Allied Telesis RAPIER I, AT-8600, AT-8900, AT-8700XL, AT-9800 User Manual

...

0 (0)

Release Note
Software Version 2.8.1
For AT-8800, Rapier i, AT-8700XL, AT-8600,
AT-9900, x900-48FE, AT-8900 and AT-9800 Series
Switches
and AR400 and AR700 Series Routers
Introduction .......................................................................................................	4
Upgrading to Software Version 2.8.1 .................................................................	5
Backwards Compatibility Issue when Upgrading .........................................	5
Overview of New Features .................................................................................	6
System Enhancements .......................................................................................	9
Clearing System Parameters .......................................................................	9
Extended Monitoring of CPU Utilisation ......................................................	9
Command Reference Updates ..................................................................	11
Command Line Interface (CLI) Enhancements ..................................................	15
More flexibility in Separating Parameters and Values .................................	15
Additional Shortcuts when Editing ............................................................	17
Command Reference Updates ..................................................................	18
File System Enhancement .................................................................................	21
Command Reference Updates ..................................................................	21
Switching Enhancements .................................................................................	25
Ordering Hardware Filters in 48-Port Switches ..........................................	25
Limiting Rapid MAC Movement ................................................................	27
Route Update Queue Length ....................................................................	29
Removing a Description from a Switch Port ..............................................	30
Securing a Single VLAN through Switch Filters ..........................................	30
Change of Debug Command Syntax ........................................................	32
Enhanced Static Switch Filtering on Ports within a Trunk Group ................	32
Ethernet Protection Switching Ring (EPSR) ................................................	32
Command Reference Updates ..................................................................	33
PPPoE Access Concentrator ..............................................................................	47
Command Reference Updates ..................................................................	47
MSTP Enhancement .........................................................................................	50
Command Reference Updates ..................................................................	50
STP Enhancement ............................................................................................	51
Command Reference Updates ..................................................................	51
Asynchronous Port Enhancement .....................................................................	52
Making Asynchronous Ports Respond More Quickly ..................................	52
Command Reference Updates ..................................................................	53
Internet Group Management Protocol (IGMP) Enhancements ...........................	55
IGMP Proxy on x900 Series Switches .........................................................	55
IGMP filtering extended to all IGMP message types ..................................	57
Monitoring reception of IGMP general query messages ............................	59
Command Reference Updates ..................................................................	60
Internet Protocol (IP) Enhancements .................................................................	66
Expanded number of Eth interfaces per physical interface .........................	66
Expanded IP Troubleshooting ....................................................................	66

2	Release Note
	IP Route Preference Options .....................................................................	66
	IPv4 Filter Expansion .................................................................................	67
	Enhancements to Display of UDP Connections over IPv4 ...........................	68
	Waiting for a Response to an ARP Request ...............................................	68
	Adding Static ARP Entries with Multicast MAC Addresses .........................	69
	Enhanced Static ARP Entry Filtering on Ports within a Trunk Group ...........	70
	Command Reference Updates ..................................................................	71
	IPv6 Enhancements ..........................................................................................	80
	Display of UDP Connections over IPv6 ......................................................	80
	IPv6 Tunnel Expansion ..............................................................................	80
	Command Reference Updates ..................................................................	81
	L2TP Enhancements .........................................................................................	82
	Decoding Debug Output and Setting a Time Limit for Debugging .............	82
	Resetting General L2TP Counters ..............................................................	83
	Handling PPP Link Negotiation Failures .....................................................	83
	Command Reference Updates ..................................................................	84
	Open Shortest Path First Enhancements ...........................................................	89
	OSPF Interface Password ..........................................................................	89
	NSSA Translator Role ................................................................................	89
	Redistributing External Routes ..................................................................	91
	Command Reference Updates ..................................................................	94
	BGP Enhancements ........................................................................................	102
	BGP Backoff Lower Threshold ................................................................	102
	BGP Peer and Peer Template Enhancements ...........................................	103
	Displaying Routes Learned from a Specific BGP Peer ...............................	104
	Command Reference Updates ................................................................	105
	MLD and MLD Snooping Enhancements ........................................................	112
	MLD Packet Formats ...............................................................................	112
	ICMP type for MLDv2 Reports ................................................................	112
	MLD Snooping Group Membership Display ............................................	113
	Change of Maximum Query Response Interval for MLD ..........................	113
	Command Reference Updates ................................................................	114
	Extension to Range of Classifier fields for x900 Switches ................................	117
	Command Reference Updates ................................................................	117
	QoS Enhancements ........................................................................................	125
	Port Groups ............................................................................................	125
	Storm protection ....................................................................................	126
	Command Reference Updates ................................................................	128
	Secure Copy (SCP) .........................................................................................	142
	Configuring Secure Copy .......................................................................	142
	Loading using Secure Copy ....................................................................	144
	Uploading using Secure Copy .................................................................	145
	Command Reference Updates ................................................................	147
	SSL Counter Enhancement .............................................................................	158
	Command Reference Updates ................................................................	158
	Firewall Enhancements ...................................................................................	160
	Firewall Licencing ...................................................................................	160
	Disabling SIP ALG Call ID Translation .......................................................	160
	Displaying SIP ALG Session Details ..........................................................	161
	Firewall Policy Rules Expansion ...............................................................	161
	Displaying a Subset of Policy Rules ..........................................................	162
	Command Reference Updates ................................................................	162
	Enhancements to IPsec/VPN ...........................................................................	169
	Responding to IPsec Packets from an
	Unknown Tunnel .............................................................................	169
	Modifying the Message Retransmission Delay .........................................	170
	Retrying ISAKMP Phase 1 and 2 Negotiations .........................................	171
	VPN Tunnel Licencing .............................................................................	172

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1	3
Command Reference Updates ................................................................	173
SNMP MIBs ....................................................................................................	186
SHDSL Line MIB ......................................................................................	186
Logging SNMP operation ........................................................................	187
Traps on OSPF state changes ..................................................................	188
Trap on VRRP topology changes .............................................................	189
Traps on MSTP state and topology changes ............................................	189
Restart Log .............................................................................................	190
Trap on Login Failures .............................................................................	190
VLAN-based port state changes ..............................................................	190
Trap on Memory Levels ...........................................................................	191
Command Reference Updates ................................................................	192
CDP over WAN Interfaces ..............................................................................	193
Command Reference Updates ................................................................	193
Permanent Assignments on AR400 Series Routers ..........................................	197

Software Version 2.8.1

C613-10477-00 REV B

Allied Telesis RAPIER I, AT-8600, AT-8900, AT-8700XL, AT-9800 User Manual

Introduction

Release Note

Introduction

Allied Telesis announces the release of Software Version 2.8.1 on the products in the following table. This Release Note describes the new features and enhancements.

Product series	Models

x-900-48FE	x-900-48FE, x-900-48FE-N

AT-9900	AT-9924T, AT-9924SP, AT-9924T/4SP

AT-8900	AT-8948

AT-9800	AT-9812T, AT-9816GB

Rapier i	Rapier 24i, Rapier 48i, Rapier 16fi

AT-8800	AT-8824, AT-8848

AT-8700XL	AT-8724XL, AT-8748XL

AT-8600	AT-8624T/2M, AT-8624PoE, AT-8648T/2SP

AR700	AR725, AR745, AR750S, AR770S

AR400	AR415S, AR440S, AR441S, AR442S, AR450S

The product series that each feature and enhancement applies to are shown in “Overview of New Features” on page 6. This Release Note should be read in conjunction with the Installation and Safety Guide or Quick Install Guide, Hardware Reference, and Software Reference for your router or switch. These documents can be found on the Documentation and Tools CD-ROM packaged with your router or switch, or:

www.alliedtelesis.com/support/software

This Release Note has the following structure:

1.Upgrading to Software Version 2.8.1

This section lists the names of the files that may be downloaded from the web site.

2.Overview of New Features

This section lists the new features and shows the product families on which each feature is supported.

3.Descriptions of New Features

These sections describe how to configure each new feature.

Caution: Information in this document is subject to change without notice and does not represent a commitment on the part of Allied Telesis Inc. While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesis Inc. can not accept any type of liability for errors in, or omissions arising from, the use of this information.

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1				5
		Upgrading to Software Version 2.8.1

		Software Version 2.8.1 is available as a flash release that can be downloaded
		directly from the Software/Documentation area of the Allied Telesis website:
		www.alliedtelesis.com/support/software
		Software versions must be licenced and require a password to activate. To
		obtain a licence and password, contact your authorised Allied Telesis
		distributor or reseller.
		The following table lists the file names for Software Version 2.8.1.

Product name	Release file		GUI resource file	CLI help file

AT-9924T/4SP	89-281.rez		9924_281-00_en_d.rsc	89-281a.hlp

AT-9924SP	89-281.rez		9924_281-00_en_d.rsc	89-281a.hlp

AT-9924T/4SP	89-281.rez		9924_281-00_en_d.rsc	89-281a.hlp

AT-8948	89-281.rez		—	89-281a.hlp

x900-48FE	89-281.rez		—	89-281a.hlp

AT-9812T	sb-281.rez		9812_281-00_en_d.rsc	98-281a.hlp

AT-9816GB	sb-281.rez		9816_281-00_en_d.rsc	98-281a.hlp

Rapier 24i	86s-281.rez		r24i_281-00_en_d.rsc	rp-281a.hlp

Rapier 48i	86s-281.rez		r16i_281-00_en_d.rsc	rp-281a.hlp

Rapier16fi	86s-281.rez		r48i_281-00_en_d.rsc	rp-281a.hlp

AT-8824	86s-281.rez		8824_281-00_en_d.rsc	88-281a.hlp

AT-8848	86s-281.rez		8848_281-00_en_d.rsc	88-281a.hlp

AT-8724XL	87-281.rez		8724_281-00_en_d.rsc	87-281a.hlp

AT-8748XL	87-281.rez		8748_281-00_en_d.rsc	87-281a.hlp

AT-8624PoE	sr-281.rez		—	86-281a.hlp

AT-8624T/2M	sr-281.rez		sr24_281-00_en_d.rsc	86-281a.hlp

AT-8648T/2SP	sr-281.rez		—	86-281a.hlp

AR770S	55-281.rez		—	700-281a.hlp

AR750S	55-281.rez		750s_281-00_en_d.rsc	700-281a.hlp

AR725	52-281.rez		725_281-00_en_d.rsc	700-281a.hlp

AR745	52-281.rez		745_281-00_en_d.rsc	700-281a.hlp

AR440S	54-281.rez		440s_281-00_en_d.rsc	400-281a.hlp

AR441S	54-281.rez		441s_281-00_en_d.rsc	400-281a.hlp

AR442S	54-281.rez		442s_281-00_en_d.rsc	400-281a.hlp

AR415S	54-281.rez		415s_281-00_en_d.rsc	400-281a.hlp

AR450S	54-281.rez		450s_281-00_en_d.rsc	400-281a.hlp

Backwards Compatibility Issue when Upgrading

The asexternal parameter of the set ospf command has changed. See OSPF backward compatibility).

Software Version 2.8.1

C613-10477-00 REV B

Overview of New Features

Release Note

Overview of New Features

The following table lists the new features and enhancements by product series.

For supported models, see “Introduction” on page 4.

	AR400	AR7x5 AR750S Rapier	AT-8800	AT-8700XL	AT-8600	AT-9800 AT-8900 x900-48FE AT-9900

System: Clearing System Parameters	9 9 9 9 9 9 9 9 9 9 9

System: Extended Monitoring of CPU Utilisation	9 9 9 9 9 9 9 9 9 9 9

CLI: Command Line Interface (CLI) Enhancements	9 9 9 9 9 9 9 9 9 9 9

File System: File System Enhancement	9 9 9 9 9 9 9 9 9 9 9

Switching: Ordering Hardware Filters in 48-Port Switches		9 9 9 9

Switching: Limiting Rapid MAC Movement						9 9 9

Switching: Route Update Queue Length						9 9 9

Switching: Removing a Description from a Switch Port	9	9 9 9 9 9 9 9 9 9

Switching: Securing a Single VLAN through Switch Filters		9 9 9 9

Switching: Change of Debug Command Syntax	9	9

Switching: Enhanced Static Switch Filtering on Ports within a		9	9	9	9	9
Trunk Group		9	9	9	9	9
Trunk Group

Switching: Ethernet Protection Switching Ring (EPSR)						9 9 9

MSTP: MSTP Enhancement		9 9 9 9				9 9 9

STP: STP Enhancement		9 9 9 9 9 9 9 9

Asyn Ports: Making Asynchronous Ports Respond More	9 9 9 9 9 9 9 9 9 9 9
Quickly	9 9 9 9 9 9 9 9 9 9 9
Quickly

PPPoE: PPPoE Access Concentrator	9 9 9 9 9					9 9 9 9

IGMP: IGMP Proxy on x900 Series Switches						9 9 9

IGMP: IGMP filtering extended to all IGMP message types	9 9 9 9 9 9 9 9 9 9 9

IGMP: Monitoring reception of IGMP general query messages 9 9 9	9 9 9 9 9 9 9 9

IP: Expanded number of Eth interfaces per physical interface 9 9 9

IP: Expanded IP Troubleshooting	9 9 9 9 9 9 9 9 9 9 9

IP: IP Route Preference Options	9 9 9 9 9 9 9 9 9 9 9

IP: IPv4 Filter Expansion	9 9 9 9 9 9 9 9 9 9 9

IP: Enhancements to Display of UDP Connections over IPv4	9 9 9 9 9 9 9 9 9 9 9

IP: Waiting for a Response to an ARP Request	9 9 9 9 9 9 9 9 9 9 9

IP: Adding Static ARP Entries with Multicast MAC Addresses	9 9 9 9 9 9 9 9 9 9 9

IP: Enhanced Static ARP Entry Filtering on Ports within a	9	9	9	9	9	9	9	9
Trunk Group


IPv6: Display of UDP Connections over IPv6	9 9 9 9 9				9 9 9 9

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1					7

		AR400 AR7x5 AR750S Rapier AT-8800	AT-8700XL AT-8600 AT-9800 AT-8900	x900-48FE	AT-9900

	IPv6: IPv6 Tunnel Expansion	9

	L2TP: Decoding Debug Output and Setting a Time Limit for	9 9 9 9 9	9 9 9 9
	Debugging
	L2TP: Resetting General L2TP Counters	9 9 9 9 9	9 9 9 9

	L2TP: Handling PPP Link Negotiation Failures	9 9 9 9 9	9 9 9 9

	OSPF: OSPF Interface Password	9 9 9 9 9	9 9 9 9 9 9

	OSPF: NSSA Translator Role	9 9 9 9 9	9 9 9 9 9 9

	OSPF: Redistributing External Routes	9 9 9 9 9	9 9 9 9 9 9

	BGP: BGP Backoff Lower Threshold	9 9 9 9 9	9 9 9 9

	BGP: BGP Peer and Peer Template Enhancements	9 9 9 9 9	9 9 9 9

	BGP: Displaying Routes Learned from a Specific BGP Peer	9 9 9 9 9	9 9 9 9

	MLD: MLD Packet Formats	9 9 9 9 9	9 9 9 9

	MLD: ICMP type for MLDv2 Reports	9 9 9 9 9	9 9 9 9

	MLD: MLD Snooping Group Membership Display	9 9	9 9 9 9

	MLD: Change of Maximum Query Response Interval for MLD 9 9 9 9 9		9 9 9 9
	Classifier: Extension to Range of Classifier fields for x900		9	9	9
	Switches		9	9	9
	Switches

	QoS: Port Groups		9 9 9

	QoS: Storm protection		9 9 9

	SCP: Configuring Secure Copy	9 9 9 9 9	9 9 9 9 9 9

	SCP: Loading using Secure Copy	9 9 9 9 9	9 9 9 9 9 9

	SCP: Uploading using Secure Copy	9 9 9 9 9	9 9 9 9 9 9

	SSL: SSL Counter Enhancement	9 9 9 9 9	9 9 9 9 9 9

	Firewall: Firewall Licencing	9 9 9 9 9	9

	Firewall: Disabling SIP ALG Call ID Translation	9 9 9 9 9

	Firewall: Displaying SIP ALG Session Details	9 9 9 9 9

	Firewall: Firewall Policy Rules Expansion	9 9 9 9 9

	Firewall: Displaying a Subset of Policy Rules	9 9 9 9 9	9

	IPSEC/VPN: Responding to IPsec Packets from an Unknown	9 9 9 9 9
	Tunnel
	IPSEC/VPN: Modifying the Message Retransmission Delay	9 9 9 9 9

	IPSEC/VPN: Retrying ISAKMP Phase 1 and 2 Negotiations	9 9 9 9 9

	IPSEC/VPN: VPN Tunnel Licencing	9 9 9 9 9

	SNMP MIBs: SHDSL Line MIB	9

	SNMP MIBs: Logging SNMP operation	9 9 9 9 9	9 9 9 9 9 9

Software Version 2.8.1

C613-10477-00 REV B

8		Overview of New Features		Release Note

			AR400 AR7x5 AR750S Rapier AT-8800 AT-8700XL AT-8600	AT-9800 AT-8900 x900-48FE AT-9900

	SNMP MIBs: Traps on OSPF state changes		9 9 9 9 9 9 9 9 9 9 9

	SNMP MIBs: Trap on VRRP topology changes		9 9 9 9 9 9 9 9 9 9 9

	SNMP MIBs: Traps on MSTP state and topology changes		9 9 9 9	9 9 9

	SNMP MIBs: Restart Log		9 9 9 9 9 9 9 9 9 9 9

	SNMP MIBs: Trap on Login Failures		9 9 9 9 9 9 9 9 9 9 9

	SNMP MIBs: VLAN-based port state changes		9 9 9 9 9 9 9 9 9 9 9

	SNMP MIBs: Trap on Memory Levels		9 9 9 9 9 9 9 9 9 9 9

	CDP: CDP over WAN Interfaces		9 9 9 9 9	9 9 9 9

	Permanent Assignments on AR400 Series Routers		9

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1

System Enhancements

This Software Version includes the following enhancements to system commands:

■Clearing System Parameters

■Extended Monitoring of CPU Utilisation

This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates.

Clearing System Parameters

The option none has been added to the following commands:

set system name={name|none}

set system contact={contact-name|none}

set system location={location|none}

This allows you to clear a previously specified system name, contact name or location. For example, to clear the system name, use one of the commands:

set sys nam=none set sys nam=”” set sys nam=

set sys nam

Command Changes

The following table summarises the modified commands:

Command	Change

set system name	New none option for name parameter

set system contact	New none option for contact parameter

set system location	New none option for location parameter

Extended Monitoring of CPU Utilisation

This Software Version includes a new feature for monitoring CPU utilisation. You can now set the router or switch to capture data about which specific functions the CPU is executing, and the level of instantaneous usage the CPU is experiencing. This allows you, in conjunction with your authorised distributor or reseller, to diagnose the causes of high rates of CPU utilisation on the router or switch.

You can set the router or switch to capture data continuously, or only when the CPU experiences a specific level of instantaneous usage. The router or switch holds up to 500 entries (10 seconds) of data about CPU utilisation.

Software Version 2.8.1

C613-10477-00 REV B

System Enhancements

Release Note

To capture data when the CPU is experiencing a specific amount of instantaneous usage, set the start and start percentages with the command:

activate cpu extended start=1..100 [stop=1..100]

When a start percentage is set, the router or switch automatically disables extended monitoring once it has 500 data entries.

To enable extended monitoring, use the command:

enable cpu extended

This command also lets you capture data immediately, without first setting start and stop percentages. This adds data entries continuously, until you stop it. Only the last 10 seconds of data entries are stored.

To stop capturing data, and reset the start and stop parameters if they are set, use the command:

disable cpu extended

To remove data entries and reset the start and stop parameters in the activate cpu extended command, use the command:

reset cpu utilisation

This command interrupts active data capturing for a specific event. However, monitoring remains enabled, and continues to collect data. This means you can capture data for a particular event without having to disable and re-enable this feature.

Command Changes

The following table summarises the new and modified commands:

Command	Change

activate cpu extended	New command.

disable cpu extended	New command.

enable cpu extended	New command.

reset cpu utilisation	Modified command.

show cpu	New extended parameter in command.
	New output field when extended parameter is used.

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1

	Command Reference Updates
	This section describes each new command and the changed portions of
	modified commands and output screens. For modified commands and output,
	the new parameters, options, and fields are shown in bold.
	activate cpu extended
Syntax
Syntax	ACTivate CPU EXTended STARt=1..100 [STOp=1..100]
Description	This new command lets you set monitoring so that it captures data when the
	CPU experiences a specific amount of instantaneous usage.
	The start parameter sets the percentage of utilisation the CPU must equal or
	exceed before it can begin capturing data. When CPU utilisation reaches the
	parameter, the router or switch begins capturing data. It continues until
	utilisation falls below the stop parameter, or until it captures 500 entries (10
	seconds worth).
	The stop parameter sets the percentage of utilisation the CPU must reach to
	stop data capturing. If CPU utilisation falls below the stop percentage before
	the router or switch has 500 data entries, then the router or switch resumes data
	capturing the next time utilisation reaches the start percentage. When the
	router or switch has 500 entries, it stops collecting data.
Example	To capture extended CPU utilisation data when CPU utilisation exceeds 70%
	and until it falls below 50%, use the command:
	act cpu ext star=70 sto=50
	disable cpu extended
Syntax
Syntax	DISable CPU EXTended
Description	This new command stops data capture of CPU utilisation, and resets
	parameters in the activate cpu extended command.
Example	To stop capturing extended CPU utilisation data, use the command:
	dis cpu ext
	enable cpu extended
Syntax
Syntax	ENAble CPU EXTended
Description	This new command lets you capture up to 500 data entries (10 seconds) of CPU
	utilisation data. Extended monitoring is disabled by default. This command
	takes effect when you enter it, or use the activate cpu extended command to
	collect data during specific usage levels.
Example	To begin capturing extended CPU utilisation data, use the command:
	ena cpu ext

Software Version 2.8.1

C613-10477-00 REV B

System Enhancements

Release Note

reset cpu utilisation

Syntax RESET CPU UTIlisation

Description This command, which resets all CPU utilisation percentages, has been modified to include resetting any start and stop percentages set with the activate cpu extended command. It also removes any data captured during extended utilisation monitoring, and clears this output from the show cpu command.

Example To reset the CPU utilisation, use the command:

reset cpu util

set system contact

Syntax SET SYStem CONtact={contact-name|NONE}

The contact parameter specifies the contact name, which is:

■displayed in the output of the show system command

■stored in the MIB object sysContact

If the new option none is specified, no contact name is defined. Any existing contact name is cleared. The default is none.

set system location

Syntax SET SYStem LOCation={location|NONE}

The location parameter specifies the location of the router or switch, which is:

■displayed in the output of the show system command

■stored in the MIB object sysLocation

If the new option none is specified, no location is defined. Any existing location is cleared. The default is none.

set system name

Syntax SET SYStem NAMe={name|NONE}

The name parameter specifies the system name of the router or switch, which is:

■displayed in the output of the show system command

■displayed in the CLI prompt so you know which router or switch you are configuring

■stored in the MIB object sysName

If the new option none is specified, no name is defined. Any existing name is cleared. The default is none.

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1

show cpu

Syntax SHow CPU [EXTended]

Description The new extended parameter in this command displays information about extended CPU utilisation data.

Figure 1: Example output from the show cpu extended command

CPU Utilisation (	as	a percentage )
----------------------------------------
Maximum since router		restarted ..... 100
Maximum over last	5 minutes ........		100
Average since router		restarted ..... 5
Average over last	5 minutes ........		6
Average over last	minute ...........		7
Average over last	10	seconds .......	41
Average over last	second ...........		100
----------------------------------------

Extended CPU Information

------------------------------------------------------------

State	...............	Enabled
Current ........Time		21:44:49 (04aa9a34 / 2573941241)
Current Install ..... 54-281.rez (5012892)
Start .......percent		-
Stop ........percent		-
msSM	Timestamp Util Caller Return1 Return2 Return3

------------------------------------------------------------

04aa9a34	2573927208	100	0021a384	00031c0c	00027e8c	0021a57c
04aa9a20	2573907218	100	0021a384	00031c0c	00027e8c	0021a57c
04aa9a0c	2573887230	100	0021a4b0	00031c0c	00027e8c	0021a57c
.
.
.

Software Version 2.8.1

C613-10477-00 REV B

14	System Enhancements		Release Note
		Table 1: New parameters in output of the show cpu=extended command

		Parameter	Meaning

		State	Whether extended CPU utilisation is enabled.

		Current Time	Current time in hh:mm:ss format. The time in
			milliseconds since midnight, and the current timestamp
			are also in brackets.

		Current Install	Current installed release, with the size of the release in
			brackets.

		Start percent	Percentage of utilisation that the CPU must reach, if any,
			before the router or switch can begin capturing
			extended CPU utilisation data. A “-” shows if no
			percentage is set.

		Stop percent	Percentage of utilisation that the CPU must fall below
			before the router or switch stops capturing extended
			CPU utilisation data.

		msSM	Time when the router or switch captured the CPU
			utilisation sample. The time format is milliseconds since
			midnight, in hexadecimal notation.

		Timestamp	Time when the router or switch captured the CPU
			utilisation sample. The time format is microseconds
			since the router or switch last restarted. This figure
			wraps at 4 294 967 295 to return to 0.

		Util	Percentage of instantaneous CPU utilisation.

		Caller	Return address of the function that the CPU is
			executing.

		Return 1, Return 2, Return 3	Return addresses for function calls on the CPU stack.

Example To display the extended CPU utilisation data, use the command:

sh cpu ext

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1

Command Line Interface (CLI)

Enhancements

The CLI has been enhanced in the following ways:

■More flexibility in Separating Parameters and Values

■Additional Shortcuts when Editing

■New command show command history that displays past commands. Please note that it replaces the Ctrl-C shortcut.

■You can now use the create config command to also set the router or switch to use the new configuration file.

This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates.

More flexibility in Separating Parameters and Values

The CLI has been enhanced to give you the flexibility of choosing whether the equals sign should be required between parameters and their related values in the syntax.

Parameters are keywords in a command that define the object or details of the action. Parameter values can be numbers or text, or can come from a list of items. Now you can set the syntax so that parameters and values can be separated by either one of the following:

■an equals sign (=)

■a single space

The set command assignmentoperator command lets you change the syntax. When using aliases, we suggest you use the = sign in the syntax to link parameters with their values. Otherwise, if you separate a parameter with a space, a matching alias could erroneously be substituted for the value. Note that certain command handlers, such as STT, PERM, and ACC, always require the = sign.

Parts of a Command

A command is a sequence of keywords and values that define an action for the router or switch to perform. The Software Reference uses terms in the following figure and table when describing commands.

keywords

add ip rip interface=vlan2 auth=md5 ip=ipadd


action	value	option	placeholder

parameters

cli-command-parts

Software Version 2.8.1

C613-10477-00 REV B

16	Command Line Interface (CLI) Enhancements			Release Note

		Command Part	Description

		Keyword	A generic term for a predefined sequence of characters that the CLI
			treats as a single unit.
			Actions, parameters, and some parameter values are keywords.
			Keywords are not case sensitive. In this Software Reference and the
			online help, uppercase letters indicate minimum keyword abbreviations.

		Action	The first keyword in a command. This defines the type of operation to
			perform. Actions do not have values.

		Parameter	Additional keywords that define:

•the object of the action (for example, “ip rip” in the figure above)

•the details of the action (for example, “auth” in the figure above)

Parameters are optional or required, may accept values, and are not case sensitive. Spaces must separate parameters.

Value	The value assigned to a parameter. Depending on the parameter, a value
	can be:
	• an item from a list of option keywords
	•	a number
	•	arbitrary text
	Values are optional or required. Enter values with the syntax
	parameter=value or parameter value (for details, see Command
	Reference Updates). Most values are not case sensitive, except for
	text, such as passwords.

Option	A keyword that is one of a pre-defined list of values that a parameter
	can accept.

Placeholder	A format convention that describes the value a parameter can accept.
	Instead of typing the placeholder, replace it with an appropriate value.
	In this Software Reference, placeholders are printed in lowercase italic
	font.

Default	The value the router or switch uses as the parameter when you do not
	enter one but the parameter requires one.

Command Changes

The following table summarises the new command.

Command

Description

set command assignmentoperator New command that sets the assignment operator of the command parser to allow either an equals sign or a space between the parameter as the value.

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1

Additional Shortcuts when Editing

You can now move the cursor to the beginning or end of lines by using single keys on the keyboard.

To move the cursor to the...	You could only press...	Now you can also press the...

beginning of the command	Ctrl+A	Home key
line

end of the command line	Ctrl+E	End key

Command Changes

The following table summarises the changes new and modified commands.

Command	Description

show command history	New command that displays past commands.
	Please note that it replaces the Ctrl-C shortcut.

create config	New set option that lets you set the switch to the
	configuration file that you create.

Software Version 2.8.1

C613-10477-00 REV B

Command Line Interface (CLI) Enhancements

Release Note

Command Reference Updates

This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, new parameters, options and fields are shown in bold.

create config

Syntax CREate CONfig=filename [SET]

Description This command now lets you set the switch to a configuration file when you create it. This command still requires a user with security officer privilege when the router or switch is in security mode.

Parameter	Description

CONfig	Name of the configuration file or script to create. If one already exists,
	it is replaced.
	The filename is in the format [device:]filename.ext and can be:
	• uppercase and lowercase letters
	• digits
	• # $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space
	device indicates the physical location where the file is stored. The
	default is flash.
	.ext is an 3-letter extension, such as .txt or .scp.
	Invalid characters are * “ \| \ : ? / < >
	Default: no default

SET	Sets the switch to use the configuration file or script specified by
	filename when the switch boots up again.

Example To save the current dynamic configuration to a script file called test.cfg, use the command:

cre con=test.cfg

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1

set command assignmentoperator

Syntax SET COMmand {ASSignmentoperator=[Equals|SPaceorequals]}

Description This new command sets the assignment operator of the command parser thereby defining the format of the command syntax for the CLI.

Parameter	Description

ASSignmentoperator	Defines the operator between parameters when assigning values.
	Default: Equals

	Equals	Requires users to enter = sign. To ensure clarity
		and accuracy, we recommend always using the =
		sign.

	SPaceorequals	Lets users enter either the = sign or just leave a
		single space between parameters.

The following commands have the same effect. Note that the first one is clearer because of the = sign.

add ip rou=172.16.9.0 mask=255.255.255.0 int=vlan1 next=172.16.8.82 met=1

add ip rou 172.16.9.0 mask 255.255.255.0 int vlan1 next 172.16.8.82 met 1

Take care when using aliases because they match any whole word on the command line. Therefore, if you separate a parameter with a space, a matching alias could erroneously be substituted for the value.

Note that certain command handlers, such as those for STT, PERM, and ACC, always require the = sign.

Example To set the command processor so that you can enter a space between parameters and values on the command line, use the command:

set com ass=sp

Software Version 2.8.1

C613-10477-00 REV B

Command Line Interface (CLI) Enhancements

Release Note

show command history

Syntax SHow COMmand History

Description This new command replaces the Ctrl-C keyboard shortcut, and displays past commands for you to select one from the list (Figure 1).

Figure 2: Example output from the show command history command

131set vrrp 20 portmon off

132set vrrp 20 portmon on

133sh vrrp 20

134sh vrrp 0

135sh vrrp 21

136sh vrrp 255

137sh vrrp none

138sh vrrp any

139destroy qos queue2priomap queue 0 bwclass 2 vrrp none

140destroy qos queue2priomap queue 0 bwclass 2 vrrp any

141destroy qos queue2priomap queue 0 bwclass 2 vrrp 0

142destroy qos queue2priomap queue 0 bwclass 2 vrrp 256

143destroy qos queue2priomap queue 0 bwclass 2 vrrp 17,18

144destroy qos queue2priomap queue 0 bwclass 2 vrrp 17-19

145destroy qos queue2priomap queue 0 bwclass 2 vrrp

146destroy qos queue2priomap queue 0 bwclass 2 vrrp 1

147destroy qos queue2priomap queue 0 bwclass 2 vrrp 20

148destroy qos queue2priomap queue 0 bwclass 2 vrrp all

Enter command number>

Example To see a list of past commands, use the command:

sh com h

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1

File System Enhancement

This Software Version gives you 4 new commands for working with files.

Command Changes

The following table summarises the new commands:

Command	Change

add file	New command

create file	New command

reset file permanentredirect	New command

show file permanentredirect	New command

Command Reference Updates

This section describes each new command.

add file

Syntax ADD FIle=filename [COMmand=commandstring]

[SCRipt=scriptname] [PERManentredirect] [LIMIT=limit]

Description This new command takes output from a specific command or script and adds it to a text file when you next issue that command or script. This is useful for collecting debug output. If a file does not exist, one is created. While output is being redirected, the text file cannot be edited, renamed, deleted, or uploaded.

Parameter	Description

FIle	Name of the text file where you want to send output. One is created
	if it does not already exist.The filename is in the format
	[device:]filename.txt and can be:
	• uppercase and lowercase letters
	•	digits
	•	# $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space
	device indicates the physical location where the file is stored. The
	default is flash.
	Default: no default

COMmand	Command whose output is used to generate the text when it is next
	issued. Commandstring is the command syntax enclosed in quotes.
	Command and script are mutually exclusive.

SCRipt	Script whose output is used to generate the text when it is next issued.
	The script is treated as a simple list of commands. Flow control

statements are not accepted to ensure that the extra text the script produces is not in the output file. Scriptname has the same format as filename except it must have either a .cfg or .scp extension.

Command and script are mutually exclusive.

Software Version 2.8.1

C613-10477-00 REV B

22	File System Enhancement		Release Note

		Parameter (cont.)	Description (cont.)

		PERManentredirect	Permanently directs output to the designated text file until the reset
			file permanentredirect command is issued or the router or switch is
			rebooted.

		LIMIT	A decimal number from 0 to 1048576 bytes specifying the maximum
			file size.
			Default: 204800 bytes

Examples To add output one time only from the show trace command to a file called trace.txt command, use the command:

add fi=trace.txt com="show trace"

To permanently add output from the show debug command to a file called debug2.txt command, use the command:

add fi=debug2.txt com="show debug"

create file

Syntax CREate FIle=filename [FORCE] [COMmand=commandstring]

[SCRipt=scriptname] [PERManentredirect] [LIMIT=limit]

Description This new command creates a text file containing output from a specific command or script. This is useful for collecting debug output. The file cannot be edited, renamed, deleted, or uploaded while it is receiving input.

Parameter	Description

FIle	Name of the text file that you want to create. The filename is in the
	format [device:]filename.txt and can be:
	• uppercase and lowercase letters
	•	digits
	•	# $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space
	device indicates the physical location where the file is stored. The
	default is flash.
	Default: no default

FORCE	Overwrites the text file if one already exists. If force is not specified
	and the file exists, the command has no effect.

COMmand	Command whose output is used to generate the text when it is next
	issued. Commandstring is the command syntax enclosed in quotes.
	Command and script are mutually exclusive.

SCRipt	Script whose output is used to generate the text when it is next issued.
	The script is treated as a simple list of commands. Flow control
	statements are not accepted to ensure that the extra text the script
	produces is not in the output file. Scriptname has the same format as
	filename except it must have either a .cfg or .scp extension.
	Command and script are mutually exclusive.

PERManentredirect	Permanently directs output to the designated text file until the reset
	file permanentredirect command is issued or the router or switch is
	rebooted.

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1		23

	Parameter	Description (cont.)

	LIMIT	A decimal number from 0 to 1048 576 bytes specifying the maximum
		file size.
		Default: 204 800 bytes

Example To permanently direct all debug output from the BGP module to a file named bgp.txt, use the command:

cre fi=bgp.txt com="enable bgp debug=all" perm

reset file permanentredirect

Syntax RESET FIle[=filename] PERManentredirect

Description This new command closes one or all text files so that they no longer receive input from commands or scripts. After the file closes, it can be uploaded or edited

Parameter	Description

FIle	Name of the text file to close. If no file is specified, all text files are
	closed.
	The filename is in the format [device:]filename.txt and can be:
	• uppercase and lowercase letters
	•	digits
	•	# $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space

device indicates the physical location where the file is stored. The default is flash.

Default: no default

Example To reset the bgp.txt file so that it no longer receives output from the enable bgp debug=all command (previously set), use the command:

reset fi=bgp.txt perm

show file permanentredirect

Syntax SHow FIle[=filename] PERManentredirect

Description This new command displays information about one text file or all that are permanently receiving output from commands or scripts (Figure 3, Table 2). These files are typically created to collect data during debugging.

The file parameter displays information about a specific text file (Figure 4). The filename option is in the format [device:]filename.txt and can be:

■uppercase and lowercase letters

■digits

■# $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space

Device indicates the physical location where the file is stored. The default is flash.

Software Version 2.8.1

C613-10477-00 REV B

24	File System Enhancement					Release Note
		Figure 3: Example output from the show file permanentredirect command

		TTY	Current		Limit	File
		Instance	Size
		---------------------------------------------------
		17	12345		204800	bgp.txt

		Figure 4: Example output from the show file=filename permanentredirect command

		............File		bgp.txt
		TTY Instance....		17
		Current Size....		12345
		Limit...........		204800
		Input(s)........		COMMAND="enable bgp debug=all"

		Table 2: Parameters in output of the show file permanentredirect command

		Parameter	Meaning

		TTY Instance	Instance number for the TTY device.

		Current Size	Size of the text file in bytes.

		Limit	Limit of file size in bytes set by the limit parameter.

		File	Name of text file.

		Input(s)	Commands and scripts that generate input for the text file.

Example To display all text files receiving output from commands or scripts, use the command:

sh fi perm

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1

Switching Enhancements

This Software Version includes the following enhancements to switching:

■Ordering Hardware Filters in 48-Port Switches

■Limiting Rapid MAC Movement

■Route Update Queue Length

■Removing a Description from a Switch Port

■Securing a Single VLAN through Switch Filters

■Change of Debug Command Syntax

■Enhanced Static Switch Filtering on Ports within a Trunk Group

■Ethernet Protection Switching Ring (EPSR)

This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates.

Ordering Hardware Filters in 48-Port Switches

This feature applies only to the following products: AT-8648, AT-8748, AT-8848, and the Rapier 48i. These products contain 2 switching instances, which adds complexity to the filtering process when packets are being sent between instances.

This Software Version allows you to select between two modes of using classifier-based packet filtering in 48-port switches: port-specific filters first, or non port-specific filters first.

You can select different modes using the new set switch hwfilter mode command. Selecting the right mode when setting up classifier-based packet filters ensures that packets are filtered as expected across switch instances. The switch defaults to port-specific filters first. You can change the filtering mode on the switch by using the command:

set switch hwfilter mode={psf|npsf}

Port-specific filters apply to traffic either ingressing or egressing a particular port. They use a classifier which specifies the iport or eport parameter. Non port-specific filters can apply to all traffic travelling through the switch. Non port-specific filters are created with a classifier that does not have the iport or eport parameter specified.

Software Version 2.8.1

C613-10477-00 REV B

Switching Enhancements

Release Note

When to Use

Port-Specific Mode

Use the port-specific psf mode when you want non port-specific filters to override the port-specific filters for certain circumstances. In the following example:

■the first (port-specific) filter stops all traffic from ingressing port 2

When to Use Non

Port-Specific Mode

Changing Modes

■the second (port-specific) filter allows traffic with the specific IP address (192.168.2.2) to ingress port 2

■the third (non port-specific) filter allows any ARP request (prot=0806) to ingress and egress all ports

create classifier=1 iport=2

create classifier=2 iport=2 ipsa=192.168.2.2 create classifier=3 prot=0806

add swi hwf classifier=1 action=discard add swi hwf classifier=2 action=nodrop add swi hwf classifier=3 action=nodrop

In psf mode, you must enter the port-specific filters first. If you add a port-specific filter after the non port-specific filters, the switch may still use a matching non port-specific filter when the packet travels between ports on different switch instances.

Use the non port-specific npsf mode when you want port-specific filters to override the non port-specific filters for certain circumstances. In the following example, the second (port-specific) filter stops the first (non port-specific) filter from discarding packets from port 50:

create class=1 ipsa=192.168.1.254/32 create class=4 ipo=50

add switch hwf class=1 ac=dis add switch hwf class=4 ac=nod

In npsf mode, you must enter the non port-specific filters first. If you add a non port-specific filter after the port-specific filters, the switch may not use the non port-specific filter when the packet travels between ports on different switch instances.

You can change the filter mode after filters have been entered. When you change modes, the filter entries remain in the original order. To see which mode the switch is in, use the command:

show switch hwfilter

Command Changes

The following table summarises the new and modified commands:

Command	Change

set switch hwfilter mode	New command.

show switch hwfilter	New mode parameter in output.

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1

Limiting Rapid MAC Movement

This Software Version introduces the ability to limit rapid MAC movement. MAC address thrashing occurs when MAC addresses move rapidly between one or more ports or trunks. For example, certain MAC addresses are learnt on one port, then very shortly afterwards are learnt on another port, then learnt on the original port again, and so on. This typically occurs when there is an uncontrolled loop on the network.

Disabling a port There are different ways you can disable a port when thrashing is detected. These are called thrash actions:

■learnDisable

Address learning is temporarily disabled on the port.

■portDisable

The port is logically disabled. Traffic flow is prevented, but the link remains up. The device at the other end does not notice that the port has changed status, and the link LEDs at both ends stay on. This is equivalent to entering the disable switch port command.

■linkDown

The port is physically disabled and the link is down. This is equivalent to entering the disable switch port link=disabled command.

■vlanDisable

The port is disabled only for the VLAN on which thrashing has occurred. It can still receive and transmit traffic for any other VLANs of which it is a member.

When a MAC address is thrashing between two ports, only one of those ports is disabled. When multiple ports are involved, enough ports are disabled to prevent the storm.

To set a thrash action for a port, use the command:

set switch port={port-list|all} [thrashaction={learndisable|linkdown|none|portdisable|vla ndisable}]

To view the thrash action that is set for a port, use the command:

show switch port={port-list|all}

To set a thrash action for a trunk, use one of the commands:

create switch trunk=trunk [port=port-list] [thrashaction={learndisable|linkdown|none|portdisable|vla ndisable}]

set switch thrashlimit=trunk [thrashaction={learndisable|linkdown|none|portdisable|vla ndisable}]

To view the thrash action that is set for a trunk, use the command:

show switch trunk={trunk}

Software Version 2.8.1

C613-10477-00 REV B

Switching Enhancements

Release Note

To view details about disabled ports for VLANs, use one of the commands:

show vlan[={vlan-name|1..4094|all}]

show vlan[=all]

Re-enabling a port When a port is disabled, either completely or for a specific VLAN, it remains disabled until it is manually re-enabled in any of the following ways:

■with SNMP

■as the result of a reboot

■by specifying a thrash timeout value along with the thrash action

■via the CLI

If the vlandisable thrash action has been applied, to re-enable one or more ports from VLANs to which they belong, use the command:

enable switch port={port-list|all} vlan[={vlan-name|1..4094|all}]

If either the portdisable or linkdown thrash action has been applied, to re-enable one or more ports, use the command:

If the learndisable thrash action has been applied, the port is automatically re-enabled when the defined timeout expires. You cannot manually re-enable the port.

Port Types Limiting rapid MAC movement is supported on all port types. It is also supported on trunked ports.

Command Changes

The following table summarises the new and modified commands:

Command	Change

create switch trunk	New thrashaction parameter.
	New thrashtimeout parameter.

enable switch port vlan	New command.

enable switch port vlan	New command.

set lacp	New thrashaction parameter.
	New thrashtimeout parameter.

set switch port	New thrashaction parameter.
	New thrashtimeout parameter.
	New vlanstatustrap parameter.

set switch thrashlimit	New command.

set switch trunk	New thrashaction parameter.
	New thrashtimeout parameter.

show lacp	New address learn thrash action parameter.
	New address learn thrash timeout parameter.

show switch port	New address learn thrash status parameter.
	New address learn thrash action parameter.
	New address learn thrash timeout parameter.
	New vlan status trap parameter.

Software Version 2.8.1

C613-10477-00 REV B

Software Version 2.8.1

Route Update Queue Length

When hardware learning delay is enabled (the default), the switch learns new routes in software, then places them into a queue for adding to its hardware routing table. Defaults have been set for the maximum number of entries in the queue, and depend on the amount of memory installed on the switch, as shown in the following table:

Memory Size (Mbytes)	Default length	Maximum possible length
	(number of entries)	(number of entries)

up to 128	200000	200000

129-256	1000000	1500000

more than 256	3000000	4000000

You can alter the length of the queue, by using the following new command to specify the maximum number of entries in the queue:

set switch hwrouteupdate=1..maximum

The maximum depends on the amount of memory on the switch, as shown in the table above.

The purpose of this feature is to enable you to tune the balance between the memory that the route update process uses, and the speed with which large route updates are processed.

Output of the show switch command has been expanded to display information about the queue settings.

Command Changes

The following table summarises the new and modified commands:

Command	Change

set switch hwrouteupdate	New command

show lacp	New fields about the hardware route update queue

Software Version 2.8.1

C613-10477-00 REV B

Switching Enhancements

Release Note

Removing a Description from a Switch Port

You can now return the description of a switch port to its original blank value by entering the following command:

set switch port=port-number description=

and providing no value for the description parameter.

Command Changes

The following table summarises the modified command:

Command	Change

set switch port	Changed description parameter

Securing a Single VLAN through Switch Filters

On AT-8824, Rapier 24i, AT-8724XL and AT-8624 switches only (not on 48-port switches), this enhancement enables you to use switch filters to secure only the current VLAN, instead of securing all VLANs on the switch. To turn on this feature, a new command disables “vlansecure” mode for filters (see “Configuring vlansecure” on page 31).

Without this enhancement (the default situation) a switch filter only allows a host to access the network through a particular port on the switch. For example, if you have a PC connected to port 15 in vlan2, and define the following filter, the PC can only communicate when it is connected to port 15:

add switch filter entry=0 dest=pc-mac-address vlan=2 port=15 action=forward

With this enhancement, the above filter limits the host to accessing vlan2 through port 15, but does not prevent the host from accessing other VLANs through other ports in vlan2. For example, if the above filter exists and you move the PC to another port in vlan2, this enhancement prevents the PC from communicating with devices in vlan2 but allows it access to other VLANs on the switch. The following figure shows a PC that has been moved from port 15 to port 16 to illustrate the effect.

Software Version 2.8.1

C613-10477-00 REV B

+ 202 hidden pages