Allied Telesis 86253-07 User Manual
Patch Release Note
Patch 86253-07
For Rapier Series Switches
Introduction
This patch release note lists the issues addressed and enhancements made in
patch 86253-07 for Software Release 2.5.3 on existing models of Rapier series
switches. Patch file details are listed in Table 1.
Table 1: Patch file details for Patch 86253-07.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
This release note should be read in conjunction with the following documents:
■ Release Note: Software Release 2.5.3 for Rapier Switches and AR400 and
AR700 Series Routers (Document Number C613-10362-00 Rev A) available
from www.alliedtelesyn.co.nz/documentation/documentation.html
■ Rapier Switch Documentation Set for Software Release 2.5.1 available on
the Documentation and Tools CD-ROM packaged with your switch, or
from www.alliedtelesyn.co.nz/documentation/documentation.html
WARNING: Using a patch for a different model or software release may cause
unpredictable results, including disruption to the network. Information in this
release note is subject to change without notice and does not represent a
commitment on the part of Allied Telesyn International. While every effort has
been made to ensure that the information contained within this document and
the features and changes described are accurate, Allied Telesyn International
can not accept any type of liability for errors in, or omissions arising from the
use of this information.
86s-253.rez
18-Feb-2004
86253-07.paz
333756 bytes
.
.
Simply connecting the world
2 Patch Release Note
Some of the issues addressed in this Release Note include a level number. This
number reflects the importance of the issue that has been resolved. The levels
are:
Level 1 This issue will cause significant interruption to network services, and
there is no work-around.
Level 2 This issue will cause interruption to network service, however there
is a work-around.
Level 3 This issue will seldom appear, and will cause minor inconvenience.
Level 4 This issue represents a cosmetic change and does not affect network
operation.
Features in 86253-07
Patch 86253-06 was not released.
Patch 86253-07 includes all issues resolved and enhancements released in
previous patches for Software Release 2.5.3, and the following enhancements:
PCR: 03941 Module: FIREWALL Level: 2
TCP Keepalive packets for FTP sessions were passing through the firewall
during the TCP setup stage with TCP Setup Proxy enabled. Keepalive
packets include sequence numbers that have already been acknowledged.
Such packets now fail stateful inspections and are dropped by the FTP
application-level gateway.
PCR: 03961 Module: PIM, PIM6 Level: 2
The PIM-DM prune expiry time was not reset when a State Refresh message
was received. This issue has been resolved.
PCR: 03997 Module: IPG Level: 3
When policy-based routing was active, IP packets not matching any policyspecific routes were forwarded, even if there was no default policy route.
This issue has been resolved. Now, a route whose policy exactly matches the
policy of the packet is selected. If an exact match does not exist, a route with
the default policy will be used to route the packet. If no route is found, the
packet is discarded. The TOS field in incoming IP packets is ignored, so
packets with the TOS value set are forwarded using a route with the default
policy.
PCR: 31080 Module: IPv6 Level: 2
When a ping was sent to the device’s link-local address, the device flooded
the ICMP Reply packet over the VLAN. This issue has been resolved.
PCR: 31104 Module: OSPF Level: 2
Occasionally when a device rebooted its OSPF routes were missing from the
route table. This issue has been resolved.
Patch 86253-07 for Software Release 2.5.3
C613-10382-00 REV E
Patch 86253-07 For Rapier Series Switches 3
PCR: 31160 Module: IPG Level: 2
A memory leak occurred if DNS relay was configured, and the device kept
receiving DNS Query packets. This issue has been resolved.
PCR: 31176 Module: PIM6 Level: 2
PIM6 could not send unicast bootstrap messages to a new neighbour. This
issue has been resolved.
PCR: 31178 Module: FIREWALL Level: 4
If the SMTP Proxy detected a third party relay attack, the “
party relay attack
” trigger message was not displayed. This issue has
SMTP third
been resolved.
PCR: 31200 Module: SWI Level: 2
The forwarding database table sometimes did not update correctly when
multiple packets with the same MAC source address were sent to the switch
via different ports. This issue has been resolved.
PCR: 31202 Module: QOS Level: 3
The HWQUEUE parameter in the SET QOS HWQUEUE command
incorrectly accepted values from 0 to 9999. The upper limit for this
parameter is 3. This issue has been resolved. The correct limit is now
enforced.
PCR: 31205 Module: VRRP Level: 3
Two VRRP log messages were displayed when they should not have been.
The log messages were:
Vrrp 1: Vlan vlan2 10 Port Failed decrementing priority by 20
Vrrp 1: Vlan vlan2 1 Port up incrementing priority by 2
This issue has been resolved. These messages are now displayed at the
correct time.
Patch 86253-07 for Software Release 2.5.3
C613-10382-00 REV E
PCR: 31220 Module: OSPF Level: 2
OSPF neighbours did not establish the Full state when IP route filters were
applied. This issue has been resolved.
PCR: 31223 Module: IPV6 Level: 3
The neighbour discovery timeout has been set to 3 seconds in ICMPv6 to
speed up Destination Unreachable detection.
PCR: 31224 Module: IPG Level: 3
The badQuery and badRouterMsg counters in the SHOW IGMP and SHOW
IGMPSNOOPING commands were not incrementing correctly. This issue
has been resolved.
PCR: 31230 Module: OSPF Level: 3
When an Inter-area route went down and the only other route to the
destination was an AS-External route, the AS-External route was not
selected. This issue has been resolved.
4 Patch Release Note
PCR: 31233 Module: L3F Level: 2
A filter entry was lost when the SET SWITCH L3FILTER ENTRY command
did not succeed. This issue has been resolved.
PCR: 31236 Module: IPV6 Level: 3
Link-local addresses can only be unicast addresses. If a link-local address
was added as an anycast address, no error message was returned. This issue
has been resolved. Now, an error message is returned stating that a linklocal address must be a unicast address.
PCR: 31239 Module: IPV6 Level: 3
The Maximum Transmission Unit (MTU) was not always set to the MTU
value in the ICMP Packet Too Big Message sent from the device. This issue
has been resolved.
PCR: 31247 Module: VLAN, IPG Level: 2
After IGMP snooping was disabled, multicast data was not flooded to
VLANs. This was because the multicast route forwarding port map was
cleared. This issue has been resolved.
PCR: 31253 Module: SWI, SW56 Level: 2
The forwarding database table sometimes did not update correctly when
multiple packets with the same MAC source address were sent to the switch
via different ports. This issue has been resolved.
PCR: 31258 Module: IPG, DHCP
If DHCP clients do not respond to echo requests, the DHCP server can not
detect an addressing conflict, so may offer inuse addresses to clients. This
issue has been resolved.
This PCR introduces a new parameter, PROBE, to the CREATE DHCP
RANGE and SET DHCP RANGE commands. This parameter allows for
address probing using ARP requests and replies instead of the normal ping
mechanism. This feature is limited to clients on the same subnet (broadcast
domain) as the DHCP server, and therefore can not be used with the
GATEWAY parameter.
The new syntax is:
CREATE DHCP RANGE=name [PROBE={ARP|ICMP}]
[other-parameters]
SET DHPC RANGE [PROBE={ARP|ICMP}] [other-parameters]
PCR: 31259 Module: DHCP Level: 2
When the DHCP server rejected a DHCPRequest message, the requested IP
address was not logged correctly. This issue has been resolved.
PCR: 31268 Module: IPG Level: 2
PCR 31128 introduced an issue that occasionally caused a fatal error with IP
flows. This issue has been resolved.
Patch 86253-07 for Software Release 2.5.3
C613-10382-00 REV E
Patch 86253-07 For Rapier Series Switches 5
PCR: 31270 Module: CURE, IPG, ATK,
Level: 3
DVMRP, IPX2, LB, LOG, SNMP,
UTILITY
Entering “?” after a command at the CLI gives context-sensitive Help about
parameters valid for the command. Occasionally, commands (for example,
ENABLE IP MULTICASTING) were executed when “?” was entered at the
end of the command. This issue has been resolved.
PCR: 40006 Module: LOG Level: 2
Executing the SHOW DEBUG command caused a fatal error if the
temporary log had been destroyed with the DESTROY LOG
OUTPUT=TEMPORARY command. This issue has been resolved.
PCR: 40007 Module: FIREWALL Level: 2
When an interface-based enhanced NAT was defined in a firewall policy,
and a reverse NAT rule was defined to redirect traffic to a proxy server, the
reverse NAT did not work correctly. The proxy server did not receive any
traffic from the device. This issue has been resolved.
PCR: 40008 Module: NTP Level: 3
When the device operated in NTP Client mode, the SHOW TIME command
sometimes displayed the incorrect time. This issue has been resolved.
PCR: 40012 Module: IPG, OSPF Level: 2
The device sometimes rebooted when OSPF on demand was enabled for
PPP. This issue has been resolved.
PCR: 40020 Module: SW56 Level: 3
When a port’s ingress limit was set to less than 1000 with the
INGRESSLIMIT parameter in the SET SWITCH PORT command, sending
packets to a tagged port caused FCS errors on transmission. This issue has
been resolved.
PCR: 40023 Module: IPG Level: 2
The timeout interval for IGMP group membership now conforms to RFC
2236 for IGMPv2.
PCR: 40038 Module: OSPF Level: 2
After a Summary LSA for the default route in a stub area had been refreshed
by an Area Border Router, and the Area Border Router was restarted, the
Summary LSA was not advertised into the stub area again. This issue has
been resolved.
Patch 86253-07 for Software Release 2.5.3
C613-10382-00 REV E
6 Patch Release Note
Features in 86253-05
Patch file details are listed in Table 2:
Table 2: Patch file details for Patch 86253-05.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
86s-253.rez
26-November-2003
86253-05.paz
700793 bytes
Patch 86253-05 includes all issues resolved and enhancements released in
previous patches for Software Release 2.5.3, and the following enhancements:
PCR: 03781 Module: STP Level: 2
A buffer leak occurred when rapid STP was specified with the SET STP
MODE=RAPID command, but STP had not been enabled with the ENABLE
STP command. This issue has been resolved.
PCR: 03861 Module: IPV6 Level: 2
When a connector was plugged into one physical interface, the RIPng
request packet was erroneously transmitted from all interfaces on the
switch. This issue has been resolved.
PCR: 03873 Module: IPG Level: 4
The STATIC and INTERFACE options have been removed from the
PROTOCOL parameter in the ADD IP ROUTE FILTER and SET IP ROUTE
FILTER commands. These parameters were redundant because received
static and interface routes are always added to the route table.
PCR: 03905 Module: TTY Level: 3
A fatal error occurred in the text editor while selecting blocks and scrolling
up. This issue has been resolved.
PCR: 03910 Module: IPG Level: 3
When RIP demand mode was enabled, and one interface changed to a
reachable state, the triggered Request packet was not sent from that
interface, and triggered Response packets were not sent from all other RIP
interfaces. This resulted in slow convergence of routing tables across the
network. This issue has been resolved.
PCR: 03926 Module: PIM Level: 2
Repeated Assert messages were sent after the prune limit expired. This issue
has been resolved. The default dense mode prune hold time has been
changed from 60 seconds to 210 seconds.
PCR: 03940 Module: PKI Level: 1
The following two issues have been resolved:
• Large CRL files were not decoded correctly.
• The certificate database was not validated immediately after the CRL
file was updated.
Patch 86253-07 for Software Release 2.5.3
C613-10382-00 REV E
Patch 86253-07 For Rapier Series Switches 7
PCR: 03953 Module: SW56 Level: 3
On AT-8800 series switches, strict QoS scheduling is now enforced for ports
where egress rate limiting is applied. On Rapier i series switches, the same
QoS setup is now applied to all of the appropriate ports when setting up
egress rate limiting.
PCR: 03970 Module: IPV6 Level: 3
If an IPv6 filter that blocked traffic on a VLAN interface was removed, the
traffic was still blocked. This issue has been resolved.
PCR: 03982 Module: FIREWALL Level: 3
The SMTP proxy did not correctly filter sessions where messages were
fragmented. This had the potential to prevent the detection of third-party
relay attacks. This issue has been resolved.
PCR: 03993 Module: FIREWALL Level: 4
The AUTHENTICATION parameter has been removed from the “?” CLI
help for firewall commands. This was not a valid parameter.
PCR: 03996 Module: FIREWALL Level: 2
Occasionally some firewall timers stopped early, resulting in sessions being
removed prematurely. Because of this, TCP Reset packets could be sent by
the firewall before TCP sessions were finished. This issue has been resolved.
PCR: 03997 Module: IPG Level: 3
When policy-based routing was active, IP packets not matching any policyspecific routes were forwarded, even if there was no default policy route.
This issue has been resolved. Now, a route whose policy exactly matches the
policy of the packet is selected. If an exact match does not exist, a route with
the default policy will be used to route the packet. If no route is found, the
packet is discarded. The TOS field in incoming IP packets is ignored, so
packets with the TOS value set are forwarded using a route with the default
policy.
PCR: 31002 Module: UTILITY Level: 2
Sometimes the device rebooted when a severe multicast storm occurred due
to a loop in the network. This issue has been resolved.
PCR: 31004 Module: TTY Level: 2
If a SHOW command that displayed a lot of information, such as SHOW
DEBUG, was executed when the device’s free buffer level was very low, the
device sometimes became unresponsive. This could also occur if many
SHOW commands were executed through a script. This issue has been
resolved.
Patch 86253-07 for Software Release 2.5.3
C613-10382-00 REV E
PCR: 31009 Module: HTTP Level: 3
The server string was not copied correctly into an HTTP file request when
loading information from the configuration script. This issue has been
resolved.
8 Patch Release Note
PCR: 31040 Module: PIM Level: 2
When two devices are BSR candidates, and have the same preference set
with the SET PIM BSRCANDIDATE PREFERENCE command, the device
with the higher IP address was not elected as the candidate. This issue has
been resolved.
PCR: 31041 Module: PIM Level: 3
A Prune message sent to an old RP neighbour was ignored when a new
unicast route was learned. This issue has been resolved.
PCR: 31042 Module: PIM Level: 3
On Rapier series switches, an Assert message was not sent after the prune
limit expired. This issue has been resolved.
PCR: 31044 Module: SWI Level: 4
The log message “
has been changed to “
activated
”. The revised message is clearer when IGMP is enabled and
IGMP Snooping is active, L3FILT is activated”
IGMP packet trapping is active, L3FILT is
IGMP snooping is disabled.
PCR: 31052 Module: FIREWALL Level: 3
The following changes have been made to the ADD FIREWALL POLICY
RULE and SET FIREWALL POLICY RULE commands:
• An IP address range for the IP parameter is now only accepted when
enhanced NAT is configured.
• An IP address range for GBLREMOTE parameter is now only accepted
when reverse or reverse-enhanced NAT is configured.
• The GBLIP parameter is not accepted for a public interface when
enhanced NAT is configured.
PCR: 31058 Module: NTP Level: 3
When the interval between the NTP server and client exceeded 34 years 9
days and 10 hours, the time set on the client was incorrect. This issue has
been resolved.
PCR: 31063 Module: IPG Level: 2
MVR was not operating if IGMP had not been enabled. This issue has been
resolved.
PCR: 31068 Module: STP Level: 2
A fatal error occurred when the PURGE STP command was executed when
STP instances were defined with VLAN members. This issue has been
resolved.
Patch 86253-07 for Software Release 2.5.3
C613-10382-00 REV E
Patch 86253-07 For Rapier Series Switches 9
PCR: 31071 Module: SWI Level: 4
The warning given when a QoS policy is active on a port operating at
reduced speed has been changed to reflect the problem more accurately. The
old message was:
Warning (2087343): Port <Port num> is currently used in QoS
policy <QoS policy num>, this policy may become incorrect
due to the port bandwidth.
The new message is:
Warning (2087350): Port <Port num> is operating at less than
its maximum speed: this may affect QoS policy <QoS policy
num>.
PCR: 31072 Module: SWI Level: 3
If the DISABLE SWITCH PORT command appeared in the configuration
script, an interface could come up even though ifAdminStatus was set to
‘down’. This issue has been resolved.
PCR: 31082 Module: STP Level: 2
The root bridge did not transmit BPDU messages with changed hellotime,
forwarddelay and maxage values. This issue has been resolved.
PCR: 31085 Module: LDAP Level: 3
LDAP could not receive large messages spanning multiple packets. This
issue has been resolved.
PCR: 31094 Module: FILE Level: 3
Files with lines over 132 characters in length could not be transferred using
TFTP. This limit has now been raised to 1000 characters to match the
maximum command line length.
PCR: 31096 Module: FFS Level: 3
The SHOW FILE command caused an error when the displayed file had a
duplicate entry due to file size mismatch. This issue has been resolved. An
error message is now logged when the SHOW FILE command detects a
duplicate file. The first FFS file will be deleted when a duplicate exists.
PCR: 31098 Module: DHCP Level: 3
Static DHCP address ranges were not reclaimed if the Reclaim operation was
interrupted by the interface going down. This issue has been resolved.
Patch 86253-07 for Software Release 2.5.3
C613-10382-00 REV E
PCR: 31099 Module: FIREWALL Level: 4
In the output of SHOW FIREWALL EVENT command, the DIRECTION of
denied multicast packets was shown as “out”, not “in”. This issue has been
resolved.
PCR: 31105 Module: ISAKMP Level: 3
A small amount of memory was consumed by each ISAKMP exchange if an
ISAKMP policy's REMOTEID was set as an X.500 distinguished name with
the CREATE ISAKMP POLICY command. This issue has been resolved.
10 Patch Release Note
PCR: 31106 Module: MLD Level: 2
When the device received a version 1 Query packet, it become a non-querier
on that interface, even if it should have remained as the querier. This issue
has been resolved.
PCR: 31118 Module: SWI Level: 2
When the TYPE parameter was specified for the ADD SWITCH L3FILTER
command, the type was sometimes a different value in the device’s
hardware table. This issue has been resolved.
PCR: 31119 Module: LOG Level: 2
The maximum value that the MESSAGES parameter accepted for the
CREATE LOG OUTPUT command was different from the value that could
be set with the SET LOG OUTPUT command. The DESTROY LOG
OUTPUT command did not release the NVS memory that was reserved for
the output. These issues have been resolved.
PCR: 31122 Module: RMON Level: 3
The etherHistoryIntervalStart node in the etherHistoryTable showed incorrect
values for the first and last 30 second interval periods. This issue has been
resolved.
PCR: 31127 Module: FIREWALL Level: 2
If a rule based NAT was added to the firewall’s public interface, the firewall
forwarded ICMP Request packets even if ICMP forwarding was disabled.
This issue has been resolved.
PCR: 31128 Module: IPG Level: 2
When a large number of directed broadcast packets were received, CPU
usage increased up to 100%. This occurred because a log message was
generated each time a directed broadcast packet was deleted. This issue has
been resolved. Log messages are now rate-limited to a maximum of one log
message every 10 seconds for a directed broadcast flow. After the first
deletion is logged, subsequent log messages include a counter showing the
number of directed broadcast packets in the same flow that were deleted
since the last log message.
PCR: 31129 Module: IPX2 Level: 2
A fatal error occurred if IPX was disabled and then re-enabled when there
was a high rate of incoming IPX traffic on the device. This issue has been
resolved.
PCR: 31132 Module: DHCP Level: 2
The DHCP server did not take any action when it received a DHCP decline
packet. This was because the device only checked the ciaddr field in the
packet, and not the RequestedIPAddress option. This issue has been resolved.
PCR: 31133 Module: IPG
This PCR introduces an enhancement that extends an issue that was
resolved in PCR 03890, in which switch port entries are only created for
special router multicast addresses. It is now possible to specify reserved
multicast addresses that will be treated as multicast packets from routers.
Use the following commands to configure this feature.
Patch 86253-07 for Software Release 2.5.3
C613-10382-00 REV E
Patch 86253-07 For Rapier Series Switches DELETE IGMPSNOOPING ROUTERADDRESS 11
ADD IGMPSNOOPING ROUTERADDRESS
Syntax ADD IGMPSNOOPING ROUTERADDRESS=ipaddr[,...]
Description where:
• ipaddr is a reserved IP multicast address in dotted decimal notation.
This command adds reserved IP multicast addresses to the list of router
multicast addresses. The IP address specified must be within the range
224.0.0.1 to 224.0.0.255. This command is only valid if the IGMP snooping
router mode is set to IP with the SET IGMPSNOOPING ROUTERMODE
command.
SET IGMPSNOOPING ROUTERMODE
Syntax SET IGMPSNOOPING ROUTERMODE=
{ALL|DEFAULT|IP|MULTICASTROUTER|NONE}
Description This command sets the mode of operation for IGMP Snooping.
If ALL is specified, all reserved multicast addresses (i.e. 2240.0.1 to
224.0.0.255) are treated as router multicast addresses.
If DEFAULT is specified, the following addresses are treated as router
multicast addresses:
• IGMP Query: 224.0.0.1
• All routers on this subnet: 224.0.0.2
• DVMRP Routers: 224.0.0.4
• OSPFIGP all routers: 224.0.0.5
• OSPFIGP designated routers: 224.0.0.6
• RIP2 routers: 224.0.0.9
• All PIM routers: 224.0.0.13
• All CBT routers: 224.0.0.15
If IP is specified, addresses that are treated as router multicast addresses are
specified with the ADD/DELETE IGMPSNOOPING ROUTERADDRESS
command. In this mode, the switch will retain previous addresses that have
already been specified.
If MULTICAST is specified, the following addresses are treated as router
multicast addresses:
• DVMRP Routers: 224.0.0.4
Syntax DELETE IGMPSNOOPING ROUTERADDRESS=ipaddr[,...]
Patch 86253-07 for Software Release 2.5.3
C613-10382-00 REV E
• All PIM routers: 224.0.0.13
If NONE is specified, no router ports are created.
DELETE IGMPSNOOPING ROUTERADDRESS
where
• ipaddr is a reserved IP multicast address in dotted decimal notation.
Loading...