Allied Telesis 86253-07 User Manual
Patch Release Note
Patch
For Rapier Series Switches
Introduction
This patch release note lists the issues addressed and enhancements made in patch
Table 1: Patch file details for Patch
Base Software Release File | |
|
|
Patch Release Date | |
|
|
Compressed Patch File Name | |
|
|
Compressed Patch File Size | 333756 bytes |
|
|
This release note should be read in conjunction with the following documents:
■Release Note: Software Release 2.5.3 for Rapier Switches and AR400 and AR700 Series Routers (Document Number
■Rapier Switch Documentation Set for Software Release 2.5.1 available on the Documentation and Tools
WARNING: Using a patch for a different model or software release may cause unpredictable results, including disruption to the network. Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesyn International. While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesyn International can not accept any type of liability for errors in, or omissions arising from the use of this information.
Simply connecting the world
2 | Patch Release Note |
Some of the issues addressed in this Release Note include a level number. This number reflects the importance of the issue that has been resolved. The levels are:
Level 1 This issue will cause significant interruption to network services, and there is no
Level 2 This issue will cause interruption to network service, however there is a
Level 3 This issue will seldom appear, and will cause minor inconvenience.
Level 4 This issue represents a cosmetic change and does not affect network operation.
Features in 86253-07
Patch
Patch
PCR: 03941 | Module: FIREWALL | Level: 2 |
TCP Keepalive packets for FTP sessions were passing through the firewall during the TCP setup stage with TCP Setup Proxy enabled.Keepalive packets include sequence numbers that have already been acknowledged. Such packets now fail stateful inspections and are dropped by the FTP
PCR: 03961 | Module: PIM, PIM6 | Level: 2 |
The
PCR: 03997 | Module: IPG | Level: 3 |
When
PCR: 31080 | Module: IPv6 | Level: 2 |
When a ping was sent to the device’s
PCR: 31104 | Module: OSPF | Level: 2 |
Occasionally when a device rebooted its OSPF routes were missing from the route table. This issue has been resolved.
Patch
Patch | 3 |
PCR: 31160 | Module: IPG | Level: 2 |
A memory leak occurred if DNS relay was configured, and the device kept receiving DNS Query packets. This issue has been resolved.
PCR: 31176 | Module: PIM6 | Level: 2 |
PIM6 could not send unicast bootstrap messages to a new neighbour. This issue has been resolved.
PCR: 31178 | Module: FIREWALL | Level: 4 |
If the SMTP Proxy detected a third party relay attack, the “SMTP third party relay attack” trigger message was not displayed. This issue has been resolved.
PCR: 31200 | Module: SWI | Level: 2 |
The forwarding database table sometimes did not update correctly when multiple packets with the same MAC source address were sent to the switch via different ports. This issue has been resolved.
PCR: 31202 Module: QOS | Level: 3 |
The HWQUEUE parameter in the SET QOS HWQUEUE command incorrectly accepted values from 0 to 9999. The upper limit for this parameter is 3. This issue has been resolved. The correct limit is now enforced.
PCR: 31205 | Module: VRRP | Level: 3 |
Two VRRP log messages were displayed when they should not have been.
The log messages were:
Vrrp 1: Vlan vlan2 10 Port Failed decrementing priority by 20
Vrrp 1: Vlan vlan2 1 Port up incrementing priority by 2
This issue has been resolved. These messages are now displayed at the correct time.
PCR: 31220 | Module: OSPF | Level: 2 |
OSPF neighbours did not establish the Full state when IP route filters were applied. This issue has been resolved.
PCR: 31223 | Module: IPV6 | Level: 3 |
The neighbour discovery timeout has been set to 3 seconds in ICMPv6 to speed up Destination Unreachable detection.
PCR: 31224 | Module: IPG | Level: 3 |
The badQuery andbadRouterMsg counters in the SHOW IGMP and SHOW IGMPSNOOPING commands were not incrementing correctly. This issue has been resolved.
PCR: 31230 | Module: OSPF | Level: 3 |
When an
Patch
4 | Patch Release Note |
PCR: 31233 | Module: L3F | Level: 2 |
A filter entry was lost when the SET SWITCH L3FILTER ENTRY command did not succeed. This issue has been resolved.
PCR: 31236 | Module: IPV6 | Level: 3 |
PCR: 31239 | Module: IPV6 | Level: 3 |
The Maximum Transmission Unit (MTU) was not always set to the MTU value in the ICMP Packet Too Big Message sent from the device. This issue has been resolved.
PCR: 31247 | Module: VLAN, IPG | Level: 2 |
After IGMP snooping was disabled, multicast data was not flooded to VLANs. This was because the multicast route forwarding port map was cleared. This issue has been resolved.
PCR: 31253 | Module: SWI, SW56 | Level: 2 |
The forwarding database table sometimes did not update correctly when multiple packets with the same MAC source address were sent to the switch via different ports. This issue has been resolved.
PCR: 31258 Module: IPG, DHCP
If DHCP clients do not respond to echo requests, the DHCP server can not detect an addressing conflict, so may offer inuse addresses to clients. This issue has been resolved.
This PCR introduces a new parameter, PROBE, to the CREATE DHCP RANGE and SET DHCP RANGE commands. This parameter allows for address probing using ARP requests and replies instead of the normal ping mechanism. This feature is limited to clients on the same subnet (broadcast domain) as the DHCP server, and therefore can not be used with the GATEWAY parameter.
The new syntax is:
CREATE DHCP RANGE=name [PROBE={ARP|ICMP}]
SET DHPC RANGE [PROBE={ARP|ICMP}]
PCR: 31259 Module: DHCP | Level: 2 |
When the DHCP server rejected a DHCPRequest message, the requested IP address was not logged correctly. This issue has been resolved.
PCR: 31268 | Module: IPG | Level: 2 |
PCR 31128 introduced an issue that occasionally caused a fatal error with IP flows. This issue has been resolved.
Patch
Patch | 5 |
PCR: 31270 | Module: CURE, IPG, ATK, | Level: 3 |
| DVMRP, IPX2, LB, LOG, SNMP, |
|
| UTILITY |
|
Entering “?” after a command at the CLI gives
PCR: 40006 Module: LOG | Level: 2 |
Executing the SHOW DEBUG command caused a fatal error if the temporary log had been destroyed with the DESTROY LOG OUTPUT=TEMPORARY command. This issue has been resolved.
PCR: 40007 | Module: FIREWALL | Level: 2 |
When an
PCR: 40008 | Module: NTP | Level: 3 |
When the device operated in NTP Client mode, the SHOW TIME command sometimes displayed the incorrect time. This issue has been resolved.
PCR: 40012 | Module: IPG, OSPF | Level: 2 |
The device sometimes rebooted when OSPF on demand was enabled for
PPP. This issue has been resolved.
PCR: 40020 | Module: SW56 | Level: 3 |
When a port’s ingress limit was set to less than 1000 with the INGRESSLIMIT parameter in the SET SWITCH PORT command, sending packets to a tagged port caused FCS errors on transmission. This issue has been resolved.
PCR: 40023 | Module: IPG | Level: 2 |
The timeout interval for IGMP group membership now conforms to RFC 2236 for IGMPv2.
PCR: 40038 | Module: OSPF | Level: 2 |
After a Summary LSA for the default route in a stub area had been refreshed by an Area Border Router, and the Area Border Router was restarted, the Summary LSA was not advertised into the stub area again. This issue has been resolved.
Patch
6 | Patch Release Note |
Features in 86253-05
Patch file details are listed in Table 2:
Table 2: Patch file details for Patch
Base Software Release File | |
|
|
Patch Release Date | |
|
|
Compressed Patch File Name | |
|
|
Compressed Patch File Size | 700793 bytes |
|
|
Patch
PCR: 03781 | Module: STP | Level: 2 |
A buffer leak occurred when rapid STP was specified with the SET STP
MODE=RAPID command, but STP had not been enabled with the ENABLE
STP command. This issue has been resolved.
PCR: 03861 | Module: IPV6 | Level: 2 |
When a connector was plugged into one physical interface, the RIPng request packet was erroneously transmitted from all interfaces on the switch. This issue has been resolved.
PCR: 03873 | Module: IPG | Level: 4 |
The STATIC and INTERFACE options have been removed from the PROTOCOL parameter in the ADD IP ROUTE FILTER and SET IP ROUTE FILTER commands. These parameters were redundant because received static and interface routes are always added to the route table.
PCR: 03905 | Module: TTY | Level: 3 |
A fatal error occurred in the text editor while selecting blocks and scrolling up. This issue has been resolved.
PCR: 03910 | Module: IPG | Level: 3 |
When RIP demand mode was enabled, and one interface changed to a reachable state, the triggered Request packet was not sent from that interface, and triggeredResponse packets were not sent from all other RIP interfaces. This resulted in slow convergence of routing tables across the network. This issue has been resolved.
PCR: 03926 | Module: PIM | Level: 2 |
Repeated Assert messages were sent after the prune limit expired. This issue has been resolved. The default dense mode prune hold time has been changed from 60 seconds to 210 seconds.
PCR: 03940 | Module: PKI | Level: 1 |
The following two issues have been resolved:
•Large CRL files were not decoded correctly.
•The certificate database was not validated immediately after the CRL file was updated.
Patch
Patch | 7 |
PCR: 03953 | Module: SW56 | Level: 3 |
On
PCR: 03970 | Module: IPV6 | Level: 3 |
If an IPv6 filter that blocked traffic on a VLAN interface was removed, the traffic was still blocked. This issue has been resolved.
PCR: 03982 | Module: FIREWALL | Level: 3 |
The SMTP proxy did not correctly filter sessions where messages were fragmented. This had the potential to prevent the detection of
PCR: 03993 | Module: FIREWALL | Level: 4 |
The AUTHENTICATION parameter has been removed from the “?” CLI help for firewall commands. This was not a valid parameter.
PCR: 03996 | Module: FIREWALL | Level: 2 |
Occasionally some firewall timers stopped early, resulting in sessions being removed prematurely. Because of this, TCP Reset packets could be sent by the firewall before TCP sessions were finished. This issue has been resolved.
PCR: 03997 | Module: IPG | Level: 3 |
When
PCR: 31002 | Module: UTILITY | Level: 2 |
Sometimes the device rebooted when a severe multicast storm occurred due to a loop in the network. This issue has been resolved.
PCR: 31004 | Module: TTY | Level: 2 |
If a SHOW command that displayed a lot of information, such as SHOW DEBUG, was executed when the device’s free buffer level was very low, the device sometimes became unresponsive. This could also occur if many SHOW commands were executed through a script. This issue has been resolved.
PCR: 31009 | Module: HTTP | Level: 3 |
The server string was not copied correctly into an HTTP file request when loading information from the configuration script. This issue has been resolved.
Patch
8 | Patch Release Note |
PCR: 31040 | Module: PIM | Level: 2 |
When two devices are BSR candidates, and have the same preference set with the SET PIM BSRCANDIDATE PREFERENCE command, the device with the higher IP address was not elected as the candidate. This issue has been resolved.
PCR: 31041 | Module: PIM | Level: 3 |
A Prune message sent to an old RP neighbour was ignored when a new unicast route was learned. This issue has been resolved.
PCR: 31042 | Module: PIM | Level: 3 |
On Rapier series switches, an Assert message was not sent after the prune limit expired. This issue has been resolved.
PCR: 31044 | Module: SWI | Level: 4 |
The log message “IGMP Snooping is active, L3FILT is activated” has been changed to “IGMP packet trapping is active, L3FILT is activated”. The revised message is clearer when IGMP is enabled and IGMP snooping is disabled.
PCR: 31052 | Module: FIREWALL | Level: 3 |
The following changes have been made to the ADD FIREWALL POLICY
RULE and SET FIREWALL POLICY RULE commands:
•An IP address range for the IP parameter is now only accepted when enhanced NAT is configured.
•An IP address range for GBLREMOTE parameter is now only accepted when reverse or
•The GBLIP parameter is not accepted for a public interface when enhanced NAT is configured.
PCR: 31058 | Module: NTP | Level: 3 |
When the interval between the NTP server and client exceeded 34 years 9 days and 10 hours, the time set on the client was incorrect. This issue has been resolved.
PCR: 31063 | Module: IPG | Level: 2 |
MVR was not operating if IGMP had not been enabled. This issue has been resolved.
PCR: 31068 | Module: STP | Level: 2 |
A fatal error occurred when the PURGE STP command was executed when STP instances were defined with VLAN members. This issue has been resolved.
Patch
Patch | 9 |
PCR: 31071 Module: SWI Level: 4
The warning given when a QoS policy is active on a port operating at reduced speed has been changed to reflect the problem more accurately. The old message was:
Warning (2087343): Port <Port num> is currently used in QoS policy <QoS policy num>, this policy may become incorrect due to the port bandwidth.
The new message is:
Warning (2087350): Port <Port num> is operating at less than its maximum speed: this may affect QoS policy <QoS policy num>.
PCR: 31072 | Module: SWI | Level: 3 |
If the DISABLE SWITCH PORT command appeared in the configuration script, an interface could come up even though ifAdminStatus was set to ‘down’. This issue has been resolved.
PCR: 31082 | Module: STP | Level: 2 |
The root bridge did not transmit BPDU messages with changed hellotime,forwarddelay andmaxage values. This issue has been resolved.
PCR: 31085 | Module: LDAP | Level: 3 |
LDAP could not receive large messages spanning multiple packets. This issue has been resolved.
PCR: 31094 | Module: FILE | Level: 3 |
Files with lines over 132 characters in length could not be transferred using TFTP. This limit has now been raised to 1000 characters to match the maximum command line length.
PCR: 31096 | Module: FFS | Level: 3 |
The SHOW FILE command caused an error when the displayed file had a duplicate entry due to file size mismatch. This issue has been resolved. An error message is now logged when the SHOW FILE command detects a duplicate file. The first FFS file will be deleted when a duplicate exists.
PCR: 31098 Module: DHCP | Level: 3 |
Static DHCP address ranges were not reclaimed if the Reclaim operation was interrupted by the interface going down. This issue has been resolved.
PCR: 31099 | Module: FIREWALL | Level: 4 |
In the output of SHOW FIREWALL EVENT command, the DIRECTION of denied multicast packets was shown as “out”, not “in”. This issue has been resolved.
PCR: 31105 | Module: ISAKMP | Level: 3 |
A small amount of memory was consumed by each ISAKMP exchange if an ISAKMP policy's REMOTEID was set as an X.500 distinguished name with the CREATE ISAKMP POLICY command. This issue has been resolved.
Patch
10 | Patch Release Note |
PCR: 31106 Module: MLD | Level: 2 |
When the device received a version 1 Query packet, it become a
PCR: 31118 | Module: SWI | Level: 2 |
When the TYPE parameter was specified for the ADD SWITCH L3FILTER command, the type was sometimes a different value in the device’s hardware table. This issue has been resolved.
PCR: 31119 Module: LOG | Level: 2 |
The maximum value that the MESSAGES parameter accepted for the CREATE LOG OUTPUT command was different from the value that could be set with the SET LOG OUTPUT command. The DESTROY LOG OUTPUT command did not release the NVS memory that was reserved for the output. These issues have been resolved.
PCR: 31122 Module: RMON | Level: 3 |
The etherHistoryIntervalStartnode in the etherHistoryTableshowed incorrect values for the first and last 30 second interval periods. This issue has been resolved.
PCR: 31127 | Module: FIREWALL | Level: 2 |
If a rule based NAT was added to the firewall’s public interface, the firewall forwarded ICMP Request packets even if ICMP forwarding was disabled. This issue has been resolved.
PCR: 31128 | Module: IPG | Level: 2 |
When a large number of directed broadcast packets were received, CPU usage increased up to 100%. This occurred because a log message was generated each time a directed broadcast packet was deleted. This issue has been resolved. Log messages are now
PCR: 31129 | Module: IPX2 | Level: 2 |
A fatal error occurred if IPX was disabled and then
PCR: 31132 Module: DHCP | Level: 2 |
The DHCP server did not take any action when it received a DHCP decline packet. This was because the device only checked theciaddr field in the packet, and not theRequestedIPAddress option. This issue has been resolved.
PCR: 31133 | Module: IPG |
This PCR introduces an enhancement that extends an issue that was resolved in PCR 03890, in which switch port entries are only created for special router multicast addresses. It is now possible to specify reserved multicast addresses that will be treated as multicast packets from routers. Use the following commands to configure this feature.
Patch