Allied Telesis 86241-06 User Manual
Size:
150.12 Kb
Download

Patch Release Note

Patch 86241-06

For Rapier Switches

Introduction

This patch release note lists the issues addressed and enhancements made in patch 86241-06for Software Release 2.4.1 on existing models of Rapier L3 managed switches. Patch file details are listed in Table 1.

Table 1: Patch file details for Patch 86241-06.

Base Software Release File

86s-241.rez

 

 

Patch Release Date

28-Feb-2003

 

 

Compressed Patch File Name

86241-06.paz

 

 

Compressed Patch File Size

369480 bytes

 

 

This release note should be read in conjunction with the following documents:

Release Note: Software Release 2.4.1 for Rapier Switches, (Document Number C613-10338-00Rev A) available fromwww.alliedtelesyn.co.nz/ documentation/documentation.html.

Rapier Switch Documentation Set for Software Release 2.4.1 available on the Documentation and Tools CD-ROMpackaged with your switch, or fromwww.alliedtelesyn.co.nz/documentation/documentation.html.

WARNING: Using a patch for a different model or software release may cause unpredictable results, including disruption to the network. Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesyn International. While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesyn International can not accept any type of liability for errors in, or omissions arising from the use of this information.

Some of the issues addressed in this Release Note include a level number. This number reflects the importance of the the issue that has been resolved. For details on level numbers, please contact your authorised distributor or reseller.

Simply connecting the world

2

Patch Release Note

Features in 86241-06

Patch 86241-06includes all issues resolved and enhancements released in previous patches for Software Release 2.4.1, and the following enhancements:

PCR: 02429

Module: IPG

Level: 2

When more than two firewall policies were configured, an unexpected switch restart sometimes occurred. This issue has been resolved.

PCR: 02562

Module: SWI

Dynamic Port Security allows for dynamic MAC address learning on a switch port. If a MAC address is unused for a period of time, it will be aged from the database of currently accepted MAC addresses. This allows the learning of new MAC addresses. Dynamic Port Security is useful because port security allows the number of devices that are connected to a particular switch port to be limited.

For more information on Dynamic Port Security, see “Dynamic Port

Security” on page 29 of this patch release note.

PCR: 03042

Module: PIM

Level: 3

PIM join messages were being sent by a switch connected to an upstream and a downstream switch or router in the same VLAN when a multicast group had no members. This issue has been resolved.

PCR: 03044

Module: BGP

Level: 2

The switch did not always advertise its preferred routes to destinations that were affected by flapping routes. In these conditions, a BGP network does not run efficiently. This issue has been resolved.

PCR: 03048

Module: STP

Level: 2

A switch port belonging to an enabled STP instance would not respond to ARP requests if the port had been disabled from STP operation. This prevented the flow of some types of traffic into affected switch ports. This issue has been resolved.

PCR: 03054 Module: TTY, TACPLUS

When a connection is made by Telnet, or directly through the ASYN port, a

TTY session is created with:

an idle timeout time. The default idle time is zero, which means the TTY session will not time out if there is a lack of activity. If a TACACS+ server is configured on the switch, and the idle timeattribute value pair (AVP) is configured on the TACACS+ server and is received by the switch, the value of the idle time from the TACACS+ server is used to set the TTY session.

a timeout of zero, which means that the TTY session will not time out. If a TACACS+ server is configured on the switch, and the timeoutattribute value pair (AVP) is configured on the TACACS+ server and received by the switch, the value of the timeout from the TACACS+ server is used to set the TTY session timeout. After the timeout period has elapsed, the user will either be disconnected by termination of their TTY connection (the default setting), or have their privilege level reduced to USER (the lowest privilege level). If the user’s privilege level is already at the lowest level, then the user will be disconnected by termination of their TTY connection. If the user’s privilege level is reduced, the TTY session timeout count is reset to its initial value.

Patch 86241-05for Software Release 2.4.1C613-10340-00REV E

Patch 86241-06For Rapier Switches

3

PCR: 03056 Module: SSH Level: 3

During an SSH session between the switch and the Secure CRT client, the client did not receive a reply to its MAX-packet-sizeCMSG. The switch does not support this message, but will now send a negative response to satisfy the secure CRT client’s requirements.

PCR: 03064 Module: SNMP

Level: 4

The MIB objects ifTestTable andifRcvAddressTable were incorrectly included in the switch’s SNMP implementation. These have been removed.

PCR: 03065

Module: SWI

Level: 2

When the TX cable was unplugged from a fibre port the operating status was incorrectly reported as UP. This issue has been resolved.

PCR: 03070

Module: BGP

Level: 2

When BGP imported other route types, it would advertise routes that had nexthops of the BGP peers themselves. The BGP peers would reject these routes and close the peering session, thus preventing the exchange of routing information between BGP peers. This issue has been resolved.

PCR: 03072

Module: BGP

Level: 4

The Import parameter of the ADD, SET, DELETE and SHOW BGP commands now has an INTERFACE type. INTERFACE routes were previously grouped with STATIC routes.

PCR: 03073

Module: UTILITY

Level: 2

If the CREATE QOS POLICY command was executed with a range that had a number more than four characters long, for example, CREATE QOS POLICY=123-12345,then a switch restart occured. An error message is now displayed if more than four numbers are entered for a range.

PCR: 03074

Module: USER

Level:

The SET USER command now requires the PASSWORD option if a PRIVILEGE is specified. This enables privilege levels to be lowered from a higher level (MANAGER, or SECURITY OFFICER), to USER.

PCR: 03081

Module: SWI

Level:

An untagged packet would occasionally be sent on a tagged port. This issue has been resolved.

PCR: 03082

Module: SWI

Level:

When PIM was enabled, IGMP snooping would occasionally work incorrectly. This issue has been resolved.

PCR: 03087

Module: IPG

Level:

When interfaces with IGMP proxies were deleted, a software restart could sometimes occur. This issue has been resolved.

Patch 86241-05for Software Release 2.4.1C613-10340-00REV E

4 Patch Release Note

PCR: 03100 Module: DHCP Level:

DHCP was assigning incorrect IP addresses to clients when they moved from a relayed to a non-relayedrange. Gateway checks have been added to remove this issue.

PCR: 03101

Module: IPG

Level: 2

Deriving the originating VLAN from incoming packets could, in some circumstances, cause a software restart. This issue has been resolved.

PCR: 03102

Module: IPG

Level: 3

The PING command when executed with the LENGTH and PATTERN parameters could produce an ICMP echo packet with an incorrect ICMP checksum. This issue has been resolved.

PCR: 03104

Module: IPG

Level: 3

When an IP packet with an invalid TOTAL LENGTH field was received by the CPU routing process, subsequent valid packets were dropped. This issue has been resolved.

PCR: 03107

Module: FR, PPP

Level: 2

The mechanism for freeing discarded packets in Frame Relay and PPP could, in some circumstances, cause a software restart. This issue has been resolved.

PCR: 03108 Module: MLDS

Level: 4

The DISABLE MLDS command appeared twice in configuration files. This issue has been resolved.

PCR: 03110

Module: IPG

Level: 2

The ADD IP MVR command could cause a software restart. This issue has been resolved.

The ADD IP MVR command parameter GROUP now only accepts multicast addresses.

PCR: 03113 Module: DVMRP

Level: 2

With DVMRP configured, the switch did not forward multicast data to downstream interfaces on the same VLAN. This issue has been resolved.

PCR: 03114 Module: DHCP

Level: 3

DHCP clients that shifted between relayed ranges were not always recognised, and were occasionally allocated incorrect addresses. This issue has been resolved.

PCR: 03121 Module: DVMRP

Level: 2

Invalid DVMRP prune messages could cause a software restart. This issue has been resolved.

PCR: 03122

Module: SWI

Level: 2

Adding a static ARP entry to a trunk group could cause a software restart.

This issue has been resolved.

Patch 86241-05for Software Release 2.4.1C613-10340-00REV E

Patch 86241-06For Rapier Switches

5

PCR: 03123 Module: DHCP Level: 3

After sending a DHCP NAK in response to a client’s DHCP REQUEST with a bad lease time, the switch would fail to age out its corresponding DHCP OFFER entry. This issue has been resolved.

PCR: 03125

Module: DS3

Level: 3

The switch would disassert the AIS, IDLE, LOF and LOS alarms if the defect conditions that had caused the alarm were disasserted, then reasserted before the alarms had been disasserted. This issue has been resolved.

PCR: 03127

Module: IPV6

Level: 2

When a static link local address was configured using the ADD IPV6 INT=xxx IP=yyy command, it was not reflected in the switch’s dynamic configuration. Consequently, the command would be absent from the switch’s configuration after CREATE CONFIG and switch RESTART commands were executed. This issue has been resolved.

PCR: 03136

Module: BGP

Level: 2

The ADD BGP PEER command MAXPREFIX parameter now has a default of 24000, instead of OFF. Previously, with no maximum prefix checking by default, if the switch received a very large number of prefixes from a BGP peer, buffer exhaustion could result in a software restart.

PCR: 03011

Module: OSPF

Level: 3

The SHOW OSPF NEIGHBOUR command did not reflect a change made to the router priority on a dynamic OSPF interface of a neighbouring router. This issue has been resolved.

PCR: 03035 Module: OSPF

Link state advertisements could incorrectly show an area as a stub area. This happened during the time when a Direct Route (DR) was removed from a configuration and before a Direct Backup Route (BDR), or an Other Direct Route (Other DR) was elected. This issue has been resolved.

PCR: 03045

Module: IPG, SWI

Level: 3

The switch would flood DVMRP unicast messages to all ports in the VLAN.

This issue has been resolved.

PCR: 03046

Module: IPG

Level: 3

ICMP packets originating from the switch used the wrong Equal Cost Multiple Path route. This issue has been resolved. Also, improvements have been made to ensure that the ICMP packet will be transmitted over the best available route. If the best route becomes unavailable, a new route will be found, if available, so that the ICMP packet continues to reach the destination address.

PCR: 03051

Module: PCI

Level: 2

The ECPAC card was not working correctly. This issue has been resolved.

Patch 86241-05for Software Release 2.4.1C613-10340-00REV E

6

Patch Release Note

Features in 86241-05

Patch file details are listed in Table 2:

Table 2: Patch file details for Patch 86241-05.

Base Software Release File

86s-241.rez

 

 

Patch Release Date

17-Jan-2003

 

 

Compressed Patch File Name

86241-05.paz

 

 

Compressed Patch File Size

332388 bytes

 

 

Patch 86241-05includes all issues resolved and enhancements released in previous patches for Software Release 2.4.1, and the following enhancements:

PCR: 02315 Module: SNMP

Network affecting: No

Support has been added for SNMPv2c.

SNMP responses will be sent in the same version format as the request message. Minimal configuration is required to specify a SNMP format, because this is decided on a message by message basis. The only thing you need to specify is the version of SNMP received by trap hosts.

To create an SNMP community, use the command:

CREATE SNMP COMMUNITY=name [ACCESS={READ|WRITE}] [TRAPHOST=ipadd] [MANAGER=ipadd] [OPEN={ON|OFF|YES|NO|TRUE|FALSE}][V1TRAPHOST=ipadd]

[V2CTRAPHOST=ipadd]

To add a trap host or management station to the previously created SNMP community, use the command:

ADD SNMP COMMUNITY=name [TRAPHOST=ipadd] [MANAGER=ipadd]

[V1TRAPHOST=ipadd][V2CTRAPHOST=ipadd]

PCR: 02389

Module: DS3

Network affecting: No

DS3 interface and board type support has been added. DS3 is now supported over PPP and Frame Relay. DS3 MIB support has been added.

For more information on DS3, see “DS3 Interfaces” on page 22 of this release note.

PCR: 02414

Module: IPv6, SWI, IPG, VLAN Network affecting: No

This patch resolves issues that arose after previous modifications made under this PCR number.

Sometimes IPv6 features did not enable correctly. Also, there were some errors in the output from configuration commands. These issues have been resolved.

PCR: 02560

Module: IPG, SWI, VLAN

Network affecting: No

IP packet throughput has been improved.

Patch 86241-05for Software Release 2.4.1C613-10340-00REV E

Patch 86241-06For Rapier Switches

7

PCR: 03002 Module: USER Network affecting: No

Debugging commands are now available for the RADIUS and TACACS control protocols. Raw packets, decoded packets, and errors can now be displayed.

Access control packet debugging allows the contents of the packets to be viewed. The debugging commands allow both raw (hexadecimal dumps) and/or decoded (human-readable)packet displays. Information on any errors occurring in the transactions can be displayed once the appropriate debugging command is issued.

Only users with SECURITY OFFICER privileges in system secure mode are able to enable RADIUS and TACACS debugging.

The debugging commands are:

ENABLE RADIUS DEBUG={ALL|PKT|DECODE|ERROR} [,...]

ENABLE TACACS DEBUG={ALL|PKT|DECODE|ERROR} [,...]

DISABLE RADIUS DEBUG={ALL|PKT|DECODE|ERROR} [,...]

DISABLE TACACS DEBUG={ALL|PKT|DECODE|ERROR} [,...]

SHOW RADIUS DEBUG

SHOW TACACS DEBUG

PCR: 03013

Module: INSTALL

Network affecting: No

The SET INSTALL command was generating an unwanted warning message on Rapier i series switches. This issue has been resolved.

Features in 86241-04

Patch file details are listed in Table 3:

Table 3: Patch file details for Patch 86241-04.

Base Software Release File

86s-241.rez

 

 

Patch Release Date

15-Jan-2003

 

 

Compressed Patch File Name

86241-04.paz

 

 

Compressed Patch File Size

208232 bytes

 

 

Patch 86241-04includes all issues resolved and enhancements released in previous patches for Software Release 2.4.1, and the following enhancements:

PCR 02244

Module: UTILITY

Network affecting: No

Virtual interfaces were displayed incorrectly when VLANs were multihomed. This issue has been resolved.

PCR: 02300

Module: Firewall

Network affecting: No

If the command ADD FIREWALL POLICY RULE SOURCEPORT=ALL was executed, a value of “65535” was incorrectly displayed for the SOURCEPORT parameter for that rule in the SHOW FIREWALL POLICY command. This issue has been resolved.

Patch 86241-05for Software Release 2.4.1C613-10340-00REV E

8 Patch Release Note

PCR: 02340 Module: IPG Network affecting: No

PIM was disabled permanently if the RESET IP command, or the DISABLE IP command followed by the ENABLE IP commands were executed. PIM is now automatically restarted if these commands are used.

PCR: 02356

Module: FIREWALL

Network affecting: No

Previously the SET FIREWALL POLICY RULE command permitted the use of the GBLIP and GBLPORT parameters in ways that were not permitted by the ADD FIREWALL POLICY RULE command. This caused problems when a configuration file was generated because some of the illegal parameters from the SET command were put into the ADD command. This resulted in a configuration that contained illegal parameter combinations. The restrictions placed on the GBLIP and GBLPORT parameters in the ADD command have now been implemented in the SET command so that these problems do not occur.

PCR: 02358

Module: IPG

Network affecting: No

IP ARP packets that had invalid header values were erroneously accepted by the router. Also, IP packets with a Class E source IP address were erroneously fowarded. These issues have been resolved.

PCR: 02371

Module: FIREWALL

Network affecting: No

When the system time was set to a time that was before or significantly after the current time, Firewall sessions were prematurely deleted. This issue has been resolved.

PCR: 02400

Module:

Network affecting: No

 

CORE,FFS,FILE,INSTALL,SCR

 

If a problem occurred with NVS, some critical files were lost. As a result, the equipment was forced to load only boot ROM software at boot time. This patch combined with the new version of the boot ROM software (pr1-1.2.0for the AR700 series) resolves this issue.

PCR: 02491

Module: IPG

Network affecting: No

The ARP cache is now updated when a gratuitous ARP request or reply packet is received.

PCR: 02506

Module: OSPF IPG

Network affecting: No

The ADD IP ROUTE FILTER optional parameter INTERFACE caused the filter to not work on the OSPF external LSA’s flooding.

The SHOW IP ROUTE FILTER interface name output was truncated to 6 characters. These issues have been resolved.

PCR: 02511

Module: Ping

Network affecting: No

Executing the PING command sometimes caused a memory leak. This issue has been resolved.

PCR: 02514

Module: IPG

Network affecting: No

The CREATE CONFIGURATION command inserted the IMTLEAVE parameter into the configuration script when the IMTLEAVE parameter was undefined. This caused an error in the configuration script. This issue has been resolved.

Patch 86241-05for Software Release 2.4.1C613-10340-00REV E

Patch 86241-06For Rapier Switches

9

PCR: 02519

Module: IPv6

Network affecting: No

The DELETE IPV6 6T04 command sometimes caused an error. This issue

has been resolved.

 

PCR: 02521

Module: IPv6

Network affecting: No

The DECREMENT parameter of the ADD IPV6 INTERFACE command was not recognised in the command line. This issue has been resolved.

PCR: 02523 Module: QOS, UTILITY Network affecting: No

The SET QOS TRAFFICCLASS command now requires 7 characters to be entered for the optional EXCEEDACTION and EXCEEDREMARKVALUE parameters.

PCR: 02525

Module: TELNET, PING, IPV6, Network affecting: No

 

TCP

The ADD IPV6 HOST command was not accepting the INTERFACE parameter when adding a host with a link-localaddress. This issue has been resolved.

PCR: 02526

Module: DVMRP

Network affecting: No

Under some circumstances, multiple default routes were created for

DVMRP. This issue has been resolved.

 

PCR: 02527

Module: TCP

Network affecting: No

TCP did not send a TCP Reset message under some circumstances, for example when the Telnet server was disabled. This issue has been resolved.

PCR: 02529 Module: FIREWALL Network affecting: No

The source IP address is now checked correctly when subnet NAT is used with standard, double, or reverse NAT. Previously, it was sometimes possible to specify an IP address outside the allowable range.

PCR: 02532 Module: FIREWALL Network affecting: No

The Firewall showed the wrong counters on Total Received Packets and Dropped Packets and displayed twice the number of received packets when discarding packets from the public side. Also, when a Deny rule was applied to the private side, the Number of Dropped Packets was always zero. These issues have been resolved.

PCR: 02534

Module: TEST

Network affecting: No

The SYN test did not operate successfully when patch 52241-03was

installed. This issue has been resolved.

 

PCR: 02535

Module: IPV6

Network affecting: No

A fatal error occurred when an IPv6 packet with an invalid payload length

was received. This issue has been resolved.

 

PCR: 02537

Module: L2TP

Network affecting: No

When PPP was used over an L2TP tunnel, a speed of zero was shown for the PPP interface on the LNS side, while the LAC side showed a non-zero

Patch 86241-05for Software Release 2.4.1C613-10340-00REV E

10

 

Patch Release Note

PPP interface speed. This issue has been resolved so that the LNS side of the

PPP interface shows the correct speed.

 

PCR: 02538

Module: DVMRP

Network affecting: No

The source mask is now always 0xffffffff in the DVMRP forwarding table.

The temporary route in the DVMRP route table was not displaying correctly. This issue has been resolved.

An IGMP entry was erroneously added for the reserved IP address. This issue has been resolved.

PCR: 02539 Module: CLASSIFIER Network affecting: No

The TCP and UDP source and destination port parameters would accept values of more than 65535. 65535 is now the maximum value for source and destination ports. This complies with RFC768 for UDP and RFC793 for TCP.

PCR: 02542 Module: IPV6 Network affecting: No

The SHOW IPV6 commands were incorrectly including RIPng down routes, and routes on the sending interface. The IPv6 routing table now recognises down routes.

PCR: 02543

Module: SWI

Network affecting: No

BPDU messages are now sent to all active ports as soon as STP is enabled.

PCR: 02547

Module: IPG

Network affecting: No

The ARP transmit counter total was not being incremented. This issue has

been resolved.

 

PCR: 02550

Module: FIREWALL

Network affecting: No

The standard subnet NAT rules on a private interface were not matching a packet unless its source IP address was exactly the same as the IPADDRESS value set for the rule, that is the NAT mask value was not being used. This issue has been resolved.

PCR: 02551

Module: IPG

Network affecting: No

Reserved multicast data was being duplicated. This issue has been resolved.

PCR: 02552

Module: SWI

Network affecting: No

If ingress filtering was supported within trunk groups, ports with ingress filtering enabled were erroneously added to the trunk group. This issue has been resolved.

PCR: 02564

Module: FIREWALL

Network affecting: No

Large RTSP continuation packets could cause a fatal error. This issue has

been resolved.

 

PCR: 02565

Module: CLASSIFIER

Network affecting: No

The SET CLASSIFIER and CREATE CLASSIFIER commands now display the tagged and untagged parameters correctly when the PROTOCOL parameter is set to IPX or 802.2.

PCR: 02572 Module: IPG Network affecting: No

An issue introduced in a previous patch with the SET IP ROUTE command failing has been resolved.

Patch 86241-05for Software Release 2.4.1C613-10340-00REV E