Release Notes

Stratix 5400 family of Ethernet managed switches, 1783-HMS
Version 15.2(8)E4 (released 6/2023)

Catalog Number 1783-HMS 

These release notes describe version information for 1783-HMS, version 15.2(8)E4 (released 6/2023).

Features

This release includes the following system features.

REP Segment ID Autodiscovery

Feature First Identified as of IOS Release 15.2(8)E4

This feature allows the REP Segment ID Autodiscovery feature to exist on Cisco Classic IOS switches.

REP Zero Touch Provisioning

Feature First Identified as of IOS Release 15.2(8)E4

The REP ZTP feature allows PnP to function on the insertion of a new switch into an existing REP ring.

Corrected Anomalies in This Release

This release corrects the following anomalies.

Stratix in Boundary Clock Mode Should Allow Setting Default UTC Offset in Device Manager (SWCSTRATIX-1905)

Corrected Anomaly as of IOS Release 15.2(8)E4

When a LAN switch in PRP topology is rebooted and comes back online, DAN devices show time shifts of 37 seconds until the switch is synced to the GM with the correct UTC offset. The time jump lasts 1…3 seconds. Need to add CLI command “ptp utc-offset” to the Boundary Clock mode on Classic and IOS XE platforms.

Switch with 10M Link may Drop First Frame on Linkup

Corrected Anomaly as of IOS Release 15.2(8)E4

A switch may drop the first frame that comes in the interface when the link is running at 10M. All subsequent frames are forwarded with no issue.

ID: 26205

Unable to Apply MKA Policy

Corrected Anomaly as of IOS Release 15.2(8)E4

Unable to apply MKA Policy "MKAPOLICY" to this interface.

Workaround: If 'show mka policy' shows any interfaces as having the "DEFAULT POLICY' attached, then temporarily apply a dummy MKA policy to those interfaces.

ID: 60460

REP Diagnostics Show a Maximum of 22 Switches (Lgx00194932)

Corrected Anomaly as of IOS Release 15.2(8)E4

Known Anomaly First Identified as of IOS Release 15.2(6)E0a

This diagnostics page should be able to list more than 22 switches in the REP ring.

Disabling PTP on a Port in Boundary Clock Mode stays Disabled after Changing to TC Mode (Lgx00207278)

Corrected Anomaly as of IOS Release 15.2(8)E4

Known Anomaly First Identified as of IOS Release 15.2(6)E0a

When you disable PTP on a Port in Boundary Clock Mode it stays disabled after you change to TC Mode.

Device Manager IPDT Page cannot Delete or Remove previous IPDT Settings (Lgx00220837)

Corrected Anomaly as of IOS Release 15.2(8)E4

Known Anomaly First Identified in IOS Release 15.2(7)E

The IPDT page in Device Manager cannot delete or remove previous IPDT settings.

IPDT Probe Delay (Lgx00218267)

Corrected Anomaly as of IOS Release 15.2(8)E4

Known Anomaly First Identified as of IOS Release 15.2(7)E

When trying to configure IPDT there is an option for Probe Delay. In Device Manager the range for Probe Delay is 0…120 seconds. However, Probe Delay for 0 seconds is not valid, and Device Manager changes it back to the previously set delay.

Device Manager NetFlow Template for StealthWatch Missing Command (Lgx00216330)

Corrected Anomaly as of IOS Release 15.2(8)E4

Known Anomaly First Identified as of IOS Release 15.2(7)E

When configuring NetFlow via Device Manager specifically for use with StealthWatch, collect counter packets are missing from the commands.

AAA and SCP Server Command Authorization Issue

Corrected Anomaly as of IOS Release 15.2(8)E4

An access device policy with "Deny Any" command set but with Shell Profile set to 15 (to mimic the "permit specific level 15 commands for certain users" scenario that is described in the report and actively being used for RBAC) on a device exposes the running configuration. The IOS versions that we tested (recent tests are on IOS XE 17.03.05) show no audit trail whatsoever on the specific SCP request to retrieve and to push changes. It's important to note that there is no direct device CLI access performed. The action that is taken is an "SCP" command from an endpoint (like a management server) towards the device. Both a "configuration pull" and a "configuration push" initiated from that (Linux) host allow the access. Attack scenario: attacker obtains a limited access account that does not expose the configuration (through show run) but does expose specific commands that normally fall under Level 15 scope. Using the SCP initiated from an endpoint, the configuration becomes visible. The combination of an underdocumented "Shell Profile Level 15" configuration tied to the risks associated with the SCP server requirement (which is a valid and normal requirement) together with the lack of any audit trail for SCP-based file I/O (read and write) from the IOS level is an interesting attack vector.

ID: 55871

Known Anomalies in This Release

This release has the following known anomalies.

Removing DLR Configuration Globally Deletes DHCP Pool Configurations (SWCSTRATIX-4846)

Corrected Anomaly as of IOS Release 15.2(8)E5

Known Anomaly First Identified with IOS Release 15.2(8)E4

If you remove a DLR configuration globally to test if all the DLR related configurations get removed, the DHCP pool configurations are also deleted.

No Logging Message Seen with "sh platform software factory-reset secure log”

Known Anomaly First Identified as of IOS Release 15.2(8)E4

There is no logging message seen with the “sh platform software factory-reset secure log” in CLI for the RA3K platform.

ID: 59337

  

Medium Press Express Setup with Non-Default VLANs add the IP DHCP Configures to the Wrong VLAN (SWCSTRATIX-4839)

Corrected Anomaly as of IOS Release 15.2(8)E5

Known Anomaly First Identified with IOS Release 15.2(8)E4

While running Express Setup using Medium Press, and submitting a non-default VLAN, the non-default VLANs add the DHCP configurations to the default VLAN 1 instead of selected management VLAN.

Known Anomalies from Previous Releases

These anomalies are from previous releases but are still known in this release.

DHCP Lease Doesn’t Work as Expected (SWCSTRATIX-5189)

Corrected Anomaly as of IOS Release 15.2(8)E6

Known Anomaly Identified as of IOS Release 15.2(8)E3

Creating a User-Defined DHCP Pool from Device Manager does not lose its IP address.

PTP Over PRP K5500 Axis Reports FD04 but Time Sync is Enabled (Lgx00198154) (SWCSTRATIX-583)

Corrected Anomaly as of IOS Release 15.2(8)E6

Known Anomaly Identified as of IOS Release 15.2(8)E3

PTP over PRP K5500 axis reports FD04 but Time Sync is enabled. When the anomaly occurs, after waiting for about 1 hour and 40 minutes, the axis syncs successfully and motion resumes.

Remove UDLD Port aggressive command from Multiport device smart port (SWCSTRATIX-4408)

Known Anomaly Identified as of IOS Release 15.2(8)E1

The UDLD Port aggressive command needs removed from Multiport device smart port.

Port Thresholds Unresponsive in Device Manager
Known Anomaly Identified as of IOS Release 15.2(3)EA1.fc2
Editing a field too quickly can cause in-line editing to become unresponsive on the Port Thresholds page in Device Manager.

Workaround: Editing the box repeatedly works if you wait one or two seconds for Device Manager to push the update to the device.

Incorrect Frame Rate for Classes with Larger Queue-limit Sizes

Known Anomaly Identified as of IOS Release 15.2(2)EA1

Stratix 5400™ Firmware Revision 1.001

When a port becomes congested, classes with larger queue-limit sizes do not receive more frames per second than classes with smaller queue-limit sizes.

Workaround: There is no workaround.

Mini-USB Cables Incompatible with Windows 7

Known Anomaly Identified as of IOS Release 15.2(2)EA1

Stratix 5400™ Firmware Revision 1.001

When connecting a mini-USB cable to a computer running Windows 7, the system attempts to install the device driver but returns an error.

Workaround:

  1. Install the USB console driver to \windows 64\setup(x64).
  2. Follow the installation wizard and accept the default configuration.
  3. Restart the computer.
  4. After restarting the computer, connect the USB cable. The system returns an error message stating that the device driver software installation failed.
  1. Click the Windows Start button, right-click Computer, and choose Manage.
  2. Under Computer Management, choose Device Manager.
  3. Expand Ports (COM & LPT).
  4. Right-click the port with the yellow exclamation point, and choose Properties.
  5. On the Driver tab, click Update Driver.
  6. Click Browse my computer for driver software.
  7. Click Let me pick from a list of device drivers on my computer.
  8. Choose the serial driver and take note of the communication port.

The device driver is installed successfully.

 

System Does Not Notify on Lost LAN_A or LAN_B Errors in PRP

Known Anomaly Identified as of IOS Release 15.2(2)EA1

Stratix 5400™ Firmware Revision 1.001

The system provides no indication of a lost connection on LAN_A or LAN_B when using Parallel Redundancy Protocol (PRP). However, traffic is still routed to its destination due to LAN redundancy.

Workaround: There is no workaround.

Last Kinetix Faults when DLR is Recovering (SWCSTRATIX-6849)

Corrected Anomaly as of IOS Release 15.2(8)E8

Known Anomaly First Identified as of IOS Release 15.2(8)E1

When the Ethernet cable is reconnected, the Kinetix faults.

PRP Status Indicators
Known Anomaly Identified as of IOS Release 15.2(4)EA3
Stratix 5400™ Firmware Revision 2.001
In PRP mode, the port status indicators do not correctly show the status of Parallel Redundancy Protocol (PRP). PRP mode is available only via the Disp. Mode button on the physical switch.
Workaround: There is no workaround for this issue.

PRP Randomly Disabled

Known Anomaly Identified as of IOS Release 15.2(4)EA3
Stratix 5400™ Firmware Revision 2.001

Parallel Redundancy Protocol (PRP) becomes disabled at random intervals.
Workaround: To re-enable PRP on the switch, connect to the switch via a console port and enter shut and then no shut commands via the command-line interface (CLI).

Extended ACLs

Known Anomaly Identified as of IOS Release 15.2(4)EA3
Stratix 5400™ Firmware Revision 2.001
If you first create an extended, IP-numbered access control list (ACL) via the command-line interface (CLI), you cannot enter the source/destination ports and source/destination operator on the ACL List page in Device Manager.
Workaround: Re-edit the extended IP ACLs to add source and destination ports via the CLI.

EtherChannels on Port Settings Page

Known Anomaly Identified as of IOS Release 15.2(4)EA3
Stratix® 5400 and 5410 Firmware Revision 2.001
Stratix 5700 and ArmorStratix™ 5700 Firmware Revision 7.001
Stratix 8000 and 8300 Firmware Revision 11.001

On the Port Settings page in Device Manager, port names appear in numerical order except for ports assigned to an EtherChannel. As shown below, ports Fa1/1 and Fa1/2 appear under their EtherChannel, Po1. Ports Gi1/1 and Fa1/8 also appear under their EtherChannel port group, Po2.

graphic

Change to Ring Device Causes Ring Fault

Known Anomaly Identified as of IOS Release 15.2(5)EA.fc4

If you change the role of a ring device (node, supervisor, or backup supervisor), the device temporarily stops forwarding beacon packets and causes a ring fault.
Workaround: Only change the role of a ring device during an outage window.

Parallel Redundancy Protocol (PRP) Channel Remains Connected

Known Anomaly Identified as of IOS Release 15.2(5)EA.fc4

Stratix® 5400 and 5410 Firmware Revision 3.001

PRP channel remains in a connected state when one of the channel ports is in a suspended state. A port configuration mismatch can cause a port to become suspended.
Workaround: Correct the port configuration mismatch. To reconnect the port in a suspended state, use the command-line interface (CLI) to enter shut/no shut.
Interface Link Flaps with Resilient Ethernet Protocol (REP)
Known Anomaly Identified as of IOS Release 15.2(4)EA3
Stratix® 5400 Firmware Revision 2.001
Interface link flaps (when an interface continually goes up and down) occur in a REP ring with three or more nodes when the lsl-age timer is set to 120 ms. The flaps occur after a period of a few minutes to a couple of hours. Repeated link flaps can cause the switch to fail.
Workaround: Increase the rep lsl-age timer to a value greater than 120 ms. The recommended value is 3000 ms.
Unsupported MIB Object

Known Anomaly Identified as of IOS Release 15.2(5)EA.fc4

Stratix® 5400 and 5410 Firmware Revision 3.001

The following MIB object is not supported in this release: ciscoenvMonAlarmContact

Workaround: Use the command-line interface (CLI) to set alarm contacts as follows:

switch(config)# alarm contact 1 descriptions TEST
You can view the contact description from the following command:
switch# show run | inc alarm
alarm contact 1 description TEST
Port Statistics for PRP Channels

Known Anomaly Identified as of IOS Release 15.2(6)E0a

Stratix® 5400 and 5410 Firmware Revision 4.001

In Device Manager, the Overview tab on the Port Statistics page accurately displays data for PRP channels, which are marked with an asterisk. However, the Transmit Details and Receive Detail tabs always display zero values for PRP channels instead of actual unicast, multicast, and broadcast packet numbers.
Multicast Traffic in a PRP System with IGMP Querier
Known Anomaly Identified in All IOS Releases

This anomaly applies to a PRP system that includes a switch configured as an IGMP querier. If any Stratix  switch in the PRP system loses connection to the IGMP querier, then multicast traffic is interrupted as soon as the connection to the querier is re-established. The interruption can affect multicast CIP connections and PTP (Precision Time Protocol).

Workaround: Disable IGMP snooping on all switches in LAN A and LAN B.
Security Certificate Browser Warning for Device Manager

Known Anomaly Identified as of IOS Release 15.2(6)E0a

When accessing Device Manager with the latest version of Firefox or Internet Explorer, a warning appears about a weak signature or weak server certification:
Workaround: There is no workaround for this issue. Proceed to Device Manager.
VLAN 0 Packets

Known Anomaly Identified as of IOS Release 15.2(6)E0a

On Stratix 5400 and 5410 switches, VLAN 0 packets (64 bytes) are not treated as error packets (undersize) on ingress and traffic passes through.
On Stratix 5700 switches, the packets are reported as undersized.
This issue occurs when VLAN 1 is UP. The error goes away if VLAN 1 is assigned an IP address.
Workaround: There is no workaround for this issue.
HTTPS Fails Upon Removal and Insertion of SD Card

Known Anomaly Identified as of IOS Release 15.2(6)E0a

Stratix® 5400 Firmware Revision 4.001

HTTPS fails upon removal and insertion of SD card and restarts the switch with the SD card installed. This issue occurs randomly. When it occurs, the following message appears in the browser:

Secure Connection Failed
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Workaround: Remove and regenerate crypto certificates.
EDS Files

Known Anomaly Identified as of IOS Release 15.2(6)E0a

The EDS files packaged with the firmware for the Stratix 5400, 5410, 5700, and ArmorStratix 5700 switches are incorrect.
Workaround: Download the correct EDS files from http://www.rockwellautomation.com/resources/eds/.
NTP Associations (Lgx00196775)
Known Anomaly Identified as of IOS Release 15.2(6)E1

In the Studio 5000 Logix Designer application, you cannot delete a Network Time Protocol (NTP) association on the NTP Client view.

Workaround: Use Device Manager to delete an association.

DLR DHCP and IGMP Snooping VLAN ID (Lgx00206905)
Known Anomaly Identified as of IOS Release 15.2(6)E1

When setting up DHCP for ring devices and the active and backup DHCP servers are not on VLAN 1, there is no method in Device Manager to configure DHCP snooping on a VLAN for the backup DHCP server.

Workaround: Use the command-line interface (CLI) to enable DHCP snooping on a VLAN for the backup DHCP server:

ip dhcp snooping vlan [id]

For more details, see Knowledgebase answer ID 542120.

Plug-n-Play Mode (Lgx00209441)
Known Anomaly Identified as of IOS Release 15.2(6)E1

Plug-n-Play (PnP) mode does not work properly with FactoryTalk® Network Manager software.

Workaround: Use Express Setup mode in Device Manager to configure network settings or use PnP mode with a prior IOS release.


PRP-HSR RedBox Persistent Logging Message (Lgx00214016)
Known Anomaly Identified as of IOS Release 15.2(6)E2a
Stratix® 5400 Firmware Revision 5.001
Switches that are configured with Parallel Redundancy Protocol-High Availability Seamless Redundancy, Redundancy box (PRP-HSR RedBox), continuously display messages when console logging is enabled. The messages include the names of the interfaces that are disabled, along with text that states 'unshut is not permitted'. These messages cause the console port to be temporarily unusable.


Grand Master Clock Synchronization
Known Anomaly Identified as of IOS Release 15.2(6)E2a
When the non-default Virtual Local Area Network (VLAN) is set to ‘trunk’ mode, Grand Master Clock (GMC)-1 does not sync with GMC-2.
Workaround: Configure trunk mode with all allowed default VLAN.


Port Thresholds (Lgx00186022, Lgx00196774)
Known Anomaly Identified as of IOS Release 15.2(5)EA.fc4
Stratix® 5400 Firmware Revision 5.001
In the Studio 5000 Logix Designer application, you cannot set port thresholds for the Stratix 5400 switch.

  

EtherNet/IP RegisterSession Connection Limit

Corrected with IOS Release 15.2(7)E1a

Stratix® 5400 and 5410 Firmware Revision 7.001


CIP: The EtherNet/IP™ RegisterSession requires a connection limit to avoid denial-of-service.

Workaround: Limit connections to avoid denial-of-service through the CLI or CIP connection.

ID: 17827


  

Mismatch in Response between Attributes (Lgx00186592)

Known Anomaly First Identified as of IOS 15.2(6)

There is a mismatch in the response between two attributes when a static MAC address is added.

Workaround: There is no workaround.


Improved Product Resiliency in Stratix Switches

Product Feature First Identified as of IOS Release 15.2(7)E2:

Product improvements have been made to increase resiliency. See Product Security Vulnerabilities for more information.

  
PTP Boundary Clock Mode (Lgx00205085)
Known Anomaly Identified as of IOS Release 15.2(7)E3
In Boundary mode, PTP fails to build a consistent Boundary clock hierarchy. In a redundant star topology, any uplink failure causes a loss of synchronization between cells. In a ring topology, there is almost always a loss of synchronization between the cells.
Workaround: There is no workaround.

IP arp Inspection Commands appears after Express Setup and Reload (Lgx00234348)

Known Anomaly as of IOS Release 15.2(6)E2a

After an express setup and a reload, new commands appear on the startup configurations.

Workaround: Remove with CLI.

Dropping Message Errors are Not Updating in Error Counters

Known Anomaly First Identified in IOS Release 15.2(8)E

Error counters are not increasing in the switches.

ID:52065

DLR Beacon Parameters Change After a Rapid Fault on the Switch Causing Instability (SWCSTRATIX-4412)

Corrected Anomaly as of IOS Release 15.2(8)E5

Known Anomaly First Identified with IOS Release 15.2(8)E3

DLR beacon parameters change after a rapid fault on a Stratix 5400 switch.

Device Manager does not Allow Setting the Falling Threshold Value for Storm-Control (SWCSTRATIX-4350)

Corrected Anomaly with IOS Release 15.2(8)E5

Known Anomaly First Identified with IOS Release 15.2(8)E1

Device Manager does not allow you to set the falling threshold value for storm-control.

Produced and Consumed Safety Tags through the Switch Cause a Layer 2 Error (SWCSTRATIX-2447)

Corrected Anomaly as of IOS Release 15.2(8)E5

Known Anomaly First Identified with IOS Release 15.2(8)E1

A problem exists for Produce/Consume Safety Data between two L8xS families CPU communicating on a switch where the level 2 NAT is set.

Rockwell Automation recognizes that some of the terms that are currently used in our industry and in this publication are not in alignment with the movement toward inclusive language in technology. We are proactively collaborating with industry peers to find alternatives to such terms and making changes to our products and content. Please excuse the use of such terms in our content while we implement these changes.

Copyright © 2025 Rockwell Automation, Inc. All rights reserved.
Rockwell Automation, Allen-Bradley, and FactoryTalk are trademarks of Rockwell Automation, Inc.
To view a complete list of Rockwell Automation trademarks please click here.
Trademarks not belonging to Rockwell Automation are property of their respective companies.