

New Functionality

• The following command can now forward multicast packets without discarding part of the multicast communication even if “l2-unknown-mcast discard” is specified.
  l2-unknown-mcast forward
• Support for “summertime” time zones was added.
  User settings for the summertime period and offset hours were added to the “clock summer-time” command.
  On the Web GUI [Management]->[Interface settings] page, a [Time zone setting] page was added for setting the time zone and summer time settings.
• Security measures were strengthened for accessing the unit.
• A new cable diagnostics function was added.
  In addition, a cable diagnostics page was added to the [Management]->[Maintenance] menu of the Web GUI.
• Support for the automatic SD card booting function was enabled.
• A command for changing the authentication order was added in case the same authentication method is also used for the port authentication function.
  • auth order
• Commands that can be registered in the FDB as static entries were added to the MAC authentication function.
  • auth-mac static
• IGMP snooping features were expanded to support the following:
  • A command for enabling/disabling the report suppression function was added.
  • ip igmp snooping report-suppression
  • A command for enabling/disabling the multicast router port data forwarding suppression function was added.
  • ip igmp snooping mrouter-port data-suppression
    The following settings were added to the [Multicast]->[IGMP snooping]->[IGMP snooping settings] field in the Detailed settings screen of the Web GUI:
  • Report Suppression Function
  • Multicast Router Port Data Forwarding Suppression Function
• SYSLOG facility values became changeable.
  • syslog facility
    In addition, the ability to change/display SYSLOG facility value settings was added in the [Management]->[Maintenance]->[SYSLOG management] field of the Web GUI.
• Commands were added to restrict access to the SNMP server.
  • snmp-server access
    In addition, the [Access via SNMP] settings screen was added to the [Management]->[Access management]->[Various server settings] field of the Web GUI.
• In auto-configure via LLDP settings, IEEE802.3 TLVs can now be added within LLDP frames transmitted by switches.
  • tlv-select ieee-8023-org-specific
• Private MIB support was added for loop detection.
• Support for the following was added to the Web GUI:
  • A [Multicast basic settings] page was added to the Detailed settings.
  • The following settings were enabled in the [Traffic control]->[QoS] field in the Detailed settings:
  • [CoS]->[Transmit queue mapping table] settings
  • [DSCP]->[Transmit queue mapping table] settings
  • The following settings are now displayed in the [Management]->[Dante optimization] field:
  • Unknown multicast frame settings
  • QoS settings

Improvements

• The maximum number of characters in shared passwords used for port authentication and RADIUS server functionality was increased from 64 to 128.
  RADIUS server shared password setting (radius-server key)
  RADIUS server host setting (radius-server host)
  RADIUS client setting (NAS)
• The following changes were made to the default config settings:
  LLDP functionality is enabled
  Auto-configure via LLDP functionality is enabled.
• Improvements were made to multicast address registering and deleting processes for IGMP/MLD snooping.
• The following terminology was changed for Yamaha network products:

• The following ARP changes were made:
  • ARP entries are no longer generated when ARP requests are received.
  • ARP replies are now received for only a fixed period after an ARP request is sent by that unit.
• Support for the IGMP snooping fast-leave function was also included in IGMPv3.
• Improvements were made to the time required by the logical interface to link up for LACP link aggregation.
• The use of characters " ' ` and \ were disallowed in URLs.
• A “tlv-select ieee-8023-org-specific” command is now specified for ports that receive LLDP frames sent from specific Yamaha devices that support Dante.
• In the Web GUI login screen, a scroll bar is displayed if the browser display is small.
• The accordion menus for Detailed settings and Management screens of the Web GUI were reorganized.
• The “Change the settings related to the community accordingly.” or “Delete from related settings as well.” checkbox can be selected when changing/deleting community settings in the Web GUI [Management]->[SNMP]->[Community] field. These settings specify which clients can access the SNMP servers that determine whether the community is now also changed/deleted accordingly.
• The explanatory text was changed for the JavaScript and Cookie settings in the Web GUI general help page.

Fixed Bugs

• A bug was fixed that caused the system sometimes to reboot if the CPU usage ratio increased after receiving a portion of the IGMP packet.
• A bug was fixed that sometimes returned unwanted IGMP reports if an IGMP report was received from a multicast router port.
• A bug was fixed that sometimes stopped multicast streams from being forwarded correctly if a LAN/SFP port associated with a logical interface is linked up/down with IGMP/MLD snooping.
• A bug was fixed that sometimes caused unwanted log events to be output if an IGMP snooping group registration was deleted.
• A bug that sometimes prevented authentication when a guest VLAN was enabled during MAC authentication was fixed.
• A bug was fixed that resulted in rebooting if an invalid LLDP frame was received.
• The possibility of rebooting was eliminated after specifying the “send from” command for the mail notification function.
• A bug that prevented using the following commands to make revisions via an SSH connection was corrected.
  • firmware-update execute
  • firmware-update sd execute
• A bug was fixed that enabled a user to log in to the console without a password if the “username” command was used to change only the privilege settings for an existing user without entering the password.
• A bug was fixed that resulted in not reflecting associated LAN/SFP ports in settings when there are port authentication settings for a logical interface, and VLAN access to the logical interface was changed.
• A bug was fixed that sometimes prevented transmitting packets when the half-duplex mode was used for port communication.
• A bug that sometimes resulted in not transmitting streams requiring a multicast router port when “l2-unknown-mcast discard” is specified was fixed.
• A bug that sometimes did not reflect VLAN IP address settings in the sender IP address settings for sending IGMPv2 report messages during IGMP snooping was fixed.
• A bug was fixed that sometimes cleared authentication information before the FDB aging time was complete during MAC authentication.
• A bug was fixed that sometimes caused some functionality to become unstable after the current time setting was changed, such as after the NTP time setting was corrected.
• A bug that prevented URL encoding values entering HTTP proxy server settings used for updating firmware was fixed.
• A format error in the “no switchport multiple-vlan group” command was corrected.
• A bug was fixed that prevented displaying LED indicators appropriately at physical ports participating in logical ports from link aggregation when port LED indicators were displayed in the VLAN mode.
• A bug that sometimes prevented properly updating information in the “Device details and settings” view in the LAN map screen of the Web GUI was fixed.
• A bug was fixed that prevented displaying errors correctly after trying to specify dynamic VLAN settings for trunk ports using the [Interface settings]->[Port authentication]->[Port authentication settings] in the Detailed settings screen of the Web GUI.
• A bug was fixed that displayed an error if email template settings were specified in the [Management]->[Mail notification] field of the Web GUI.
• A bug was fixed that resulted in an error if a VLAN had frame transmission disabled when optimization settings were executed in [Management]->[Dante optimization] of the Web GUI settings.
• Inconsistencies in how some information was displayed in the Web GUI help information were corrected.