Allied Telesis 86241-06 User Manual
Patch Release Note
Patch 86241-06
For Rapier Switches
Introduction
This patch release note lists the issues addressed and enhancements made in
patch 86241-06 for Software Release 2.4.1 on existing models of Rapier L3
managed switches. Patch file details are listed in Table 1.
Table 1: Patch file details for Patch 86241-06.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
This release note should be read in conjunction with the following documents:
■ Release Note: Software Release 2.4.1 for Rapier Switches, (Document
Number C613-10338-00 Rev A) available from www.alliedtelesyn.co.nz/
documentation/documentation.html.
■ Rapier Switch Documentation Set for Software Release 2.4.1 available on
the Documentation and Tools CD-ROM packaged with your switch, or
from www.alliedtelesyn.co.nz/documentation/documentation.html
WARNING: Using a patch for a different model or software release may cause
unpredictable results, including disru ption to the network. Info rmation in th is
release note is subject to change without notice and does not represent a
commitment on the part of Allied Telesyn International. While every effort has
been made to ensure that the inf ormati on con tai ned wi thin t his documen t a nd
the features and changes described are accurate, Allied Telesyn International
can not accept any type of liability for errors in, or omissions arising from the
use of this information.
86s-241.rez
28-Feb-2003
86241-06.paz
369480 bytes
.
Simply connecting the world
Some of the issues addressed in this Release Note include a level number. This
number reflects the importance of the the issue that has been resolved. For
details on level numbers, please contact your authorised distributor or reseller.
2 Patch Release Note
Features in 86241-06
Patch 86241-06 includes all issues resolved and enhancements released in
previous patches for Software Release 2.4.1, and the following enhancements:
PCR: 02429 Module: IPG Level: 2
When more than two firewall policies were configured, an unexpected
switch restart sometimes occurred. This issue has been resolved.
PCR: 02562 Module: SWI
Dynamic Port Security allows for dynamic MAC address learning on a
switch port. If a MAC address is unused for a period of time, it will be aged
from the database of currently accepted MAC addresses. This allows the
learning of new MAC addresses. Dynamic Port Security is useful because
port security allows the number of devices that are connected to a
particular switch port to be limited.
For more information on Dynamic Port Security, see “Dynamic Port
Security” on page 29 of this patch release note.
PCR: 03042 Module: PIM Level: 3
PIM join messages were being sent by a switch connected to an upstream
and a downstream switch or router in the same VLAN when a multicast
group had no members. This issue has been resolved.
PCR: 03044 Module: BGP Level: 2
The switch did not always advertise its preferred r outes to destinations that
were affected by flapping routes. In these conditio ns, a BGP network does
not run efficiently. This issue has been resolved.
PCR: 03048 Module: STP Level: 2
A switch port belonging to an enabled STP instance would not respond to
ARP requests if the port had been disabled from STP operation. This
prevented the flow of some types of traffic into affected switch ports. This
issue has been resolved.
PCR: 03054 Module: TTY, TACPLUS
When a connection is made by Telnet, or directly through the ASYN port, a
TTY session is created with:
■ an idle timeout time. The default idle time is zero, which means the TTY
session will not time out if there is a lack of activity . If a TACACS+ server is
configured on the switch, and the idle time attrib ute value pair (AVP) is
configured on the T ACACS+ ser ver and is received by the switch, the value
of the idle time from the TACACS+ server is used to set the TTY session.
■ a timeout of zero, which means that the TTY session will not time out. If a
TACACS+ server is configured on the switch, and the timeout attribute
value pair (AVP) is configured on the TACACS+ server and received by the
switch, the value of the timeout from the TACACS+ server is used to set
the TTY session timeout. After the timeout period has elapsed, the user
will either be disconnected by termination of their TTY connection (the
default setting), or have their privilege level reduced to USER (the lowest
privilege level). If the user’s privilege level is already at the lowest level,
then the user will be disconnected by termination of their TTY connection.
If the user’s privilege level is reduced, the TTY session timeout count is
reset to its initial value.
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
Patch 86241-06 For Rapier Switches 3
PCR: 03056 Module: SSH Level: 3
During an SSH session between the switch and the Secure CRT client, the
client did not receive a reply to its MAX-packet-size CMSG. The switch
does not support this message, but will now send a negative response to
satisfy the secure CRT client’s r equirements.
PCR: 03064 Module: SNMP Level: 4
The MIB objects ifTestTable and ifRcvAddressTable were incorrectly included
in the switch’s SNMP implementation. These have been removed.
PCR: 03065 Module: SWI Level: 2
When the TX cable was unplugged from a fibre port the operating status
was incorrectly reported as UP. This issue has been resolved.
PCR: 03070 Module: BGP Level: 2
When BGP imported other route types, it would advertise r outes that had
nexthops of the BGP peers themselves. The BGP peers would reject these
routes and close the peering session, thus preventing the exchange of
routing information between BGP peers. This issue has been resolved.
PCR: 03072 Module: BGP Level: 4
The Import parameter of the ADD, SET, DELETE and SHOW BGP
commands now has an INTERFACE type. INTERFACE routes were
previously grouped with STATIC routes.
PCR: 03073 Module: UTILITY Level: 2
If the CREA TE QOS POLICY command was executed with a range that had
a number more than four characters long, for example, CREATE QOS
POLICY=123-12345, then a switch restart occured. An error message is now
displayed if more than four numbers are entered for a range.
PCR: 03074 Module: USER Level:
The SET USER command now requires the PASSWORD option if a
PRIVILEGE is specified. This enables privilege levels to be lowered from a
higher level (MANAGER, or SECURITY OFFICER), to USER.
PCR: 03081 Module: SWI Level:
An untagged packet would occasionally be sent on a tagged port. This issue
has been resolved.
PCR: 03082 Module: SWI Level:
When PIM was enabled, IGMP snooping would occasionally work
incorrectly. This issue has been resolved.
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
PCR: 03087 Module: IPG Level:
When interfaces with IGMP proxies were deleted, a software re start could
sometimes occur. This issue has been resolved.
4 Patch Release Note
PCR: 03100 Module: DHCP Level:
DHCP was assigning incorrect IP addresses to clients when they moved
from a relayed to a non-r elayed range. Gateway checks have been added to
remove this issue.
PCR: 03101 Module: IPG Level: 2
Deriving the originating VLAN from incoming packets could, in some
circumstances, cause a software restart. This issue has been resolved.
PCR: 03102 Module: IPG Level: 3
The PING command when executed with the LENGTH and PATTERN
parameters could produce an ICMP echo packet with an incorrect ICMP
checksum. This issue has been resolved.
PCR: 03104 Module: IPG Level: 3
When an IP packet with an invalid TOT AL LENGTH field was received by
the CPU routing process, subsequent valid packets were dropped. This
issue has been resolved.
PCR: 03107 Module: FR, PPP Level: 2
The mechanism for freeing discarded packets in Frame Relay and PPP
could, in some circumstances, cause a software r estart. Thi s issue has been
resolved.
PCR: 03108 Module: MLDS Level: 4
The DISABLE MLDS command appeared twice in configur ation files. This
issue has been resolved.
PCR: 03110 Module: IPG Level: 2
The ADD IP MVR command could cause a software restart. This issue has
been resolved.
The ADD IP MVR command parameter GROUP now only accepts multicast
addresses.
PCR: 03113 Module: DVMRP Level: 2
With DVMRP configured, the switch did not forward multicast data to
downstream interfaces on the same VLAN. This issue has been resolved.
PCR: 03114 Module: DHCP Level: 3
DHCP clients that shifted between relayed ranges were not always
recognised, and were occasionally allocated incorrect addresses. This issue
has been resolved.
PCR: 03121 Module: DVMRP Level: 2
Invalid DVMRP prune messages could cause a software restart. This issue
has been resolved.
PCR: 03122 Module: SWI Level: 2
Adding a static ARP entry to a trunk group could cause a software restart.
This issue has been resolved.
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
Patch 86241-06 For Rapier Switches 5
PCR: 03123 Module: DHCP Level: 3
After sending a DHCP NAK in response to a client’s DHCP REQUEST with
a bad lease time, the switch would fail to age out its corresponding DHCP
OFFER entry. This issue has been resolved.
PCR: 03125 Module: DS3 Level: 3
The switch would disassert the AIS, IDLE, LOF and LOS alarms if the
defect conditions that had caused the alarm were disasserted, then
reasserted before the alarms had been disasserted. This issue has been
resolved.
PCR: 03127 Module: IPV6 Level: 2
When a static link local address was configured using the ADD IPV6
INT=xxx IP=yyy command, it was not reflected in the switch’s dynamic
configuration. Consequently, the command would be absent from the
switch’s configuration after CREATE CONFIG and switch RESTART
commands were executed. This issue has been resolved.
PCR: 03136 Module: BGP Level: 2
The ADD BGP PEER command MAXPREFIX parameter now has a default
of 24000, instead of OFF. Previously , with no maximum pr efix checking by
default, if the switch received a very large number of prefixes from a BGP
peer, buffer exhaustion could result in a software re start.
PCR: 03011 Module: OSPF Level: 3
The SHOW OSPF NEIGHBOUR command did not reflect a change made to
the router priority on a dynamic OSPF interface of a neighbouring router.
This issue has been resolved.
PCR: 03035 Module: OSPF
Link state advertisements could incorrectly show an area as a stub area.
This happened during the time when a Direct Route (DR) was removed
from a configuration and before a Direct Backup Route (BDR), or an Other
Direct Route (Other DR) was elected. This issue has been resolved.
PCR: 03045 Module: IPG, SWI Level: 3
The switch would flood DVMRP unicast messages to all ports in the VLAN.
This issue has been resolved.
PCR: 03046 Module: IPG Level: 3
ICMP packets originating from the switch used the wrong Equal Cost
Multiple Path route. This issue has been resolved. Also, improvements have
been made to ensure that the ICMP packet will be transmitted over the best
available route. If the best route becomes unavailable, a new route will be
found, if available, so that the ICMP packet continues to reach the
destination address.
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
PCR: 03051 Module: PCI Level: 2
The ECPAC card was not working correctly. This issue has been resolved.
6 Patch Release Note
Features in 86241-05
Patch file details are listed in Table 2:
Table 2: Patch file details for Patch 86241-05.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
86s-241.rez
17-Jan-2003
86241-05.paz
332388 bytes
Patch 86241-05 includes all issues resolved and enhancements released in
previous patches for Software Release 2.4.1, and the following enhancements:
PCR: 02315 Module: SNMP Network affecting: No
Support has been added for SNMPv2c.
SNMP responses will be sent in the same version format as the request
message. Minimal configuration is required to specify a SNMP format,
because this is decided on a message by message basis. The on ly thing you
need to specify is the version of SNMP received by trap hosts.
To create an SNMP community, use the command:
CREATE SNMP COMMUNITY=name [ACCESS={READ|WRITE}]
[TRAPHOST=ipadd] [MANAGER=ipadd]
[OPEN={ON|OFF|YES|NO|TRUE|FALSE}] [V1TRAPHOST=ipadd]
[V2CTRAPHOST=ipadd]
To add a trap host or management station to the previously created SNMP
community, use the command:
ADD SNMP COMMUNITY=name [TRAPHOST=ipadd] [MANAGER=ipadd]
[V1TRAPHOST=ipadd] [V2CTRAPHOST=ipadd]
PCR: 02389 Module: DS3 Network affecting: No
DS3 interface and board type support has been added. DS3 is now
supported over PPP and Frame Relay. DS3 MIB support has been added.
For more information on DS3, see “DS 3 Interfaces” on page 22 of this release
note.
PCR: 02414 Module: IPv6, SWI, IPG, VLAN Network affecting: No
This patch resolves issues that arose after previous modifications made
under this PCR number.
Sometimes IPv6 features did not enable correctly. Also, there were some
errors in the output from configuration commands. These issues have been
resolved.
PCR: 02560 Module: IPG, SWI, VLAN Network affecting: No
IP packet throughput has been improved.
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
Patch 86241-06 For Rapier Switches 7
PCR: 03002 Module: USER Network affecting: No
Debugging commands are now available for the RADIUS and TACACS
control protocols. Raw packets, decoded packets, and errors can now be
displayed.
Access control packet debugging allows the contents of the packets to be
viewed. The debugging commands allow both raw (hexadecimal dumps)
and/or decoded (human-readable) packet displays. Information on any
errors occurring in the transactions can be displayed once the appropriate
debugging command is issued.
Only users with SECURITY OFFICER privileges in system secure mode are able to
enable RADIUS and TACACS debugging.
The debugging commands are:
ENABLE RADIUS DEBUG={ALL|PKT|DECODE|ERROR} [,...]
ENABLE TACACS DEBUG={ALL|PKT|DECODE|ERROR} [,...]
DISABLE RADIUS DEBUG={ALL|PKT|DECODE|ERROR} [,...]
DISABLE TACACS DEBUG={ALL|PKT|DECODE|ERROR} [,...]
SHOW RADIUS DEBUG
SHOW TACACS DEBUG
PCR: 03013 Module: INSTALL Network affecting: No
The SET INSTALL command was generating an unwanted warning
message on Rapier i series switches. This issue has been resolved.
Features in 86241-04
Patch file details are listed in Table 3:
Table 3: Patch file details for Patch 86241-04.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
86s-241.rez
15-Jan-2003
86241-04.paz
208232 bytes
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
Patch 86241-04 includes all issues resolved and enhancements released in
previous patches for Software Release 2.4.1, and the following enhancements:
PCR 02244 Module: UTILITY Network affecting: No
Virtual interfaces were displayed incorrectly when VLANs were
multihomed. This issue has been resolved.
PCR: 02300 Module: Firewall Network affecting: No
If the command ADD FIREW ALL POLICY RULE SOURCEPOR T=ALL was
executed, a value of “65535” was incorrectly displayed for the
SOURCEPORT parameter for that rule in the SHOW FIREWALL POLICY
command. This issue has been resolved.
8 Patch Release Note
PCR: 02340 Module: IPG Network affecting: No
PIM was disabled permanently if the RESET IP command, or the DISABLE
IP command followed by the ENABLE IP commands were executed. PIM is
now automatically restarted if these commands are used.
PCR: 02356 Module: FIREWALL Network affecting: No
Previously the SET FIREWALL POLICY RULE command permitted the use
of the GBLIP and GBLPORT parameters in ways that were not permitted by
the ADD FIREWALL POLICY RULE command. This caused problems
when a configuration file was generated because some of the illegal
parameters from the SET command wer e put i nto the ADD command. This
resulted in a configuration that contained illegal parameter combinations.
The restrictions placed on the GBLIP and GBLPOR T parameters in the ADD
command have now been implemented in the SET command so that these
problems do not occur.
PCR: 02358 Module: IPG Network affecting: No
IP ARP packets that had invalid header values were erroneously accepted
by the router. Also, IP packets with a Class E source IP address were
erroneously fowarded. These issues have been resolved.
PCR: 02371 Module: FIREWALL Network affecting: No
When the system time was set to a time that was before or significantly after
the current time, Firewall sessions were prematur ely deleted. This issue has
been resolved.
PCR: 02400 Module:
Network affecting: No
CORE,FFS,FILE,INSTALL,SCR
If a problem occurred with NVS, some critical files were lost. As a result, the
equipment was forced to load only boot ROM software at boot time. This
patch combined with the new version of the boot ROM software (pr1-1.2.0
for the AR700 series) resolves this issue.
PCR: 02491 Module: IPG Network affecting: No
The ARP cache is now updated when a gratuitous ARP request or reply
packet is received.
PCR: 02506 Module: OSPF IPG Network affecting: No
The ADD IP ROUTE FILTER optional parameter INTERFACE caused the
filter to not work on the OSPF external LSA’s flooding.
The SHOW IP ROUTE FILTER interface name output was truncated to 6
characters. These issues have been resolved.
PCR: 02511 Module: Ping Network affecting: No
Executing the PING command sometimes caused a memory leak. This issue
has been resolved.
PCR: 02514 Module: IPG Network affecting: No
The CREATE CONFIGURATION command inserted the IMTLEAVE
parameter into the configuration script when the IMTLEAVE parameter
was undefined. This caused an error in the configuration script. This issue
has been resolved.
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
Patch 86241-06 For Rapier Switches 9
PCR: 02519 Module: IPv6 Network affecting: No
The DELETE IPV6 6T04 command sometimes caused an error. This issue
has been resolved.
PCR: 02521 Module: IPv6 Network affecting: No
The DECREMENT parameter of the ADD IPV6 INTERF ACE command was
not recognised in the command line. This issue has been resolved.
PCR: 02523 Module: QOS, UTILITY Network affecting: No
The SET QOS TRAFFICCLASS command now requires 7 characters to be
entered for the optional EXCEEDACTION and EXCEEDREMARKVALUE
parameters.
PCR: 02525 Module: TELNET, PING, IPV6,
Network affecting: No
TCP
The ADD IPV6 HOST command was not accepting the INTERFACE
parameter when adding a host with a link-local address. This issue has been
resolved.
PCR: 02526 Module: DVMRP Network affecting: No
Under some circumstances, multiple default routes were created for
DVMRP. This issue has been resolved.
PCR: 02527 Module: TCP Network affecting: No
TCP did not send a TCP Reset message under some circumstances, for
example when the T elne t server was disabled. This issue has been resolved.
PCR: 02529 Module: FIREWALL Network affecting: No
The source IP address is now checked correctly when subnet NAT is used
with standard, double, or reverse NAT. Previously, it was sometimes
possible to specify an IP address outside the allowable range.
PCR: 02532 Module: FIREWALL Network affecting: No
The Firewall showed the wrong counters on Total Received Packets and
Dropped Packets and displayed twice the number of received packets when
discarding packets from the public side. Also, when a Deny rule was
applied to the private side, the Number of Dropped Packets was always
zero. These issues have been resolved.
Patch 86241-05 for Software Release 2.4.1
C613-10340-00 REV E
PCR: 02534 Module: TEST Network affecting: No
The SYN test did not operate successfully when patch 52241-03 was
installed. This issue has been resolved.
PCR: 02535 Module: IPV6 Network affecting: No
A fatal error occurred when an IPv6 packet with an invalid payload length
was received. This issue has been resolved.
PCR: 02537 Module: L2TP Network affecting: No
When PPP was used over an L2TP tunnel, a speed of zero was shown for
the PPP interface on the LNS side, while the LAC side showed a non-zero
Loading...