Page 1
Patch Release Note
Patch 86241-02
For Rapier Switches and AR800 Series
Modular Switching Routers
Introduction
This patch release note lists the issues addressed and enhancements made in
patch 86241-02 for Software Release 2.4.1 on existing models of Rapier L3
managed switches and AR800 Series L3 modular switching routers. Patch file
details are listed in Table 1.
Table 1: Patch file details for Patch 86241-02.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
This release note should be read in conjunction with the following documents:
■ Release Note: Software Release 2.4.1 for Rapier Switches, AR300 and
AR700 Series Routers, and AR800 Series Modular Switching Routers
(Document Number C613-10338-00 Rev A) available from
www.alliedtelesyn.co.nz/documentation/documentation.html
■ Rapier Switch Documentation Set for Software Release 2.4.1 available on
the Documentation and Tools CD-ROM packaged with your switch, or
from www.alliedtelesyn.co.nz/documentation/documentation.html
WARNING: Using a patch for a different model or software release may cause
unpredictable results, including disruption to the network. Information in this
release note is subject to change without notice and does not represent a
commitment on the part of Allied Telesyn International. While every effort has
been made to ensure that the information contained within this document and
the features and changes described are accurate, Allied Telesyn International
can not accept any type of liability for errors in, or omissions arising from the
use of this information.
86s-241.rez
25-Oct-2002
86241-02.paz
132368 bytes
.
.
Simply connecting the world
Page 2
2 Patch Release Note
Features in 86241-02
Patch 86241-02 includes all issues resolved and enhancements released in
previous patches for Software Release 2.4.1, and the following enhancements:
PCR: 02103 Module: SWI Network affecting: No
IPX traffic passing between two switch instances using VLAN for Rapier48
now operates correctly.
PCR: 02210 Module: DNS Relay Network affecting: No
Buffer leaks occurred when DNS relay was enabled. This issue has been
resolved.
PCR: 02214 Module: IPG Network affecting: No
A buffer leak occurred when a large number of flows (over 4000) were in use
and needed to be recycled. This issue has been resolved.
PCR: 02220 Module: SWI Network affecting: No
The EPORT parameter in the ADD SWITCH L3FILTER ENTRY and SET
SWITCH L3FILTER ENTRY commands was matching multicast and
broadcast packets with software filtering. This issue has been resolved.
PCR: 02236 Module: FIREWALL Network affecting: No
Sometimes the retransmission of an FTP packet was not permitted through
the Firewall. This issue has been resolved.
PCR: 02245 Module: VRRP Network affecting: No
VRRP returned an incorrect MAC address for an ARP request. This issue
has been resolved.
PCR: 02263 Module: VRRP Network affecting: No
The virtual MAC address was used as the source MAC for all packets
forwarded on an interface associated with a Virtual Router (VR). This was
confusing when multiple VRs were defined over the same interface because
only one virtual MAC address was ever used. The other virtual MAC
addresses (for the other VR's) were only used if the source IP address
matched the VR’s IP address. To avoid this confusion, the system MAC
address is now always used unless the source IP address of the packet is the
same as the VR’s IP address.
PCR: 02267 Module: BGP Network affecting: No
When route aggregation was enabled, the atomic aggregate was not being
set. This issue has been resolved.
PCR: 02268 Module: FIREWALL Network affecting: No
HTTP requests from a fixed IP address were erroneously reported as a host
scan attack in the Firewall deny queue. This issue has been resolved.
Patch 86241-02 for Software Release 2.4.1
C613-10340-00 REV B
Page 3
Patch 86241-02 For Rapier Switches and AR800 Series Modular Switching Routers 3
PCR: 02272 Module: IPG, PIM, SWI Network affecting: No
The following issues have been resolved:
• The RESET PIM INTERFACE=VLAN command was not working
correctly.
• Packets with Time to Live (TTL) set to less than 4 were not being
forwarded.
• VLAN tags were not being inserted into IP multicast packets on multitagged ports.
• A fatal error occurred when PIM and RIP were both running.
PCR: 02274 Module: TPAD Network affecting: No
ARL message interrupts have been re-enabled after a software table rebuild
to fix synchronisation of the software forwarding database with the
hardware table.
PCR: 02276 Module: FIREWALL Network affecting: No
The CREATE CONFIG command did not save the SOURCEPORT
parameter to the configuration file when the low value of the source port
range was set to zero. This issue has been resolved.
PCR: 02277 Module: DVMRP Network affecting: No
Report sending and default routes were not working correctly. Also, the
SHOW CONFIGURATION DYNAMIC and SHOW
CONFIGURATION=DVMRP commands were not working correctly. These
issues have been resolved.
PCR: 02280 Module: TELNET, TTY Network affecting: No
TELNET sessions are now closed with “^D” only when the session is in the
login state.
PCR: 02291 Module: DHCP Network affecting: No
DHCP now processes Discover messages smaller than 300 bytes.
PCR: 02292 Module: IPSEC Network affecting: No
IPSec no longer logs packets that match an ACTION=ALLOW policy. The
overhead of this logging was affecting non-IPSec traffic.
PCR: 02294 Module: IKMP Network affecting: No
The LOCALRSAKEY parameter in the CREATE ISAKMP POLICY and SET
ISAKMP POLICY commands was not accepting the value zero. This issue
has been resolved.
Patch 86241-02 for Software Release 2.4.1
C613-10340-00 REV B
PCR: 02298 Module: IPSEC Network affecting: No
The PURGE IPSEC command caused a fatal error. This issue has been
resolved.
Page 4
4 Patch Release Note
PCR: 02299 Module: VRRP Network affecting: No
If a packet with a destination IP address equal to a VRRP IP address was
received when the router didn’t own the IP address, (because it didn’t have
an interface with that IP address) the router incorrectly tried to forward the
packet and send an ICMP “redirect” message to the source. Now, if such a
packet is received, it will be discarded and an ICMP “host unreachable”
message will be sent to the source.
PCR: 02301 Module: IPG Network affecting: No
If a DNS relay agent was configured with overlapping subnets, sometimes
the DNS server response was returned to the client with a source IP address
of an interface on the relay agent that was different from the interface the
request was received on. This issue has been resolved.
PCR: 02302 Module: IPv6 Network affecting: No
The default router lifetime value has been corrected. Also, the SET IPV6
INTERFACE command now updates valid and preferred lifetimes correctly.
PCR: 02303 Module: INSTALL Network affecting: No
When enabling or disabling feature licences, a message will now be
generated with a warning that changes to feature licences may not take
effect until after a reboot.
PCR: 02304 Module: VRRP Network affecting: No
VRRP used the wrong source IP address in ICMP redirects. RFC 2338 states
that the source IP address of ICMP redirects should be the IP address that
the end host used when making its next hop routing decision. In the case of
a packet sent to a VRRP virtual MAC address, this is the primary VRRP IP
address associated with the MAC address, provided such a VR exists and is
in the master state. This issue has been resolved.
PCR: 02309 Module: STP Network affecting: No
On models except Rapier i Series Switches, the ENABLE STP DEBUG PORT
command did not work correctly. This issue has been resolved.
PCR: 02311 Module: SWI Network affecting: No
It was possible to set the trunk speed to 10/100M, even if the port within the
trunk was not capable of this speed. This issue has been resolved.
PCR: 02313 Module: IPV6 Network affecting: No
The SHOW IPV6 INTERFACE command now shows the address lifetime
aging status that is determined by the DECREMENT parameter in the ADD
IPV6 INTERFACE command. The default valid and preferred address
lifetimes have been changed to 30 days and 7 days respectively.
PCR: 02320 Module: IPV6 Network affecting: No
The interface address preferred lifetime was not operating correctly. This
issue has been resolved.
Patch 86241-02 for Software Release 2.4.1
C613-10340-00 REV B
Page 5
Patch 86241-02 For Rapier Switches and AR800 Series Modular Switching Routers 5
PCR: 02321 Module: FR Network affecting: No
A fatal error occurred when the command SET FR=0 LMI= was executed if
the LMI was already set to ANNEXA, ANNEXB or ANNEXD. This issue
has been resolved.
PCR: 02326 Module: IPv6 Network affecting: No
A fatal error occurred when a PING was executed over an IPV6 tunnel that
had previously been deleted. Also, packet forwarding with link-local
addresses was not working correctly. These issues have been resolved.
PCR: 02327 Module: IPG/FIREWALL Network affecting: No
In some situations, multihomed interfaces caused the Firewall to apply
NAT and rules incorrectly when packets were received from a subnet that
was not attached to the receiving interface. This issue has been resolved.
PCR: 02328 Module: BGP Network affecting: No
BGP was not sending a withdraw message to a peer for a withdrawn or
replaced route when the new best route came from that peer. This issue has
been resolved.
PCR: 02330 Module: IPv6 Network affecting: No
A buffer leak was occurring in IPv6 fragmentation. This issue has been
resolved.
PCR: 02331 Module: IPG, ETH Network affecting: No
IP is now informed when an Ethernet interface goes up or down, after a 2.5
second delay.
PCR: 02332 Module: IPSEC Network affecting: No
The sequence number extracted from the AH and ESP header was in the
wrong endian mode, which caused an FTP error with IPSEC anti-replay.
This issue has been resolved.
PCR: 02334 Module: FIREWALL Network affecting: No
It is now possible to set the domain name of the SMTP server to none
(0.0.0.0) with the SET FIREWALL POLICY SMTPDOMAIN command, even
if a server name has not previously been specified.
PCR: 02335 Module: CLASSIFIER Network affecting: No
The SHOW CLASSIFIER command was not displaying Layer 3 information
if the classifier had been created with the parameters ETHFORMAT=SNAP
and PROTOCOL={IP|0000000800}. This issue has been resolved.
Patch 86241-02 for Software Release 2.4.1
C613-10340-00 REV B
PCR: 02343 Module: PPP Network affecting: No
When acting as a PPPoE Access Concentrator (AC), if a PPPoE client sent
discovery packets without the "host-unique" tag, the discovery packets sent
by the AC were corrupted. This issue has been resolved.
Page 6
6 Patch Release Note
PCR: 02346 Module: BGP, IPG Network affecting: No
It is now possible to set a preference value for dynamically learned routes
based on their protocol using the command:
SET IP ROUTE PREFERENCE={DEFAULT|1..65535}
PROTOCOL={BGP-EXT|BGP-INT|OSPF-EXT1|OSPF-EXT2|OSPF-INTER|
OSPF-INTRA|OSPF-OTHER|RIP}
PCR: 02347 Module: SWI Network affecting: No
The CREATE CONFIGURATION command was not correctly generating
the DISABLE SWITCH HWFILTER and DISABLE SWITCH L3FILTER
commands. This issue has been resolved.
PCR: 02348 Module: ENCO Network affecting: No
When the PAC card was under severe load, the related driver occasionally
did not fully transfer all result data from the chip. This caused an actCmdFail
error. This issue has been resolved.
PCR: 02354 Module: SCC, SYN, PPP Network affecting: No
In a previous patch, a fatal error occurred after a RESTART ROUTER
command was executed when using PPP over SYN. Also, on AR745
models, PPP was using an 8 MB boundary instead of a 16 MB boundary.
These issues have been resolved.
PCR: 02357 Module: FR Network affecting: No
The following issues have been resolved:
• PIM was not sending Hello messages over a Frame Relay (FR) interface.
• A fatal error occurred if 64 was entered as the interface value in the
DESTROY FRAMERELAY command. The command now only accepts
0-63 for this parameter.
• The ADD FRAMERELAY DLC command incorrectly accepted a TYPE
parameter. Also, this command was not accepting the
ENCAPSULATION parameter.
• The CREATE CONFIGURATION command incorrectly generated the
CIR and CIRLIMITED parameters for the ADD FRAMERELAY DLC
command.
• FR interfaces with static DLCs were always shown as DOWN. The
status of the interface was not being updated when a circuit was added
to the interface.
PCR: 02359 Module: IPG Network affecting: No
When an IP Multihomed interface was used as an OSPF interface,
neighbour relationships were only established if the IP interface for OSPF
was added first in the configuration. Now, OSPF establishes neighbour
relationships regardless of the IP Multihomed interface configuration order.
PCR: 02363 Module: FFS, FILE, TTY Network affecting: No
The FLASH compaction process is now transparent to the file edition
process. The FLASH system is now more stable.
Patch 86241-02 for Software Release 2.4.1
C613-10340-00 REV B
Page 7
Patch 86241-02 For Rapier Switches and AR800 Series Modular Switching Routers 7
PCR: 02365 Module: SWI Network affecting: No
Address learning on the mirror port is now correctly re-enabled when it is
no longer the mirror port.
PCR: 02367 Module: SWI Network affecting: No
New commands have been added to enable the addition and deletion of
static multicast addresses to and from the multicast forwarding table. The
new commands are:
ADD SWITCH MULTICASTADDRESS IP=ipadd VLAN=vlan-id
PORT=port-list
DELETE SWITCH MULTICASTADDRESS IP=ipadd VLAN=vlan-id
PCR: 02369 Module: IPG Network affecting: No
When the SET IP ROUTE command was executed to change any parameter
other than METRIC1, which is the RIP metric, the RIP metric was reset to 1.
This metric is now only updated if a value for the parameter is specified.
PCR: 02371 Module: FIREWALL Network affecting: No
When the system time was set to a time that was before or significantly after
the current time, Firewall sessions were prematurely deleted. This issue has
been resolved.
PCR: 02376 Module: PPP Network affecting: No
When the PPP ONLINELIMIT was exceeded for PPP over TDM, the PPP
link stayed open, allowing Link Quality Report (LQR) packets to be
transmitted. This caused the ifOutOctets counter to increment. Now, if the
ONLINELIMIT is exceeded, the link will close.
PCR: 02378 Module: SWI Network affecting: No
Entering 63 for the EPORT parameter in the ADD SWITCH L3FILTER
command caused a fatal error. This parameter now accepts the values 63
and 64.
PCR: 02395 Module: VRRP, TRG Network affecting: No
The SHOW VRRP command now shows the number of trigger activations
for the Upmaster and Downmaster triggers.
PCR: 02397 Module: DVMRP Network affecting: No
After a prune lifetime had expired, the interface was not joined back to the
DVMRP multicast delivery tree. This issue has been resolved.
Patch 86241-02 for Software Release 2.4.1
C613-10340-00 REV B
PCR: 02398 Module: IPV6 Network affecting: No
The following issues have been resolved:
• It was possible to assign the same network on different IPV6 interfaces
• The loopback address was being added to other interfaces
• The tunnel configuration was not showing correctly in IPV6
configuration commands
RIPv6 now sets the metric of routes for interfaces that are DOWN to 16, and
immediately sends responses when the link status of VLAN interfaces
changes.
Page 8
8 Patch Release Note
PCR: 02399 Module: TRACE Network affecting: No
The Trace utility has been modified. Previously, Trace sent a group of
packets at once and waited for multiple responses in order to assess the
minimum, maximum and average time to cover a certain "hop distance"
towards the target host. Now Trace sends each packet in each group
individually, and waits either for a response or a time-out before sending
the next packet in the group.
PCR: 02401 Module: IPV6 Network affecting: No
Neighbour discovery and PIM6 caused a fatal error when IPv6 was not
enabled, or when the IPv6 feature license was not present. This issue has
been resolved.
PCR: 02402 Module: SNMP, CORE, SHOW,
Network affecting: No
FILE
SNMP MIB support has been enhanced for CPU utilisation and file
statistics. MIB support has been added for Allied Telesyn contact details and
fast buffers.
PCR: 02403 Module: STP Network affecting: No
A watchdog timeout occurred when the command ENABLE STP PORT was
executed. This issue has been resolved.
PCR: 02406 Module: IPV6 Network affecting: No
A Router-Alert option has been added. Also, the SHOW IPV6 MLD
INTERFACE command now works correctly.
PCR: 02409 Module: IPG Network affecting: No
A warning now appears when the DELETE IP INTERFACE command is
executed before the DELETE DVMRP INTERFACE command.
PCR: 02410 Module: VRRP Network affecting: No
VRRP pre-empt mode was not working with advertisement updates of 1
second or more because this did not allow for interface start time on startup.
Now a check is made to verify that interfaces are UP before timers are
started.
PCR: 02411 Module: IPV6 Network affecting: No
The SHOW TCP command was not showing the listening status for IPv6.
PCR: 02412 Module: IPV6 Network affecting: No
An ISDN call was activated by IPv6 Router Advertisements over IPv6
tunnel interfaces. This issue has been resolved.
PCR: 02415 Module: IPG Network affecting: No
Packets with a RIP source address and next hop address that are not on the
same subnet as the interface will now be processed. If the received next hop
is not on the same subnet, it is treated as 0.0.0.0.
Patch 86241-02 for Software Release 2.4.1
C613-10340-00 REV B
Page 9
Patch 86241-02 For Rapier Switches and AR800 Series Modular Switching Routers 9
PCR: 02418 Module: IPV6 Network affecting: No
ICMPv6 was returning an error for non-zero fragment offsets. This issue has
been resolved.
PCR: 02421 Module: PIM Network affecting: No
The GUI was incorrectly accepting multiple entries for VLANs. This issue
has been resolved.
PCR: 02422 Module: GARP Network affecting: No
The GUI was returning incorrect GARP counters. This issue has been
resolved.
PCR: 02428 Module: IPV6 Network affecting: No
Link-local address behaviour was incorrect. Also, the PUBLISH parameter
was not updated by the SET IPV6 INTERFACE command, or displayed in
the SHOW IPV6 INTERFACE command. These issues have been resolved.
PCR: 02450 Module: IPV6 Network affecting: No
Large local packets were not being fragmented. Also, the More Fragment
flag in the IPv6 fragment header was not being set correctly. These issues
have been resolved.
PCR: 02452 Module: IPv6 Network affecting: No
Received Router Advertisements (RAs) were discarded when the interface
was enabled to send RAs. This issue has been resolved.
PCR: 02457 Module: IPV6 Network affecting: No
The IPv6 priority filter was not matching correctly when TCP was specified
as the protocol type. This issue has been resolved.
PCR: 02463 Module: DVMRP, IPG Network affecting: No
Multicast multi-homing was not working correctly. This issue has been
resolved.
Features in 86241-01
Patch file details are listed in Table 2:
Patch 86241-02 for Software Release 2.4.1
C613-10340-00 REV B
Table 2: Patch file details for Patch 86241-01.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
86s-241.rez
26-July-2002
86241-01.paz
27732 bytes
Patch 86241-01 includes the following enhancements:
Page 10
10 Patch Release Note
PCR: 02036 Module: SWITCH Network affecting: No
A new command allows the Layer 3 aging timer to be changed:
SET SWITCH L3AGEINGTIMER=<seconds>
where seconds can be 30 - 43200. After each cycle of the ageing timer, all
existing Layer 3 entries with the hit bit set will have the hit bit reset to zero,
and all existing Layer 3 entries with the hit bit set to zero will be deleted.
The SHOW SWITCH command output now displays the Layer 3 ageing
timer value.
PCR 02138 Module: SWI Network affecting: No
The built in Self Test Code for all Rapiers, except G6, has been improved to
enhance the detection of faults in switch chip external packet memory.
PCR: 02158 Module: FIREWALL Network affecting: No
When a TCP RST/ACK was received by a firewall interface, the packet that
was passed to the other side of the firewall lost the ACK flag, and had an
incorrect ACK number. This issue has been resolved.
PCR: 02185 Module: VRRP Network affecting: No
The SHOW CONFIG DYNAMIC=VRRP command was not showing port
monitoring and step values correctly. This issue has been resolved.
PCR: 02229 Module: IPG Network affecting: No
The PURGE IP command now resets the IP route cache counters to zero.
PCR: 02240 Module: SWI Network affecting: No
The SENDCOS filter action did not operate correctly across switch
instances. This was because the stacklink port on the Rapier 48 did not
correctly compensate for the stack tag on frames received via the filter. This
issue has been resolved.
PCR: 02241 Module: FIREWALL Network affecting: No
Firewall subnet NAT rules were not working correctly from the private to
the public side of the firewall. Traffic from the public to private side
(destined for subnet NAT) was discarded. These issues have been resolved.
ICMP traffic no longer causes a RADIUS lookup for access authentication,
but is now checked by ICMP handlers for attacks and eligibility. If the ICMP
traffic matches a NAT rule, NAT will occur on inbound and outbound
traffic. HTTP 1.0 requests sometimes caused the firewall HTTP proxy to
close prematurely. Cached TCP sessions were sometimes not hit correctly.
These issues have been resolved.
PCR: 02242 Module: IPG Network affecting: No
On a Rapier 24, adding an IP interface over a FR interface caused an
ASSERT debug fatal error. This issue has been resolved.
PCR: 02250 Module: FIREWALL Network affecting: No
Sometimes the Firewall erroneously used NAT. This issue has been
resolved.
Patch 86241-02 for Software Release 2.4.1
C613-10340-00 REV B
Page 11
Patch 86241-02 For Rapier Switches and AR800 Series Modular Switching Routers 11
PCR: 02259 Module: DHCP, IPG Network affecting: No
A dual Ethernet router was incorrectly accepting an IP address from a
DHCP server when the offered address was on the same network as the
other Ethernet interface. An error is now recorded when DHCP offers an
address that is in the same subnet as another interface.
Availability
Patches can be downloaded from the Software Updates area of the Allied
Telesyn web site at www.alliedtelesyn.co.nz/support/updates/patches.html
licence or password is not required to use a patch.
. A
Patch 86241-02 for Software Release 2.4.1
C613-10340-00 REV B
Page 12
12 Patch Release Note
Patch 86241-02 for Software Release 2.4.1
C613-10340-00 REV B
Loading...