Allied Telesis 86241-02 User Manual

Size:
97.57 Kb
Download

Patch Release Note

Patch 86241-02

For Rapier Switches and AR800 Series

Modular Switching Routers

Introduction

This patch release note lists the issues addressed and enhancements made in patch 86241-02for Software Release 2.4.1 on existing models of Rapier L3 managed switches and AR800 Series L3 modular switching routers. Patch file details are listed inTable 1.

Table 1: Patch file details for Patch 86241-02.

Base Software Release File

86s-241.rez

 

 

Patch Release Date

25-Oct-2002

 

 

Compressed Patch File Name

86241-02.paz

 

 

Compressed Patch File Size

132368 bytes

 

 

This release note should be read in conjunction with the following documents:

Release Note: Software Release 2.4.1 for Rapier Switches, AR300 and AR700 Series Routers, and AR800 Series Modular Switching Routers (Document Number C613-10338-00Rev A) available fromwww.alliedtelesyn.co.nz/documentation/documentation.html.

Rapier Switch Documentation Set for Software Release 2.4.1 available on the Documentation and Tools CD-ROMpackaged with your switch, or fromwww.alliedtelesyn.co.nz/documentation/documentation.html.

WARNING: Using a patch for a different model or software release may cause unpredictable results, including disruption to the network. Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesyn International. While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesyn International can not accept any type of liability for errors in, or omissions arising from the use of this information.

Simply connecting the world

2

Patch Release Note

Features in 86241-02

Patch 86241-02includes all issues resolved and enhancements released in previous patches for Software Release 2.4.1, and the following enhancements:

PCR: 02103

Module: SWI

Network affecting: No

IPX traffic passing between two switch instances using VLAN for Rapier48 now operates correctly.

PCR: 02210

Module: DNS Relay

Network affecting: No

Buffer leaks occurred when DNS relay was enabled. This issue has been resolved.

PCR: 02214

Module: IPG

Network affecting: No

A buffer leak occurred when a large number of flows (over 4000) were in use and needed to be recycled. This issue has been resolved.

PCR: 02220

Module: SWI

Network affecting: No

The EPORT parameter in the ADD SWITCH L3FILTER ENTRY and SET SWITCH L3FILTER ENTRY commands was matching multicast and broadcast packets with software filtering. This issue has been resolved.

PCR: 02236

Module: FIREWALL

Network affecting: No

Sometimes the retransmission of an FTP packet was not permitted through the Firewall. This issue has been resolved.

PCR: 02245

Module: VRRP

Network affecting: No

VRRP returned an incorrect MAC address for an ARP request. This issue has been resolved.

PCR: 02263

Module: VRRP

Network affecting: No

The virtual MAC address was used as the source MAC for all packets forwarded on an interface associated with a Virtual Router (VR). This was confusing when multiple VRs were defined over the same interface because only one virtual MAC address was ever used. The other virtual MAC addresses (for the other VR's) were only used if the source IP address matched the VR’s IP address. To avoid this confusion, the system MAC address is now always used unless the source IP address of the packet is the same as the VR’s IP address.

PCR: 02267

Module: BGP

Network affecting: No

When route aggregation was enabled, the atomic aggregate was not being set. This issue has been resolved.

PCR: 02268

Module: FIREWALL

Network affecting: No

HTTP requests from a fixed IP address were erroneously reported as a host scan attack in the Firewall deny queue. This issue has been resolved.

Patch 86241-02for Software Release 2.4.1C613-10340-00REV B

Patch 86241-02For Rapier Switches and AR800 Series Modular Switching Routers

3

PCR: 02272 Module: IPG, PIM, SWI Network affecting: No

The following issues have been resolved:

The RESET PIM INTERFACE=VLAN command was not working correctly.

Packets with Time to Live (TTL) set to less than 4 were not being forwarded.

VLAN tags were not being inserted into IP multicast packets on multitagged ports.

A fatal error occurred when PIM and RIP were both running.

PCR: 02274

Module: TPAD

Network affecting: No

ARL message interrupts have been re-enabledafter a software table rebuild to fix synchronisation of the software forwarding database with the hardware table.

PCR: 02276

Module: FIREWALL

Network affecting: No

The CREATE CONFIG command did not save the SOURCEPORT parameter to the configuration file when the low value of the source port range was set to zero. This issue has been resolved.

PCR: 02277 Module: DVMRP

Network affecting: No

Report sending and default routes were not working correctly. Also, the SHOW CONFIGURATION DYNAMIC and SHOW CONFIGURATION=DVMRP commands were not working correctly. These issues have been resolved.

PCR: 02280

Module: TELNET, TTY

Network affecting: No

TELNET sessions are now closed with “^D” only when the session is in the login state.

PCR: 02291 Module: DHCP

Network affecting: No

DHCP now processes Discover messages smaller than 300 bytes.

PCR: 02292

Module: IPSEC

Network affecting: No

IPSec no longer logs packets that match an ACTION=ALLOW policy. The overhead of this logging was affecting non-IPSectraffic.

PCR: 02294

Module: IKMP

Network affecting: No

The LOCALRSAKEY parameter in the CREATE ISAKMP POLICY and SET ISAKMP POLICY commands was not accepting the value zero. This issue has been resolved.

PCR: 02298

Module: IPSEC

Network affecting: No

The PURGE IPSEC command caused a fatal error. This issue has been resolved.

Patch 86241-02for Software Release 2.4.1C613-10340-00REV B

4 Patch Release Note

PCR: 02299 Module: VRRP Network affecting: No

If a packet with a destination IP address equal to a VRRP IP address was received when the router didn’t own the IP address, (because it didn’t have an interface with that IP address) the router incorrectly tried to forward the packet and send an ICMP “redirect” message to the source. Now, if such a packet is received, it will be discarded and an ICMP “host unreachable” message will be sent to the source.

PCR: 02301

Module: IPG

Network affecting: No

If a DNS relay agent was configured with overlapping subnets, sometimes the DNS server response was returned to the client with a source IP address of an interface on the relay agent that was different from the interface the request was received on. This issue has been resolved.

PCR: 02302

Module: IPv6

Network affecting: No

The default router lifetime value has been corrected. Also, the SET IPV6

INTERFACE command now updates valid and preferred lifetimes correctly.

PCR: 02303

Module: INSTALL

Network affecting: No

When enabling or disabling feature licences, a message will now be generated with a warning that changes to feature licences may not take effect until after a reboot.

PCR: 02304

Module: VRRP

Network affecting: No

VRRP used the wrong source IP address in ICMP redirects. RFC 2338 states that the source IP address of ICMP redirects should be the IP address that the end host used when making its next hop routing decision. In the case of a packet sent to a VRRP virtual MAC address, this is the primary VRRP IP address associated with the MAC address, provided such a VR exists and is in the master state. This issue has been resolved.

PCR: 02309

Module: STP

Network affecting: No

On models except Rapier i Series Switches, the ENABLE STP DEBUG PORT command did not work correctly. This issue has been resolved.

PCR: 02311

Module: SWI

Network affecting: No

It was possible to set the trunk speed to 10/100M, even if the port within the trunk was not capable of this speed. This issue has been resolved.

PCR: 02313

Module: IPV6

Network affecting: No

The SHOW IPV6 INTERFACE command now shows the address lifetime aging status that is determined by the DECREMENT parameter in the ADD IPV6 INTERFACE command. The default valid and preferred address lifetimes have been changed to 30 days and 7 days respectively.

PCR: 02320

Module: IPV6

Network affecting: No

The interface address preferred lifetime was not operating correctly. This issue has been resolved.

Patch 86241-02for Software Release 2.4.1C613-10340-00REV B

Patch 86241-02For Rapier Switches and AR800 Series Modular Switching Routers

5

PCR: 02321 Module: FR Network affecting: No

A fatal error occurred when the command SET FR=0 LMI= was executed if the LMI was already set to ANNEXA, ANNEXB or ANNEXD. This issue has been resolved.

PCR: 02326

Module: IPv6

Network affecting: No

A fatal error occurred when a PING was executed over an IPV6 tunnel that had previously been deleted. Also, packet forwarding with link-localaddresses was not working correctly. These issues have been resolved.

PCR: 02327

Module: IPG/FIREWALL

Network affecting: No

In some situations, multihomed interfaces caused the Firewall to apply NAT and rules incorrectly when packets were received from a subnet that was not attached to the receiving interface. This issue has been resolved.

PCR: 02328

Module: BGP

Network affecting: No

BGP was not sending a withdraw message to a peer for a withdrawn or replaced route when the new best route came from that peer. This issue has been resolved.

PCR: 02330

Module: IPv6

Network affecting: No

A buffer leak was occurring in IPv6 fragmentation. This issue has been resolved.

PCR: 02331

Module: IPG, ETH

Network affecting: No

IP is now informed when an Ethernet interface goes up or down, after a 2.5 second delay.

PCR: 02332

Module: IPSEC

Network affecting: No

The sequence number extracted from the AH and ESP header was in the wrong endian mode, which caused an FTP error with IPSEC anti-replay.This issue has been resolved.

PCR: 02334

Module: FIREWALL

Network affecting: No

It is now possible to set the domain name of the SMTP server to none (0.0.0.0) with the SET FIREWALL POLICY SMTPDOMAIN command, even if a server name has not previously been specified.

PCR: 02335

Module: CLASSIFIER

Network affecting: No

The SHOW CLASSIFIER command was not displaying Layer 3 information if the classifier had been created with the parameters ETHFORMAT=SNAP and PROTOCOL={IP|0000000800}. This issue has been resolved.

PCR: 02343

Module: PPP

Network affecting: No

When acting as a PPPoE Access Concentrator (AC), if a PPPoE client sent discovery packets without the "host-unique"tag, the discovery packets sent by the AC were corrupted. This issue has been resolved.

Patch 86241-02for Software Release 2.4.1C613-10340-00REV B

6 Patch Release Note

PCR: 02346 Module: BGP, IPG Network affecting: No

It is now possible to set a preference value for dynamically learned routes based on their protocol using the command:

SET IP ROUTE PREFERENCE={DEFAULT|1..65535}

PROTOCOL={BGP-EXT|BGP-INT|OSPF-EXT1|OSPF-EXT2|OSPF-INTER|

OSPF-INTRA|OSPF-OTHER|RIP}

PCR: 02347 Module: SWI Network affecting: No

The CREATE CONFIGURATION command was not correctly generating the DISABLE SWITCH HWFILTER and DISABLE SWITCH L3FILTER commands. This issue has been resolved.

PCR: 02348 Module: ENCO

Network affecting: No

When the PAC card was under severe load, the related driver occasionally did not fully transfer all result data from the chip. This caused an actCmdFail error. This issue has been resolved.

PCR: 02354

Module: SCC, SYN, PPP

Network affecting: No

In a previous patch, a fatal error occurred after a RESTART ROUTER command was executed when using PPP over SYN. Also, on AR745 models, PPP was using an 8 MB boundary instead of a 16 MB boundary. These issues have been resolved.

PCR: 02357

Module: FR

Network affecting: No

The following issues have been resolved:

PIM was not sending Hello messages over a Frame Relay (FR) interface.

A fatal error occurred if 64 was entered as the interface value in the DESTROY FRAMERELAY command. The command now only accepts 0-63for this parameter.

The ADD FRAMERELAY DLC command incorrectly accepted a TYPE parameter. Also, this command was not accepting the ENCAPSULATION parameter.

The CREATE CONFIGURATION command incorrectly generated the CIR and CIRLIMITED parameters for the ADD FRAMERELAY DLC command.

FR interfaces with static DLCs were always shown as DOWN. The status of the interface was not being updated when a circuit was added to the interface.

PCR: 02359

Module: IPG

Network affecting: No

When an IP Multihomed interface was used as an OSPF interface, neighbour relationships were only established if the IP interface for OSPF was added first in the configuration. Now, OSPF establishes neighbour relationships regardless of the IP Multihomed interface configuration order.

PCR: 02363

Module: FFS, FILE, TTY

Network affecting: No

The FLASH compaction process is now transparent to the file edition process. The FLASH system is now more stable.

Patch 86241-02for Software Release 2.4.1C613-10340-00REV B

Patch 86241-02For Rapier Switches and AR800 Series Modular Switching Routers

7

PCR: 02365

Module: SWI

Network affecting: No

Address learning on the mirror port is now correctly re-enabledwhen it is

no longer the mirror port.

 

PCR: 02367

Module: SWI

Network affecting: No

New commands have been added to enable the addition and deletion of static multicast addresses to and from the multicast forwarding table. The new commands are:

ADD SWITCH MULTICASTADDRESS IP=ipadd VLAN=vlan-id

PORT=port-list

DELETE SWITCH MULTICASTADDRESS IP=ipadd VLAN=vlan-id

PCR: 02369 Module: IPG Network affecting: No

When the SET IP ROUTE command was executed to change any parameter other than METRIC1, which is the RIP metric, the RIP metric was reset to 1. This metric is now only updated if a value for the parameter is specified.

PCR: 02371 Module: FIREWALL Network affecting: No

When the system time was set to a time that was before or significantly after the current time, Firewall sessions were prematurely deleted. This issue has been resolved.

PCR: 02376 Module: PPP Network affecting: No

When the PPP ONLINELIMIT was exceeded for PPP over TDM, the PPP link stayed open, allowing Link Quality Report (LQR) packets to be transmitted. This caused the ifOutOctets counter to increment. Now, if the ONLINELIMIT is exceeded, the link will close.

PCR: 02378 Module: SWI Network affecting: No

Entering 63 for the EPORT parameter in the ADD SWITCH L3FILTER command caused a fatal error. This parameter now accepts the values 63 and 64.

PCR: 02395

Module: VRRP, TRG

Network affecting: No

The SHOW VRRP command now shows the number of trigger activations

for the Upmaster and Downmaster triggers.

 

PCR: 02397

Module: DVMRP

Network affecting: No

After a prune lifetime had expired, the interface was not joined back to the

DVMRP multicast delivery tree. This issue has been resolved.

PCR: 02398 Module: IPV6 Network affecting: No

The following issues have been resolved:

It was possible to assign the same network on different IPV6 interfaces

The loopback address was being added to other interfaces

The tunnel configuration was not showing correctly in IPV6 configuration commands

RIPv6 now sets the metric of routes for interfaces that are DOWN to 16, and immediately sends responses when the link status of VLAN interfaces changes.

Patch 86241-02for Software Release 2.4.1C613-10340-00REV B

8

Patch Release Note

PCR: 02399

Module: TRACE

Network affecting: No

The Trace utility has been modified. Previously, Trace sent a group of packets at once and waited for multiple responses in order to assess the minimum, maximum and average time to cover a certain "hop distance" towards the target host. Now Trace sends each packet in each group individually, and waits either for a response or a time-outbefore sending the next packet in the group.

PCR: 02401

Module: IPV6

Network affecting: No

Neighbour discovery and PIM6 caused a fatal error when IPv6 was not enabled, or when the IPv6 feature license was not present. This issue has been resolved.

PCR: 02402

Module: SNMP, CORE, SHOW, Network affecting: No

 

FILE

SNMP MIB support has been enhanced for CPU utilisation and file statistics. MIB support has been added for Allied Telesyn contact details and fast buffers.

PCR: 02403

Module: STP

Network affecting: No

A watchdog timeout occurred when the command ENABLE STP PORT was executed. This issue has been resolved.

PCR: 02406

Module: IPV6

Network affecting: No

A Router-Alertoption has been added. Also, the SHOW IPV6 MLD

INTERFACE command now works correctly.

PCR: 02409

Module: IPG

Network affecting: No

A warning now appears when the DELETE IP INTERFACE command is executed before the DELETE DVMRP INTERFACE command.

PCR: 02410

Module: VRRP

Network affecting: No

VRRP pre-emptmode was not working with advertisement updates of 1 second or more because this did not allow for interface start time on startup. Now a check is made to verify that interfaces are UP before timers are started.

PCR: 02411

Module: IPV6

Network affecting: No

The SHOW TCP command was not showing the listening status for IPv6.

PCR: 02412

Module: IPV6

Network affecting: No

An ISDN call was activated by IPv6 Router Advertisements over IPv6 tunnel interfaces. This issue has been resolved.

PCR: 02415

Module: IPG

Network affecting: No

Packets with a RIP source address and next hop address that are not on the same subnet as the interface will now be processed. If the received next hop is not on the same subnet, it is treated as 0.0.0.0.

Patch 86241-02for Software Release 2.4.1C613-10340-00REV B

Patch 86241-02For Rapier Switches and AR800 Series Modular Switching Routers

9

PCR: 02418

Module: IPV6

Network affecting: No

ICMPv6 was returning an error for non-zerofragment offsets. This issue has

been resolved.

 

PCR: 02421

Module: PIM

Network affecting: No

The GUI was incorrectly accepting multiple entries for VLANs. This issue

has been resolved.

 

PCR: 02422

Module: GARP

Network affecting: No

The GUI was returning incorrect GARP counters. This issue has been

resolved.

 

 

PCR: 02428

Module: IPV6

Network affecting: No

Link-localaddress behaviour was incorrect. Also, the PUBLISH parameter was not updated by the SET IPV6 INTERFACE command, or displayed in the SHOW IPV6 INTERFACE command. These issues have been resolved.

PCR: 02450 Module: IPV6 Network affecting: No

Large local packets were not being fragmented. Also, the More Fragment flag in the IPv6 fragment header was not being set correctly. These issues have been resolved.

PCR: 02452 Module: IPv6 Network affecting: No

Received Router Advertisements (RAs) were discarded when the interface was enabled to send RAs. This issue has been resolved.

PCR: 02457 Module: IPV6 Network affecting: No

The IPv6 priority filter was not matching correctly when TCP was specified as the protocol type. This issue has been resolved.

PCR: 02463 Module: DVMRP, IPG Network affecting: No

Multicast multi-homingwas not working correctly. This issue has been resolved.

Features in 86241-01

Patch file details are listed in Table 2:

Table 2: Patch file details for Patch 86241-01.

Base Software Release File

86s-241.rez

 

 

Patch Release Date

26-July-2002

 

 

Compressed Patch File Name

86241-01.paz

 

 

Compressed Patch File Size

27732 bytes

 

 

Patch 86241-01includes the following enhancements:

Patch 86241-02for Software Release 2.4.1C613-10340-00REV B

10

Patch Release Note

PCR: 02036

Module: SWITCH

Network affecting: No

A new command allows the Layer 3 aging timer to be changed:

SET SWITCH L3AGEINGTIMER=<seconds>

where seconds can be 30 - 43200. After each cycle of the ageing timer, all existing Layer 3 entries with the hit bit set will have the hit bit reset to zero, and all existing Layer 3 entries with the hit bit set to zero will be deleted.

The SHOW SWITCH command output now displays the Layer 3 ageing timer value.

PCR 02138

Module: SWI

Network affecting: No

The built in Self Test Code for all Rapiers, except G6, has been improved to enhance the detection of faults in switch chip external packet memory.

PCR: 02158

Module: FIREWALL

Network affecting: No

When a TCP RST/ACK was received by a firewall interface, the packet that was passed to the other side of the firewall lost the ACK flag, and had an incorrect ACK number. This issue has been resolved.

PCR: 02185

Module: VRRP

Network affecting: No

The SHOW CONFIG DYNAMIC=VRRP command was not showing port monitoring and step values correctly. This issue has been resolved.

PCR: 02229

Module: IPG

Network affecting: No

The PURGE IP command now resets the IP route cache counters to zero.

PCR: 02240

Module: SWI

Network affecting: No

The SENDCOS filter action did not operate correctly across switch instances. This was because the stacklink port on the Rapier 48 did not correctly compensate for the stack tag on frames received via the filter. This issue has been resolved.

PCR: 02241

Module: FIREWALL

Network affecting: No

Firewall subnet NAT rules were not working correctly from the private to the public side of the firewall. Traffic from the public to private side (destined for subnet NAT) was discarded. These issues have been resolved. ICMP traffic no longer causes a RADIUS lookup for access authentication, but is now checked by ICMP handlers for attacks and eligibility. If the ICMP traffic matches a NAT rule, NAT will occur on inbound and outbound traffic. HTTP 1.0 requests sometimes caused the firewall HTTP proxy to close prematurely. Cached TCP sessions were sometimes not hit correctly. These issues have been resolved.

PCR: 02242

Module: IPG

Network affecting: No

On a Rapier 24, adding an IP interface over a FR interface caused an

ASSERT debug fatal error. This issue has been resolved.

PCR: 02250

Module: FIREWALL

Network affecting: No

Sometimes the Firewall erroneously used NAT. This issue has been resolved.

Patch 86241-02for Software Release 2.4.1C613-10340-00REV B