Allied Telesis 86222-21 User Manual
Patch Release Note
Patch 86222-21
For Rapier Switches and AR800 Series
Modular Switching Routers
Introduction
This patch release note lists the issues addressed and enhancements made in
patch 86222-21 for Software Release 2.2.2 on existing models of Rapier L3
managed switches and AR800 Series L3 modular switching routers. Patch file
details are listed in Table 1.
Table 1: Patch file details for Patch 86222-21.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
This release note should be read in conjunction with the following documents:
■ Release Note: Software Release 2.2.2 for Rapier Switches, AR300 and
AR700 Series Routers, and AR800 Series Modular Switching Routers
(Document Number C613-10313-00 Rev A) available from
www.alliedtelesyn.co.nz/documentation/documentation.html
■ Rapier Switch Documentation Set for Software Release 2.2.1 available on
the Documentation and Tools CD-ROM packaged with your switch, or
from www.alliedtelesyn.co.nz/documentation/documentation.html
■ AR800 Series Modular Switching Router Documentation Set for Software
Release 2.2.1 available on the Documentation and Tools CD-ROM
packaged with your switching router, or from www.alliedtelesyn.co.nz/
documentation/documentation.html.
WARNING: Using a patch for a different model or software release may cause
unpredictable results, including disruption to the network. Information in this
release note is subject to change without notice and does not represent a
commitment on the part of Allied Telesyn International. While every effort has
been made to ensure that the information contained within this document and
the features and changes described are accurate, Allied Telesyn International
can not accept any type of liability for errors in, or omissions arising from the
use of this information.
86s-222.rez
03-Oct-2002
86222-21.paz
408864 bytes
.
.
Simply connecting the world
2 Patch Release Note
Features in 86222-21
Patch 86222-21 includes all issues resolved and enhancements released in
previous patches for Software Release 2.2.2, and the following enhancements:
PCR: 02167 Module: FIREWALL Network affecting: No
Locally generated ICMP messages, that were passed out through a firewall
interface because they were associated with another packet flow, had their
source address changed to that of the associated packet flow and were also
forwarded with incorrect IP checksums. This only occurred when there was
no NAT associated with the packet flow. This issue has been resolved.
PCR: 02236 Module: FIREWALL Network affecting: No
Sometimes the retransmission of an FTP packet was not permitted through
the Firewall. This issue has been resolved.
PCR: 02245 Module: VRRP Network affecting: No
VRRP returned an incorrect MAC address for an ARP request. This issue
has been resolved.
PCR: 02327 Module: IPG/FIREWALL Network affecting: No
In some situations, multihomed interfaces caused the Firewall to apply
NAT and rules incorrectly when packets were received from a subnet that
was not attached to the receiving interface. This issue has been resolved.
PCR: 02329 Module: DHCP Network affecting: No
An ARP entry for a host has been removed whenever a DHCP DISCOVER
or DHCP REQUEST message is received from the host. This allows for
clients changing ports on a switch.
PCR: 02332 Module: IPSEC Network affecting: No
The sequence number extracted from the AH and ESP header was in the
wrong endian mode, which caused an FTP error with IPSEC anti-replay.
This issue has been resolved.
PCR: 02343 Module: PPP Network affecting: No
When acting as a PPPoE Access Concentrator (AC), if a PPPoE client sent
discovery packets without the "host-unique" tag, the discovery packets sent
by the AC were corrupted. This issue has been resolved.
PCR: 02368 Module: IPG/IGMP Network affecting: No
IGMP failed to create an automatic IGMP membership with no joining port
when it received multicast data that no ports were interested in, when IP
TimeToLive was set to 1 second. Also, IGMP erroneously sent a query on an
IGMP enabled IP interface even when IGMP was disabled. These issues
have been resolved.
Patch 86222-21 for Software Release 2.2.2
C613-10319-00 REV T
Patch 86222-21 For Rapier Switches and AR800 Series Modular Switching Routers 3
PCR: 02374 Module: SWI Network affecting: No
In the ADD SWITCH L3FILTER command, the EPORT parameter
incorrectly accepted the value 62-63 as multicast and broadcast ports 63-64.
This issue has been resolved.
PCR: 02397 Module: DVMRP Network affecting: No
After a prune lifetime had expired, the interface was not joined back to the
DVMRP multicast delivery tree. This issue has been resolved.
PCR: 02404 Module: IPG Network affecting: No
DVMRP multicast forwarding failed to send tagged packets to a tagged
port. Packets were erroneously sent untagged to tagged ports. This issue
has been resolved.
Features in 86222-20
Patch file details for Patch 86222-19 are listed in Table 3:
Table 2: Patch file details for Patch 86222-20.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
86s-222.rez
23-Aug-2002
86222-20.paz
397708 bytes
Patch 86222-20 includes all issues resolved and enhancements released in
previous patches for Software Release 2.2.2, and the following enhancements:
PCR: 01226 Module: IGMP Network affecting: Yes
The IGMP specific query sent by the router/switch now contains the correct
default response time of 1 second. Also, ifOutOctets in the VLAN interface
MIB now increments correctly.
PCR: 01270 Module: APPLE Network affecting: No
If a port did not belong to an ethernet interface, or was not directly
connected to the seed port it could not receive advertised router numbers.
This issue has been resolved.
PCR: 01285 Module: OSPF Network affecting: No
Patch 86222-21 for Software Release 2.2.2
C613-10319-00 REV T
When an interface went down (or was disabled) on an AS border router, the
external routes were not removed from the routing domain. Such routes are
now removed by premature aging.
PCR: 02024 Module: IPG Network affecting: No
Proxy Arp can now be used on VLAN interfaces.
4 Patch Release Note
PCR: 02122 Module: FIREWALL Network affecting: No
A fatal error sometimes occurred if a TCP session originating on the public
side of the firewall sent packets before the session was established with the
host on the private side of the firewall. This issue has been resolved.
PCR: 02128 Module: FIREWALL Network affecting: No
Some FTP packets handled by the firewall were forwarded with incorrect
sequence numbers, causing FTP sessions to fail. This issue has been
resolved.
PCR: 02150 Module: CORE, SNMP Network affecting: No
When passing 64-bit counters in an SNMP packet, only the lower 32 bits
were passed. Now the full 64 bits of the counter will be returned if all are
required.
PCR: 02158 Module: FIREWALL Network affecting: No
When a TCP RST/ACK was received by a firewall interface, the packet that
was passed to the other side of the firewall lost the ACK flag, and had an
incorrect ACK number. This issue has been resolved.
PCR 02161 Module: IPG Network affecting: No
The IP Filter SIZE parameter was not being applied correctly. This issue has
been resolved.
PCR 02162 Module: IPG Network affecting: No
The SET IP FILTER command would not update the SIZE parameter
correctly. This issue has been resolved.
PCR 02172 Module: IPG Network affecting: No
The TOS field in IP packets was not being processed by IP POLICY filters
with an identifier greater than 7. This issue has been resolved.
PCR: 02174 Module: FIREWALL Network affecting: No
A feature has been added that makes pings pass from the source IP address
of the public interface to the IP address on the private interface in the
firewall.
PCR: 02195 Module: SWI Network affecting: No
If a port on a Rapier 48 or Rapier 48 i went down, some associated entries
were not promptly removed from the forwarding, Layer 3 and default IP
tables. This issue has been resolved.
PCR: 02198 Module: DHCP Network affecting: Yes
This PCR includes the following enhancements:
• A new command, SET DHCP EXTENDID allows for multiple DHCP
clients, and handling of arbitrary client IDs on the server.
• Static DHCP entries now return to the correct state when timing out.
• DHCP entry hashes now have memory protection to prevent fatal
errors.
• DHCP client now retransmits XID correctly.
Patch 86222-21 for Software Release 2.2.2
C613-10319-00 REV T
Patch 86222-21 For Rapier Switches and AR800 Series Modular Switching Routers 5
• Lost OFFER messages on the server are now handled correctly.
• The DHCP server now correctly handles DHCP clients being moved to
a different interface on the DHCP server after they’ve been allocated an
IP address.
PCR: 02203 Module: IPG Network affecting: No
Responses to DNS requests received by a DNS relay agent, and forwarded
to the DNS server, were returned to the requester with a source IP address
of the DNS server rather than the DNS relay agent. This issue has been
resolved.
PCR: 02208 Module: LOG Network affecting: No
Log messages are no longer stored in NVS.
PCR: 02214 Module: IPG Network affecting: No
A buffer leak occurred when a large number of flows (over 4000) were in use
and needed to be recycled. This issue has been resolved.
PCR: 02215 Module: FILE Network affecting: No
When the only feature licence in the feature licence file was disabled, the
licence file stored on FLASH memory did not change. This was due to a
previous enhancement in PCR 02184 which prevented existing files being
deleted before a new version was stored. This issue has been resolved.
PCR: 02220 Module: SWI Network affecting: No
The EPORT parameter in the ADD SWITCH L3FILTER ENTRY and SET
SWITCH L3FILTER ENTRY commands was matching multicast and
broadcast packets with software filtering. This issue has been resolved.
PCR: 02224 Module: SWI Network affecting: No
Some switch chip register values have been changed to improve QoS
support on Rapier G6 and Rapier G6f switches.
PCR: 02229 Module: IPG Network affecting: No
The PURGE IP command now resets the IP route cache counters to zero.
PCR: 02242 Module: IPG Network affecting: No
On a Rapier 24, adding an IP interface over a FR interface caused an
ASSERT debug fatal error. This issue has been resolved.
PCR: 02246 Module: VRRP Network affecting: No
Patch 86222-21 for Software Release 2.2.2
C613-10319-00 REV T
The ARL entry for the virtual router MAC was incorrectly showing a
numerical value. The entry now shows the CPU’s port value.
PCR: 02250 Module: FIREWALL Network affecting: No
Sometimes the Firewall erroneously used NAT. This issue has been
resolved.
PCR: 02259 Module: DHCP, IPG Network affecting: No
A dual Ethernet router was incorrectly accepting an IP address from a
DHCP server when the offered address was on the same network as the
other Ethernet interface. An error is now recorded when DHCP offers an
address that is in the same subnet as another interface.
6 Patch Release Note
PCR: 02260 Module: TTY Network affecting: No
When a ‘\n’(LF) character was received, the router/switch did not
recognise this as the termination of a command over Telnet. This issue has
been resolved.
PCR: 02262 Module: DNS Network affecting: No
Responses to MX record requests were not handled correctly if the preferred
name in the MX record differed from the one that was requested. This issue
has been resolved.
PCR: 02263 Module: VRRP Network affecting: No
The virtual MAC address was used as the source MAC for all packets
forwarded on an interface associated with a Virtual Router (VR). This was
confusing when multiple VRs were defined over the same interface because
only one virtual MAC address was ever used. The other virtual MAC
addresses (for the other VR's) were only used if the source IP address
matched the VR’s IP address. To avoid this confusion, the system MAC
address is now always used unless the source IP address of the packet is the
same as the VR’s IP address.
PCR: 02264 Module: PIM, DVMRP, SWI Network affecting: No
PIM or DVMRP failed to see any data if IGMP snooping was on and
DVMRP or PIM was enabled after the data stream had reached the router/
switch. This issue has been resolved.
PCR: 02265 Module: FIREWALL Network affecting: No
MAC address lists were not working with Firewall rules. This issue has
been resolved.
PCR: 02268 Module: FIREWALL Network affecting: No
HTTP requests from a fixed IP address were erroneously reported as a host
scan attack in the Firewall deny queue. This issue has been resolved.
PCR: 02269 Module: DUART, TM Network affecting: No
Under certain circumstances, the Asyn Loopback Test failed. This issue has
been resolved.
PCR: 02274 Module: TPAD Network affecting: No
ARL message interrupts have been re-enabled after a software table rebuild
to fix synchronisation of the software forwarding database with the
hardware table.
PCR: 02275 Module: OSPF Network affecting: No
Some routes were not added into the OSPF route list, and therefore were not
added into the IP route table. This issue has been resolved.
PCR: 02276 Module: FIREWALL Network affecting: No
The CREATE CONFIG command did not save the SOURCEPORT
parameter to the configuration file when the low value of the source port
range was set to zero. This issue has been resolved.
Patch 86222-21 for Software Release 2.2.2
C613-10319-00 REV T
Patch 86222-21 For Rapier Switches and AR800 Series Modular Switching Routers 7
PCR: 02287 Module: IPG Network affecting: No
Existing IGMP groups were not deleted when IGMP was disabled globally
or on the associated interface. This gave the groups very high timeout
values. This issue has been resolved.
PCR: 02299 Module: VRRP Network affecting: No
If a packet with a destination IP address equal to a VRRP IP address was
received when the router didn’t own the IP address, (because it didn’t have
an interface with that IP address) the router incorrectly tried to forward the
packet and send an ICMP “redirect” message to the source. Now, if such a
packet is received, it will be discarded and an ICMP “host unreachable”
message will be sent to the source.
PCR: 02304 Module: VRRP Network affecting: No
VRRP used the wrong source IP address in ICMP redirects. RFC 2338 states
that the source IP address of ICMP redirects should be the IP address that
the end host used when making its next hop routing decision. In the case of
a packet sent to a VRRP virtual MAC address, this is the primary VRRP IP
address associated with the MAC address, provided such a VR exists and is
in the master state. This issue has been resolved.
PCR: 02317 Module: IPG Network affecting: No
The SIZE functionality on the IP filter was not working for IP fragmented
packets. This issue has been resolved.
Features in 86222-19
Patch file details for Patch 86222-19 are listed in Table 3:
Table 3: Patch file details for Patch 86222-19.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
Patch 86222-19 includes all issues resolved and enhancements released in
previous patches for Software Release 2.2.2, and the following enhancements:
86s-222.rez
11-Jun-2002
86222-19.paz
364584 bytes
Patch 86222-21 for Software Release 2.2.2
C613-10319-00 REV T
PCR: 02018 Module: OSPF Network affecting: No
When OSPF was calculating routes from an AS external LSA and the AS
external router had two next hops with different metrics, the router
erroneously added two routes instead of one route with the best metric. This
issue has been resolved. Also, when the two equal cost routes were on the
same IP interface, but to different next hops, the router sent the packets to
the wrong MAC address. This issue has been resolved.
8 Patch Release Note
PCR: 02098 Module: STP Network affecting: No
STP always transmits untagged packets. If a port does not belong to a
VLAN as an untagged port, then the port must belong to one VLAN as a
tagged port. In this case, STP should transmit VLAN tagged packets out of
the port.
PCR: 02123 Module: IPG Network affecting: No
The IP, MASK, and ACTION parameters could not be set with the SET IP
ROUTE FILTER command. This issue is resolved when the filter number is
specified at the start of the command, for example:
SET IP ROUTE FILTER=filter-id IP=ipadd MASK=ipadd
ACTION={INCLUDE|EXCLUDE}
where: filter-id is the filter number. Filter numbers are displayed in the
output of the SHOW IP ROUTE FILTER command.
PCR 02138 Module: SWI Network affecting: No
The built in Self Test Code for all Rapiers, except G6, has been improved to
enhance the detection of faults in switch chip external packet memory.
PCR 02140 Module: OSPF Network affecting: No
An AS boundary router advertises AS external LSAs to other routers.
However, when the router’s configuration changed, either by adding an IP
route filter, or by setting its ASEXTERNAL parameter to OFF using the SET
OSPF ASEXTERNAL command followed by a restart, its neighbour state
could not reach full state. Also, when the router had IP route filters
configured, matched routes were not being flooded into other routers.
However, these routes should still have been imported into the router’s
own LSA database, but were not. These issues have been resolved.
PCR 02144 Module: IPG Network affecting:No
The IPG module has been enhanced to support gratiutous ARP request and
ARP reply packets.
PCR 02151 Module: IPG Network affecting: No
The Rapier was not detecting invalid checksums in ICMP echo request
packets. This issue has been resolved. ICMP echo request packets with
invalid checksums are now dropped and the ICMP inErrors and inDiscards
counters are incremented.
PCR 02164 Module: DHCP Network affecting: No
A simple DHCP range MIB and a trap have been added. The trap is
triggered when a DHCP request cannot be satisfied. The gateway address
and the interface address are sent as trap variables. The range table shows
which range was exhausted. A debug variable,
swiDebugBroadcomParityErrors has been added to the SWI module MIB to
count the SDRAM parity errors in the packet memory of the Broadcom
switch chip.
PCR 02176 Module: FIREWALL Network affecting: No
Packets traversing in and out of the same public firewall interface were
sometimes blocked. The firewall should only control packets passing
between a public and a private interface. This issue has been resolved.
Patch 86222-21 for Software Release 2.2.2
C613-10319-00 REV T
Patch 86222-21 For Rapier Switches and AR800 Series Modular Switching Routers 9
PCR 02181 Module: LOAD Network affecting: No
When a file upload was interrupted, the file being uploaded was not
unlocked. The file could not be deleted without restarting the router. This
issue has been resolved.
PCR 02186 Module: IPG Network affecting: No
RIP was incorrectly sending triggered request packets over VLANs, even on
non-demand links. This issue has been resolved.
PCR 02188 Module: VRRP Network affecting: No
When VRRP responded to an ARP request for the VR IP address it was not
making an entry in the ARP table and the switch L3 table. This issue has
been resolved.
Features in 86222-18
Patch file details for Patch 86222-18 are listed in Table 4:
Table 4: Patch file details for Patch 86222-18.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
86s-222.rez
6-May-2002
86222-18.paz
342720 bytes
There is no patch release 86222-17 because this patch was withdrawn.
Patch 86222-18 includes all issues resolved and enhancements released in
previous patches for Software Release 2.2.2, and the following enhancements:
PCR: 02041 Module: SWI Network affecting: No
In some situations, the switch would stop forwarding packets via internal
and/or external uplink ports. This issue has been resolved.
PCR: 02073 Module: FILE Network affecting: No
Patch 86222-21 for Software Release 2.2.2
C613-10319-00 REV T
If a flash write error occurred when a file was being written, the file’s
directory entry was deleted leaving a partial file in flash. Subsequent
attempts to write the file failed because a file of the same name already
existed. This issue has been resolved.
PCR: 02075 Module: OSPF, IPG Network affecting: No
In configurations containing a large number of OSPF routes, the SPF
calculation could take a long time. During this calculation, other events
would not be processed. This patch reduces the time required for an SPF
calculation and allows the switch to respond to other events in the mean
time. This patch also improves the performance of flow cache updates.
Loading...