Release Notes PN 93000490_V Digi CM Firmware 80007059_T (Digi CM 8) 80007051_T (Digi CM 16) 80007050_T (Digi CM 32) 80007070_T (Digi CM 48) v 1.9.5 May 11th, 2010 INTRODUCTION This is the production release of firmware for the Digi CM. These devices provide console management access to various servers, devices, and systems that may be accessed by a serial cable to a console port. These devices feature console management through a console menu or web interface to allow configuration of network settings, serial settings, administration settings, and user settings. High-end features include Telnet/SSHv1/SSHv2/RawTCP protocols, Local, RADIUS, TACACS+, and LDAP authentication, Port logging through Local, NFS, and Memory cards, PCMCIA slot and configuration, custom menus, keyword monitoring and SMTP/SNMP notification, 10/100 mbps Ethernet network interface, and Digi Discovery server to allow discovery and network configuration from the Digi Discovery Applet. SUPPORTED PRODUCTS Digi CM 8 Digi CM 16 Digi CM 32 Digi CM 48 Enhancements - Added option to sync RTC with system time. Improvements - Fixed a problem where The Web UI or Configmenu don't show the current Remote auth type for the CLI. - Fixed a problem where Port locks up when accessing an Aix server via ssh and remote ports. - Fixed a problem where Port access via web java app locks user account after only one failed login attempt. KNOWN LIMITATIONS - Web UI, Discovery Applet, and Serial Connection Applet require Netscape 4.76 or higher or Internet Explorer 5 or higher. - The Discovery Applet and Serial Connection Applet also require the Java Runtime Environment (JRE) 1.3 or higher. - Netscape 4 on Windows: the serial port connection applet will not accept so the user cannot login through the applet. - Using cancel button when removing Custom Menus or Copying custom menus causes the page to be submitted and the menus removed or copied, respectively. To cancel without causing this effect, use the browser's Back button. - Kerberos authentication has been removed. If you require Kerberos support, download the CM utilities file (80007071) from the digi web site. Copy kinit to the /usr2 dir on the Digi CM. - If there are a large number of slave units configured the Master can take up to 8 minutes to boot up. - The ftp client has been removed. If you require ftp support, download the CM utilities file (80007071) from the digi web site. Copy ftp to the /usr2 dir on the Digi CM. ADDITIONAL INFORMATION - When using the SUN Java Runtime Environment in Windows, you may need to verify the browser you are using has been enabled with the Java plug-in. To verify, use the following steps: 1. Go to Control Panel in Windows (may be accessed through My Computer or Start menu) 2. If you are using "Category View", click "Switch to Classic View". 3. Click Java Plug-In icon. (if this icon does not exist, verify JRE is correctly installed) 4. Click on the "Basic" tab. 5. Verify "Enable Java Plug-In" is checked. 6. Click on the "Browser" tab. 7. Verify appropriate browser or browsers are checked. 8. Click on the "About" tab. 9. Verify Java Plug-in version is 1.3 or later. - When upgrading releases prior to 1.3.2, Digi advises you to factory default and reconfigure the CM after upgrading the firmware. If upgrading from rev. 1.3.2 or greater, importing configs will work with the exception of the “Serial port->User access control” section. - Digi CM firmware 1.7.0 or higher now uses the standard Digi Discovery Tool. The original CM Discovery Tool will not work. Revisions previous to 1.7.0 only supports the original CM Discovery Tool. History 93000490_U: v1.9.3 06-08-2007 - Added another option for handeling NFS log files when max size is reached. - Added remote authentication to the CLI that does not require a local user. - Added a configurable option for local root access to the console port when the CLI is set for remote authentication. - Increased the port log size to 256 characters. - Added the ability to disable sending a serial break on a per user basis. - Added SNMP support for serial statistics. - Fixed a problem in the Mib where temprature and voltage values for a connected RPM did not display correctly. - Removed all messages regarding the KVM tool. - Fixed a problem where failed Active Detection would cause multiple port logs. - Fixed a problem where PPP was required on the TACACS server in order for the CM to authenticate. - Fixed a problem where you could not change serial parameters through Configmenu when configured for dial-in modem. - Fixed a problem where the Radius attribute NAS-IP was not being sent correctly over a telnet session. - Fixed a problem where SNMP was incorrectly reporting CPU utilization. - Fixed a port lockup problem when connected to some Sun Servers. - Fixed a problem with Clustering where you could not authenticate to a slave if username is more than 19 characters. 93000490_T: v1.9.2 10-13-2006 - Added RADIUS support for "admins" via the web. - Added a configurable idle timeout option for configmenu. - Enhanced Radius support for the Web UI. - Added 2nd Radius server option for CLI configuration. - Enhanced LDAP support to better support Active Directory. - Added Customizable user account time out. - Added file path support to Auto tftp file upload. - Remove "Connectware" from our Digi logo. - Reverse DNS lookup disabled by default. - Added Configurable option for specifying a callback number. - Updated SNMP MIB for RPM outlet status. - Enhanced Daylight savings time configuration. - Corrected Syntax error when exiting from configmenu. - Fixed a problem where the JTA responds very slowly when set for SSH when using SSH2 protocol. - Fixed privilege escalation issue with admin user. - Fixed a problem where it would not read more than 8 characters of the password for root and admin. - Fixed a problem with the boot loader on CM 48. - Fixed a problem with Buffered data with port logging off. - Fixed a problem where Telnet logins to the CLI fail about 1 out of 50 attempts when scripted. - Fixed a problem with the cron binary. - Fixed a problem where Specifying a 2nd tacacs server will fail port authentication. - Fixed a problem with Problems with auto detection of Cisco devices. - Corrected Syntax error when unlocking a user account. - Fixed a problem where Port logging stops when not connected. - Fixed a problem using sniff with port monitoring only mode enabled. - Fixed a problem where Auto device recognition using port title fails. 93000490_S: v1.9.0 - Added cut and paste functionality to the Jta. - RealPort daemon is now disabled until you configure ports for RealPort. - Added an option to configure a gateway for the secondary IP. - Added the ability to modify the Port Title naming rule. - Added the ability to set time intervals to sync with an NTP server. - Added support for LDAP/down/Local authentication. - Added a search option to the port connection page in the Web UI. - Added a confirmation window to the serial port connection page when power cycling an outlet on an RPM. - Added the ability to cut and paste to the system clipboard when using the jta. - Modified the Active detection scripts to be more robust. - Added SAC support to the Active detection script. - Added a more robust memory test to the hardware tests in the bootloader ver 1.2.0 - Added IPv6 support. - Added support for up to 48 slave units for Clustering. - Disabled configuring protocol for slave ports from the master when the slave is autoconfigured. - Fixed a problem where the Port Title naming got deleted when the port is factory defaulted. - Fixed a problem with inconsistency in Keyword notification. - Fixed a problem where you could not remove a Keyword if it is within quotation marks. - Fixed a problem where there was no option to set the number of retries for Radius Authentication to the CLI. - Fixed a problem with IP Filtering when using the Stealth profile. 93000490_P: v1.8.0 10-10-2005 - Added option to disable reverse DNS lookup. - Added option to specify a log name for system logs. - Added support for "Radius down Local" authentication to the CLI. - Added integrated support for configuring Time zones and Daylight savings time. - Enhanced email notification for SNMP traps. - Increased the number of power outlets that can be linked to a port. - Enhanced the way the security profile page is laid out in the Web UI. - Improved the process for enabling/disabling SNMP in the Web UI. - Added support for large flash cards 1GB and greater. - Added HTTP redirector for the standard security profile. - Added enhancements to the LDAP search path. - Added Virtual KVM support. - Fixed problem where "NAS-IP-Address" the host name instead of the IP. - Fixed problem caused when importing a configuration with an invalid date. - Fixed problem with enforcing password history. - Fixed problem with per port setting when changing security profiles. - SNMP is now disabled in the standard security profile. - Fixed problem when unit is factory defaulted it would not come up in the standard security profile. - Fixed problem with "<" in system logs. - Fixed problem in custom menus not supporting more than 32 clustered ports per slave. - Fixed problem with Auto config backup not working "Periodically" - Fixed syntax error in Auto backup system message. - Fixed problem using delimiters when port is in Raw TCP mode. 93000490_P: v1.7.0.1 08-09-2005 - Added + and - as legal keys for page-up and page-down within custom menus - Fixed problem with intermittent protocol errors when doing lots of SSH connections. - Fixed problem where a corrupted cookie would not allow login to the Web UI via DNS name. - Fixed problem where ADR caused port logging not to work. - Fixed problem where TACACS+/Local authentication failed when the TACACS+ server is down. 93000490_N: v1.7.0 06-17-2005 - Added the ability to remote authenticate to CLI. - Added the ability to view the slave units Port Titles when Clustered. - Added Access list so that custom groups can be added. - Enhanced login password security. - Added Port connect/disconnect message to the system log files. - Added option to disable SNMP. - SSH v1 is disabled now by default. - Added a message to system log if a port was connected/disconnected. - The system up time is now displayed in the Web UI. - Fixed problem where Save acknowledgment message shows up in a wrong browser window. - Added the ability to detect if a device is attached to the port. - Added the ability to disable the global port escape menu. - Added the ability to set a minimum password length. - Added password aging. - Added the ability to disable SNMP via Web UI / config menu. - Added login/logout messages to the system logs when people login to the CLI. - Added SNMP and email notification if NFS server is disconnected. - Added the ability for Clustering and SSH to connect to ports via the port title. - Added the ability to issue commands via the Automated TFTP upgrade utility. - Changed the default state of Alternate IP to disabled. - Added Automated configuration backup. - Changes to Syslog facility now take effect immediately. - Added Custom PAM module support. - Upgraded the TACACS+ package. - Enhanced response time for Radius authentication. - Added option to enable/disable automatic backup of syslogs and port logs when mounted Flash Card or NFS server. - Added Digi ADDP support. - Fixed problem When using custom menus. Adding an item to execute a command failed if it requires input. - Fixed problem with disconnecting a sniff session that caused a port lock up. - IP filtering settings are now preserved when upgrading the firmware. 93000490_M: v1.6.5 01-20-2005 - The Digi CM now supports RealPort Com Port redirection. During the configuration of RealPort on the client, the IP address of the Digi CM has to be entered manually. - The SNMP capabilities have been extended. A new MIB has been released adding the ability to read and write parameters of the Digi CM using SNMP. After any parameters have been changed, they have to be saved and activated by writing to the OID: generalSaveApplyConfig. - A regular user with access rights to a port can now access the Microsoft SAC pages. - The IP filtering will be reset by factory default without factory defaulting the IP settings. - Custom port log file names now work with the SAC web page. - Fixed problem where CM would hang upon boot if bad a cable is connected to a port and using Hardware flow control. - Fixed problem with "configmenu" where the "All Ports" option would fail to set user access controls. - Fixed problem in "configmenu" where you could not export a config to the local machine. - Fixed problem with Active Detection that caused an undo amount of entries in the System logs. - Fixed problem where the routing table would not get flushed until after a reboot if the gateway was changed. - Fixed memory leak with Active Detection when the detection scripts are not present. 93000490_L: v1.6.0 06-21-2004 - Added Automatic Device Recognition - Added support for Rackable Systems Management Controller - Added support for the Digi RPM power controller - A message is sent out if the port is closed as another user is active - Added support for automatic TFTP firmware upgrade upon boot - Added MD5 support to validate passwords longer than 8 characters - Added support for read only access to ports - Upgraded OpenSSH to V3.8.1p1 - Added support for Radius down local authentication - Added support for special characters in passwords - Added support for longer descriptions in SNMP fields 93000490_K: v1.5.0.4 06-21-2004 - Added support for new Digi CM 48 hardware revision 93000490_J: v1.5.0 04-22-2004 - Added an option to "Change Password" in the Port Access Menu. - Users may use variable names for port logging. - Added support for "Netgear FA411" PCMCIA Ethernet card. - Added modem dial-in support to "Console Port". - Turning DHCP on will now set DNS to auto. - Upgraded OpenSSH to 3.7.1p2 and OpenSSL to 0.9.6m - Users now have the option to disallow "root" access from everything except when using the CM console port. - Web UI now reconnects to login page after reboot or firmware upgrade. - Added ability to configure a secondary IP Address so "Clustering slaves" may be addressed using non routable IP address. - Added the ability to change root password through Web UI. - Added "SNMP Login trap" support to the "Dialin Modem". - Added email alert notification to serial port SNMP traps. - Removed the ability to disconnect existing users via port access menu. - Implement "Global SNMP Trap" receiver settings. - Added support for SecurID's "new Pin" and “next Token Code" mode. - Added ability to show bootloader revision during system operation. - Added notification in Web UI for port events. - Added bi-directional data logging on serial ports. - Added option to show last 10 lines of unread data when connecting to a port. - Serial ports support 45 character user names for remote authentication. - Added ability to local users to remotely authenticate to clustered ports. 93000490_I: Skipped 93000490_H: v1.4.0 12-20-2003 - Provide download utilities cron, fuser, and netstat - Updated Web UI to present configurable options only - Web UI now displays logged in web user - Improved error reporting during SAC connection failures - Added direct URL support to access the Java Telnet application - Enhanced LDAP support by adding OU to the search path - Added Japanese language support to SAC - Added Japanese language and UTF-8 support to the Java Telnet application - Added configurable escape sequence which will return user back to the custom menu - Added power management support - Added Daylight savings time support - Port title can be used as an alias for the port number when SSH or Telnet to port - Administrative users now have the ability to disconnect users from ports through the Web UI - Added the ability to use the host name for the CLI prompt instead of the IP - Added Corega LAN Card Support - Added the ability to use the DNS name of an NFS server instead of the IP - The "hosts.cnf" file is now user editable - Added port reset command to the CLI - CM will now continue sending DHCP requests if DHCP fails 93000490_G: v1.3.2 10-03-2003 - Updated SSH to correct problem specified in advisory. 93000490_F: v1.3.0 09-08-2003 - Added SNMP Trap on CTS On/Off per serial port - Added enable/disable button for the First SMTP server - Improved Configuration File Importing / Exporting - Automatic notification when initiating a sniff session. - Added SNMP support for login traps. - Added option in WEB UI to config menu that will disable telnet to the Digi CM. - Added a 'send break' option via the Digi CM telnet client. - Added the ability to view active user and reset "stuck" port from the WebUI. - Added second trap receiver for Keyword Alerts. - Added IP of the slave units in the "Port access menu". - WEB UI - User Admin - Just click on the user instead of selecting "edit". - Added configurable port break sequence. - Added visible IP address when using DHCP with a wireless card. - Added Orinoco wireless PC Card support. - Added confirmation request before killing a process with SAC command. - Added encrypted NFS. 93000490_E: v1.1.3 07-11-2003 - Added support for PC Modem Cards Multitech, Starlogic, Actiontec, and Zoom - Change Unit # on clustering connection page of Web UI from numeric character to alphabetic character. 93000490_D: NA 93000490_C: v1.1.0 05-12-2003 - Added Microsoft System Special Administration Console (SAC) support. - Added Shadow password support. - Added ability to switch directly between serial port configuration pages - Port Access Menu to access slave units in clustered scenario. - Add option to launch telnet session instead of Java applet for port connection. - Added support for Kerberos authentication. - Added remote Authentication to WebUI. - One Step Save and Apply. - Configurable escape sequence per port. - Checkbox to allow all users with port access to sniff. - Added ability for sniff users to switch between read only access and read/write access on a port. - Added an in-use and by-use comment field in serial port connection screen. - Customizable port log filename to NFS Server. - Reduce character limit of usernames down to 3. - Add secondary NFS Server option for System and Port logs. - Add Date/Time stamp option to Port logs. - Use LED graphics in the web UI instead of on/off text. - Added SNMP trap for alert. - Added prompt before sending break key to applet window. - Increased limit of sniff sessions per port to 15. - Upgraded SSH Client to current version (3.5p1) - Added the ability to disable Alt. IPs. 93000490_B1: v1.0.03.01 05-21-2003 - Port lockup with F-Secure or SSH 3.2.3 clients is fixed 93000490_A1: v1.0.03 03-06-2003 - Bug for WYSE dumb terminals support is fixed - Bug for setting the date in the bootloader is fixed - Bug for setting the system time in the bootloader is fixed 93000490_A: v1.0.02 02-26-2003 - Initial release