/
DANOS 2105 Release Notes
DANOS 2105 Release Notes
- Scott Leishman
Owned by Scott Leishman
- 1 Overview
- 2 show version
- 3 Configuration and operational mode commands
- 4 Important changes
- 5 New Features
- 5.1 Enhanced Syslog
- 5.2 ARP Configuration support
- 5.3 NETCONF support for adding copy-config to the candidate configuration
- 5.4 Prohibit password reuse
- 5.5 New DPI applications and protocols
- 5.6 DHCP enhancements for switch interfaces
- 5.7 ISIS enhancements
- 5.8 Support for non-dataplane interfaces
- 5.9 Miscellaneous changes
- 6 Obsolete features
- 7 Operational command changes
- 8 Resolved Security Vulnerabilities
- 9 Licenses
- 9.1 MSTP/RSA
Overview
Welcome to the 2105 (May 2021) version of DANOS.
The DANOS 2105 release is based upon Debian 10, with the 5.4 version of the Linux Kernel, the 1911 version of DPDK, and the 7.5.1 version of FRR.
show version
vyatta@vm-d2105-1:~$ show version
Version: 2105
Description: DANOS (Inverness) 2105 (DANOS:Shipping:2105:20210611)
Built on: Fri Jun 11 11:58:32 UTC 2021 |
Configuration and operational mode commands
The full list of configuration commands and operational mode (e.g. “show”) commands are attached to this page.
Important changes
Reminder about the default username and password
The default LiveCD and ONIE image username and password change in the 2005 release from vyatta/vyatta to tmpuser/tmppswd.
As part of the installation process, the user has to enter a username and password manually. It is no longer possible to press "enter" and accept the default vyatta/vyatta option.
New Features
Enhanced Syslog
The Enhanced Syslog feature allows syslog to be configured using a rule-based approach, similar to firewall rules. This provides more flexibility such that more complex expressions can be used to select which messages to discard and select, to which files/hosts those messages are forwarded, as well as rate-limiting based support.
system syslog-enhanced
system syslog-enhanced file <entry>
system syslog-enhanced file <entry> archive files <value>
system syslog-enhanced file <entry> archive size <value>
system syslog-enhanced file <entry> filename <value>
system syslog-enhanced host <entry>
system syslog-enhanced host <entry> hostname <value>
system syslog-enhanced host <entry> port <value>
system syslog-enhanced host <entry> protocol tcp
system syslog-enhanced host <entry> protocol udp
system syslog-enhanced host <entry> source-interface <value>
system syslog-enhanced host <entry> tls
system syslog-enhanced host <entry> tls authentication mode x509/fingerprint
system syslog-enhanced host <entry> tls authentication mode x509/name
system syslog-enhanced host <entry> tls authentication peers <peer>
system syslog-enhanced host <entry> tls authentication peers <peer> fingerprint <value>
system syslog-enhanced host <entry> tls cipher-suite <cipher>
system syslog-enhanced input journal rate-limit burst <value>
system syslog-enhanced input journal rate-limit interval <value>
system syslog-enhanced rule <rule-number>
system syslog-enhanced rule <rule-number> description <value>
system syslog-enhanced rule <rule-number> disable
system syslog-enhanced rule <rule-number> match facility all
system syslog-enhanced rule <rule-number> match facility auth
system syslog-enhanced rule <rule-number> match facility authpriv
system syslog-enhanced rule <rule-number> match facility cron
system syslog-enhanced rule <rule-number> match facility daemon
system syslog-enhanced rule <rule-number> match facility dataplane
system syslog-enhanced rule <rule-number> match facility kern
system syslog-enhanced rule <rule-number> match facility local0
system syslog-enhanced rule <rule-number> match facility local1
system syslog-enhanced rule <rule-number> match facility local2
system syslog-enhanced rule <rule-number> match facility local3
system syslog-enhanced rule <rule-number> match facility local4
system syslog-enhanced rule <rule-number> match facility local5
system syslog-enhanced rule <rule-number> match facility local6
system syslog-enhanced rule <rule-number> match facility local7
system syslog-enhanced rule <rule-number> match facility lpr
system syslog-enhanced rule <rule-number> match facility mail
system syslog-enhanced rule <rule-number> match facility mark
system syslog-enhanced rule <rule-number> match facility news
system syslog-enhanced rule <rule-number> match facility protocols
system syslog-enhanced rule <rule-number> match facility security
system syslog-enhanced rule <rule-number> match facility sensors
system syslog-enhanced rule <rule-number> match facility syslog
system syslog-enhanced rule <rule-number> match facility user
system syslog-enhanced rule <rule-number> match facility uucp
system syslog-enhanced rule <rule-number> match msg posix-match <regex>
system syslog-enhanced rule <rule-number> match msg posix-match <regex> unless <value>
system syslog-enhanced rule <rule-number> match severity at-least alert
system syslog-enhanced rule <rule-number> match severity at-least crit
system syslog-enhanced rule <rule-number> match severity at-least debug
system syslog-enhanced rule <rule-number> match severity at-least emerg
system syslog-enhanced rule <rule-number> match severity at-least err
system syslog-enhanced rule <rule-number> match severity at-least info
system syslog-enhanced rule <rule-number> match severity at-least notice
system syslog-enhanced rule <rule-number> match severity at-least warning
system syslog-enhanced rule <rule-number> match severity at-most alert
system syslog-enhanced rule <rule-number> match severity at-most crit
system syslog-enhanced rule <rule-number> match severity at-most debug
system syslog-enhanced rule <rule-number> match severity at-most emerg
system syslog-enhanced rule <rule-number> match severity at-most err
system syslog-enhanced rule <rule-number> match severity at-most info
system syslog-enhanced rule <rule-number> match severity at-most notice
system syslog-enhanced rule <rule-number> match severity at-most warning
system syslog-enhanced rule <rule-number> match severity equals alert
system syslog-enhanced rule <rule-number> match severity equals crit
system syslog-enhanced rule <rule-number> match severity equals debug
system syslog-enhanced rule <rule-number> match severity equals emerg
system syslog-enhanced rule <rule-number> match severity equals err
system syslog-enhanced rule <rule-number> match severity equals info
system syslog-enhanced rule <rule-number> match severity equals notice
system syslog-enhanced rule <rule-number> match severity equals warning
system syslog-enhanced rule <rule-number> match with-flag <value>
system syslog-enhanced rule <rule-number> match without-flag <value>
system syslog-enhanced rule <rule-number> otherwise clear-flag <value>
system syslog-enhanced rule <rule-number> otherwise console
system syslog-enhanced rule <rule-number> otherwise discard
system syslog-enhanced rule <rule-number> otherwise file <value>
system syslog-enhanced rule <rule-number> otherwise host <value>
system syslog-enhanced rule <rule-number> otherwise set-facility all
system syslog-enhanced rule <rule-number> otherwise set-facility auth
system syslog-enhanced rule <rule-number> otherwise set-facility authpriv
system syslog-enhanced rule <rule-number> otherwise set-facility cron
system syslog-enhanced rule <rule-number> otherwise set-facility daemon
system syslog-enhanced rule <rule-number> otherwise set-facility dataplane
system syslog-enhanced rule <rule-number> otherwise set-facility kern
system syslog-enhanced rule <rule-number> otherwise set-facility local0
system syslog-enhanced rule <rule-number> otherwise set-facility local1
system syslog-enhanced rule <rule-number> otherwise set-facility local2
system syslog-enhanced rule <rule-number> otherwise set-facility local3
system syslog-enhanced rule <rule-number> otherwise set-facility local4
system syslog-enhanced rule <rule-number> otherwise set-facility local5
system syslog-enhanced rule <rule-number> otherwise set-facility local6
system syslog-enhanced rule <rule-number> otherwise set-facility local7
system syslog-enhanced rule <rule-number> otherwise set-facility lpr
system syslog-enhanced rule <rule-number> otherwise set-facility mail
system syslog-enhanced rule <rule-number> otherwise set-facility mark
system syslog-enhanced rule <rule-number> otherwise set-facility news
system syslog-enhanced rule <rule-number> otherwise set-facility protocols
system syslog-enhanced rule <rule-number> otherwise set-facility security
system syslog-enhanced rule <rule-number> otherwise set-facility sensors
system syslog-enhanced rule <rule-number> otherwise set-facility syslog
system syslog-enhanced rule <rule-number> otherwise set-facility user
system syslog-enhanced rule <rule-number> otherwise set-facility uucp
system syslog-enhanced rule <rule-number> otherwise set-flag <value>
system syslog-enhanced rule <rule-number> otherwise set-indicator <value>
system syslog-enhanced rule <rule-number> otherwise set-severity alert
system syslog-enhanced rule <rule-number> otherwise set-severity crit
system syslog-enhanced rule <rule-number> otherwise set-severity debug
system syslog-enhanced rule <rule-number> otherwise set-severity emerg
system syslog-enhanced rule <rule-number> otherwise set-severity err
system syslog-enhanced rule <rule-number> otherwise set-severity info
system syslog-enhanced rule <rule-number> otherwise set-severity notice
system syslog-enhanced rule <rule-number> otherwise set-severity warning
system syslog-enhanced rule <rule-number> otherwise user <value>
system syslog-enhanced rule <rule-number> rate-limit <flag>
system syslog-enhanced rule <rule-number> rate-limit <flag> burst <value>
system syslog-enhanced rule <rule-number> rate-limit <flag> interval <value>
system syslog-enhanced rule <rule-number> rate-limit <flag> select-every-nth <value>
system syslog-enhanced rule <rule-number> then clear-flag <value>
system syslog-enhanced rule <rule-number> then console
system syslog-enhanced rule <rule-number> then discard
system syslog-enhanced rule <rule-number> then file <value>
system syslog-enhanced rule <rule-number> then host <value>
system syslog-enhanced rule <rule-number> then set-facility all
system syslog-enhanced rule <rule-number> then set-facility auth
system syslog-enhanced rule <rule-number> then set-facility authpriv
system syslog-enhanced rule <rule-number> then set-facility cron
system syslog-enhanced rule <rule-number> then set-facility daemon
system syslog-enhanced rule <rule-number> then set-facility dataplane
system syslog-enhanced rule <rule-number> then set-facility kern
system syslog-enhanced rule <rule-number> then set-facility local0
system syslog-enhanced rule <rule-number> then set-facility local1
system syslog-enhanced rule <rule-number> then set-facility local2
system syslog-enhanced rule <rule-number> then set-facility local3
system syslog-enhanced rule <rule-number> then set-facility local4
system syslog-enhanced rule <rule-number> then set-facility local5
system syslog-enhanced rule <rule-number> then set-facility local6
system syslog-enhanced rule <rule-number> then set-facility local7
system syslog-enhanced rule <rule-number> then set-facility lpr
system syslog-enhanced rule <rule-number> then set-facility mail
system syslog-enhanced rule <rule-number> then set-facility mark
system syslog-enhanced rule <rule-number> then set-facility news
system syslog-enhanced rule <rule-number> then set-facility protocols
system syslog-enhanced rule <rule-number> then set-facility security
system syslog-enhanced rule <rule-number> then set-facility sensors
system syslog-enhanced rule <rule-number> then set-facility syslog
system syslog-enhanced rule <rule-number> then set-facility user
system syslog-enhanced rule <rule-number> then set-facility uucp
system syslog-enhanced rule <rule-number> then set-flag <value>
system syslog-enhanced rule <rule-number> then set-indicator <value>
system syslog-enhanced rule <rule-number> then set-severity alert
system syslog-enhanced rule <rule-number> then set-severity crit
system syslog-enhanced rule <rule-number> then set-severity debug
system syslog-enhanced rule <rule-number> then set-severity emerg
system syslog-enhanced rule <rule-number> then set-severity err
system syslog-enhanced rule <rule-number> then set-severity info
system syslog-enhanced rule <rule-number> then set-severity notice
system syslog-enhanced rule <rule-number> then set-severity warning
system syslog-enhanced rule <rule-number> then user <value>
system syslog-enhanced tls
system syslog-enhanced tls certificate-authority <CA>
system syslog-enhanced tls certificate-authority <CA> file <value>
system syslog-enhanced tls local-certificate certificate <value>
system syslog-enhanced tls local-certificate key <value>
system syslog-enhanced host <entry> routing-instance <value>ARP Configuration support
This feature adds support to allow the ARP cache timeout (ARP timeout or ARP ageing timeout) and the ARP cache size to be configured.
system ip arp stale-time <value>
system ip arp table-size 1024
system ip arp table-size 2048
system ip arp table-size 4096
system ip arp table-size 8192
system ip arp table-size 16384
system ip arp table-size 32768
system ip arp table-size 65536
system ip arp table-size 131072
system ipv6 neighbor table-size 131072NETCONF support for adding copy-config to the candidate configuration
This feature adds the ability for a pre-generated configuration to be pushed to the router and have it applied to the candidate datastore via the NETCONF RPC.
Prohibit password reuse
This feature adds the ability to prohibit the use of old passwords for the same system account. It only affects local system accounts and not those such as GRUB passwords or TACACS+ accounts. It also enforces password expiry based on a configurable time, thereby forcing users to update their passwords after a given time.
Password history and expiration operate on a system-wide level i.e. this policy cannot be enforced on a per user basis.
system password requirements expiration maximum-days <value>
system password requirements history forbid-previous <value>New DPI applications and protocols
Upgrade to use nDPI 3.4, which will introduce support for: anydesk, blookbert, capwap, discord, doh_dot, iec60870, microsoft365, nats, s7comm, soap, teams, websocket, zabbix.
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name anydesk
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name bloomberg
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name capwap
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name discord
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name doh_dot
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name iec60870
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name microsoft365
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name nats
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name s7comm
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name soap
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name teams
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name websocket
security application firewall name <ruleset-name> rule <rule-number> engine ndpi name zabbix
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol anydesk
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol bloomberg
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol capwap
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol discord
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol doh_dot
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol iec60870
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol microsoft365
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol nats
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol s7comm
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol soap
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol teams
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol websocket
security application firewall name <ruleset-name> rule <rule-number> engine ndpi protocol zabbix
security application firewall name <ruleset-name> rule <rule-number> engine ndpi type connectivitycheck
security application firewall name <ruleset-name> rule <rule-number> engine ndpi type iot_scadaDHCP enhancements for switch interfaces
interfaces switch <name> vif <tagnode> dhcp-options no-rfc3442
interfaces switch <name> vif <tagnode> dhcpv6-options parameters-only
interfaces switch <name> vif <tagnode> dhcpv6-options prefix-delegation
interfaces switch <name> vif <tagnode> dhcpv6-options temporaryISIS enhancements
IS-IS routing protocol now supports topology and MPLS-TE configuration options, and IS-IS can be applied to a VIF interface.
interfaces dataplane <tagnode> isis topology ipv4-mgmt
interfaces dataplane <tagnode> isis topology ipv4-multicast
interfaces dataplane <tagnode> isis topology ipv4-unicast
interfaces dataplane <tagnode> isis topology ipv6-dstsrc
interfaces dataplane <tagnode> isis topology ipv6-mgmt
interfaces dataplane <tagnode> isis topology ipv6-multicast
interfaces dataplane <tagnode> isis topology ipv6-unicast
interfaces loopback <tagnode> isis topology ipv4-mgmt
interfaces loopback <tagnode> isis topology ipv4-multicast
interfaces loopback <tagnode> isis topology ipv4-unicast
interfaces loopback <tagnode> isis topology ipv6-dstsrc
interfaces loopback <tagnode> isis topology ipv6-mgmt
interfaces loopback <tagnode> isis topology ipv6-multicast
interfaces loopback <tagnode> isis topology ipv6-unicast
interfaces switch <name> vif <tagnode> ip isis instance <value>
interfaces switch <name> vif <tagnode> ipv6 isis instance <value>
interfaces switch <name> vif <tagnode> isis circuit-type level-1
interfaces switch <name> vif <tagnode> isis circuit-type level-1-2
interfaces switch <name> vif <tagnode> isis circuit-type level-2-only
interfaces switch <name> vif <tagnode> isis hello-interval level-1 <value>
interfaces switch <name> vif <tagnode> isis hello-interval level-2 <value>
interfaces switch <name> vif <tagnode> isis metric level-1 <value>
interfaces switch <name> vif <tagnode> isis metric level-2 <value>
interfaces switch <name> vif <tagnode> isis network point-to-point
interfaces switch <name> vif <tagnode> isis passive
interfaces switch <name> vif <tagnode> isis password
interfaces switch <name> vif <tagnode> isis password clear <value>
interfaces switch <name> vif <tagnode> isis password md5 <value>
interfaces switch <name> vif <tagnode> isis priority level-1 <value>
interfaces switch <name> vif <tagnode> isis priority level-2 <value>
interfaces switch <name> vif <tagnode> isis topology ipv4-mgmt
interfaces switch <name> vif <tagnode> isis topology ipv4-multicast
interfaces switch <name> vif <tagnode> isis topology ipv4-unicast
interfaces switch <name> vif <tagnode> isis topology ipv6-dstsrc
interfaces switch <name> vif <tagnode> isis topology ipv6-mgmt
interfaces switch <name> vif <tagnode> isis topology ipv6-multicast
interfaces switch <name> vif <tagnode> isis topology ipv6-unicast
protocols isis <area-tag> mpls-te
protocols isis <area-tag> mpls-te router-address <value>
protocols isis <area-tag> topology ipv4-mgmt
protocols isis <area-tag> topology ipv4-mgmt overload
protocols isis <area-tag> topology ipv4-multicast
protocols isis <area-tag> topology ipv4-multicast overload
protocols isis <area-tag> topology ipv4-unicast
protocols isis <area-tag> topology ipv4-unicast overload
protocols isis <area-tag> topology ipv6-dstsrc
protocols isis <area-tag> topology ipv6-dstsrc overload
protocols isis <area-tag> topology ipv6-mgmt
protocols isis <area-tag> topology ipv6-mgmt overload
protocols isis <area-tag> topology ipv6-multicast
protocols isis <area-tag> topology ipv6-multicast overload
protocols isis <area-tag> topology ipv6-unicast
protocols isis <area-tag> topology ipv6-unicast overloadSupport for non-dataplane interfaces
Some interfaces do not (yet) have support in DPDK and will be owned by the kernel. They are likely to be used for the management of the system and not for the main packet forwarding functions. The ‘interfaces system’ configuration model provides a method of configuring such interfaces in a manner consistent with the rest of the system. All packet forwarding on such interfaces will occur in the kernel. The configuration available on these interfaces is a significantly smaller subset of the configuration available on interfaces owned by the dataplane.
interfaces system <ifname>
interfaces system <ifname> address dhcp
interfaces system <ifname> address dhcpv6
interfaces system <ifname> description <value>
interfaces system <ifname> disable
interfaces system <ifname> disable-link-detect
interfaces system <ifname> ip enable-proxy-arp
interfaces system <ifname> ip gratuitous-arp reply drop
interfaces system <ifname> ip gratuitous-arp reply update
interfaces system <ifname> ip gratuitous-arp request drop
interfaces system <ifname> ip gratuitous-arp request update
interfaces system <ifname> ip gratuitous-arp-count <value>
interfaces system <ifname> ip rpf-check disable
interfaces system <ifname> ip rpf-check loose
interfaces system <ifname> ip rpf-check strict
interfaces system <ifname> ipv6 address
interfaces system <ifname> ipv6 address autoconf
interfaces system <ifname> ipv6 address eui64 <value>
interfaces system <ifname> ipv6 address link-local <value>
interfaces system <ifname> ipv6 disable
interfaces system <ifname> ipv6 dup-addr-detect-transmits <value>
interfaces system <ifname> log_martians
interfaces system <ifname> mac <value>
interfaces system <ifname> mtu <value>
interfaces system <ifname> vif <tagnode>
interfaces system <ifname> vif <tagnode> address dhcp
interfaces system <ifname> vif <tagnode> address dhcpv6
interfaces system <ifname> vif <tagnode> description <value>
interfaces system <ifname> vif <tagnode> disable
interfaces system <ifname> vif <tagnode> inner-vlan <value>
interfaces system <ifname> vif <tagnode> ip enable-proxy-arp
interfaces system <ifname> vif <tagnode> ip gratuitous-arp reply drop
interfaces system <ifname> vif <tagnode> ip gratuitous-arp reply update
interfaces system <ifname> vif <tagnode> ip gratuitous-arp request drop
interfaces system <ifname> vif <tagnode> ip gratuitous-arp request update
interfaces system <ifname> vif <tagnode> ip rpf-check disable
interfaces system <ifname> vif <tagnode> ip rpf-check loose
interfaces system <ifname> vif <tagnode> ip rpf-check strict
interfaces system <ifname> vif <tagnode> ipv6 address
interfaces system <ifname> vif <tagnode> ipv6 address autoconf
interfaces system <ifname> vif <tagnode> ipv6 address eui64 <value>
interfaces system <ifname> vif <tagnode> ipv6 address link-local <value>
interfaces system <ifname> vif <tagnode> ipv6 disable
interfaces system <ifname> vif <tagnode> ipv6 dup-addr-detect-transmits <value>
interfaces system <ifname> vif <tagnode> log_martians
interfaces system <ifname> vif <tagnode> mtu <value>
interfaces system <ifname> vif <tagnode> vlan <value>Miscellaneous changes
protocols next-hop resolve-via-default disabled
protocols next-hop resolve-via-default enabled
routing routing-instance <instance-name> protocols next-hop resolve-via-default disabled
routing routing-instance <instance-name> protocols next-hop resolve-via-default enabled
service ssh client-alive-attempts <value>
service ssh client-alive-interval <value>
routing routing-instance <instance-name> service ssh client-alive-attempts <value>
routing routing-instance <instance-name> service ssh client-alive-interval <value>Obsolete features
None
Operational command changes
tech-support archive removed
To prevent DANOS users from accidentally uploading “tech-support” archives that have sensitive information, we have removed this feature.
generate tech-support archive
generate tech-support archive <destination>
generate tech-support archive <destination> authentication username <value> password <value>
generate tech-support archive <destination> authentication username <value> password <value> file-password <value>
generate tech-support archive <destination> password <value>
generate tech-support archive option exclude-command-history
generate tech-support archive password <value>
show tech-support
show tech-support brief
show tech-support option exclude-command-history
show tech-support save
show tech-support save <destination>
show tech-support save <destination> authentication username <value> password <value>
show tech-support save <destination> authentication username <value> password <value> file-password <value>
show tech-support save <destination> password <value>
show tech-support save password <value>
show tech-support save-uncompressed
show tech-support save-uncompressed <destination>
show tech-support save-uncompressed <destination> authentication username <value> password <value>
show tech-support save-uncompressed <destination> authentication username <value> password <value> file-password <value>
show tech-support save-uncompressed <destination> password <value>
show tech-support save-uncompressed password <value>Query dataplane pipeline to find out which features are enabled
If you are working with different pipeline nodes, it can be useful to check which pipeline nodes are actually enabled.
show dataplane feature
show dataplane feature filter <value>
show dataplane feature global
show dataplane feature interface <value>
show dataplane feature ip
show dataplane feature ip6
show dataplane feature l2
show dataplane feature sparse
show dataplane feature vrf <value>Query the dataplane’s view of the MPLS routes
show platform dataplane mpls-route
show platform dataplane mpls-route error
show platform dataplane mpls-route no-resource
show platform dataplane mpls-route no-support
show platform dataplane mpls-route not-needed
show platform dataplane mpls-route partialMiscellaneous changes
add system image routing-instance <value> <image-url> username <value> password <value>
show policy qos <interface-name> filter-classification
show policy qos filter-classification
show queuing <interface-name> filter-classificationResolved Security Vulnerabilities
The following security issues are resolved in this release:
CVE-2020-10730, CVE-2020-27840, CVE-2021-20277: Debian DSA-4884-1 : ldb - security update
CVE-2020-35523, CVE-2020-35524: Debian DSA-4869-1 : tiff - security update
CVE-2015-9542: [DLA 2116-1] libpam-radius-auth security update
Licenses
MSTP/RSA
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.
License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function.
License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind.
These notices must be retained in any copies of any part of this documentation and/or software. */
, multiple selections available,
Related content
Creating a DANOS ISO using binary packages
Creating a DANOS ISO using binary packages
Read with this
Configuration Guide
Configuration Guide
Read with this
Installing DANOS
Installing DANOS
Read with this
Working with configuration
Working with configuration
Read with this
Architectural Overview
Architectural Overview
Read with this