Allied Telesis 86222-27 User Manual
Size:
265 Kb
Download

Patch Release Note

Patch 86222-27

For Rapier Switches

Introduction

This patch release note lists the issues addressed and enhancements made in patch 86222-27for Software Release 2.2.2 on existing models of Rapier L3 managed switches. Patch file details are listed inTable 1.

Table 1: Patch file details for Patch 86222-27.

Base Software Release File

86s-222.rez

 

 

Patch Release Date

13-June-2003

 

 

Compressed Patch File Name

86222-27.paz

 

 

Compressed Patch File Size

1036828 bytes

 

 

This release note should be read in conjunction with the following documents:

Release Note: Software Release 2.2.2 for Rapier Switches, AR300 and AR700 Series Routers, and AR800 Series Modular Switching Routers (Document Number C613-10313-00Rev A) available fromwww.alliedtelesyn.co.nz/documentation/documentation.html.

Rapier Switch Documentation Set for Software Release 2.2.1 available on the Documentation and Tools CD-ROMpackaged with your switch, or fromwww.alliedtelesyn.co.nz/documentation/documentation.html.

WARNING: Using a patch for a different model or software release may cause unpredictable results, including disruption to the network. Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesyn International. While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesyn International can not accept any type of liability for errors in, or omissions arising from the use of this information.

Simply connecting the world

2

Patch Release Note

Some of the issues addressed in this Release Note include a level number. This number reflects the importance of the issue that has been resolved. The levels are:

Level 1 This issue will cause significant interruption to network services, and there is nowork-around.

Level 2 This issue will cause interruption to network service, however there is awork-around.

Level 3 This issue will seldom appear, and will cause minor inconvenience.

Level 4 This issue represents a cosmetic change and does not affect network operation.

Features in 86222-27

Patch 86222-27includes all issues resolved and enhancements released in previous patches for Software Release 2.2.2, and the following enhancements:

PCR: 03501

Module: IPG

Level: 1

A fatal error occurred when DNS relay received a query if the transaction

ID was zero. This issue has been resolved.

PCR: 03616

Module: IPG

Level: 4

Three new commands have been added to enable and disable transmission of the following ICMP messages: Network Unreachable,Host Unreachable, and allRedirect messages.

The commands are:

DISABLE IP

ICMPREPLY[={ALL|NETUNREACH|HOSTUNREACH|REDIRECT}]

ENABLE IP

ICMPREPLY[={ALL|NETUNREACH|HOSTUNREACH|REDIRECT}]

SHOW IP ICMPREPLY

For details, see Enable and Disable ICMP Messages” on page 40.

PCR: 03579

Module: IPG

Level: 1

When IGMP memberships were created at layer 3 from multicast data, sending an IGMP Membership Leave message incorrectly removed all ports from the specified group. This issue has been resolved.

PCR: 03615 Module: LOAD

Level: 3

Zmodem uploads to some terminal emulators did not succeed because the 16-bitchecksum was incorrect. This issue has been resolved.

PCR: 03625

Module: STP, SWI

Level: 4

The MIB object dot1dStpTimeSinceTopologyChange has been implemented to record when a topology change is detected by the bridge.

Patch 86222-27for Software Release 2.2.2C613-10319-00REV Z

Patch 86222-27For Rapier Switches

3

Features in 86222-26

Patch file details are listed in Table 2:

Table 2: Patch file details for Patch 86222-26.

Base Software Release File

86s-222.rez

 

 

Patch Release Date

30-May-2003

 

 

Compressed Patch File Name

86222-26.paz

 

 

Compressed Patch File Size

1028794 bytes

 

 

Patch 86222-26includes all issues resolved and enhancements released in previous patches for Software Release 2.2.2, and the following enhancements:

PCR: 02498 Module: VLAN

Network affecting: No

The correct protocol number is now returned by VLAN Relay.

PCR: 03172

Module: FIREWALL

Level: 3

Telnet access from a public interface to another public interface was not denied. This issue has been resolved.

PCR: 03241

Module: FIREWALL

Level: 2

When deleting a list associated with a policy, all rules were being deleted.

Now only the rules associated with the policy and list are deleted.

PCR: 03412

Module: FIREWALL

Level: 3

FTP data transfers did not succeed for some types of NAT. Also, the presence of flow control TCP flags meant that some TCP control packets were not recognised. These issues have been resolved.

PCR: 03415

Module: FIREWALL

Level: 2

When using a policy routing rule, the firewall did not translate the source

IP address of a broadcast packet correctly. This issue has been resolved.

PCR: 03416

Module: SWI

Level: 3

Previously, the ADD SWITCH L3FILTER MATCH command was accepted if the TYPE parameter was not specified. This command now requires the TYPE parameter, and an error message will be returned if the TYPE parameter is not specified.

PCR: 03420

Module: IPG, SWI

Level: 3

It is now possible to prevent specified ports from acting as IGMP all-groupports, and specify which ports are allowed to behave asall-groupentry ports. This is enabled with the ENABLE IP IGMP ALLGROUP command, and disabled with the DISABLE IP IGMP ALLGROUP command.

For details, see “IGMP Snooping All-Group Entry” on page 42.

Patch 86222-27for Software Release 2.2.2C613-10319-00REV Z

4

Patch Release Note

PCR: 03438 Module: DHCP

Level: 3

A warning message will now appear if the DESTROY DHCP POLICY command is executed for a DHCP policy that has been used by one or more policies as the source of their configuration information. A parent policy can be destroyed with no affect on its child policies.

The new message is:

The destroyed policy <policy-name>has been used by another policy as a source of configuration information.

PCR: 03446

Module: SWI

Level: 3

After unplugging a fibre uplink cable and then plugging it back in, a short

Ping timeout occurred. This issue has been resolved.

PCR: 03457

Module: OSPF

Level: 2

Disabling OSPF caused a fatal error if there was a large routing table. This issue has been resolved.

PCR: 03458

Module: IPG

Level: 3

The route information for ipRouteEntry ofipGroup in theMIB-IIMIB was not correct. This issue has been resolved.

PCR: 03465 Module: DHCP

Level: 2

The IPMTU parameter in the ADD DHCP POLICY command was accepting values in the range 0-4294967295.This parameter now accepts values in the correct range of579-65535.

PCR: 03475

Module: NTP

Level: 3

The PURGE NTP command did not change the UTC offset to the initialised value. This issue has been resolved.

PCR: 03482

Module: SWI

Level: 3

When a Rapier using switch silicon received a multicast packet, the ifOutError port counter was erroneously incremented. This issue has been resolved.

PCR: 03484

Module: FIREWALL

Level: 3

The firewall was not denying an ICMP packet, even if ICMP Forwarding was disabled when using Standard NAT. This issue has been resolved.

PCR: 03496

Module: IPG

Level: 2

Sometimes CPU utilisation reached its maximum limit when an IGMP

Membership Report was received. This issue has been resolved.

PCR: 03499

Module: IPG

Level: 2

The SET TIME command caused an error on Refresh timers for IGMP groups. This issue has been resolved.

PCR: 03506 Module: DHCP

Level: 2

When receiving a request from a client in the Renewing state, the DHCP server incorrectly added an ARP entry for that client’s IP address. Also, the DHCP server allocated an entry while the entry was being reclaimed, and this interrupted the reclaim process. These issues have been resolved.

Patch 86222-27for Software Release 2.2.2C613-10319-00REV Z

Patch 86222-27For Rapier Switches

5

PCR: 03526

Module: SWI

Level: 3

The Switch MIB did not show the correct dot1StpPriority value. This issue has been resolved.

PCR: 03531

Module: SWI

Level: 3

After creating a trunk group, the activity LEDs did not flash unless the configuration was used at reboot. This issue has been resolved so that the LEDs flash correctly whenever a trunk group is created.

PCR: 03572

Module: STP

Level: 3

The dot1dStpPortForwardTransitionsvalue in the dot1dBridgeMIB was not incremented correctly when STP transitioned a port to the Forwarding state. This issue has been resolved.

PCR: 03574

Module: STP

Level: 3

The dot1dStpInfoTopChangesvalue in the dot1dBridgeMIB was not incremented correctly when a topology change was detected by the bridge. This issue has been resolved.

PCR: 03576

Module: IPG

Level: 2

When the device received a route from two separate sources to the same destination network, RIP only used the metric value when selecting the best route. RIP now selects the route by lowest preference value, or if they are the same, by the metric.

Features in 86222-25

Patch file details are listed in Table 3:

Table 3: Patch file details for Patch 86222-25.

Base Software Release File

86s-222.rez

 

 

Patch Release Date

15-April-2003

 

 

Compressed Patch File Name

86222-25.paz

 

 

Compressed Patch File Size

443760 bytes

 

 

Patch 86222-27for Software Release 2.2.2C613-10319-00REV Z

Patch 86222-25includes all issues resolved and enhancements released in previous patches for Software Release 2.2.2, and the following enhancements:

PCR: 02300

Module: Firewall

Network affecting: No

If the command ADD FIREWALL POLICY RULE SOURCEPORT=ALL was executed, a value of “65535” was incorrectly displayed for the SOURCEPORT parameter for that rule in the SHOW FIREWALL POLICY command. This issue has been resolved.

PCR: 02400

Module:

Network affecting: No

 

CORE,FFS,FILE,INSTALL,SCR

 

If a problem occurred with NVS, some critical files were lost. As a result, the equipment was forced to load only boot ROM software at boot time. This patch combined with the new version of the boot ROM software (pr1-1.2.0for the AR700 series) resolves this issue.

6

Patch Release Note

PCR: 02530

Module: FIREWALL

Network affecting: No

The GBLIP parameter in the ADD FIREWALL POLICY RULE ACTION=NONAT command is optional. However, if the command was executed without the GBLIP parameter set, the command erroneously failed after a CREATE CONFIGURATION command was executed. This issue has been resolved.

PCR: 03111

Module: FIREWALL

Level: 1

TCP sessions could fail if the public side of the firewall was using Kerberos and the private side had a very slow connection to the firewall. This issue has been resolved.

PCR: 03134

Module: TCP

Level: 2

When using the SET TELNET LISTENPORT command, a fatal error sometimes occurred. This issue has been resolved.

PCR: 03135

Module: SWI

Level: 2

The TYPE parameter in the SET SWITCH L3FILTER command was not written to the script file correctly if MATCH was set to NONE. This issue has been resolved.

PCR: 03143

Module: VRRP

Level:

When the PRIORITY parameter in the SET VRRP command was changed, it was not set correctly when a link was reset. This issue has been resolved.

PCR: 03145

Module: IPG

Level: 4

The SET IP ROUTE FILTER command was not processing some parameters.

This issue has been resolved.

PCR: 03148

Module: IPG

Level: 3

If the Gratuitous ARP feature was enabled on an IP interface, and an ARP packet arrived, (either ARP request, or reply) that had a Target IP address that was equal to the SenderIP address, then the ARP cache was not updated with the ARP packet’s source data. This issue has been resolved.

PCR: 03160

Module: STP

Level: 2

Executing the PURGE STP command caused fatal error. This issue has been resolved.

PCR: 03171

Module: DVMRP, IPG

Level: 3

DVMRP was erroneously forwarding packets to a VLAN with a

 

downstream neighbour. This issue has been resolved.

 

PCR: 03173

Module: CORE, NTP

Level: 3

The default NTP polling interval was set to 64 seconds, not the correct interval of 128 seconds. This issue has been resolved.

PCR: 03174

Module: IPG

Level: 2

This PCR corrects issues that arose with PCR 02203. When the DNS request forwarding queue failed to accept a new DNS request message (possibly due to overloading), an attempt was made to close the UDP sessions for both the primary and secondary name servers. This caused a restart if either

Patch 86222-27for Software Release 2.2.2C613-10319-00REV Z

Patch 86222-27For Rapier Switches

7

one of these servers did not exist, or the UDP session had failed to open. This issue has been resolved.

PCR: 03180

Module: IPG

Level: 3

If all 32 VLAN interfaces had IP addresses attached, only 31 VLANs could be multihomed. Now all 32 VLAN interfaces with IP addresses can be multihomed.

PCR: 03202 Module: CORE

Level: 3

There are two sources of time kept in the device. The real time clock, and the milliseconds since midnight (msSinceMidnight). The msSinceMidnight can reach midnight slightly before the real time clock which means that the value of the msSince Midnight is larger than the number of milliseconds in a day. This meant that at midnight, the elapsed time since the time-to-livevalue for the Firewall andIP-NATTCP sessions appeared very large and Firewall andIP-NATsessions were prematurely aged out. This issue has been resolved by pausing the msSince Midnight variable at midnight to wait for the real time clock to catch up.

PCR: 03217 Module: DVMRP

Level: 2

If a DVMRP interface was deleted and then added again, DVMRP routes associated with this interface were not reactivated. This issue has been resolved.

PCR: 03218 Module: DVMRP

Level: 2

Some issues with DVMRP forwarding have been resolved.

PCR: 03236

Module: IPG

Level: 3

IGMP queries were being sent after IGMP was disabled. This issue has been resolved.

PCR: 03240

Module: OSPF

Level: 2

A fatal error occurred when OSPF was under high load. This issue has been resolved.

PCR: 03253

Module: FIREWALL

Level: 2

Inbound TCP sessions through the firewall (e.g. Telnet and FTP) failed when the PORT parameter was set to ALL in the SET FIREWALL POLICY RULE command. This issue has been resolved.

PCR: 03255

Module: FIREWALL

Level: 3

The firewall doubled the IPSPOOF event timeout from 2 minutes to 4 minutes. This issue has been resolved.

PCR: 03302

Module: SWI

Level: 3

Following a period of high traffic load, the CPU utilisation would

 

occasionally fail to drop below 40%. This issue has been resolved.

 

PCR: 03314

Module: SWI

Level: 2

Layer 3 filters that matched TCP or UDP port numbers were being applied to the second and subsequent fragments of large fragmented packets. This issue has been resolved.

Patch 86222-27for Software Release 2.2.2C613-10319-00REV Z

8

Patch Release Note

PCR: 03332

Module: TTY

Level: 2

A log message is now created when a user is forced to logout from an asynchronous port when another user (i.e. someone connected via Telnet) resets the asynchronous connection with the RESET ASYN command.

PCR: 03346 Module: SNMP

Level: 4

Sometimes the Agent Address field in SNMP traps was not the same as the IP source address. This meant that sometimes the NMS did not send an alarm to the network manager when traps were received from switches. This issue has been resolved.

PCR: 03368

Module: SWI

Level: 2

Layer 2 packets transmitted out of the mirror port were being tagged erroneously. This issue has been resolved.

PCR: 03378 Module: DHCP

Level: 2

DHCP sometimes suffered a fatal error when a range of IP addresses was destroyed. This issue has been resolved.

PCR: 03385

Module: FILE, INSTALL, SCR

Level:

Critical files (prefer.ins,config.ins andenabled.sec) are now copied from NVS to FLASH at boot time if they do not exist in FLASH, or if the NVS version of the file is different from the FLASH version.

PCR: 03386

Module: SWI

Level: 2

If the SET SWITCH L3FILTER MATCH command had nothing specified for the IMPORT and EMPORT parameters, and there was an existing match entry in the filter table, the new filter was not added correctly. Filter match entries are now accepted regardless of the order in which they are entered into the table.

PCR: 03388 Module: DHCP

Level: 3

The DHCP lease Expiry time showed incorrectly in the SHOW DHCP CLIENT command when the lease straddled across multiple months and years. This issue has been resolved.

PCR: 03402

Module: IPG

Level:

IP routes deleted from the route cache occasionally caused a fatal error. This issue has been resolved.

Patch 86222-27for Software Release 2.2.2C613-10319-00REV Z

Patch 86222-27For Rapier Switches

9

Features in 86222-24

Patch file details are listed in Table 4:

Table 4: Patch file details for Patch 86222-24.

Base Software Release File

86s-222.rez

 

 

Patch Release Date

6-Mar-2003

 

 

Compressed Patch File Name

86222-24.paz

 

 

Compressed Patch File Size

433360 bytes

 

 

Patch 86222-23includes all issues resolved and enhancements released in previous patches for Software Release 2.2.2, and the following enhancements:

PCR: 02071

Module: NTP

Network affecting: No

When a NTP packet was received from an NTP server (mode 4) the router acted as a client, and sent a reply back to the server, but did not remove the peer association. This meant that the Dynamic Peers list, viewed using the SHOW NTP command, displayed incorrect dynamic peer associations. This issue has been resolved.

PCR: 02202

Module: FIREWALL/IP NAT

Network affecting: No

Previously, when Firewall or IP NAT was enabled, any fragmented IP packets had to be reassembled so they could be processed. If the fragments could not be reassembled, the packet was dropped. Reassembly could only occur if the combined packet (IP header, and protocol header, and data) was no more than 1800 bytes. An additional limit of no more than eight fragments was also imposed. This PCR implements enhanced fragment handling for Firewall and IP NAT. Each module can now be configured to process fragmented packets of specified protocol types without needing to reassemble the packet. The number of fragments a packet may consist of is also configurable. This enhanced fragment handling is disabled by default.

To enable enhanced fragmentation for Firewall, use the command:

ENABLE FIREWALL POLICY=policy_name

FRAGMENT={ICMP|UDP|OTHER}

To enable enhanced fragmentation for IP NAT, use the command:

ENABLE IP NAT FRAGMENT={ICMP|UDP|OTHER}

To disable enhanced fragmentation for Firewall, use the command:

DISABLE FIREWALL POLICY=policy_name

FRAGMENT={ICMP|UDP|OTHER}

To disable enhanced fragmentation for IP NAT, use the command

DISABLE IP NAT FRAGMENT={ICMP|UDP|OTHER}

To configure the number of fragments permitted per packet for Firewall, use the command:

SET FIREWALL FRAGMENT=8...50

To configure the number of fragments permitted per packet for IP NAT, use the command:

SET IP NAT FRAGMENT=8...50

Patch 86222-27for Software Release 2.2.2C613-10319-00REV Z

10

Patch Release Note

TCP has been excluded from this enhancement because TCP has the MSS (Maximum Segment Size) parameter for segment size control. Also, for PPPoE interfaces with a reduced MTU of 1492, a previous enhancement in PCR 02097 ensures that TCP MSS values in sessions carried by a PPPoE interface are clamped to a value that prevents fragmentation.

PCR 02116

Module: IPG PING

Network affecting: No

When pinging to a remote IP address with two or more different cost routes, if the preferred route became unavailable, the ping failed to switch to the less preferred route until the ping was stopped and restarted. This issue has been resolved.

PCR: 02371

Module: FIREWALL

Network affecting: No

When the system time was set to a time that was before or significantly after the current time, Firewall sessions were prematurely deleted. This issue has been resolved.

PCR: 03011

Module: OSPF

Network affecting: No

When the router priority was changed on a dynamic OSPF interface, the new priority did not appear in the output of the SHOW OSPF NEIGHBOUR command on neighbouring routers. The new priority only showed after the RESET OSPF command was executed on the neighbouring routers. This issue has been resolved.

PCR: 03026

Module: IPG

Network affecting: No

After setting the IGMP query timer with the SET IP IGMP command, and saving the configuration, the IGMP Other Querier timeout was not set to the correct value after a restart. This issue has been resolved.

PCR: 03027 Module: DHCP

Network affecting: No

Entries in the process of being reclaimed as static entries (and waiting for the remote IP to become routable), were disrupting the reclaim process. This prevented further entries from being reclaimed. DHCP static entries are now fully subject to normal reclaim processing.

PCR: 03032

Module: SWI

Network affecting: No

If the ENABLE IP IGMP command was executed before the ENABLE SWITCH L3FILTER command, Layer 3 filtering did not discard packets destined for the CPU. This issue has been resolved.

PCR: 03035 Module: OSPF

Network affecting: No

Link state advertisements could incorrectly show an area as a stub area. This happened during the time when a Direct Route (DR) was removed from a configuration and before a Direct Backup Route (BDR), or an Other Direct Route (Other DR) was elected. This issue has been resolved.

PCR: 03040

Module: IPG

Network affecting: No

Sometimes IP flows were not deleted correctly when both directions of the flow were in use. This issue has been resolved.

PCR: 03065

Module: SWI

Level: 2

When the TX cable was unplugged from a fibre port the operating status was incorrectly reported as UP. This issue has been resolved.

Patch 86222-27for Software Release 2.2.2C613-10319-00REV Z