How it Works
Allied Telesis
Loading...
AR800
User Manual
2 pgs55.05 Kb0
User Manual
34 pgs208.85 Kb0
User Manual
18 pgs135.98 Kb0
Table of contents
Loading...

Allied Telesis AR800 User Manual

Patch Release Note
Patch 86231-10 For Rapier Switches and AR800 Series Modular Switching Routers

Introduction

This patch release note lists the issues addressed and enhancements made in patch 86231-10 for Software Release 2.3.1 on existing models of Rapier L3 managed switches and AR800 Series L3 modular switching routers. Patch file details are listed in Table 1.
Table 1: Patch file details for Patch 86231-10.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
This release note should be read in conjunction with the following documents:
Release Note: Software Release 2.3.1 for Rapier Switches, AR300 and
AR700 Series Routers, and AR800 Series Modular Switching Routers (Document Number C613-10325-00 Rev B) available from
www.alliedtelesyn.co.nz/documentation/documentation.html
Rapier Switch Documentation Set for Software Release 2.3.1 available on
the Documentation and Tools CD-ROM packaged with your switch, or from www.alliedtelesyn.co.nz/documentation/documentation.html
WARNING: Using a patch for a different model or software release may cause unpredictable results, including disruption to the network. Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesyn International. While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesyn International can not accept any type of liability for errors in, or omissions arising from the use of this information.
86s-231.rez
07-May-2003
86231-10.paz
419216 bytes
.
.
Simply connecting the world
2 Patch Release Note
Some of the issues addressed in this Release Note include a level number. This number reflects the importance of the issue that has been resolved. The levels are:
Level 1 This issue will cause significant interruption to network services, and
there is no work-around.
Level 2 This issue will cause interruption to network service, however there
is a work-around.
Level 3 This issue will seldom appear, and will cause minor inconvenience.
Level 4 This issue represents a cosmetic change and does not affect network
operation.

Features in 86231-10

Patch 86231-10 includes all issues resolved and enhancements released in previous patches for Software Release 2.3.1, and the following enhancements:
PCR: 02158 Module: FIREWALL Network affecting: No
When a TCP RST/ACK was received by a firewall interface, the packet that was passed to the other side of the firewall lost the ACK flag, and had an incorrect ACK number. This issue has been resolved.
PCR: 02166 Module: FIREWALL Network affecting: No
Locally generated ICMP packets, such as unreachable messages, were not passed out through public interfaces when the packet that caused the message was not recorded by the firewall. This may occur, for example, if the packet passed between two public interfaces. This issue has been resolved.
PCR: 02356 Module: FIREWALL Network affecting: No
Previously the SET FIREWALL POLICY RULE command permitted the use of the GBLIP and GBLPORT parameters in ways that were not permitted by the ADD FIREWALL POLICY RULE command. This caused problems when a configuration file was generated because some of the illegal parameters from the SET command were put into the ADD command. This resulted in a configuration that contained illegal parameter combinations. The restrictions placed on the GBLIP and GBLPORT parameters in the ADD command have now been implemented in the SET command so that these problems do not occur.
PCR: 02371 Module: FIREWALL Network affecting: No
When the system time was set to a time that was before or significantly after the current time, Firewall sessions were prematurely deleted. This issue has been resolved.
PCR: 02399 Module: TRACE Network affecting: No
The Trace utility has been modified. Previously, Trace sent a group of packets at once and waited for multiple responses in order to assess the minimum, maximum and average time to cover a certain "hop distance" towards the target host. Now Trace sends each packet in each group individually, and waits either for a response or a time-out before sending the next packet in the group.
Patch 86231-10 for Software Release 2.3.1
C613-10328-00 REV J
Patch 86231-10 For Rapier Switches and AR800 Series Modular Switching Routers 3
PCR: 02550 Module: FIREWALL Network affecting: No
The standard subnet NAT rules on a private interface were not matching a packet unless its source IP address was exactly the same as the IPADDRESS value set for the rule, that is the NAT mask value was not being used. This issue has been resolved.
PCR: 02579 Module: FIREWALL Network affecting: No
The ADD FIREWALL POLICY and SET FIREWALL POLICY commands did not generate a valid port list when the optional PORT parameter was set to ALL. This issue has been resolved.
PCR: 02587 Module: OSPF Network affecting: No
When OSPF was enabled on startup, an OSPF interface would sometimes stay in the DOWN state. This issue has been resolved.
PCR: 03009 Module: CORE Level: 2
The size of the 86231 patch file was causing issues. This has been resolved.
PCR: 03013 Module: INSTALL Network affecting: No
The SET INSTALL command was generating an unwanted warning message on the Rapier i series switches. This issue has been resolved.
PCR: 03015 Module: SWI Network affecting: No
When ports were added to a trunk group on a Rapier 16, the ports operated in the wrong duplex mode. This issue has been resolved.
PCR: 03026 Module: IPG Network affecting: No
After setting the IGMP query timer with the SET IP IGMP command, and saving the configuration, the IGMP Other Querier timeout was not set to the correct value after a restart. This issue has been resolved.
PCR: 03027 Module: DHCP Network affecting: No
Entries in the process of being reclaimed as static entries (and waiting for the remote IP to become routable), were disrupting the reclaim process. This prevented further entries from being reclaimed. DHCP static entries are now fully subject to normal reclaim processing.
PCR: 03040 Module: IPG Network affecting: No
Sometimes IP flows were not deleted correctly when both directions of the flow were in use. This issue has been resolved.
Patch 86231-10 for Software Release 2.3.1 C613-10328-00 REV J
PCR: 03042 Module: PIM Level: 3
PIM join messages were being sent by a switch connected to an upstream and a downstream switch or router in the same VLAN when a multicast group had no members. This issue has been resolved.
PCR: 03065 Module: SWI Level: 2
When the TX cable was unplugged from a fibre port the operating status was incorrectly reported as UP. This issue has been resolved.
4 Patch Release Note
PCR: 03080 Module: DVMRP
DVMRP was not updating the downstream forwarding state correctly. This issue has been resolved.
PCR: 03109 Module: LOG Level: 3
A log was only partially created if there was insufficient NVS memory for log creation on the router. A change has been made so that a log is not created if there is insufficient memory, and a warning message is displayed.
PCR: 03111 Module: FIREWALL Level: 1
TCP sessions could fail if the public side of the firewall was using Kerberos and the private side had a very slow connection to the firewall. This issue has been resolved.
PCR: 03122 Module: SWI Level: 2
When a static ARP was added to a trunk group, a software restart could occur. This issue has been resolved.
PCR: 03134 Module: TCP Level: 2
When using the SET TELNET LISTENPORT command, a fatal error sometimes occurred. This issue has been resolved.
PCR: 03145 Module: IPG Level: 4
The SET IP ROUTE FILTER command was not processing some parameters. This issue has been resolved.
PCR: 03152 Module: IPG Level: 3
An additional check has been added to validate the MASK specified in an ADD IP ROUTE command. The check tests that the mask is contiguous.
PCR: 03159 Module: SWI Level: 2
Switch trunk speed checks only checked for gigabit settings, not speed capabilities. It is now possible for uplink modules which support 10, 000 and gigabit speed to attach to trunks where speeds are 10Mb/s or 100Mb/s.
PCR: 03160 Module: STP Level: 2
Executing the PURGE STP command caused fatal error. This issue has been resolved.
PCR: 03171 Module: DVMRP, IPG Level: 3
DVMRP was erroneously forwarding packets to a VLAN with a downstream neighbour. This issue has been resolved.
PCR: 03173 Module: CORE, NTP Level: 3
The default NTP polling interval was set to 64 seconds, not the correct interval of 128 seconds. This issue has been resolved.
PCR: 03180 Module: IPG Level: 3
If all 32 VLAN interfaces had IP addresses attached, only 31 VLANs could be multihomed. Now all 32 VLAN interfaces with IP addresses can be multihomed.
Patch 86231-10 for Software Release 2.3.1
C613-10328-00 REV J
Patch 86231-10 For Rapier Switches and AR800 Series Modular Switching Routers 5
PCR: 03217 Module: DVMRP Level: 2
If a DVMRP interface was deleted and then added again, DVMRP routes associated with this interface were not reactivated. This issue has been resolved.
PCR: 03240 Module: OSPF Level: 2
A fatal error occurred when OSPF was under high load. This issue has been resolved.
PCR: 03241 Module: FIREWALL Level: 2
When deleting a list associated with a policy, all rules were being deleted. Now only the rules associated with the policy and list are deleted.
PCR: 03250 Module: SWI Level: 4
The DELETE SWITCH FILTER command did not work properly when the ENTRY parameter was assigned a range with hyphen (“-”). This issue has been resolved.
PCR: 03255 Module: FIREWALL Level: 3
The firewall doubled the IPSPOOF event timeout from 2 minutes to 4 minutes. This issue has been resolved.
PCR: 03296 Module: IPG Level: 2
Broadcast TCP packets were being processed by the device, causing fatal errors when firewall SMTP Proxy was configured. Non-unicast TCP packets are now dropped by IP.
PCR: 03297 Module: PIM Level: 2
The Designated Router (DR) of the PIM interface was not resetting when the RESET PIM INTERFACE command was executed. This issue has been resolved.
PCR: 03301 Module: IPG Level: 3
Packets processed by the firewall were not having their TTL decremented. This issue has been resolved.
PCR: 03303 Module: PIM Level: 3
The PIM Designated Router (DR) is now elected over an entire VLAN interface, rather than on a per-port basis.
Patch 86231-10 for Software Release 2.3.1 C613-10328-00 REV J
PCR: 03333 Module: IPG Level: 3
After VRRP was enabled, the link status of the switch ports was shown as UP, even if there was no connection to the ports. This issue has been resolved.
PCR: 03336 Module: CORE Level: 4
“AT-A42” was being incorrectly displayed as “AT-A42X-00” in the output of the SHOW SYSTEM command. This issue has been resolved.
6 Patch Release Note
PCR: 03346 Module: SNMP Level: 4
Sometimes the Agent Address field in SNMP traps was not the same as the IP source address. This meant that sometimes the NMS did not send an alarm to the network manager when traps were received from switches. This issue has been resolved.
PCR: 03348 Module: SWI Level: 3
The Uplink card sometimes unnecessarily changed its status from UP to DOWN. This issue has been resolved.
PCR: 03353 Module: PPP Level: 3
Dynamic interface details were added through the SET INTERFACE command when the CREATE CONFIGURATION command was executed. This caused errors on startup. This issue has been resolved.
PCR: 03360 Module: STP Level: 4
Typing “?” after SET STP=stp-name at the CLI to request context-sensitive Help only returned the PORT and DEFAULT options. This issue has been resolved so that all options are shown.
PCR: 03378 Module: DHCP Level: 2
DHCP sometimes suffered a fatal error when a range of IP addresses was destroyed. This issue has been resolved.
PCR: 03385 Module: FILE, INSTALL, SCR Level:
Critical files (prefer.ins, config.ins and enabled.sec) are now copied from NVS to FLASH at boot time if they do not exist in FLASH, or if the NVS version of the file is different from the FLASH version.
PCR: 03386 Module: SWI Level: 2
If the SET SWITCH L3FILTER MATCH command had nothing specified for the IMPORT and EMPORT parameters, and there was an existing match entry in the filter table, the new filter was not added correctly. Filter match entries are now accepted regardless of the order in which they are entered into the table.
PCR: 03402 Module: IPG Level: 2
IP routes deleted from the route cache occasionally caused a fatal error. This issue has been resolved.
PCR: 03416 Module: SWI Level: 3
Previously, the ADD SWITCH L3FILTER MATCH command was accepted if the TYPE parameter was not specified. This command now requires the TYPE parameter, and an error message will be returned if the TYPE parameter is not specified.
PCR: 03417 Module: PPP Level: 3
The ENABLE PPP DEBUG command was not accepting the ASYN parameter. This issue has been resolved.
Patch 86231-10 for Software Release 2.3.1
C613-10328-00 REV J
Patch 86231-10 For Rapier Switches and AR800 Series Modular Switching Routers 7
PCR: 03422 Module: PIM Level: 2
When forwarding a multicast packet to a downstream neighbour, the device sometimes forwarded two copies of the packet instead of one. This issue has been resolved.
PCR: 03432 Module: STP Level: 2
STP settings were not retained when a port was deleted from the VLAN that the STP belongs to. This issue has been resolved.
PCR: 03457 Module: OSPF Level: 2
Disabling OSPF caused a fatal error if there was a large routing table. This issue has been resolved.
PCR: 03458 Module: IPG Level: 3
The route information for ipRouteEntry of ipGroup in the MIB-II MIB was not correct. This issue has been resolved.
PCR: 03465 Module: DHCP Level: 2
The IPMTU parameter in the ADD DHCP POLICY command was accepting values in the range 0-4294967295. This parameter now accepts values in the correct range of 579-65535.
PCR: 03486 Module: SWI Level: 2
Occasionally the switch did not forward packets between two VLANs. This issue has been resolved.

Features in 86231-09

Patch file details are listed in Table 2:
Table 2: Patch file details for Patch 86231-09.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
86s-231.rez
24-Dec-2002
86231-09.paz
906911 bytes
Patch 86231-10 for Software Release 2.3.1 C613-10328-00 REV J
Patch 86231-09 includes all issues resolved and enhancements released in previous patches for Software Release 2.3.1, and the following enhancements:
PCR: 02023 Module: PIM, VLAN Network affecting: No
When a VLAN port’s layout chang ed, PIM was not updating correctly. N ow PIM correctly updates a VLAN port’s interface, neighbour and routes.
PCR: 02171 Module: STP, SWITCH, VLAN Network affecting: No
STP now operates on ports within a trunk group.
8 Patch Release Note
PCR: 02241 Module: FIREWALL Network affecting: No
Firewall subnet NAT rules were not working correctly from the private to the public side of the firewall. Traffic from the public to private side (destined for subnet NAT) was discarded. These issues have been resolved. ICMP traffic no longer causes a RADIUS lookup for access authentication, but is now checked by ICMP handlers for attacks and eligibility. If the ICMP traffic matches a NAT rule, NAT will occur on inbound and outbound traffic. HTTP 1.0 requests sometimes caused the firewall HTTP proxy to close prematurely. Cached TCP sessions were sometimes not hit correctly. These issues have been resolved.
PCR: 02300 Module: Firewall Network affecting: No
If the command ADD FIREWALL POLICY RULE SOURCEPORT=ALL was executed, a value of “65535” was incorrectly displayed for the SOURCEPORT parameter for that rule in the SHOW FIREWALL POLICY command. This issue has been resolved.
PCR: 02376 Module: PPP Network affecting: No
When the PPP ONLINELIMIT was exceeded for PPP over TDM, the PPP link stayed open, allowing Link Quality Report (LQR) packets to be transmitted. This caused the ifOutOctets counter to increment. Now, if the ONLINELIMIT is exceeded, the link will close.
PCR: 02395 Module: VRRP, TRG Network affecting: No
The SHOW VRRP command now shows the number of trigger activations for the Upmaster and Downmaster triggers.
PCR: 02396 Module: DHCP Network affecting: No
DHCP RENEW request messages are now unicast (as defined in the RFC), not broadcast.
PCR: 02400 Module:
Network affecting: No
CORE,FFS,FILE,INSTALL,SCR
If a problem occurred with NVS, some critical files were lost. As a result, the equipment was forced to load only boot ROM software at boot time. This patch combined with the new version of the boot ROM software (pr1-1.2.0 for the AR700 series) resolves this issue.
PCR 02408 Module: SWI Network affecting: No
The EPORT parameter in the SHOW SWITCH L3FILTER ENTRY command was displaying incorrectly after an issue was resolved in PCR02374. The command now displays correctly.
PCR: 02427 Module: DHCP Network affecting: No
DHCP entry reclaim checks are now delayed by 10 seconds if the entry is unroutable because the interface is not up.
PCR: 02463 Module: DVMRP, IPG Network affecting: No
Support for multi-homed interfaces has been added.
PCR 02465 Module: TTY Network affecting: No
Under some circumstances a fatal error occurred if a large amount of data was pasted onto the command line. This issue has been resolved.
Patch 86231-10 for Software Release 2.3.1
C613-10328-00 REV J
Patch 86231-10 For Rapier Switches and AR800 Series Modular Switching Routers 9
PCR: 02489 Module: SWI Network affecting: No
When the switch was under heavy learning load, some MAC address were lost. This issue has been resolved.
PCR: 02499 Module: IPG Network affecting: No
Some parameters in the SET IP IGMP command had incorrect ranges. This issue has been resolved. The correct ranges are:
SET IP IGMP [LMQI=1..255] [LMQC=1..5]
[QUERYINTERVAL=1..65535] [QUERYRESPONSEINTERVAL=1..255] [ROBUSTNESS=1..5] [TIMEOUT=1..65535]
PCR: 02506 Module: OSPF IPG Network affecting: No
The ADD IP ROUTE FILTER optional parameter INTERFACE caused the filter to not work on the OSPF external lsas’ flooding.
The SHOW IP ROUTE FILTER interface name output was truncated to 6 characters. These issues have been resolved.
PCR: 02509 Module: DVMRP Network affecting: No
The source net mask has been removed from DVMRP prune, graft and graft-ack messages.
PCR: 02526 Module: DVMRP Network affecting: No
Under some circumstances, multiple default routes were created for DVMRP. This issue has been resolved.
PCR: 02532 Module: FIREWALL Network affecting: No
The Firewall showed the wrong counters on Total Received Packets and Dropped Packets and displayed twice the number of received packets when discarding packets from the public side. Also, when a Deny rule was applied to the private side, the Number of Dropped Packets was always zero. These issues have been resolved.
PCR: 02537 Module: L2TP Network affecting: No
When PPP was used over an L2TP tunnel, a speed of zero was shown for the PPP interface on the LNS side, while the LAC side showed a non-zero PPP interface speed. This issue has been resolved so that the LNS side of the PPP interface shows the correct speed.
PCR: 02538 Module: DVMRP Network affecting: No
The source mask is now always 0xffffffff in the DVMRP forwarding table.
Patch 86231-10 for Software Release 2.3.1 C613-10328-00 REV J
The temporary route in the DVMRP route table was not displaying correctly. This issue has been resolved.
An IGMP entry was erroneously added for the reserved IP address. This issue has been resolved.
PCR: 02545 Module: IPG Network affecting: No
Previously, it was possible to add up to 33 IP interfaces. The correct limit is 32 IP interfaces. This issue has been resolved.
PCR: 02547 Module: IPG Network affecting: No
The ARP transmit counter total was not being incremented. This issue has been resolved.
10 Patch Release Note
PCR: 02552 Module: SWI Network affecting: No
If ingress filtering was supported within trunk groups, ports with ingress filtering enabled were erroneously added to the trunk group. This issue has been resolved.
PCR: 02574 Module: DVMRP Network affecting: No
Some change actions, and the resending of prune messages were not operating correctly. This issue has been resolved.

Features in 86231-08

Patch file details are listed in Table 3:
Table 3: Patch file details for Patch 86231-08.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
86s-231.rez
11-Oct-2002
86231-08.paz
371680 bytes
Patch 86231-08 includes all issues resolved and enhancements released in previous patches for Software Release 2.3.1, and the following enhancements:
PCR: 02236 Module: FIREWALL Network affecting: No
Sometimes the retransmission of an FTP packet was not permitted through the Firewall. This issue has been resolved.
PCR: 02324 Module: SWI Network affecting: No
It is now possible to create 16 Layer 3 filters on Rapier i Series switches.
PCR: 02327 Module: IPG/FIREWALL Network affecting: No
In some situations, multihomed interfaces caused the Firewall to apply NAT and rules incorrectly when packets were received from a subnet that was not attached to the receiving interface. This issue has been resolved.
PCR: 02329 Module: DHCP Network affecting: No
An ARP entry for a host has been removed whenever a DHCP DISCOVER or DHCP REQUEST message is received from the host. This allows for clients changing ports on a switch.
PCR: 02332 Module: IPSEC Network affecting: No
The sequence number extracted from the AH and ESP header was in the wrong endian mode, which caused an FTP error with IPSEC anti-replay. This issue has been resolved.
PCR: 02340 Module: IPG Network affecting: No
If PIM is enabled, and the RESET IP INTERFACE command is executed, PIM is disabled. PIM now restarts automatically if this happens.
Patch 86231-10 for Software Release 2.3.1
C613-10328-00 REV J
Patch 86231-10 For Rapier Switches and AR800 Series Modular Switching Routers 11
PCR: 02343 Module: PPP Network affecting: No
When acting as a PPPoE Access Concentrator (AC), if a PPPoE client sent discovery packets without the "host-unique" tag, the discovery packets sent by the AC were corrupted. This issue has been resolved.
PCR: 02359 Module: IPG Network affecting: No
When an IP Multihomed interface was used as an OSPF interface, neighbour relationships were only established if the IP interface for OSPF was added first in the configuration. Now, OSPF establishes neighbour relationships regardless of the IP Multihomed interface configuration order.
PCR: 02360 Module: DHCP Network affecting: No
This patch implements simple DHCP range MIBs, dhcpRangeExhaustedGateway and dhcpRangeExhaustedInterface, and a trap that shows when a DHCP range was exhausted. The trap is triggered when a DHCP request cannot be satisfied. The gateway address and the interface address are returned as trap variables.
PCR: 02362 Module: PIM Network affecting: No
If the HELLOINTERVAL parameter in the SET PIM command was less than 4 seconds, the PIM neighbour would time out. The minimum HELLOINTERVAL has been changed to 10 seconds for this command. Also, the commands SET IP INTERFACE and SET PIM INTERFACE were not recognising a modified IP address. The RESET PIM INTERFACE=VLAN command was not working correctly. These issues have been resolved.
PCR: 02364 Module: FFS Network affecting: No
The Flash compaction message has been changed from:
Flash compacting... DO NOT restart the router until compaction is completed
To:
Flash compacting... DO NOT restart the router, or power down until compaction is completed
PCR: 02365 Module: SWI Network affecting: No
Address learning on the mirror port is now correctly re-enabled when it is restored to its normal state.
PCR: 02366 Module: SWI Network affecting: No
If a gigabit fibre uplink was installed in a Rapier 24i or Rapier 48i, and the receive fibre was slowly withdrawn while the uplink was receiving heavy traffic, the switch chip sometimes locked up. This patch implements a workaround by causing a warm restart if this situation arises. A message is then written to the log to explain the cause of the restart.
Patch 86231-10 for Software Release 2.3.1 C613-10328-00 REV J
PCR: 02368 Module: IPG/IGMP Network affecting: No
IGMP failed to create an automatic IGMP membership with no joining port when it received multicast data that no ports were interested in, when IP TimeToLive was set to 1 second. Also, IGMP erroneously sent a query on an IGMP enabled IP interface even when IGMP was disabled. These issues have been resolved.
Loading...
+ 23 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use