Patch Release Note

Patch 86253-07

For Rapier Series Switches

Introduction

This patch release note lists the issues addressed and enhancements made in patch 86253-07for Software Release 2.5.3 on existing models of Rapier series switches. Patch file details are listed inTable 1.

Table 1: Patch file details for Patch 86253-07.

Base Software Release File	86s-253.rez
Patch Release Date	18-Feb-2004
Compressed Patch File Name	86253-07.paz
Compressed Patch File Size	333756 bytes

This release note should be read in conjunction with the following documents:

■Release Note: Software Release 2.5.3 for Rapier Switches and AR400 and AR700 Series Routers (Document Number C613-10362-00 Rev A) available from www.alliedtelesyn.co.nz/documentation/documentation.html.

■Rapier Switch Documentation Set for Software Release 2.5.1 available on the Documentation and Tools CD-ROM packaged with your switch, or from www.alliedtelesyn.co.nz/documentation/documentation.html.

WARNING: Using a patch for a different model or software release may cause unpredictable results, including disruption to the network. Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesyn International. While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesyn International can not accept any type of liability for errors in, or omissions arising from the use of this information.

Simply connecting the world

2	Patch Release Note

Some of the issues addressed in this Release Note include a level number. This number reflects the importance of the issue that has been resolved. The levels are:

Level 1 This issue will cause significant interruption to network services, and there is nowork-around.

Level 2 This issue will cause interruption to network service, however there is awork-around.

Level 3 This issue will seldom appear, and will cause minor inconvenience.

Level 4 This issue represents a cosmetic change and does not affect network operation.

Features in 86253-07

Patch 86253-06was not released.

Patch 86253-07includes all issues resolved and enhancements released in previous patches for Software Release 2.5.3, and the following enhancements:

PCR: 03941

Module: FIREWALL

Level: 2

TCP Keepalive packets for FTP sessions were passing through the firewall during the TCP setup stage with TCP Setup Proxy enabled.Keepalive packets include sequence numbers that have already been acknowledged. Such packets now fail stateful inspections and are dropped by the FTPapplication-levelgateway.

PCR: 03961

Module: PIM, PIM6

Level: 2

The PIM-DMprune expiry time was not reset when aState Refresh message was received. This issue has been resolved.

PCR: 03997

Module: IPG

Level: 3

When policy-basedrouting was active, IP packets not matching any policyspecific routes were forwarded, even if there was no default policy route. This issue has been resolved. Now, a route whose policy exactly matches the policy of the packet is selected. If an exact match does not exist, a route with the default policy will be used to route the packet. If no route is found, the packet is discarded. The TOS field in incoming IP packets is ignored, so packets with the TOS value set are forwarded using a route with the default policy.

PCR: 31080

Module: IPv6

Level: 2

When a ping was sent to the device’s link-localaddress, the device flooded the ICMPReply packet over the VLAN. This issue has been resolved.

PCR: 31104

Module: OSPF

Level: 2

Occasionally when a device rebooted its OSPF routes were missing from the route table. This issue has been resolved.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E

Patch 86253-07For Rapier Series Switches

3

PCR: 31160

Module: IPG

Level: 2

A memory leak occurred if DNS relay was configured, and the device kept receiving DNS Query packets. This issue has been resolved.

PCR: 31176

Module: PIM6

Level: 2

PIM6 could not send unicast bootstrap messages to a new neighbour. This issue has been resolved.

PCR: 31178

Module: FIREWALL

Level: 4

If the SMTP Proxy detected a third party relay attack, the “SMTP third party relay attack” trigger message was not displayed. This issue has been resolved.

PCR: 31200

Module: SWI

Level: 2

The forwarding database table sometimes did not update correctly when multiple packets with the same MAC source address were sent to the switch via different ports. This issue has been resolved.

PCR: 31202 Module: QOS

Level: 3

The HWQUEUE parameter in the SET QOS HWQUEUE command incorrectly accepted values from 0 to 9999. The upper limit for this parameter is 3. This issue has been resolved. The correct limit is now enforced.

PCR: 31205

Module: VRRP

Level: 3

Two VRRP log messages were displayed when they should not have been.

The log messages were:

Vrrp 1: Vlan vlan2 10 Port Failed decrementing priority by 20

Vrrp 1: Vlan vlan2 1 Port up incrementing priority by 2

This issue has been resolved. These messages are now displayed at the correct time.

PCR: 31220

Module: OSPF

Level: 2

OSPF neighbours did not establish the Full state when IP route filters were applied. This issue has been resolved.

PCR: 31223

Module: IPV6

Level: 3

The neighbour discovery timeout has been set to 3 seconds in ICMPv6 to speed up Destination Unreachable detection.

PCR: 31224

Module: IPG

Level: 3

The badQuery andbadRouterMsg counters in the SHOW IGMP and SHOW IGMPSNOOPING commands were not incrementing correctly. This issue has been resolved.

PCR: 31230

Module: OSPF

Level: 3

When an Inter-arearoute went down and the only other route to the destination was anAS-Externalroute, theAS-Externalroute was not selected. This issue has been resolved.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E

4	Patch Release Note

PCR: 31233

Module: L3F

Level: 2

A filter entry was lost when the SET SWITCH L3FILTER ENTRY command did not succeed. This issue has been resolved.

PCR: 31236

Module: IPV6

Level: 3

Link-localaddresses can only be unicast addresses. If alink-localaddress was added as an anycast address, no error message was returned. This issue has been resolved. Now, an error message is returned stating that a linklocal address must be a unicast address.

PCR: 31239

Module: IPV6

Level: 3

The Maximum Transmission Unit (MTU) was not always set to the MTU value in the ICMP Packet Too Big Message sent from the device. This issue has been resolved.

PCR: 31247

Module: VLAN, IPG

Level: 2

After IGMP snooping was disabled, multicast data was not flooded to VLANs. This was because the multicast route forwarding port map was cleared. This issue has been resolved.

PCR: 31253

Module: SWI, SW56

Level: 2

The forwarding database table sometimes did not update correctly when multiple packets with the same MAC source address were sent to the switch via different ports. This issue has been resolved.

PCR: 31258 Module: IPG, DHCP

If DHCP clients do not respond to echo requests, the DHCP server can not detect an addressing conflict, so may offer inuse addresses to clients. This issue has been resolved.

This PCR introduces a new parameter, PROBE, to the CREATE DHCP RANGE and SET DHCP RANGE commands. This parameter allows for address probing using ARP requests and replies instead of the normal ping mechanism. This feature is limited to clients on the same subnet (broadcast domain) as the DHCP server, and therefore can not be used with the GATEWAY parameter.

The new syntax is:

CREATE DHCP RANGE=name [PROBE={ARP|ICMP}]

[other-parameters]

SET DHPC RANGE [PROBE={ARP|ICMP}][other-parameters]

PCR: 31259 Module: DHCP

Level: 2

When the DHCP server rejected a DHCPRequest message, the requested IP address was not logged correctly. This issue has been resolved.

PCR: 31268

Module: IPG

Level: 2

PCR 31128 introduced an issue that occasionally caused a fatal error with IP flows. This issue has been resolved.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E

Patch 86253-07For Rapier Series Switches

5

PCR: 31270	Module: CURE, IPG, ATK,	Level: 3
	DVMRP, IPX2, LB, LOG, SNMP,
	UTILITY

Entering “?” after a command at the CLI gives context-sensitiveHelp about parameters valid for the command. Occasionally, commands (for example, ENABLE IP MULTICASTING) were executed when “?” was entered at the end of the command. This issue has been resolved.

PCR: 40006 Module: LOG

Level: 2

Executing the SHOW DEBUG command caused a fatal error if the temporary log had been destroyed with the DESTROY LOG OUTPUT=TEMPORARY command. This issue has been resolved.

PCR: 40007

Module: FIREWALL

Level: 2

When an interface-basedenhanced NAT was defined in a firewall policy, and a reverse NAT rule was defined to redirect traffic to a proxy server, the reverse NAT did not work correctly. The proxy server did not receive any traffic from the device. This issue has been resolved.

PCR: 40008

Module: NTP

Level: 3

When the device operated in NTP Client mode, the SHOW TIME command sometimes displayed the incorrect time. This issue has been resolved.

PCR: 40012

Module: IPG, OSPF

Level: 2

The device sometimes rebooted when OSPF on demand was enabled for

PPP. This issue has been resolved.

PCR: 40020

Module: SW56

Level: 3

When a port’s ingress limit was set to less than 1000 with the INGRESSLIMIT parameter in the SET SWITCH PORT command, sending packets to a tagged port caused FCS errors on transmission. This issue has been resolved.

PCR: 40023

Module: IPG

Level: 2

The timeout interval for IGMP group membership now conforms to RFC 2236 for IGMPv2.

PCR: 40038

Module: OSPF

Level: 2

After a Summary LSA for the default route in a stub area had been refreshed by an Area Border Router, and the Area Border Router was restarted, the Summary LSA was not advertised into the stub area again. This issue has been resolved.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E