Allied Telesyn International announces the release of Software Release 2.3.1 on
the AR300 and AR700 Series routers, Rapier Series layer 3 switches, and AR800
Series modular switching routers. This release note describes software features
that are new since Software Release 2.2.2. It should be read in conjunction with
the Quick Install Guide, Quick Start Guide, User Guide, Hardware Reference
and Software Reference for your router or switch. These documents can be
found on the Documentation and Tools CD-ROM packaged with your router
or switch, or on the support site at:
WARNING: Information in this release note is subject to change without notice
and does not represent a commitment on the part of Allied Telesyn
International. While every effort has been made to ensure that the information
contained within this document and the features and changes described are
accurate, Allied Telesyn International can not accept any type of liability for
errors in, or omissions arising from the use of this information.
Hardware Platforms
Software Release 2.3.1 is available for the following hardware platforms:
■
AR300 Series Routers
■
AR700 Series Routers
■
AR800 Series Modular Switching Routers
■
Rapier Series Layer 3 Switches
Software Release 2.3.1 will support the Rapier i Series hardware platforms as
they become available (“Rapier i Series” on page 2).
For existing models with Network Service Module (NSM) bays, Software
Release 2.3.1 supports hot swapping of NSMs, and some PICs in those NSMs,
so that they can be installed and uninstalled without the need to power down
the entire router or switch (“Hot Swapping Network Service Modules” on page 3).
Rapier i Series
The Rapier i Series layer 3 switches will provide all the features of the original
Rapier series. While the first software release on these hardware models will
provide the same features as the original Rapier Series (plus bandwidth
limiting), the hardware on the Rapier i Series layer 3 switches will allow later
software releases to provide enhanced Virtual LAN and Quality of Service
features.
Software Release 2.3.1
C613-10325-00 REV B
Software Release 2.3.13
Hot Swapping Network Service Modules
In routers and switches that have NSM bays, this release allows the following
NSMs to be hot swapped, so that they can be installed and uninstalled without
powering down the entire router or switch:
■
AT-AR040 NSM with 4 PIC slots (NSM-4PIC)
■
AT-AR041 NSM with 8 BRI S/T WAN ports (NSM-8BRI)
■
AT-AR042 NSM with 4 BRI S/T WAN Ports (NSM-4BRI)
The following PIC cards can be hot swapped if they are in NSM bays:
■
AT-AR021(S) PIC BRI (S)
■
AT-AR021(U) PIC BRI (U)
■
AT-AR0 2 2 PIC Eth
■
AT-AR0 2 3 PIC Sync
■
AT-AR026 PIC 10/100 Eth
PICs in PIC bays in base router units (for instance, the AR720 and AR740 routers) do
not support hot swapping. The PICs in an NSM can only be hot swapped by preparing
the NSM bay for hotswap.
An NSM, with or without PICs, can be hot inserted into a previously empty
bay. Hot inserted cards behave as though they had been present at router startup, except that the router configuration script will not be scanned for
commands that may relate to interfaces on the hot-inserted cards.
An NSM, with or without PIC cards, can be hot swapped out, and an identical
combination of NSM and PIC cards can be hot swapped into the same bay. The
software configurations of the interfaces on the hot-swapped cards are
preserved across the hot swap so that modules configured to interfaces on the
cards can continue to use the interfaces.
An NSM, with or without PICs, can be hot swapped out and a different
combination of NSM and PICs can be hot swapped into the same bay. For any
card in the combination that is replaced by a card of a different type, software
interface instances for the old card are destroyed and their configurations
forgotten, and new interface instances are created from scratch for the new
card. For any card in the combination that is replaced by a card of the same
type, interface instances are preserved.
NSM-4PIC (AR040) only: Cards of the same type but with differing manufacturing
revision levels may in some cases be treated as cards of different types when hot
swapping.
Software Release 2.3.1
C613-10325-00 REV B
WARNING: It is important to observe the following procedure carefully when
hot swapping NSMs. Failure to follow this procedure will cause the router to
crash, and may cause damage to files stored in FLASH.
Do not attempt to hot swap while the contents of FLASH memory are being
modified, for instance when files are being loaded onto the router or during
FLASH compaction. Hot swapping while FLASH memory is being modified
may corrupt FLASH memory, damaging configuration files, software release
4Release Note
files, feature licences and other files. (If this happens, FLASH memory may need
to be cleared completely, leaving no functioning software to run the router.)
Hot swap an NSM out of an NSM bay
Follow these steps to hot swap an NSM, or PICs in an NSM-4PIC, out of an
NSM bay.
1.Prepare the NSM bay for hot swap.
Look at the “Swap” and “In use” LEDs beside the NSM bay. If the “In
Use” LED is lit, press the “Hot Swap” switch slowly using a pointed object
such as a pencil tip. The “In Use” LED should go out and the “Swap” LED
should light.
If the “In Use” LED remains lit, or if neither of the LEDs beside the NSM
bay is lit, the router software release does not support hot swap, and the
router must be switched off to remove the NSM.
2.Remove the NSM or PIC.
When the “Swap” LED is lit, remove the NSM or the PIC that is being
swapped.
Hot swap an NSM into an NSM bay
Follow these steps to hot swap an NSM, or PICs in an NSM-4PIC, into an
empty NSM bay.
1.Check that the NSM or PIC bay is empty.
2.Check that the NSM bay is ready for hot swap.
Look at the “Swap” and “In use” LEDs beside the NSM bay. The “Swap”
LED should be lit.
If the “In Use” LED is lit, press the “Hot Swap” switch slowly using a
pointed object such as a pencil tip. The “In Use” LED should go out and
the “Swap” LED should light.
If the “In Use” LED remains lit, or if neither of the LEDs beside the NSM
bay is lit, the router software release does not support hot swap, and the
router must be switched off to remove the NSM.
3.Insert the NSM or PIC.
When the “Swap” LED is lit, insert the NSM or PIC.
4.Return the NSM bay to use.
Press the “Hot Swap” switch using a pointed object such as a pencil tip. The
“Swap” LED will go out and the “In Use” LED will light.
If the “In Use” LED stays lit only briefly then the “Swap” LED lights again,
the NSM is of a type that the software release does not support.
For information about the behaviour of interfaces during and after NSM hot
swapping, see “NSM Hot Swap Software Support” on page 6.
Software Release 2.3.1
C613-10325-00 REV B
Software Release 2.3.15
Software Features
The following features are available on all routers and switches supported by
this release, unless otherwise stated:
Major features
■
NSM Hot Swap software support for models with NSM bays (“NSM Hot
Swap Software Support” on page 6)
■
Domain Name Server Enhancements (IP) (“Domain Name Server
Enhancements” on page 7)
■
Configurable Telnet Server Port Number (“Telnet Server Port Number” on
page 9)
■
Up and down triggers for Ethernet interfaces (“Triggers for Ethernet
Interfaces” on page 9)
■
Changes to the number of encryption and compression channels,
depending on the amount of RAM on the router or switch (“ENCO
Channels” on page 10)
■
IP Security (IPsec) enhancements: the Source Interface can be now be
specified, and IPsec performance is enhanced (“IP Security (IPsec) Source
Interface and Enhancements” on page 11)
■
OSPF on Demand (“OSPF on Demand” on page 12)
■
Paladin Firewall Enhancements (“Paladin Firewall Enhancements” on
(BGP-4)” on page 28) (not available on AR300 Series routers).
■
Commands to reset interface and IP MIB counters to zero, and changes to
the display of MIB counters (“IP and Interface Counters” on page 29)
■
An extended range of telephony functions, on AR300 and AR310 routers
(“Telephony (PBX) Functionality” on page 33)
■
Bandwidth limiting on Rapier i Series switch ports (“Bandwidth Limiting”
on page 34)
■
The DHCP server is now able to successfully allocate addresses to
Macintosh devices running Open Transport version 2.5.1 and 2.5.2.
■
To increase switch security, the INFILTERING parameter of the SET
SWITCH PORT command now defaults to ON.
The INFILTERING parameter enables or disables Ingress Filtering of frames
admitted according to the ACCEPTABLE parameter, on the specified ports.
Each port on the switch belongs to one or more VLANs. If INFILTERING is
set to ON, Ingress Filtering is enabled: any frame received on a specified
port is only admitted if the port belongs to the VLAN with which the frame
is associated. Conversely, any frame received on the port is discarded if the
port does not belong to the VLAN with which the frame is associated.
Untagged frames admitted by the ACCEPTABLE parameter are admitted,
since they have the numerical VLAN Identifier (VID) of the VLAN for
which the port in an untagged member. If OFF is specified, Ingress Filtering
is disabled, and no frames are discarded by this part of the Ingress Rules.
Software Release 2.3.1
C613-10325-00 REV B
This change does not apply to AR300 or AR700 Series routers.
6Release Note
NSM Hot Swap Software Support
When a card is hot-swapped out of a bay, its interface instances become
dormant. They stay dormant until either another card of the same type is hotswapped into the bay, in which case they are reactivated, or a card of a different
type is hot-swapped into the bay, in which case they are destroyed.
Dormant interfaces are included in the SHOW INTERFACE command output
and in the SNMP interfaces MIB, marked as swapped out. In other router or
switch commands, however, the router or switch behaves as though dormant
interfaces do not exist.
Instances of higher-level modules such as LAPD and Q931, ISDNCC, PPP, and
IP, that are attached to an interface that becomes dormant, do not themselves
become dormant. They behave as if the interface has stopped communicating,
for example as if its cable has been unplugged.
The router does not scan the configuration script for commands relating to interfaces on
hot-inserted cards until the router or switch is restarted. These interfaces must be
configured manually.
The router or switch does not update the MAC address of any hot-swapped Ethernet
interface until the router or switch is restarted.
The SHOW INTERFACE command is modified to show “Swapped out” in the
ifOperStatus column for dormant interface instances.
All other commands that show or set board or interface properties behave as if
swapped-out boards and interfaces do not exist. Commands that operate on
multiple boards or interfaces skip swapped-out boards and interfaces, and
commands to which a dormant interface is specified explicitly fail in their
usual way for a non-existent interface.
Figure 1: Example output from the SHOW INTERFACE command.
----------------------------------------------------------------------------- 1 eth0 Up Up 00:00:03
2 eth1 Up Down 00:00:00
3 bri0 Up Swapped out 00:00:43
4 eth2 Up Swapped out 00:00:42
Table 1: New parameter displayed in the output of the SHOW INTERFACE
command.
ParameterMeaning
ifOperStatusThe current operational state of the interface; one of “Up”,
”Down”, “Testing”, or “Swapped Out”.
Domain Name Server Enhancements
Software Release 2.3.1 includes two enhancements to Domain Name Server
(DNS) functionality:
■
The router can now store recently obtained DNS information in a cache.
■
The router can now be configured to use a range of DNS servers. Server
selection is based on the host name that is being resolved.
DNS Caching
DNS caching allows the router to store recently requested domain or host
addresses so they can be quickly retrieved if an identical DNS request is
received. DNS caching reduces traffic on the Internet and improves
performance for both DNS and DNS relay under heavy usage. The DNS cache
is of a limited size, and times out entries after a specified period of up to 60
minutes.
Software Release 2.3.1
C613-10325-00 REV B
When a domain or host is requested, the cache is searched for a matching entry.
If a match is found, a response is sent to the requesting PC or host. If a
matching entry is not found, a request will be sent to a remote server.
First, add a DNS server to the list of DNS servers used to resolve host names
into IP addresses, using the command:
ADD IP DNS [DOMAIN={ANY|domain-name}] {INTERFACE=interface|
PRIMARY=ipadd [SECONDARY=ipadd]}
8Release Note
If the DNS servers have already been configured, the configuration
information can be set using the command:
SET IP DNS [DOMAIN={ANY|domain-name}] {INTERFACE=interface|
[PRIMARY=ipadd] [SECONDARY=ipadd]}
For example, to add or set the IP addresses of the default primary and
secondary name servers to 192.168.20.1 and 192.168.20.2 respectively, use the
commands:
ADD IP DNS PRIMARY=192.168.20.1 SECONDARY=192.168.20.2
SET IP DNS PRIMARY=192.168.20.1 SECONDARY=192.168.20.2
To set the DNS cache size and timeout values, use the command:
SET IP DNS CACHE [SIZE=cache-entries] [TIMEOUT=cache-max-age]
The name server information can be deleted from the DNS server by using the
command:
DELETE IP DNS
Server Selection
The router can be configured to use a range of DNS servers with different
servers being selected based on the host name being resolved.
The DOMAIN parameter in the ADD IP DNS command allows the user to
specify a suffix that must be present on a host name in order for the name
servers specified by the command to be used.
If the DOMAIN parameter is not specified, the name servers will be used as the
default name servers. All DNS requests that do not match another specified
domain will be sent to the default name servers. This is equivalent to
specifying DOMAIN=ANY.
To add primary and secondary name servers with IP addresses of 202.36.163.1
and 202.36.163.3 respectively, for use as default name servers, use the
command:
ADD IP DNS DOMAIN=ANY PRIMARY=202.36.163.1
SECONDARY=202.36.1.3
These servers will be used for all host names that do not match any of the
domains that are configured with their own set of name servers.
For example, to add primary and secondary name servers with IP addresses of
192.168.10.1 and 192.168.10.2 respectively, for use when resolving host names
in the domain apples.com, use the command:
ADD IP DNS DOMAIN=apples.com PRIMARY=192.168.1.1
SECONDARY=192.168.1.2
If a request is sent for the domain www.fruit.apples.com, the DNS servers at
192.168.1.1 or 192.168.1.2 will be used, as the domain matches apples.com.
If a request is sent for the domain ftp.fruitpunch.apples.com, the DNS servers at
192.168.1.1 or 192.168.1.2 will also be used, as the domain matches apples.com.
If a request is sent for the domain www.armadillo.com, the domain does not
match apples.com, so the ANY servers 202.36.1.1 or 202.36.1.3 will be used.
Software Release 2.3.1
C613-10325-00 REV B
Software Release 2.3.19
Automatic Nameserver Configuration
The primary and secondary name server ’s addresses can either be statically
configured as above, or learned dynamically over an interface. Name servers
can be learned via DHCP over an Ethernet interface or via IPCP over a PPP
interface. The interface is specified using the command:
ADD IP DNS [DOMAIN={ANY|domain-name}] INTERFACE=interface
If no nameservers have been manually configured, and nameserver
configuration is assigned to an interface by either PPP or DHCP, this
configuration will be automatically used for the default nameservers. Name
servers configured in this way are identified by an “*” in the “Domain” column
of the SHOW IP DNS output table. Automatically-configured nameservers can
be deleted or replaced, using the commands:
DELETE IP DNS
SET IP DNS
A deleted automatic configuration may subsequently reappear if the interface
concerned is reset.
Telnet Server Port Number
The listen port for the Telnet server is now configurable, so that it can be
changed from the default value 23.
The LISTENPORT parameter has been added to the SET TELNET command.
The syntax is:
SET TELNET [TERMTYPE=termstring] [INSERTNULL={ON|OFF}]
[LISTENPORT=port]
The LISTENPORT parameter sets the TCP port over which the Telnet server
listens for connections. If this parameter is not used, the default port number is
23.
If the TCP listen port is changed from the default of 23, care must be taken to
ensure that any firewall or IP filtering configurations are matched accordingly.
Triggers for Ethernet Interfaces
Support for Ethernet UP and DOWN triggers on Ethernet interfaces has been
added, as per existing triggers for other interface types. This limitation on the
CREATE TRIGGER and SET TRIGGER commands is removed.
The INTERFACE parameter defines an interface (link) trigger and specifies the
interface to monitor. The EVENT parameter is required for an INTERFACE
trigger. The INTERFACE parameter must be followed by the EVENT
parameter. The CIRCUIT parameter may be used if INTERFACE specifies an
X.25T interface; the CP parameter may be used if INTERFACE specifies a PPP
interface; the DLCI parameter may be used if INTERFACE specifies a Frame
Relay interface. The general trigger parameters may also be specified. The type
of trigger cannot be changed.
ENCO Channels
The ENCO module provides services to user modules via channel pairs. A user
module requests a service, specifying any configuration needed for the service,
and is attached to an ENCO channel pair if the service and free channels are
available. A channel pair consists of an encoding channel and a decoding
channel. An encoding channel is used for compression, encryption,
authentication or Diffie-Hellman key exchange. A decoding channel is used for
decompression, decryption or authentication.
With Software Release 2.3.1, the number of channels available is now
dependent on the amount of RAM on the router or switch. Routers with up to 8
MBytes of RAM (the AR300 Series) can have up to 512 encryption and
compression channels. Routers with 16 MBytes (the AR700 Series) can have up
to 1024 channels, and routers and switches with 32 Mbytes (the Rapier and
AR800 Series) up to 2048 channels. The amount of RAM on a router or switch
can be checked, using the command:
SHOW SYSTEM
The identification number of the lowest and highest channels available can be
displayed, using the command:
SHOW ENCO
Information about all currently active channels, or a particular channel, can be
displayed, using the command:
SHOW ENCO CHANNEL[=channel]
Note that
■
MAC cards have a limit of 128 compression channels
■
If compression is performed by the router’s CPU, because a MAC card is
not installed, the number of compression channels is limited, and must be
configured in the boot configuration script, using the command:
SET ENCO SW PREDCHANNELS=0..4 STACCHANNELS=0..4
On AR300 Series routers the limit is two Predictor channels and four STAC
LZS channels. On all other router and switch models the limit is four
Predictor channels and four STAC LZS channels. By default no compression
channels are configured.
Software Release 2.3.1
C613-10325-00 REV B
Software Release 2.3.111
IP Security (IPsec) Source Interface and
Enhancements
A source interface can now be specified for tunnelled IPsec traffic. The
performance of IPsec is also enhanced, and more simultaneous IPsec tunnels
are supported, because of the increase in ENCO channels.
A new SRCINTERFACE parameter has been added to the SET and CREATE
IPSEC POLICY commands. The SRCINTERFACE parameter specifies which
interface on the router will be used as the source interface for tunnelled IPsec
traffic. If the SRCINTERFACE parameter is not specified, the router defaults to
the INTERFACE parameter.
The syntax for these commands is now:
SET IPSEC POLICY=name [ACTION={DENY|IPSEC|PERMIT}]