Allied Telesis 86251-05 User Manual
Patch Release Note
Patch 86251-05
For Rapier Switches and AR800 Series
Modular Switching Routers
Introduction
This patch release note lists the issues addressed and enhancements made in
patch 86251-05 for Software Release 2.5.1 on existing models of Rapier L3
managed switches and AR800 Series L3 modular switching routers. Patch file
details are listed in Table 1.
Table 1: Patch file details for Patch 86251-05.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
This release note should be read in conjunction with the following documents:
■ Release Note: Software Release 2.5.1 for Rapier Switches, and AR800 Series
Modular Switching Routers (Document Number C613-10354-00 Rev A)
available from www.alliedtelesyn.co.nz/documentation/documentation.html
■ Rapier Switch Documentation Set for Software Release 2.5.1 available on
the Documentation and Tools CD-ROM packaged with your switch, or
from www.alliedtelesyn.co.nz/documentation/documentation.html
WARNING: Using a patch for a different model or software release may cause
unpredictable results, including disruption to the network. Information in this
release note is subject to change without notice and does not represent a
commitment on the part of Allied Telesyn International. While every effort has
been made to ensure that the information contained within this document and
the features and changes described are accurate, Allied Telesyn International
can not accept any type of liability for errors in, or omissions arising from the
use of this information.
86s-251.rez
15-May-2003
86251-05.paz
320764 bytes
.
.
Simply connecting the world
2 Patch Release Note
Some of the issues addressed in this Release Note include a level number. This
number reflects the importance of the issue that has been resolved. The levels
are:
Level 1 This issue will cause significant interruption to network services, and
there is no work-around.
Level 2 This issue will cause interruption to network service, however there
is a work-around.
Level 3 This issue will seldom appear, and will cause minor inconvenience.
Level 4 This issue represents a cosmetic change and does not affect network
operation.
Features in 86251-05
Patch 86251-05 includes all issues resolved and enhancements released in
previous patches for Software Release 2.5.1, and the following enhancements:
PCR: 02583 Module: FIREWALL Level: 2
UDP packets passed through the firewall by a reverse enhanced NAT rule
were getting an incorrect IP checksum. This caused IP to discard the
packets. This issue has been resolved.
PCR: 03059 Module: FIREWALL Level: 2
SMTP proxy was falsely detecting third party relay under some
circumstances. This issue has been resolved.
PCR: 03095 Module: DHCP Level: 2
DHCP policies are no longer stored in alphabetical order in the DYNAMIC
CONFIGURATION script because this did not work when the DHCP
INHERIT parameter was used.
PCR: 03148 Module: IPG Level: 3
If the Gratuitous ARP feature was enabled on an IP interface, and an ARP
packet arrived, (either ARP request, or reply) that had a Target IP address
that was equal to the SenderIP address, then the ARP cache was not
updated with the ARP packet’s source data. This issue has been resolved.
PCR: 03177 Module: IPG Level: 3
Deleting an IP MVR group range would only delete the last IP address of
the range from the multicast table, not the entire range. This issue has been
resolved.
PCR: 03199 Module: IPV6 Level: 3
RIPng was receiving invalid routes and packets. This issue has been
resolved.
PCR: 03241 Module: FIREWALL Level: 3
When deleting a list associated with a policy, all rules were being deleted.
Now only the rules associated with the policy and list are deleted.
Patch 86251-05 for Software Release 2.5.1
C613-10356-00 REV F
Patch 86251-05 For Rapier Switches and AR800 Series Modular Switching Routers 3
PCR: 03270 Module: SWI Level: 3
The inter-packet gap has been reduced by 4 bytes on the Rapier 48i stacking
link. This allows for non-blocking operation with tagged packets.
PCR: 03299 Module: IKMP Level: 2
Under some circumstances, ISAKMP suffered a fatal error if more than 8 SA
proposals were presented. This issue has been resolved.
PCR: 03314 Module: SWI Level: 2
Layer 3 filters that matched TCP or UDP port numbers were being applied
to the second and subsequent fragments of large fragmented packets. This
issue has been resolved.
PCR: 03354 Module: FIREWALL Level: 3
The SET FIREWALL POLICY RULE command was not accepting the value
24:00 (midnight) for the BEFORE parameter. This issue has been resolved.
PCR: 03371 Module: DHCP Level: 3
A minimum lease time can no longer be specified when creating a DHCP
policy. This complies with RFC 2131.
PCR: 03383 Module: IPG Level: 2
If there were a large number of routes in the route table, and the SHOW IP
ROUTE command was executed, the device stopped operating. This issue
has been resolved.
PCR: 03390 Module: HTTP Level: 2
Occasionally a fatal error occurred when the GUI browser started or a page
was refreshed. This issue has been resolved.
PCR: 03392 Module: IPSEC, IKMP Level: 3
IPV4 is the default for the IPVERSION parameter in the CREATE IPSEC
POLICY and CREATE ISAKMP POLICY commands. This default was
unnecessarily displayed in the SHOW CONFIGURATION DYNAMIC
command output. This issue has been resolved.
PCR: 03395 Module: BGP Level: 3
The amount of time that BGP peers ‘back off’ for after changing from the
ESTABLISHED state to the IDLE state has been changed. Previously, this
‘back off‘ time grew exponentially and never decayed. The ‘back off‘ time is
now always one second.
Patch 86251-05 for Software Release 2.5.1
C613-10356-00 REV F
PCR: 03396 Module: ETH Level: 3
Some memory was lost on the AT-AR022 ETH PIC when hotswapping. This
issue has been resolved.
PCR: 03400 Module: SSL Level: 3
Sometimes SSL did not allow its TCP session to close properly. This
happened if the Fin packet was not piggy-backed on a data packet, or if the
SSL Handshake was never completed with the far end. This meant that the
closing Alert was not sent, so the session could not close. Also, SSL leaked
memory when it received invalid SSL records. These issues have been
resolved.
4 Patch Release Note
PCR: 03402 Module: IPG Level: 2
IP routes deleted from the route cache occasionally caused a fatal error. This
issue has been resolved.
PCR: 03405 Module: STREAM Level: 2
The reconnection to the stream printing TCP port failed after a single
successful connection was made. This issue has been resolved.
PCR: 03407 Module: IPG Level: 3
The default for the PROXYARP parameter in the SET IP INTERFACE
command for a VLAN interface was OFF. The default is now ON.
PCR: 03410 Module: VLAN, CORE Level: 3
If a patch was running with a major software release, after a VLAN was
added at the command line, the VLAN was not shown as UP. This issue has
been resolved.
PCR: 03412 Module: FIREWALL Level: 3
FTP data transfers did not succeed for some types of NAT. Also, the
presence of flow control TCP flags meant that some TCP control packets
were not recognised. These issues have been resolved.
PCR: 03413 Module: BGP Level: 2
BGP was updated according to the most recently added route. BGP now
updates to reflect the best available route, regardless of when it was added.
PCR: 03415 Module: FIREWALL Level: 2
When using a policy routing rule, the firewall did not translate the source
IP address of a broadcast packet correctly. This issue has been resolved.
PCR: 03416 Module: SWI Level: 3
Previously, the ADD SWITCH L3FILTER MATCH command was accepted
if the TYPE parameter was not specified. This command now requires the
TYPE parameter, and an error message will be returned if the TYPE
parameter is not specified.
PCR: 03424 Module: DHCP Level: 2
When static DHCP was set to the first IP address in a range, that range
would stay in the Reclaim mode. This issue has been resolved.
PCR: 03426 Module: IPV6 Level: 3
If the valid and preferred lifetimes of an IPv6 address for a given interface
were set to infinity, they were not included in the dynamic configuration.
This issue has been resolved.
PCR: 03429 Module: SWI, VLAN Level: 3
The SHOW VLAN command was displaying a port that did not exist. This
issue has been resolved.
Patch 86251-05 for Software Release 2.5.1
C613-10356-00 REV F
Patch 86251-05 For Rapier Switches and AR800 Series Modular Switching Routers 5
PCR: 03430 Module: BGP Level: 3
BGP traps were sent incorrectly when a BGP peer became Established, or
moved into a lower state. This issue has been resolved.
PCR: 03432 Module: STP Level: 2
STP settings were not retained when a port was deleted from the VLAN that
the STP belongs to. This issue has been resolved.
PCR: 03436 Module: IP, DHCP Level: 2
When the device was acting as a DHCP client and the DHCP server
provided a gateway address, a statically configured default route was
deleted and replaced with a default route with the provided gateway
address. The correct behaviour is to only delete a dynamic default route in
this situation. This issue has been resolved; the correct behaviour is now
applied.
PCR: 03439 Module: IPX Level: 3
The IPX traffic filter match counter was not incremented if a route was
cached. This issue has been resolved.
PCR: 03441 Module: L2TP Level: 2
PPP configured on a L2TP access concentrator (LAC) should be dynamic. If
PPP was incorrectly configured to be static, the static PPP was destroyed
when the L2TP tunnel was formed so that only the first connection
succeeded. This issue has been resolved so that an L2TP tunnel is not
created if the PPP is static.
PCR: 03443 Module: DHCP Level: 3
When a DHCP entry expired while other DHCP entries in the range were in
Reclaim mode, unnecessary ARP packets were generated causing an ARP
storm. This issue has been resolved.
PCR: 03444 Module: FR Level: 3
The CIR and CIRLIMITED parameter in the SET FRAMERELAY DLC
command now regulates the behaviour of the transmission rate. Previously,
the transmission rate did not reflect changes to the CIR setting if the new
CIR was higher than the old CIR (provided that the new CIR is within the
physical maximum of the network and the hardware), or changes to the
CIRLIMITED setting if CIRLIMITED was turned ON then OFF. This issue
has been resolved.
PCR: 03446 Module: SWI Level: 3
Patch 86251-05 for Software Release 2.5.1
C613-10356-00 REV F
After unplugging a fibre uplink cable and then plugging it back in, a short
Ping timeout occurred. This issue has been resolved.
PCR: 03450 Module: PIM, PIM6 Level: 2
Receiving PIM State Refresh messages now creates and/or maintains PIM
forwarding information.
PCR: 03453 Module: FIREWALL Level: 3
The dropped packets counter for the firewall was not incrementing
correctly. This issue has been resolved.
6 Patch Release Note
PCR: 03454 Module: IPV6 Level: 3
Occasionally, removing the cable from an IPv6 interface caused the device
to stop responding. This issue has been resolved.
PCR: 03456 Module: PIM Level: 2
A VLAN interface receiving a PIM Prune message on a port stopped
forwarding multicast data to that port too early. This could cause multicast
data to arrive after a PIM Prune, so an override PIM Join message was not
sent, leading to a loss of multicast data. This issue has been resolved.
PCR: 03457 Module: OSPF Level: 2
Disabling OSPF caused a fatal error if there was a large routing table. This
issue has been resolved.
PCR: 03459 Module: IPV6 Level: 2
A fatal error sometimes occurred when packets were forwarded via an IPv6
interface, and IPv6 flows were disabled. This issue has been resolved.
PCR: 03461 Module: IPG Level: 3
The ENABLE IP MVR DEBUG=ALL command was erroneously shown in
the output of the SHOW CONFIG DYNAMIC=IP command. This SHOW
output no longer includes the ENABLE IP MVR DEBUG=ALL entry.
PCR: 03462 Module: PIM, PIM6 Level: 3
PIM Graft and Graft-Ack counters were not incrementing. This issue has
been resolved.
PCR: 03465 Module: DHCP Level: 3
The IPMTU parameter in the ADD DHCP POLICY command was
accepting values in the range 0-4294967295. This parameter now accepts
values in the correct range of 579-65535.
PCR: 03463 Module: PIM, PIM6 Level: 3
PIM-SM Null register messages did not update the register counter
correctly, and did not trigger Register debug messages. This issue has been
resolved.
PCR: 03464 Module: PIM, PIM6 Level: 3
PIM-SM Null register messages for non-PIM-SM domain sources did not
have the Border bit set. This issue has been resolved.
PCR: 03467 Module: IPG Level: 3
An invalid message appeared when the PORT parameter was specified for
the ADD IP ROUTE command. This issue has been resolved.
PCR: 03471 Module: IPV6 Level: 2
A fatal error sometimes occurred when forwarding traffic over an IPv6
tunnel. This issue has been resolved.
Patch 86251-05 for Software Release 2.5.1
C613-10356-00 REV F
Patch 86251-05 For Rapier Switches and AR800 Series Modular Switching Routers 7
PCR: 03473 Module: PIM, PIM6 Level: 3
The SET LAPD MODE=NONAUTOMATIC command did not change the
LAPD mode from automatic to non-automatic. This issue has been
resolved.
PCR: 03474 Module: FIREWALL Level: 3
The SMTP proxy did not correctly allow outgoing (private to public) SMTP
sessions when the DIRECTION parameter was set to OUT or BOTH in the
ADD FIREWALL PROXY command. This issue has been resolved.
PCR: 03475 Module: NTP Level: 3
The PURGE NTP command did not change the UTC offset to the initialised
value. This issue has been resolved.
PCR: 03476 Module: IPV6 Level: 3
RIPng was showing routes to interfaces that were DOWN as being UP. This
issue has been resolved.
PCR: 03478 Module: PIM, PIM6 Level: 3
The message format for PIM-SM periodic (*,*,RP) Join messages was
incorrect when the message contained more than one joined RP address.
This issue has been resolved.
PCR: 03484 Module: FIREWALL Level: 3
The firewall was not denying an ICMP packet, even if ICMP Forwarding
was disabled when using Standard NAT. This issue has been resolved.
PCR: 03492 Module: HTTP, LOAD Level: 2
Some memory loss occurred when loading a file via HTTP. This issue has
been resolved.
PCR: 03494 Module: BGP, FIREWALL Level: 2
If the firewall was enabled when BGP was in use outgoing BGP data packets
would have IP header errors and incorrect checksums. This problem has
now been fixed.
PCR: 03497 Module: PIM, PIM6 Level: 2
In a network with an alternative path, if the link connected to the interface
where a Candidate Rendezvous Point (CRP) advertised its RP candidacy
was down, the CRP did not re-advertise its RP candidacy on other available
interfaces (the alternative path). This meant that the CRP did not update its
PIM routes, which was necessary to re-establish the PIM tree in order for
multicast data to flow again. This issue has been resolved.
Patch 86251-05 for Software Release 2.5.1
C613-10356-00 REV F
PCR: 03498 Module: SWI Level: 3
The SHOW SWITCH FDB command showed a number of irrelevant entries.
This issue has been resolved.
8 Patch Release Note
PCR: 03502 Module: IPG Level: 3
The ENTRY parameter from the ADD IP FILTER command was not
included in the output of the SHOW CONFIG DYNAMIC command. This
issue has been resolved.
PCR: 03513 Module: IPG Level: 3
An enhancement allows for the creation of static IGMP group memberships
that do not time out. For details on this feature, see “Static IGMP” on
page 24.
PCR: 03515 Module: DHCP Level: 3
DHCP was offering network and broadcast addresses to clients. This issue
has been resolved.
PCR: 03517 Module: FIREWALL Level: 3
An error was not returned if the SET FIREWALL POLICY RULE command
was executed with PROTOCOL=1 when ICMP forwarding was turned on.
This issue has been resolved so that an error is now displayed.
PCR: 03523 Module: FIREWALL Level: 2
In some circumstances the checksum for the TCP header was set to zero.
This issue has been resolved.
PCR: 03526 Module: SWI Level: 3
The Switch MIB did not show the correct dot1StpPriority value. This issue
has been resolved.
PCR: 03531 Module: SWI Level: 3
After creating a trunk group, the activity LEDs did not flash unless the
configuration was used at reboot. This issue has been resolved so that the
LEDs flash correctly whenever a trunk group is created.
PCR: 03468 Module: PIM Level: 3
The source IP address in a PIM Register message was not the DR interface’s
IP address. This issue has been resolved.
PCR: 03533 Module: PIM Level: 3
A forwarded PIM-DM state Refresh message did not update the metric and
preference values. This issue has been resolved.
PCR: 03535 Module: IPG Level: 2
IGMP Query messages were not sent after IGMP was disabled and then reenabled. This issue has been resolved.
Patch 86251-05 for Software Release 2.5.1
C613-10356-00 REV F
Patch 86251-05 For Rapier Switches and AR800 Series Modular Switching Routers 9
Features in 86251-04
Patch file details are listed in Table 2:
Table 2: Patch file details for Patch 86251-04.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
86s-251.rez
15-April-2003
86251-04.paz
240936 bytes
Patch 86251-04 includes all issues resolved and enhancements released in
previous patches for Software Release 2.5.1, and the following enhancements:
PCR: 02571 Module: IP Level: 3
A fatal error occurred if the IP module was reset after the ADD IP EGP
command was executed. This issue has been resolved.
PCR: 02577 Module: IPG, LOG Level: 4
The ability to log MAC addresses whenever the ARP cache changes has
been added. To enable this, use the command:
ENABLE IP ARP LOG
To disable it, use the command:
DISABLE IP ARP LOG
The logging of MAC addresses is disabled by default. Use the SHOW LOG
command to view the MAC addresses that have been logged when the ARP
cache changes.
PCR: 03025 Module: GUI Level: 2
A buffer address was incrementing and not returning buffers for reuse
when the command line interface was accessed via the GUI interface. This
issue has been resolved.
PCR: 03044 Module: BGP Level: 2
During route flapping, peers were sometimes not told about routes to the
same destinations as the flapping routes. This issue has been resolved.
PCR: 03048 Module: STP Level: 2
If a port belongs to an enabled STP instance, but the port has been disabled
from STP operation with the DISABLE STP PORT command, the port will
not respond to ARP requests. This patch implements a workaround that
allows disabled STP ports to respond to ARP requests.
PCR: 03089 Module: CORE Level: 4
The SET SYSTEM NAME command was accepting character strings greater
than the limit of 80 characters. This issue has been resolved.
PCR: 03094 Module: STP, VLAN Level: 3
The VLAN membership count for STP ports was incorrect in the default
configuration. This issue has been resolved.
Patch 86251-05 for Software Release 2.5.1
C613-10356-00 REV F
10 Patch Release Note
PCR: 03096 Module: VLAN Level: 2
OSPF and RIP Hello packets were being sent out all trunked ports. Now
these Hello packets are only sent out the master port of the trunked group.
PCR: 03097 Module: IPV6 Level: 3
A device could not Telnet to a device outside its own subnet. This issue has
been resolved.
PCR: 03098 Module: PIM, DVMRP, IPG Level: 2
When multicasting in hardware, the switch would not forward packets
from a VLAN ingress interface to a non-VLAN interface downstream. This
issue has been resolved.
PCR: 03105 Module: FIREWALL Level: 3
Incorrect handling of TCP sessions, and poor load balancing performance
could be caused by TCP virtual balancers not selecting a new resource if
required. This issue has been resolved.
PCR: 03109 Module: LOG Level: 3
A log was only partially created if there was insufficient NVS memory for
log creation on the router. A change has been made so that a log is not
created if there is insufficient memory, and a warning message is displayed.
PCR: 03110 Module: IPG Level: 3
An error occurred with the ADD IP MVR command. This issue has been
resolved. Also, this command accepted any IP addresses for the GROUP
parameter, but now only accepts multicast addresses.
PCR: 03111 Module: FIREWALL Level: 1
TCP sessions could fail if the public side of the firewall was using Kerberos
and the private side had a very slow connection to the firewall. This issue
has been resolved.
PCR: 03115 Module: PING Level: 3
The SHOW CONFIG DYNAMIC=PING command was giving an incorrect
port number. This issue has been resolved.
PCR: 03116 Module: FIREWALL Level: 2
An error sometimes occurred in the firewall module under heavy FTP or
RTSP traffic loads. This issue has been resolved.
PCR: 03117 Module: FIREWALL Level: 1
The TCP sequence numbers are no longer altered through the firewall when
TCPSETUP is disabled with the DISABLE FIREWALL POLICY command.
PCR: 03119 Module: CLASSIFIER Level: 4
TCP source and TCP destination ports were swapped when viewed in the
GUI. This issue has been resolved.
Patch 86251-05 for Software Release 2.5.1
C613-10356-00 REV F
Patch 86251-05 For Rapier Switches and AR800 Series Modular Switching Routers 11
PCR: 03120 Module: ETH, IPG Level: 4
The SHOW IP INTERFACE command was showing ETH interfaces as up at
startup, when SHOW INTERFACE and SHOW ETH STATE had them as
down. This issue has been resolved.
PCR: 03124 Module: IPV6 Level: 4
The SHOW IPv6 COUNTER command now shows the outAdvert messages
in the Total Out Messages counter field.
PCR: 03132 Module: SWITCH Level: 2
Classifiers that were added to hardware filters were not applied to the
hardware. This issue has been resolved.
PCR: 03139 Module: IPV6 Level: 3
The SHOW IPV6 INTERFACE command was not displaying the link layer
address and EUI when the interface was down. This issue has been
resolved.
PCR: 03140 Module: IPG, SWI Level: 2
Static ARPs were deleted when a port went down. This issue has been
resolved.
PCR: 03144 Module: CURE Level: 4
Users with either USER or MANAGER level privilege can now execute the
STOP PING and STOP TRACE commands. Previously, MANAGER
privilege was needed to execute these commands.
PCR: 03145 Module: IPG Level: 4
The SET IP ROUTE FILTER command was not processing some parameters.
This issue has been resolved.
PCR: 03146 Module: PORT Level: 4
The PAGE parameter in the SET ASYN command now only accepts
numeric values between 0 and 99, ON or OFF, and TRUE or FALSE.
PCR: 03147 Module: BGP Level: 4
When the DISABLE BGP DEBUG command was used, debugging messages
were still being displayed by the BGP module. This issue has been resolved.
Patch 86251-05 for Software Release 2.5.1
C613-10356-00 REV F
PCR: 03149 Module: SWITCH Level: 3
When the Layer 3 Filter Match entry IMPORT was created, EPORT could be
set on the filter entry. If the Layer 3 Filter Match entry EMPORT was created,
then IPORT could be set on the filter entry. Setting parameters that did not
match could cause undesirable results. This issue has been resolved.
PCR: 03150 Module: FIREWALL Level: 3
The CREATE FIREWALL POLICY command was not checking for valid
name entries, so invalid printing characters could be used for policy names.
This issue has been resolved.
12 Patch Release Note
PCR: 03152 Module: IPG Level: 3
An additional check has been added to validate the MASK specified in an
ADD IP ROUTE command. The check tests that the mask is contiguous.
PCR: 03153 Module: ACC Level: 4
The SHOW CONFIG=ACC command was not showing the rscript file. This
issue has been resolved.
PCR: 03154 Module: PCI Level:
The SHOW IP MVR command output was showing dynamic members in
the incorrect column. This issue has been resolved.
PCR: 03155 Module: FFS Level: 4
The SHOW FFILE command output has changed. The first column that
listed where the file was stored has been removed. The title of the original
second column (now the first column) has been changed from “creator” to
“module”. The file format specifier has been altered from:
DDDD:MMMM\NNNNNNNN.TTT
to:
MMMM\NNNNNNNN.TTT
PCR: 03157 Module: IPV6 Level: 3
When changing the ACTION parameter between INCLUDE and
EXCLUDE on IPV6 filters the interface information was not preserved
between changes. The interface information is now preserved.
PCR: 03159 Module: SWI Level: 2
Switch trunk speed checks only checked for gigabit settings, not speed
capabilities. It is now possible for uplink modules which support 10, 000
and gigabit speed to attach to trunks where speeds are 10Mb/s or 100Mb/s.
PCR: 03162 Module: IPV6 Level: 3
The performance of IPv6 has been improved by introducing IPv6 flows.
PCR: 03163 Module: IPG Level: 3
IGMP Snooping did not use DVMRP messages to identify a port. This issue
has been resolved.
PCR: 03166 Module: IPG Level: 4
The output of the SHOW IP IGMP COUNTER and SHOW
IGMPSNOOPING COUNTER commands was incorrect. This issue has
been resolved.
PCR: 03167 Module: DVMRP Level: 2
When multicasting to a VLAN interface, if more than 2 DVMRP neighbours
existed on a single port, and any one of those neighbours was pruned, the
multicast data would stop flowing to the port. This happened even though
it was still required for the remaining DVMRP neighbours. This issue has
been resolved.
Patch 86251-05 for Software Release 2.5.1
C613-10356-00 REV F
Loading...