Allied Telesis 86253-07 User Manual

Size:
211.56 Kb
Download

Patch Release Note

Patch 86253-07

For Rapier Series Switches

Introduction

This patch release note lists the issues addressed and enhancements made in patch 86253-07for Software Release 2.5.3 on existing models of Rapier series switches. Patch file details are listed inTable 1.

Table 1: Patch file details for Patch 86253-07.

Base Software Release File

86s-253.rez

 

 

Patch Release Date

18-Feb-2004

 

 

Compressed Patch File Name

86253-07.paz

 

 

Compressed Patch File Size

333756 bytes

 

 

This release note should be read in conjunction with the following documents:

Release Note: Software Release 2.5.3 for Rapier Switches and AR400 and AR700 Series Routers (Document Number C613-10362-00 Rev A) available from www.alliedtelesyn.co.nz/documentation/documentation.html.

Rapier Switch Documentation Set for Software Release 2.5.1 available on the Documentation and Tools CD-ROM packaged with your switch, or from www.alliedtelesyn.co.nz/documentation/documentation.html.

WARNING: Using a patch for a different model or software release may cause unpredictable results, including disruption to the network. Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesyn International. While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesyn International can not accept any type of liability for errors in, or omissions arising from the use of this information.

Simply connecting the world

2

Patch Release Note

Some of the issues addressed in this Release Note include a level number. This number reflects the importance of the issue that has been resolved. The levels are:

Level 1 This issue will cause significant interruption to network services, and there is nowork-around.

Level 2 This issue will cause interruption to network service, however there is awork-around.

Level 3 This issue will seldom appear, and will cause minor inconvenience.

Level 4 This issue represents a cosmetic change and does not affect network operation.

Features in 86253-07

Patch 86253-06was not released.

Patch 86253-07includes all issues resolved and enhancements released in previous patches for Software Release 2.5.3, and the following enhancements:

PCR: 03941

Module: FIREWALL

Level: 2

TCP Keepalive packets for FTP sessions were passing through the firewall during the TCP setup stage with TCP Setup Proxy enabled.Keepalive packets include sequence numbers that have already been acknowledged. Such packets now fail stateful inspections and are dropped by the FTPapplication-levelgateway.

PCR: 03961

Module: PIM, PIM6

Level: 2

The PIM-DMprune expiry time was not reset when aState Refresh message was received. This issue has been resolved.

PCR: 03997

Module: IPG

Level: 3

When policy-basedrouting was active, IP packets not matching any policyspecific routes were forwarded, even if there was no default policy route. This issue has been resolved. Now, a route whose policy exactly matches the policy of the packet is selected. If an exact match does not exist, a route with the default policy will be used to route the packet. If no route is found, the packet is discarded. The TOS field in incoming IP packets is ignored, so packets with the TOS value set are forwarded using a route with the default policy.

PCR: 31080

Module: IPv6

Level: 2

When a ping was sent to the device’s link-localaddress, the device flooded the ICMPReply packet over the VLAN. This issue has been resolved.

PCR: 31104

Module: OSPF

Level: 2

Occasionally when a device rebooted its OSPF routes were missing from the route table. This issue has been resolved.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E

Patch 86253-07For Rapier Series Switches

3

PCR: 31160

Module: IPG

Level: 2

A memory leak occurred if DNS relay was configured, and the device kept receiving DNS Query packets. This issue has been resolved.

PCR: 31176

Module: PIM6

Level: 2

PIM6 could not send unicast bootstrap messages to a new neighbour. This issue has been resolved.

PCR: 31178

Module: FIREWALL

Level: 4

If the SMTP Proxy detected a third party relay attack, the “SMTP third party relay attack” trigger message was not displayed. This issue has been resolved.

PCR: 31200

Module: SWI

Level: 2

The forwarding database table sometimes did not update correctly when multiple packets with the same MAC source address were sent to the switch via different ports. This issue has been resolved.

PCR: 31202 Module: QOS

Level: 3

The HWQUEUE parameter in the SET QOS HWQUEUE command incorrectly accepted values from 0 to 9999. The upper limit for this parameter is 3. This issue has been resolved. The correct limit is now enforced.

PCR: 31205

Module: VRRP

Level: 3

Two VRRP log messages were displayed when they should not have been.

The log messages were:

Vrrp 1: Vlan vlan2 10 Port Failed decrementing priority by 20

Vrrp 1: Vlan vlan2 1 Port up incrementing priority by 2

This issue has been resolved. These messages are now displayed at the correct time.

PCR: 31220

Module: OSPF

Level: 2

OSPF neighbours did not establish the Full state when IP route filters were applied. This issue has been resolved.

PCR: 31223

Module: IPV6

Level: 3

The neighbour discovery timeout has been set to 3 seconds in ICMPv6 to speed up Destination Unreachable detection.

PCR: 31224

Module: IPG

Level: 3

The badQuery andbadRouterMsg counters in the SHOW IGMP and SHOW IGMPSNOOPING commands were not incrementing correctly. This issue has been resolved.

PCR: 31230

Module: OSPF

Level: 3

When an Inter-arearoute went down and the only other route to the destination was anAS-Externalroute, theAS-Externalroute was not selected. This issue has been resolved.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E

4

Patch Release Note

PCR: 31233

Module: L3F

Level: 2

A filter entry was lost when the SET SWITCH L3FILTER ENTRY command did not succeed. This issue has been resolved.

PCR: 31236

Module: IPV6

Level: 3

Link-localaddresses can only be unicast addresses. If alink-localaddress was added as an anycast address, no error message was returned. This issue has been resolved. Now, an error message is returned stating that a linklocal address must be a unicast address.

PCR: 31239

Module: IPV6

Level: 3

The Maximum Transmission Unit (MTU) was not always set to the MTU value in the ICMP Packet Too Big Message sent from the device. This issue has been resolved.

PCR: 31247

Module: VLAN, IPG

Level: 2

After IGMP snooping was disabled, multicast data was not flooded to VLANs. This was because the multicast route forwarding port map was cleared. This issue has been resolved.

PCR: 31253

Module: SWI, SW56

Level: 2

The forwarding database table sometimes did not update correctly when multiple packets with the same MAC source address were sent to the switch via different ports. This issue has been resolved.

PCR: 31258 Module: IPG, DHCP

If DHCP clients do not respond to echo requests, the DHCP server can not detect an addressing conflict, so may offer inuse addresses to clients. This issue has been resolved.

This PCR introduces a new parameter, PROBE, to the CREATE DHCP RANGE and SET DHCP RANGE commands. This parameter allows for address probing using ARP requests and replies instead of the normal ping mechanism. This feature is limited to clients on the same subnet (broadcast domain) as the DHCP server, and therefore can not be used with the GATEWAY parameter.

The new syntax is:

CREATE DHCP RANGE=name [PROBE={ARP|ICMP}]

[other-parameters]

SET DHPC RANGE [PROBE={ARP|ICMP}][other-parameters]

PCR: 31259 Module: DHCP

Level: 2

When the DHCP server rejected a DHCPRequest message, the requested IP address was not logged correctly. This issue has been resolved.

PCR: 31268

Module: IPG

Level: 2

PCR 31128 introduced an issue that occasionally caused a fatal error with IP flows. This issue has been resolved.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E

Patch 86253-07For Rapier Series Switches

5

PCR: 31270

Module: CURE, IPG, ATK,

Level: 3

 

DVMRP, IPX2, LB, LOG, SNMP,

 

 

UTILITY

 

Entering “?” after a command at the CLI gives context-sensitiveHelp about parameters valid for the command. Occasionally, commands (for example, ENABLE IP MULTICASTING) were executed when “?” was entered at the end of the command. This issue has been resolved.

PCR: 40006 Module: LOG

Level: 2

Executing the SHOW DEBUG command caused a fatal error if the temporary log had been destroyed with the DESTROY LOG OUTPUT=TEMPORARY command. This issue has been resolved.

PCR: 40007

Module: FIREWALL

Level: 2

When an interface-basedenhanced NAT was defined in a firewall policy, and a reverse NAT rule was defined to redirect traffic to a proxy server, the reverse NAT did not work correctly. The proxy server did not receive any traffic from the device. This issue has been resolved.

PCR: 40008

Module: NTP

Level: 3

When the device operated in NTP Client mode, the SHOW TIME command sometimes displayed the incorrect time. This issue has been resolved.

PCR: 40012

Module: IPG, OSPF

Level: 2

The device sometimes rebooted when OSPF on demand was enabled for

PPP. This issue has been resolved.

PCR: 40020

Module: SW56

Level: 3

When a port’s ingress limit was set to less than 1000 with the INGRESSLIMIT parameter in the SET SWITCH PORT command, sending packets to a tagged port caused FCS errors on transmission. This issue has been resolved.

PCR: 40023

Module: IPG

Level: 2

The timeout interval for IGMP group membership now conforms to RFC 2236 for IGMPv2.

PCR: 40038

Module: OSPF

Level: 2

After a Summary LSA for the default route in a stub area had been refreshed by an Area Border Router, and the Area Border Router was restarted, the Summary LSA was not advertised into the stub area again. This issue has been resolved.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E

6

Patch Release Note

Features in 86253-05

Patch file details are listed in Table 2:

Table 2: Patch file details for Patch 86253-05.

Base Software Release File

86s-253.rez

 

 

Patch Release Date

26-November-2003

 

 

Compressed Patch File Name

86253-05.paz

 

 

Compressed Patch File Size

700793 bytes

 

 

Patch 86253-05includes all issues resolved and enhancements released in previous patches for Software Release 2.5.3, and the following enhancements:

PCR: 03781

Module: STP

Level: 2

A buffer leak occurred when rapid STP was specified with the SET STP

MODE=RAPID command, but STP had not been enabled with the ENABLE

STP command. This issue has been resolved.

PCR: 03861

Module: IPV6

Level: 2

When a connector was plugged into one physical interface, the RIPng request packet was erroneously transmitted from all interfaces on the switch. This issue has been resolved.

PCR: 03873

Module: IPG

Level: 4

The STATIC and INTERFACE options have been removed from the PROTOCOL parameter in the ADD IP ROUTE FILTER and SET IP ROUTE FILTER commands. These parameters were redundant because received static and interface routes are always added to the route table.

PCR: 03905

Module: TTY

Level: 3

A fatal error occurred in the text editor while selecting blocks and scrolling up. This issue has been resolved.

PCR: 03910

Module: IPG

Level: 3

When RIP demand mode was enabled, and one interface changed to a reachable state, the triggered Request packet was not sent from that interface, and triggeredResponse packets were not sent from all other RIP interfaces. This resulted in slow convergence of routing tables across the network. This issue has been resolved.

PCR: 03926

Module: PIM

Level: 2

Repeated Assert messages were sent after the prune limit expired. This issue has been resolved. The default dense mode prune hold time has been changed from 60 seconds to 210 seconds.

PCR: 03940

Module: PKI

Level: 1

The following two issues have been resolved:

Large CRL files were not decoded correctly.

The certificate database was not validated immediately after the CRL file was updated.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E

Patch 86253-07For Rapier Series Switches

7

PCR: 03953

Module: SW56

Level: 3

On AT-8800series switches, strict QoS scheduling is now enforced for ports where egress rate limiting is applied. On Rapieri series switches, the same QoS setup is now applied to all of the appropriate ports when setting up egress rate limiting.

PCR: 03970

Module: IPV6

Level: 3

If an IPv6 filter that blocked traffic on a VLAN interface was removed, the traffic was still blocked. This issue has been resolved.

PCR: 03982

Module: FIREWALL

Level: 3

The SMTP proxy did not correctly filter sessions where messages were fragmented. This had the potential to prevent the detection of third-partyrelay attacks. This issue has been resolved.

PCR: 03993

Module: FIREWALL

Level: 4

The AUTHENTICATION parameter has been removed from the “?” CLI help for firewall commands. This was not a valid parameter.

PCR: 03996

Module: FIREWALL

Level: 2

Occasionally some firewall timers stopped early, resulting in sessions being removed prematurely. Because of this, TCP Reset packets could be sent by the firewall before TCP sessions were finished. This issue has been resolved.

PCR: 03997

Module: IPG

Level: 3

When policy-basedrouting was active, IP packets not matching any policyspecific routes were forwarded, even if there was no default policy route. This issue has been resolved. Now, a route whose policy exactly matches the policy of the packet is selected. If an exact match does not exist, a route with the default policy will be used to route the packet. If no route is found, the packet is discarded. The TOS field in incoming IP packets is ignored, so packets with the TOS value set are forwarded using a route with the default policy.

PCR: 31002

Module: UTILITY

Level: 2

Sometimes the device rebooted when a severe multicast storm occurred due to a loop in the network. This issue has been resolved.

PCR: 31004

Module: TTY

Level: 2

If a SHOW command that displayed a lot of information, such as SHOW DEBUG, was executed when the device’s free buffer level was very low, the device sometimes became unresponsive. This could also occur if many SHOW commands were executed through a script. This issue has been resolved.

PCR: 31009

Module: HTTP

Level: 3

The server string was not copied correctly into an HTTP file request when loading information from the configuration script. This issue has been resolved.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E

8

Patch Release Note

PCR: 31040

Module: PIM

Level: 2

When two devices are BSR candidates, and have the same preference set with the SET PIM BSRCANDIDATE PREFERENCE command, the device with the higher IP address was not elected as the candidate. This issue has been resolved.

PCR: 31041

Module: PIM

Level: 3

A Prune message sent to an old RP neighbour was ignored when a new unicast route was learned. This issue has been resolved.

PCR: 31042

Module: PIM

Level: 3

On Rapier series switches, an Assert message was not sent after the prune limit expired. This issue has been resolved.

PCR: 31044

Module: SWI

Level: 4

The log message “IGMP Snooping is active, L3FILT is activated” has been changed to “IGMP packet trapping is active, L3FILT is activated”. The revised message is clearer when IGMP is enabled and IGMP snooping is disabled.

PCR: 31052

Module: FIREWALL

Level: 3

The following changes have been made to the ADD FIREWALL POLICY

RULE and SET FIREWALL POLICY RULE commands:

An IP address range for the IP parameter is now only accepted when enhanced NAT is configured.

An IP address range for GBLREMOTE parameter is now only accepted when reverse or reverse-enhancedNAT is configured.

The GBLIP parameter is not accepted for a public interface when enhanced NAT is configured.

PCR: 31058

Module: NTP

Level: 3

When the interval between the NTP server and client exceeded 34 years 9 days and 10 hours, the time set on the client was incorrect. This issue has been resolved.

PCR: 31063

Module: IPG

Level: 2

MVR was not operating if IGMP had not been enabled. This issue has been resolved.

PCR: 31068

Module: STP

Level: 2

A fatal error occurred when the PURGE STP command was executed when STP instances were defined with VLAN members. This issue has been resolved.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E

Patch 86253-07For Rapier Series Switches

9

PCR: 31071 Module: SWI Level: 4

The warning given when a QoS policy is active on a port operating at reduced speed has been changed to reflect the problem more accurately. The old message was:

Warning (2087343): Port <Port num> is currently used in QoS policy <QoS policy num>, this policy may become incorrect due to the port bandwidth.

The new message is:

Warning (2087350): Port <Port num> is operating at less than its maximum speed: this may affect QoS policy <QoS policy num>.

PCR: 31072

Module: SWI

Level: 3

If the DISABLE SWITCH PORT command appeared in the configuration script, an interface could come up even though ifAdminStatus was set to ‘down’. This issue has been resolved.

PCR: 31082

Module: STP

Level: 2

The root bridge did not transmit BPDU messages with changed hellotime,forwarddelay andmaxage values. This issue has been resolved.

PCR: 31085

Module: LDAP

Level: 3

LDAP could not receive large messages spanning multiple packets. This issue has been resolved.

PCR: 31094

Module: FILE

Level: 3

Files with lines over 132 characters in length could not be transferred using TFTP. This limit has now been raised to 1000 characters to match the maximum command line length.

PCR: 31096

Module: FFS

Level: 3

The SHOW FILE command caused an error when the displayed file had a duplicate entry due to file size mismatch. This issue has been resolved. An error message is now logged when the SHOW FILE command detects a duplicate file. The first FFS file will be deleted when a duplicate exists.

PCR: 31098 Module: DHCP

Level: 3

Static DHCP address ranges were not reclaimed if the Reclaim operation was interrupted by the interface going down. This issue has been resolved.

PCR: 31099

Module: FIREWALL

Level: 4

In the output of SHOW FIREWALL EVENT command, the DIRECTION of denied multicast packets was shown as “out”, not “in”. This issue has been resolved.

PCR: 31105

Module: ISAKMP

Level: 3

A small amount of memory was consumed by each ISAKMP exchange if an ISAKMP policy's REMOTEID was set as an X.500 distinguished name with the CREATE ISAKMP POLICY command. This issue has been resolved.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E

10

Patch Release Note

PCR: 31106 Module: MLD

Level: 2

When the device received a version 1 Query packet, it become anon-querieron that interface, even if it should have remained as the querier. This issue has been resolved.

PCR: 31118

Module: SWI

Level: 2

When the TYPE parameter was specified for the ADD SWITCH L3FILTER command, the type was sometimes a different value in the device’s hardware table. This issue has been resolved.

PCR: 31119 Module: LOG

Level: 2

The maximum value that the MESSAGES parameter accepted for the CREATE LOG OUTPUT command was different from the value that could be set with the SET LOG OUTPUT command. The DESTROY LOG OUTPUT command did not release the NVS memory that was reserved for the output. These issues have been resolved.

PCR: 31122 Module: RMON

Level: 3

The etherHistoryIntervalStartnode in the etherHistoryTableshowed incorrect values for the first and last 30 second interval periods. This issue has been resolved.

PCR: 31127

Module: FIREWALL

Level: 2

If a rule based NAT was added to the firewall’s public interface, the firewall forwarded ICMP Request packets even if ICMP forwarding was disabled. This issue has been resolved.

PCR: 31128

Module: IPG

Level: 2

When a large number of directed broadcast packets were received, CPU usage increased up to 100%. This occurred because a log message was generated each time a directed broadcast packet was deleted. This issue has been resolved. Log messages are now rate-limitedto a maximum of one log message every 10 seconds for a directed broadcast flow. After the first deletion is logged, subsequent log messages include a counter showing the number of directed broadcast packets in the same flow that were deleted since the last log message.

PCR: 31129

Module: IPX2

Level: 2

A fatal error occurred if IPX was disabled and then re-enabledwhen there was a high rate of incoming IPX traffic on the device. This issue has been resolved.

PCR: 31132 Module: DHCP

Level: 2

The DHCP server did not take any action when it received a DHCP decline packet. This was because the device only checked theciaddr field in the packet, and not theRequestedIPAddress option. This issue has been resolved.

PCR: 31133

Module: IPG

This PCR introduces an enhancement that extends an issue that was resolved in PCR 03890, in which switch port entries are only created for special router multicast addresses. It is now possible to specify reserved multicast addresses that will be treated as multicast packets from routers. Use the following commands to configure this feature.

Patch 86253-07for Software Release 2.5.3C613-10382-00REV E