Allied Telesis 86261-04 User Manual
Patch Release Note
Patch 86261-04
For Rapier and AT-8800 Series Switches
Introduction
This patch release note lists the issues addressed and enhancements made in
patch 86261-04 for Software Release 2.6.1 on existing models of Rapier and
AT-8800 Series switches. Patch file details are listed in Table 1.
Table 1: Patch file details for Patch 86261-04.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
This release note should be read in conjunction with the following documents:
■ Release Note: Software Release 2.6.1 for Rapier and AT-8800 Series
Switches (Document Number C613-10383-00 Rev A) available from
www.alliedtelesyn.co.nz/documentation/documentation.html
■ Rapier Series Switch or AT-8800 Series Switch Documentation Set for
Software Release 2.6.1 available on the Documentation and Tools CD-ROM
packaged with your switch, or from www.alliedtelesyn.co.nz/documentation/
documentation.html.
WARNING: Using a patch for a different model or software release may cause
unpredictable results, including disruption to the network. Information in this
release note is subject to change without notice and does not represent a
commitment on the part of Allied Telesyn International. While every effort has
been made to ensure that the information contained within this document and
the features and changes described are accurate, Allied Telesyn International
can not accept any type of liability for errors in, or omissions arising from the
use of this information.
86-261.rez
19-Nov-2003
86261-04.paz
261628 bytes
.
Simply connecting the world
2 Patch Release Note
Some of the issues addressed in this Release Note include a level number. This
number reflects the importance of the issue that has been resolved. The levels
are:
Level 1 This issue will cause significant interruption to network services, and
there is no work-around.
Level 2 This issue will cause interruption to network service, however there
is a work-around.
Level 3 This issue will seldom appear, and will cause minor inconvenience.
Level 4 This issue represents a cosmetic change and does not affect network
operation.
Features in 86261-04
Patch 86261-04 includes all issues resolved and enhancements released in
previous patches for Software Release 2.6.1, and the following enhancements:
PCR: 03910 Module: IPG Level: 3
When RIP demand mode was enabled, and one interface changed to a
reachable state, the triggered Request packet was not sent from that
interface, and triggered Response packets were not sent from all other RIP
interfaces. This resulted in slow convergence of routing tables across the
network. This issue has been resolved.
PCR: 03927 Module: BRI
Support has been added for the AT-AR021 (S) BRI-S/T PIC (Port Interface
Card) with basic rate ISDN.
PCR: 03967 Module: IPG Level: 2
RIP did not send the correct next hop address if the route originated from a
different subnet to that of the egress interface. This issue has been resolved.
PCR: 03970 Module: IPV6 Level: 3
If an IPv6 filter that blocked traffic on a VLAN interface was removed, the
traffic was still blocked. This issue has been resolved.
PCR: 03978 Module: OSPF Level: 3
Occasionally an error occurred with OSPF’s route table calculation, so all
routes in the network were not discovered. The error only happened with a
network topology that involved connections between routers via both a
Point to Point link and a transit network link. This issue has been resolved.
A new command has been added that forces a route table recalculation by
rerunning the Shortest Path First calculation. The command is:
RESET OSPF SPF [DEBUG]
If DEBUG is specified, debugging information for the route table calculation
is output to the port from which the command was executed. SPF
debugging can be turned on for every route table calculation using the
ENABLE OSPF DEBUG=SPF command, but this will be overridden if
DEBUG is specified with the RESET OSPF SPF command.
Patch 86261-04 for Software Release 2.6.1
C613-10386-00 REV D
Patch 86261-04 For Rapier and AT-8800 Series Switches 3
PCR: 31009 Module: HTTP Level: 3
The server string was not copied correctly into an HTTP file request when
loading information from the configuration script. This issue has been
resolved.
PCR: 31064 Module: SWI Level: 2
When 10/100 copper ports were disabled with the DISABLE SWITCH
PORT command, their link state was still UP. This issue has been resolved.
PCR: 31072 Module: SWI Level: 3
If the DISABLE SWITCH PORT command appeared in the configuration
script, an interface could come up even though ifAdminStatus was set to
‘down’. This issue has been resolved.
PCR: 31084 Module: IPV6 Level: 2
A fatal error sometimes occurred because of incorrect responses to
Neighbour Solicitation messages. This issue has been resolved.
PCR: 31093 Module: SWI Level: 1
If a switch port was disabled on a switch running STP, traffic was sometimes
not passed through that port after it was re-enabled. This issue has been
resolved.
PCR: 31096 Module: FFS Level: 3
The SHOW FILE command caused an error when the displayed file had a
duplicate entry due to file size mismatch. This issue has been resolved. An
error message is now logged when the SHOW FILE command detects a
duplicate file. The first FFS file will be deleted when a duplicate exists.
PCR: 31098 Module: DHCP Level: 3
Static DHCP address ranges were not reclaimed if the Reclaim operation was
interrupted by the interface going down. This issue has been resolved.
PCR: 31100 Module: L2TP Level: 3
An error occurred in L2TP when call names consisted of numeric characters
only. This issue has been resolved. The ADD L2TP CALL command now
only accepts call names that contain at least one alphabetic character.
PCR: 31119 Module: LOG Level: 2
Patch 86261-04 for Software Release 2.6.1
C613-10386-00 REV D
The maximum value that the MESSAGES parameter accepted for the
CREATE LOG OUTPUT command was different from the value that could
be set with the SET LOG OUTPUT command. The DESTROY LOG
OUTPUT command did not release the NVS memory that was reserved for
the output. These issues have been resolved.
PCR: 31132 Module: DHCP Level: 2
The DHCP server did not take any action when it received a DHCP decline
packet. This was because the device only checked the ciaddr field in the
packet, and not the RequestedIPAddress option. This issue has been resolved.
4 ADD IGMPSNOOPING ROUTERADDRESS Patch Release Note
PCR: 31133 Module: IPG
This PCR introduces an enhancement that extends an issue that was
resolved in PCR 03890, in which switch port entries are only created for
special router multicast addresses. It is now possible to specify reserved
multicast addresses that will be treated as multicast packets from routers.
Use the following commands to configure this feature.
ADD IGMPSNOOPING ROUTERADDRESS
Syntax ADD IGMPSNOOPING ROUTERADDRESS=ipaddr[,...]
Description where:
• ipaddr is a reserved IP multicast address in dotted decimal notation.
This command adds reserved IP multicast addresses to the list of router
multicast addresses. The IP address specified must be within the range
224.0.0.1 to 224.0.0.255. This command is only valid if the IGMP snooping
router mode is set to IP with the SET IGMPSNOOPING ROUTERMODE
command.
SET IGMPSNOOPING ROUTERMODE
Syntax SET IGMPSNOOPING ROUTERMODE=
{ALL|DEFAULT|IP|MULTICASTROUTER|NONE}
Description This command sets the mode of operation for IGMP Snooping.
If ALL is specified, all reserved multicast addresses (i.e. 2240.0.1 to
224.0.0.255) are treated as router multicast addresses.
If DEFAULT is specified, the following addresses are treated as router
multicast addresses:
• IGMP Query: 224.0.0.1
• All routers on this subnet: 224.0.0.2
• DVMRP Routers: 224.0.0.4
• OSPFIGP all routers: 224.0.0.5
• OSPFIGP designated routers: 224.0.0.6
• RIP2 routers: 224.0.0.9
• All PIM routers: 224.0.0.13
• All CBT routers: 224.0.0.15
If IP is specified, addresses that are treated as router multicast addresses are
specified with the ADD/DELETE IGMPSNOOPING ROUTERADDRESS
command. In this mode, the switch will retain previous addresses that have
already been specified.
If MULTICAST is specified, the following addresses are treated as router
multicast addresses:
• DVMRP Routers: 224.0.0.4
• All PIM routers: 224.0.0.13
If NONE is specified, no router ports are created.
Patch 86261-04 for Software Release 2.6.1
C613-10386-00 REV D
Patch 86261-04 For Rapier and AT-8800 Series Switches SHOW IGMPSNOOPING ROUTERADDRESS 5
DELETE IGMPSNOOPING ROUTERADDRESS
Syntax DELETE IGMPSNOOPING ROUTERADDRESS=ipaddr[,...]
where
• ipaddr is a reserved IP multicast address in dotted decimal notation.
Description This command deletes reserved IP multicast addresses from the list of router
multicast addresses. The IP address specified must be within the range
224.0.0.1 to 224.0.0.255. This command is only valid if the IGMP snooping
router mode is set to IP with the SET IGMPSNOOPING ROUTERMODE
command.
SHOW IGMPSNOOPING ROUTERADDRESS
Syntax SHOW IGMPSNOOPING ROUTERADDRESS
Description This command displays information about the list of configured IP multicast
router addresses currently configured on the switch (Figure 1).
Figure 1: Example output for SHOW IGMPSNOOPING ROUTERADDRESS
IGMP Snooping Router Address
----------------------------------------------------------------------------
IGMP Snooping Router Mode ...... IP
Router Address List
--------------------------------
224.0.0.4
224.0.0.6
224.0.0.80
224.0.0.43
224.0.0.23
224.0.0.15
224.0.0.60
----------------------------------------------------------------------------
PCR: 31134 Module: RSTP Level: 2
Bridges transmitted BPDUs at the rate specified by the local helloTime value
when they were not the root bridge. This is the behaviour specified in
802.1w-2001. This behaviour can cause instability in the spanning tree when
bridges are configured with different helloTime values, especially when the
root bridge's helloTime is significantly less than other bridges in the tree. This
issue has been resolved. Non-root bridges now adopt the root bridge's
helloTime value propagated in BPDUs.
Patch 86261-04 for Software Release 2.6.1
C613-10386-00 REV D
PCR: 31135 Module: IPV6 Level: 3
The ADD IPV6 HOST command accepted an invalid IPv6 address. This
issue has been resolved.
6 SHOW IGMPSNOOPING ROUTERADDRESS Patch Release Note
PCR: 31140 Module: FIREWALL Level: 4
The firewall sent an erroneous IPSPOOF attack message when processing
large packets. This issue has been resolved.
PCR: 31145 Module: SWI Level: 3
The port counters were not incremented:
• ifInDiscards
•ifinErrors
• ifOutDiscards
•ifOutErrors
This issue has been resolved.
PCR: 31146 Module: SWI Level: 3
The following SNMP MIB objects could not be set:
• Dot1dStpPriority
• Dot1dStpBridgeMaxAge
• Dot1dStpBridgeHelloTime
• Dot1dStpBridgeForwardDelay
This issue has been resolved.
PCR: 31147 Module: DHCP Level: 3
DHCP was incorrectly using the directly connected network interface
source IP address as the source IP address of packets it generates. This issue
has been resolved. DHCP now uses the local IP address as the source
address for the packets it generates when a local IP interface address is set.
If a local IP interface address is not set, then it uses the IP address of the
interface where packets are sent from as the source address.
PCR: 31148 Module: PIM, PIM6 Level: 2
When the device rebooted with PIM or PIM6 enabled, it sometimes did not
send a Hello packet quickly enough. This issue has been resolved.
PCR: 31152 Module: DHCP Level: 2
When a DHCP client was in the renewing state, and it sent a DHCP Request,
the device did not add the ARP entry to the ARP table. Instead, the device
generated an ARP Request in order to transmit the DHCP Ack. This caused
a broadcast storm in the network when the client kept sending DHCP
Requests. This issue occurred because the ciaddr field, not the giaddr field,
was checked in the Request packet when the device determined whether to
add the ARP entry. This issue has been resolved.
PCR: 31153 Module: IPG Level: 4
In the output of the SHOW IP DNS CACHE command, “TTL” was
displayed as seconds. This has been changed to minutes because the TTL is
updated every minute.
Patch 86261-04 for Software Release 2.6.1
C613-10386-00 REV D
Patch 86261-04 For Rapier and AT-8800 Series Switches SHOW IGMPSNOOPING ROUTERADDRESS 7
PCR: 31154 Module: STP Level: 4
The current implementation of RSTP conforms to the IEEE standard
802.1w-2001. However, several minor deviations from the standard are
possible without having a functional impact on the behaviour of RSTP.
These changes are useful for debugging RSTP, and tidy up aspects of RSTP
that sometimes have no purpose. The following three variations have been
implemented:
•The Learning and Forwarding flags are set in BPDUs to indicate the state
of the Port State Transition state machine.
•The Agreement flag is set in BPDUs only when a Root Port is explicitly
agreeing to a proposal from a designated port. Do not set the Agreement
flag in BPDUs transmitted by Designated Ports.
•The Proposal flag is not set in a BPDU sent by a designated port once the
port has reached the forwarding state.
PCR: 31158 Module: CORE Level: 3
On AT-8800 series switches, when the fan status changed, the device did not
send a SNMP trap and log. When the temperature was above the allowable
threshold, the device sent the wrong SNMP trap. This issue has been
resolved. Also, the temperature thresholds of the AT-8824 and AT-8848 have
been set to different values of 62º C and 67º C respectively.
PCR: 31159 Module: FW, VLAN Level: 2
Static ARP entries sometimes prevented the firewall from working
correctly. This is because when an VLAN interface is added to the firewall,
the CPU takes over the routing from the switch silicon in order to inspect
the packet. Hence all the Layer 3 route entries must be deleted. However,
static ARP Layer 3 entries were not being deleted from the silicon. This issue
has been resolved. When interface is added to the firewall, all hardware
layer 3 routing is now turned off to allow the firewall to inspect packets.
PCR: 31161 Module: LOG Level: 3
If the number of messages to be stored in the TEMPORARY log output was
changed with the SET LOG OUTPUT MESSAGE command, the SHOW
LOG command output did not return any matching log messages. This
issue has been resolved. Existing messages are now displayed.
PCR: 31162 Module: SWI Level: 2
A STP topology change incorrectly deleted static ARP entries. This issue has
been resolved.
PCR: 31167 Module: IPG Level: 2
IP MVR member ports were not timing out. MVR member ports now
timeout in the same way as IP IGMP ports. The timeout values are
configured by IGMP. Also, IGMP interfaces were incorrectly being enabled
and disabled by MVR. This issue has been resolved.
Patch 86261-04 for Software Release 2.6.1
C613-10386-00 REV D
PCR: 31170 Module: SWI Level: 2
After an AT-8800 series switch was powered down or rebooted, non-auto
negotiating copper GBICs were not handled correctly. This issue has been
resolved.
8 SHOW IGMPSNOOPING ROUTERADDRESS Patch Release Note
PCR: 31171 Module: PORTAUTH, USER,STP Level: 2
This PCR enhances the robustness of the 802.1x port authentication
protocol.
PCR: 31174 Module: IPG Level: 2
If a device had IPSec and firewall enabled, it could not handle long ICMP
packets even when enhanced fragment handling was enabled on the
firewall. If a long packet is passed to the firewall for processing, the firewall
chains the fragmented packets. The firewall can process chained packets,
but IPSec could not process these packets, and dropped them. This was only
an issue for packets between 1723 and 1799 bytes long. This issue has been
resolved. The way IP processes fragmented packets has been changed so
that IPsec no longer drops chained packets.
PCR: 31179 Module: SWI Level: 3
Addresses learned with static port security were not added to the
configuration when the CREATE CONFIG command was executed. This
issue has been resolved.
PCR: 31180 Module: USER Level: 2
The following commands did not require security officer privilege when the
device was in security mode, but this privilege should have been required:
• ADD USER
• SET USER
• DELETE USER
•PURGE USER
• ENABLE USER
• DISABLE USER
• RESET USER
This issue has been resolved. Security officer privilege is now required for
these commands when security mode is enabled with the ENABLE
SYSTEM SECURITY_MODE command.
PCR: 31184 Module: SW56 Level: 2
Some issues occurred on 48 port Rapier series switches when MAC
addresses were learned and then relearned on a different port. These issues
have been resolved.
PCR: 31185 Module: SWI Level: 2
Tagged ports did not tag packets received from the bridge before
transmitting them. This issue has been resolved.
PCR: 31190 Module: SWI, SW56 Level: 2
When static port security was enabled with the RELEARN parameter in the
SET SWITCH PORT command, and a switch port was reset or unplugged,
the MAC entries were removed (unlearned) from the forwarding database
table. The MAC entries should only be removed when dynamic port
security is in use. This issue has been resolved.
Patch 86261-04 for Software Release 2.6.1
C613-10386-00 REV D
Loading...