Allied Telesis 86222-21 User Manual
Size:
173.11 Kb
Download

Patch Release Note

Patch 86222-21

For Rapier Switches and AR800 Series

Modular Switching Routers

Introduction

This patch release note lists the issues addressed and enhancements made in patch 86222-21for Software Release 2.2.2 on existing models of Rapier L3 managed switches and AR800 Series L3 modular switching routers. Patch file details are listed inTable 1.

Table 1: Patch file details for Patch 86222-21.

Base Software Release File

86s-222.rez

 

 

Patch Release Date

03-Oct-2002

 

 

Compressed Patch File Name

86222-21.paz

 

 

Compressed Patch File Size

408864 bytes

 

 

This release note should be read in conjunction with the following documents:

Release Note: Software Release 2.2.2 for Rapier Switches, AR300 and AR700 Series Routers, and AR800 Series Modular Switching Routers (Document Number C613-10313-00Rev A) available fromwww.alliedtelesyn.co.nz/documentation/documentation.html.

Rapier Switch Documentation Set for Software Release 2.2.1 available on the Documentation and Tools CD-ROMpackaged with your switch, or fromwww.alliedtelesyn.co.nz/documentation/documentation.html.

AR800 Series Modular Switching Router Documentation Set for Software Release 2.2.1 available on the Documentation and Tools CD-ROMpackaged with your switching router, or fromwww.alliedtelesyn.co.nz/ documentation/documentation.html.

WARNING: Using a patch for a different model or software release may cause unpredictable results, including disruption to the network. Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesyn International. While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesyn International can not accept any type of liability for errors in, or omissions arising from the use of this information.

Simply connecting the world

2

Patch Release Note

Features in 86222-21

Patch 86222-21includes all issues resolved and enhancements released in previous patches for Software Release 2.2.2, and the following enhancements:

PCR: 02167

Module: FIREWALL

Network affecting: No

Locally generated ICMP messages, that were passed out through a firewall interface because they were associated with another packet flow, had their source address changed to that of the associated packet flow and were also forwarded with incorrect IP checksums. This only occurred when there was no NAT associated with the packet flow. This issue has been resolved.

PCR: 02236

Module: FIREWALL

Network affecting: No

Sometimes the retransmission of an FTP packet was not permitted through the Firewall. This issue has been resolved.

PCR: 02245

Module: VRRP

Network affecting: No

VRRP returned an incorrect MAC address for an ARP request. This issue has been resolved.

PCR: 02327

Module: IPG/FIREWALL

Network affecting: No

In some situations, multihomed interfaces caused the Firewall to apply NAT and rules incorrectly when packets were received from a subnet that was not attached to the receiving interface. This issue has been resolved.

PCR: 02329 Module: DHCP

Network affecting: No

An ARP entry for a host has been removed whenever a DHCP DISCOVER or DHCP REQUEST message is received from the host. This allows for clients changing ports on a switch.

PCR: 02332

Module: IPSEC

Network affecting: No

The sequence number extracted from the AH and ESP header was in the wrong endian mode, which caused an FTP error with IPSEC anti-replay.This issue has been resolved.

PCR: 02343

Module: PPP

Network affecting: No

When acting as a PPPoE Access Concentrator (AC), if a PPPoE client sent discovery packets without the "host-unique"tag, the discovery packets sent by the AC were corrupted. This issue has been resolved.

PCR: 02368

Module: IPG/IGMP

Network affecting: No

IGMP failed to create an automatic IGMP membership with no joining port when it received multicast data that no ports were interested in, when IP TimeToLive was set to 1 second. Also, IGMP erroneously sent a query on an IGMP enabled IP interface even when IGMP was disabled. These issues have been resolved.

Patch 86222-21for Software Release 2.2.2C613-10319-00REV T

Patch 86222-21For Rapier Switches and AR800 Series Modular Switching Routers

3

PCR: 02374 Module: SWI Network affecting: No

In the ADD SWITCH L3FILTER command, the EPORT parameter incorrectly accepted the value 62-63as multicast and broadcast ports63-64.This issue has been resolved.

PCR: 02397 Module: DVMRP

Network affecting: No

After a prune lifetime had expired, the interface was not joined back to the

DVMRP multicast delivery tree. This issue has been resolved.

PCR: 02404

Module: IPG

Network affecting: No

DVMRP multicast forwarding failed to send tagged packets to a tagged port. Packets were erroneously sent untagged to tagged ports. This issue has been resolved.

Features in 86222-20

Patch file details for Patch 86222-19are listed inTable 3:

Table 2: Patch file details for Patch 86222-20.

Base Software Release File

86s-222.rez

 

 

Patch Release Date

23-Aug-2002

 

 

Compressed Patch File Name

86222-20.paz

 

 

Compressed Patch File Size

397708 bytes

 

 

Patch 86222-20includes all issues resolved and enhancements released in previous patches for Software Release 2.2.2, and the following enhancements:

PCR: 01226

Module: IGMP

Network affecting: Yes

The IGMP specific query sent by the router/switch now contains the correct default response time of 1 second. Also, ifOutOctets in the VLAN interface MIB now increments correctly.

PCR: 01270

Module: APPLE

Network affecting: No

If a port did not belong to an ethernet interface, or was not directly connected to the seed port it could not receive advertised router numbers. This issue has been resolved.

PCR: 01285

Module: OSPF

Network affecting: No

When an interface went down (or was disabled) on an AS border router, the external routes were not removed from the routing domain. Such routes are now removed by premature aging.

PCR: 02024

Module: IPG

Network affecting: No

Proxy Arp can now be used on VLAN interfaces.

Patch 86222-21for Software Release 2.2.2C613-10319-00REV T

4 Patch Release Note

PCR: 02122 Module: FIREWALL Network affecting: No

A fatal error sometimes occurred if a TCP session originating on the public side of the firewall sent packets before the session was established with the host on the private side of the firewall. This issue has been resolved.

PCR: 02128

Module: FIREWALL

Network affecting: No

Some FTP packets handled by the firewall were forwarded with incorrect sequence numbers, causing FTP sessions to fail. This issue has been resolved.

PCR: 02150

Module: CORE, SNMP

Network affecting: No

When passing 64-bitcounters in an SNMP packet, only the lower 32 bits were passed. Now the full 64 bits of the counter will be returned if all are required.

PCR: 02158

Module: FIREWALL

Network affecting: No

When a TCP RST/ACK was received by a firewall interface, the packet that was passed to the other side of the firewall lost the ACK flag, and had an incorrect ACK number. This issue has been resolved.

PCR 02161

Module: IPG

Network affecting: No

The IP Filter SIZE parameter was not being applied correctly. This issue has been resolved.

PCR 02162

Module: IPG

Network affecting: No

The SET IP FILTER command would not update the SIZE parameter correctly. This issue has been resolved.

PCR 02172

Module: IPG

Network affecting: No

The TOS field in IP packets was not being processed by IP POLICY filters with an identifier greater than 7. This issue has been resolved.

PCR: 02174

Module: FIREWALL

Network affecting: No

A feature has been added that makes pings pass from the source IP address of the public interface to the IP address on the private interface in the firewall.

PCR: 02195

Module: SWI

Network affecting: No

If a port on a Rapier 48 or Rapier 48 i went down, some associated entries were not promptly removed from the forwarding, Layer 3 and default IP tables. This issue has been resolved.

PCR: 02198 Module: DHCP

Network affecting: Yes

This PCR includes the following enhancements:

A new command, SET DHCP EXTENDID allows for multiple DHCP clients, and handling of arbitrary client IDs on the server.

Static DHCP entries now return to the correct state when timing out.

DHCP entry hashes now have memory protection to prevent fatal errors.

DHCP client now retransmits XID correctly.

Patch 86222-21for Software Release 2.2.2C613-10319-00REV T

Patch 86222-21For Rapier Switches and AR800 Series Modular Switching Routers

5

Lost OFFER messages on the server are now handled correctly.

The DHCP server now correctly handles DHCP clients being moved to a different interface on the DHCP server after they’ve been allocated an IP address.

PCR: 02203

Module: IPG

Network affecting: No

Responses to DNS requests received by a DNS relay agent, and forwarded to the DNS server, were returned to the requester with a source IP address of the DNS server rather than the DNS relay agent. This issue has been resolved.

PCR: 02208

Module: LOG

Network affecting: No

Log messages are no longer stored in NVS.

PCR: 02214

Module: IPG

Network affecting: No

A buffer leak occurred when a large number of flows (over 4000) were in use and needed to be recycled. This issue has been resolved.

PCR: 02215

Module: FILE

Network affecting: No

When the only feature licence in the feature licence file was disabled, the licence file stored on FLASH memory did not change. This was due to a previous enhancement in PCR 02184 which prevented existing files being deleted before a new version was stored. This issue has been resolved.

PCR: 02220

Module: SWI

Network affecting: No

The EPORT parameter in the ADD SWITCH L3FILTER ENTRY and SET SWITCH L3FILTER ENTRY commands was matching multicast and broadcast packets with software filtering. This issue has been resolved.

PCR: 02224

Module: SWI

Network affecting: No

Some switch chip register values have been changed to improve QoS support on Rapier G6 and Rapier G6f switches.

PCR: 02229

Module: IPG

Network affecting: No

The PURGE IP command now resets the IP route cache counters to zero.

PCR: 02242

Module: IPG

Network affecting: No

On a Rapier 24, adding an IP interface over a FR interface caused an

ASSERT debug fatal error. This issue has been resolved.

PCR: 02246

Module: VRRP

Network affecting: No

The ARL entry for the virtual router MAC was incorrectly showing a numerical value. The entry now shows the CPU’s port value.

PCR: 02250

Module: FIREWALL

Network affecting: No

Sometimes the Firewall erroneously used NAT. This issue has been resolved.

PCR: 02259

Module: DHCP, IPG

Network affecting: No

A dual Ethernet router was incorrectly accepting an IP address from a DHCP server when the offered address was on the same network as the other Ethernet interface. An error is now recorded when DHCP offers an address that is in the same subnet as another interface.

Patch 86222-21for Software Release 2.2.2C613-10319-00REV T

6

Patch Release Note

PCR: 02260

Module: TTY

Network affecting: No

When a ‘\n’(LF) character was received, the router/switch did not recognise this as the termination of a command over Telnet. This issue has been resolved.

PCR: 02262

Module: DNS

Network affecting: No

Responses to MX record requests were not handled correctly if the preferred name in the MX record differed from the one that was requested. This issue has been resolved.

PCR: 02263

Module: VRRP

Network affecting: No

The virtual MAC address was used as the source MAC for all packets forwarded on an interface associated with a Virtual Router (VR). This was confusing when multiple VRs were defined over the same interface because only one virtual MAC address was ever used. The other virtual MAC addresses (for the other VR's) were only used if the source IP address matched the VR’s IP address. To avoid this confusion, the system MAC address is now always used unless the source IP address of the packet is the same as the VR’s IP address.

PCR: 02264

Module: PIM, DVMRP, SWI

Network affecting: No

PIM or DVMRP failed to see any data if IGMP snooping was on and DVMRP or PIM was enabled after the data stream had reached the router/ switch. This issue has been resolved.

PCR: 02265

Module: FIREWALL

Network affecting: No

MAC address lists were not working with Firewall rules. This issue has been resolved.

PCR: 02268

Module: FIREWALL

Network affecting: No

HTTP requests from a fixed IP address were erroneously reported as a host scan attack in the Firewall deny queue. This issue has been resolved.

PCR: 02269

Module: DUART, TM

Network affecting: No

Under certain circumstances, the Asyn Loopback Test failed. This issue has been resolved.

PCR: 02274

Module: TPAD

Network affecting: No

ARL message interrupts have been re-enabledafter a software table rebuild to fix synchronisation of the software forwarding database with the hardware table.

PCR: 02275

Module: OSPF

Network affecting: No

Some routes were not added into the OSPF route list, and therefore were not added into the IP route table. This issue has been resolved.

PCR: 02276

Module: FIREWALL

Network affecting: No

The CREATE CONFIG command did not save the SOURCEPORT parameter to the configuration file when the low value of the source port range was set to zero. This issue has been resolved.

Patch 86222-21for Software Release 2.2.2C613-10319-00REV T