for AR415S, AR440S, AR441S, AR442S, AR450S, AR725, AR745, AR750S, AR750S-DP, and AR770S routers and
AT-8600, AT-8700XL, Rapier i, Rapier w, AT-8800, AT-8900, x900-48, AT-9900, and AT-9800 Series switches
This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 291-10 for Software Version 2.9.1. Version
details are listed in the following table:
ModelsSeriesRelease FileDateSize (bytes)GUI file
AR415S, AR440S, AR441S, AR442S, AR450SAR40054291-10.rez24 July 20074946220415s_291-10_en_d.rsc
440s_291-10_en_d.rsc
441s_291-10_en_d.rsc
442s_291-10_en_d.rsc
450s_291-10_en_d.rsc
AR750S, AR750S-DP, AR770SAR7x0S55291-10.rez24 July 20074074888750s_291-10_en_d.rsc (AR750S and AR750S-DP)
AR725, AR745AR7x552291-10.rez24 July 20074114292_725_291-10_en_d.rsc
_745_291-10_en_d.rsc
AT-8624T/2M, AT-8624PoE, AT-8648T/2SPAT-86 00sr291-10.rez24 July 200724682168624t_291-10_en_d.rsc
8624poe_291-10_en_d.rsc
8648t_291-10_en_d.rsc
AT-8724XL, AT-8748XLAT-8700XL87291-10.rez24 July 200724111288724_291-10_en_d.rsc
8748_291-10_en_d.rsc
Rapier 24i, Rapier 48i, Rapier 16fiRapier i86291-10.rez24 July 20074587048r24i_291-10_en_d.rsc
r16i_291-10_en_d.rsc
r48i_291-10_en_d.rsc
Rapier 48wRapier w86291-10.rez24 July 20074587048-
Enabling and Installing this Release2
ModelsSeriesRelease FileDateSize (bytes)GUI file
AT-8824, AT-8848AT-88 0086291-10.rez24 July 200745870488824_291-10_en_d.rsc
AT-9924T, AT-9924SP, AT-9924T/4SPAT-99 0089291-10.rez24 July 200748842169924_291-10_en_d.rsc
AT-9812T, AT-9816GBAT-9800sb291-10.rez24 July 200739883449812_291-10_en_d.rsc
x900-4889291-10.rez24 July 20074884216-
9816_291-10_en_d.rsc
Caution: Using a maintenance version on the wrong model may cause unpredictable results, including disruption to the network.
This maintenance release note should be read in conjunction with the following documents:
■the Release Note for Software Version 2.9.1, available from www.alliedtelesis.co.nz/documentation/relnotes/relnotes.html, which describes the new
features since Version 2.8.1
■your router or switch’s Document Set for Software Release 2.9.1. This document set is available on the CD-ROM that shipped with your router or switch, or
from www.alliedtelesis.co.nz/documentation/documentation.html
Caution: Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesis, Inc. While every
effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesis, Inc. can
not accept any type of liability for errors in or omissions arising from the use of this information.
Enabling and Installing this Release
To use this maintenance release you must have a base release license for Software Release 2.9.1. Contact your distributor or reseller for more information about
licences. To enable this release and install it as the preferred release, use the commands:
enable rel=xx291-10.rez num=2.9.1
set install=pref rel=xx291-10.rez
where xx is the prefix to the filename, as shown in the table on page 1. For example, to install the release on an x900-48FE switch, use the commands:
enable rel=89291-10.rez num=2.9.1
set install=pref rel=89291-10.rez
Version 291-10
C613-10488-00 REV G
Levels3
Levels
Some of the issues addressed in this Maintenance Version include a level number. This number reflects the importance of the issue that has been resolved. The
levels are:
Level 1This issue will cause significant interruption to network services, and there is no work-around.
Level 2This issue will cause interruption to network service, however there is a work-around.
Level 3This issue will seldom appear, and will cause minor inconvenience.
Level 4This issue represents a cosmetic change and does not affect network operation.
Version 291-10
C613-10488-00 REV G
Features in 291-104
Features in 291-10
Software Maintenance Version 291-10 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■“Y” indicates that the resolution is available in Version 291-10 for that product series.
■“–” indicates that the issue did not apply to that product series.
Level 1
No level 1 issues
Level 2
CRModuleLevelDescription
CR00016759
CR00018655
CR00018656
Version 291-10
C613-10488-00 REV G
Switching,
DHCP
Snooping
IP Gateway2If the user did not specify the destination and dmask parameters when
2Enabling DHCP snooping (correctly) adds a hardware filter to all untrusted
ports, to block all IP traffic coming from those ports. Previously, disabling
DHCP snooping did not delete these filters. This meant that the switch
dropped all IP traffic from the previously-untrusted ports until the switch
was restarted.
Also, attempting to manually delete the hardware filters did not actually
remove them.
These issues have been resolved. The switch now removes the filters if you
disable DHCP snooping or manually delete the filters.
entering the set ip filter command, the destination and dmask of the
filters were reset to any.
Also, it was not possible to delete an IP filter by using the delete ip filter
command, even when all required parameters were present.
These issues have been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
--------YY-
YYYYYYYYYYY
Features in 291-105
CRModuleLevelDescription
CR00018663
Switching2The resolution to CR 444 meant that packets processed by the CPU are now
subjected to the same filtering as packets switched in hardware. However,
this filtering did not always return the expected results. Sometimes its IP
address matching was incorrect, and it did not correctly process filters with
an action of nodrop.
These issues have been resolved.
CR00018691
OSPF2On a router or switch with OSPF redistribution enabled, OSPF did not
redistribute the interface route when an interface came up (for example,
after a reboot).
This issue has been resolved.
CR00018693
QoS2QoS policies, traffic classes, and flow groups could not have an ID number
of 0 (zero).
This issue has been resolved.
CR00018778
IP NAT, Firewall2When using IP NAT, the router or switch would reboot when processing
TCP SYN packets.
This issue only occurred with IP NAT, which is configured by using the add ip nat command. It did not occur with firewall NAT.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
---YYYYY---
YYYYYYYYYYY
- - - YYYYYYYY
YYY--------
Version 291-10
C613-10488-00 REV G
Level 3
Features in 291-106
CRModuleLevelDescription
CR00018514
Ping3Traceroute (the trace command) did not work. It returned the error “The
destination is either unspecified or invalid” even if the destination was
reachable.
This issue has been resolved.
Level 4
No level 4 issues
Enhancements
No enhancements
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
Version 291-10
C613-10488-00 REV G
Features in 291-097
Features in 291-09
Software Maintenance Version 291-09 includes the enhancement in the following table, which is available for x900-48FE and x900-48FE-N switches.
Level 1-4
No level 1-4 issues
Enhancements
CRModuleLevelDescription
CR00018530
Core-CPU fan monitoring is now disabled by default on x900-48FE and
x900-48FE-N switches. Monitoring the fan is unnecessary unless an
accelerator card is installed on the switch, so disabling monitoring reduces
the number of messages that the switch displays and logs.
To enable monitoring, use the command:
enable cpufanmonitoring
To disable it again, use the command:
disable cpufanmonitoring
When monitoring is enabled, the command show system displays the
CPU fan status in the entry labelled “Main fan”.
Note that this behaviour is already available on AT-8948 switches.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
--------Y--
AT-9800
Version 291-10
C613-10488-00 REV G
Features in 291-088
Features in 291-08
Software Maintenance Version 291-08 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■“Y” indicates that the resolution is available in Version 291-08 for that product series.
■“–” indicates that the issue did not apply to that product series.
Level 1
No level 1 issues
Level 2
CRModuleLevelDescription
CR00000444
CR00000484
CR00001231
Version 291-10
C613-10488-00 REV G
Switching,
IGMP,
IP Gateway
Switching2When a nodrop action was specified on a port as part of an L3 filter, it was
Firewall2The router or switch sometimes recorded more events in its deny event
2If a packet should have matched a hardware filter with a deny action and
have been discarded, but an IP routing entry had not yet been learnt for the
packet, then the packet was not discarded.
This issue has been resolved and the packet is now discarded.
observed that the port was still dropping packets. This was observed after
the ARP entry for the destination IP expired from the switch’s L3 table.
This issue has been resolved.
queue than was specified by the detail parameter of the set firewall policy attack command.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
---YYYYY---
---YYYYY---
YYYYYY- - - - Y
Features in 291-089
CRModuleLevelDescription
CR00003495
Classifier2The following issues existed with classifiers:
■ classifiers matching protocol=ipv6 and ipprotocol=icmp could be
created more than once
■ classifiers matching protocol=ipv6 and ipprotocol=1 could be created
but were meaningless because 1 represents IPv4 ICMP
■ classifiers matching protocol=ip and ipprotocol=58 could be created
but were meaningless because 58 represents IPv6 ICMP.
These issues have been resolved.
Also, classifiers now default to protocol=ip (IPv4) if:
■ no value is specified for the protocol parameter, or
■ protocol=any and ipprotocol=icmp.
CR00004018
VLAN2Removing then re-adding ports to a Nested VLAN, with rapid STP enabled,
caused the port in the Alternate Discarding state to leak a small number of
packets.
This issue has been resolved.
CR00005472
BGP2When BGP was in the OpenSent state and it received an out-of-sequence
message (such as a KeepAlive message), BGP would return to the Idle state.
This issue has been resolved. BGP now sends a notification message to the
other BGP peer, as expected.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
---------Y-
YYYYYY- - YYY
CR00005812
Version 291-10
C613-10488-00 REV G
IP Gateway2When the router or switch received an IP packet whose length was greater
than the MTU on the outgoing link, and the packet contained an IP option
that was not designed to be fragmented (such as Timestamp), then the
resulting constituent fragments would have incorrect IP header lengths.
This could lead to data corruption.
On routers, this issue applied to all routed packets. On switches, it applied
to packets processed by the CPU, not to packets switched in hardware.
This issue has been resolved.
YYYYYYYYYYY
Features in 291-0810
CRModuleLevelDescription
CR00007178
RIPng2The following issues occurred with RIPng:
■ RIPng dropped requests from peers with non link-local addresses.
■ for a solicited response, if the routes did not exist on the device, RIPng
returned a metric of 0 for them instead of returning a metric of 16
■ RIPng performed split-horizon checking for solicited responses
■ RIPng used the link-local address to respond to all requests, even if the
request used a non link-local address and therefore the reply should
have also used a non link-local address
These issues have been resolved.
CR00008847
Install, MIB2Previously, the MIB objects configFile and createConfigFile would return the
current configuration file, and the MIB object currentConfigFile would
return 'no such object'.
This issue has been resolved. The objects configFile and createConfigFile
now return the boot configuration file. The object currentConfigFile now
returns the current configuration file.
CR00009473
Classifier2The output of the show classifier=number command did not show the
protocol number.
This issue has been resolved.
CR00010654
Firewall2When adding a firewall application rule, it was possible to specify FTP as the
application but not specify the command parameter. This meant that the
rule would allow all FTP commands through, even if action=deny had
been specified.
This issue has been resolved by making the command parameter
mandatory when the application is specified as FTP.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
YYYYYYYYYYY
YYYYYYYYYYY
YYYYYY- - - - Y
CR00010951
Version 291-10
C613-10488-00 REV G
PPP2If the router or switch received an LCP packet with an unrecognised code,
it responded with a CodeReject packet of incorrect length that did not
respect the established MRU of the peer.
This issue has been resolved.
YYYYYY- - YYY
Features in 291-0811
CRModuleLevelDescription
CR00010967
PPP2If the router or switch received an LCP packet with an unrecognised
protocol, it responded with a ProtocolReject packet of incorrect length that
did not respect the established MRU of the peer.
This issue has been resolved.
CR00010968
PPP2When the established Maximum Receive Unit (MRU) of the remote PPP peer
was greater than the established MRU of the local PPP peer, Echo Reply
packets did not respect the established MRU of the remote peer.
This issue has been resolved.
CR00011231
Core2In most circumstances the stack dump for an AR7x5 router was invalid and
did not contain complete information about the cause of a reboot.
This issue has been resolved.
CR00012218
VPN, GUI2Enabling VPN (IPsec) on the GUI caused the GUI VPN page to stop
displaying information about some or all of the existing VPN policies.
This issue has been resolved.
CR00012727
OSPF2Sometimes when a type 7 external LSA was translated to a type 5 external
LSA the forwarding address was set to 0.0.0.0 in the translated type 5 LSA.
This issue has been resolved, so that the forwarding address is always
copied from the type 7 LSA being translated.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
YYYYYY- - YYY
-Y---------
Y-Y--------
YYYYYYYYYYY
CR00012751
Version 291-10
C613-10488-00 REV G
OSPF2When the router or switch is acting as an area border router and one of the
areas is an NSSA (Not So Stubby Area), the router or switch will create a
default route for the NSSA and inject this into the NSSA. Previously, the
router or switch was also redistributing this route into other areas as a static
route when static route redistribution was turned on. This was not desirable
behaviour.
This issue has been resolved.
YYYYYYYYYYY
Features in 291-0812
CRModuleLevelDescription
CR00012871
TTY2Unexpected characters could appear on the terminal emulator display
when the column size was set greater than 80 and the user edited a
command that spanned more than one line of the display.
This issue has been resolved.
CR00013597
DVMRP,
Frame Relay
2If a frame relay interface was configured as a DVMRP interface, then the
DLC value was not correctly generated in output of the command show
config dynam or in the configuration script generated by the command
create config.
This issue has been resolved.
CR00013660
Core, SNMP2Previously, SNMP returned an incorrect product ID number for AR750S-DP
routers.
This issue has been resolved. The value of the sysObjectID object is now 80
for AR750S-DP routers.
CR00013735
LACP,
Switching
2When moving ports from an LACP-controlled trunk to a manually-
configured trunk, ports were incorrectly set in an STP blocking state.
Therefore, traffic would not flow over the trunk.
This issue has been resolved.
Note: When you move ports from an LACP-controlled trunk to a manuallyconfigured trunk, you must delete the ports from LACP.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
YYYYY- - - - - -
--Y--------
--------YY-
CR00013763
Version 291-10
C613-10488-00 REV G
OSPF2If the obsolete command set ospf rip=both was entered, the router or
switch correctly automatically replaced it with the following two
commands in the dynamic configuration:
add ospf redistribute protcol=rip
set ospf rip=export
However, if the command create config was used to save the
configuration, after system start-up the configuration file did not contain
the command add ospf redistribute protocol=rip. This meant that OSPF
stopped redistributing RIP routes after a reboot.
This issue has been resolved.
YYYYYYYYYYY
Features in 291-0813
CRModuleLevelDescription
CR00013778
CR00013893
CR00013982
CR00014044
CR00014146
CR00014230
IPv62If a user shortened the prefix length of an IPv6 interface address, then
lengthened it, it became impossible to change the prefix length again.
This issue has been resolved.
MSTP2Executing the commands disable mstp port=number or enable mstp
port=number would not disable or enable the port on all MSTIs.
This issue has been resolved.
L2TP2An L2TP call could be deleted when still attached to the PPP interface.
Doing this caused the router or switch to reboot.
This issue has been resolved.
IGMP2When large numbers of multicast streams were passing through the switch
and there was no multicast routing protocol running (such as PIM or
DVMRP), the CPU would experience regular periods of extended high
utilisation. This could result in lost control packets and network instability.
This issue has been resolved.
TTY2When a file was redirected (for example, by a trigger), if the mail hostname
was not available or not configured, the router or switch would reboot.
This issue has been resolved.
TTY2If the built-in editor was used to delete the last line of a file, the router or
switch could reboot.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
- - - YYYYYYY-
YYYYY- - - - - -
----------Y
YYYYYYYYYYY
YYYYYYYYYYY
CR00014295
CR00014320
Version 291-10
C613-10488-00 REV G
IGMP2IGMP snooping would process IGMP protocol packets that had incorrect IP
TTL fields (i.e. that had values other than 1).
This issue has been resolved.
OSPF2Occasionally, when OSPF was started, not all the Type-7 LSAs were
translated into Type-5 LSAs.
This issue has been resolved.
Y- YYYYYYYYY
YYYYYYYYYYY
Features in 291-0814
CRModuleLevelDescription
CR00014827
PIM62If an IPv6 accelerator was used, and the upstream router forwarded IPv6
multicast data just before the prune limit timer expired, then the
downstream router sometimes did not send the prune until significantly
after the timer expired.
This issue has been resolved.
CR00015169
MSTP, GUI2Using the web-based GUI to set the Point-to-Point Link in the MSTP CIST
Port configuration to a non-default value would generate an error.
This issue has been resolved.
CR00015805
ISAKMP, IPv62During the boot up, the router or switch waited 5 seconds before
beginning ISAKMP prenegotiation. For VPN tunnels over IPsec for IPv6, this
was not long enough for the router or switch’s interfaces to come up before
prenegotiation began.
Also, the router or switch did not obtain the most recent active ISAKMP SA
when multiple SAs existed.
These issues have been resolved. The router or switch now waits 6 seconds,
and obtains the most recent SA and uses that for Phase 2 negotiations.
CR00015964
Switching2If the switch had a large number of routes in its forwarding database (FDB),
and the command show switch fdb was used to display the contents of
the FDB, and the switch’s CPU was busy at the time, then the switch
sometimes rebooted.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
--------YY-
- - - YYYYYYY-
YYYYYY- - - - -
--------YY-
CR00016262
CR00016340
Version 291-10
C613-10488-00 REV G
Load2When attempting to upload files from the switch using TFTP to an IPv4
server address, the router or switch reported an error if IPv6 was not
enabled. It was not possible to upload files using TFTP to an IPv6 server
address at all.
These issues have been resolved.
DHCP
Snooping
2DHCP Snooping has been enhanced to operate in a customised VLAN ID
translation (VID translation) environment. Previously, DHCP Snooping was
not supported with VID translation.
This issue has been resolved.
YYYYYY- - YYY
- - - YYYYYYY-
Features in 291-0815
CRModuleLevelDescription
CR00016587
IPv62The timer that governs the interval between repeated neighbour
solicitation messages could only be configured by using the ndretrans
parameter of the set ipv6 nd command, and not through router
advertisements that the router or switch received from other routers.
This issue has been resolved. Instead of using the ndretrans parameter of
the command set ipv6 nd, use the retrans parameter to configure the
timer interval. Also,routers or switches acting as hosts will now correctly
update their timer values to the value specified in any router advertisements
that they receive.
CR00016592
DHCP62Previously, it was possible to enter the incomplete commands delete
dhcp6 policy=name or set dhcp6 policy=name without specifying any
other parameters.
This issue has been resolved. If this is done, the router or switch now
displays the warning:
Warning (2117007): One or more parameters may be missing.
CR00016840
STP2Previously, when the switch was a Spanning Tree root bridge in a network
and a user raised the switch’s root bridge priority enough to stop the switch
from being the root bridge, unnecessary delays in convergence occurred.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
YYYYYY- - YYY
- - - YYYYYYYY
CR00016956
CR00016964
Version 291-10
C613-10488-00 REV G
IP Gateway2The set ip filter command would not accept the protocol parameter.
This issue has been resolved.
ISAKMP2When the router or switch negotiated an IPsec tunnel with RFC3947 NAT-
T, its NAT-OA payload had two bytes of reserved fields after the ID field
instead of the three bytes specified by RFC 3947. This could prevent the
tunnel from working properly when the tunnel was between an Allied
Telesis router or switch and some other vendor.
This issue has been resolved.
YYYYYYYYYYY
YYYYYY- - - - -
Features in 291-0816
CRModuleLevelDescription
CR00016985
ATM2If a PPP instance was destroyed after an attached ATM channel had been
modified using the set atm channel command, the router rebooted. The
router could also reboot if an ATM channel was deleted under similar
circumstances.
This issue has been resolved.
CR00016989
IPsec2AlliedWare IPsec would not interoperate with Microsoft Windows Vista
VPN clients. This was because Microsoft changed the IPSec behaviour in
Vista such that Vista's private local IP address is sent as the local
identification instead of an FQDN. When an IPSec tunnel between
AlliedWare and Vista was brought up, the hosts could not communicate.
This issue has been resolved. AlliedWare IPsec can now communicate with
peers that send their private local IP address as the local identification.
CR00017081
Classifier2The show classifier command did not allow users to display only the
classifiers that had their IP source address and MAC source address
parameters set to dhcpsnooping.
This issue has been resolved. For example, the command show classifier ipsa=dhcpsnooping now displays those classifiers that have their IP
source address set to dhcpsnooping.
Also, it is no longer possible to create two identical classifiers with DHCP
snooping parameters.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
Y----------
YYYYYY- - - - -
--------YY-
CR00017093
Version 291-10
C613-10488-00 REV G
Firewall2When the router was acting as a firewall and performing DNS relay, it used
the local IP interface private address as the source address for some packets
that it sent out the public interface. When the router acts as a DNS relay, it
receives DNS requests from the private interface and sends a new packet
on the public interface. These new packets were given the wrong address.
This issue has been resolved. Such packets now have their source address
set to the public interface address as required.
YYYYYY- - - - Y
Features in 291-0817
CRModuleLevelDescription
CR00017226
IPsec2If an IPsec tunnel with no encryption (NULL) was negotiated in AlliedWare
over NAT-T, the ESP packets did not contain an RFC 3948 compliant
checksum. This means that some vendors may have discarded packets sent
by the AlliedWare peer over such a tunnel.
This issue has been resolved.
Note the null encryption is useful for debugging the traffic over an IPsec
tunnel and should not be used in a working IPsec solution.
CR00017227
IPsec2An IPSec checksum recalculation error occurred with UDP traffic when the
ESP encapsulation was added.
This issue has been resolved.
CR00017255
Switching2Previously, trunk members were given the STP state in hardware of port 1,
instead of having the STP state of the lead port in the trunk. The software
state (as displayed with the command show stp port) was correct.
This issue has been resolved.
CR00017256
Switching2When using multi-homed IP interfaces on a VLAN, it was possible that L3
hardware switching would stop for all multi-homed interfaces on that
VLAN, if one of the multi-homed interfaces was removed or went into an
administratively down state.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - - - -
YYYYYY- - - - -
---YYYYY---
--------YY-
CR00017337
Version 291-10
C613-10488-00 REV G
Switching2It was possible to set up a classifier that matched MPLS frames at layer 2,
but the switch would not correctly match these MPLS frames against the
classifier.
This issue has been resolved. The switch now correctly matches MPLS
frames against such a classifier.
--------YY-
Features in 291-0818
CRModuleLevelDescription
CR00017368
QoS,
DHCP
Snooping
2Some small memory access violations existed in DHCP snooping.
These violations have been resolved.
Also, a new console error message is displayed if a user tries to add a
duplicate classifier to a QoS policy. For example, if traffic class 101 belongs
to policy 2 and a user tries to add a flow group to traffic class 101 when
the flow group’s classifier is number 54 and already belongs to policy 2, the
following message is displayed:
Error (3099297): Duplicate classifier (54) on policy 2.
A similar new log message has also been added, which says:
Duplicate classifier (<number>) found on <string> <number>
Note that a classifier can exist in two separate policies but cannot exist
twice in the same policy.
CR00017456
IP Gateway2The router or switch could reboot when the local interface address had
been specified by using the set ip local command, and then the underlying
interface from which the local interface took its address was either deleted
or had its address changed. In both these cases, the local interface was
correctly reset back to an undefined address, but a route to this address was
not deleted. This could cause routing difficulties and a reboot when packets
for that address were received.
This issue has been resolved. The route is now correctly deleted.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
- - - YYYYYYY-
YYYYYYYYYYY
CR00017488
Version 291-10
C613-10488-00 REV G
Firewall2When a VoIP call using SIP was initiated from the public side of the firewall,
occasionally the firewall created two UDP sessions for the call with different
UDP source ports. This happened if the first packets of the STP (voice data)
stream arrived earlier than the 200 OK message that was supposed to
establish the session. The result was that the public side caller could not
hear the call.
This issue has been resolved.
YYYYYY- - - - Y
Features in 291-0819
CRModuleLevelDescription
CR00017518
ISAKMP2The router or switch sometimes could not establish a VPN when the remote
peer was behind a NAT gateway and the router or switch’s remote ID was
set to default.
This issue has been resolved.
CR00017634
PPP2If a PPPoE AC service had been added, but AC mode had not been enabled
by using the enable ppp ac command, PADI frames were processed
anyway, potentially leading to a reboot.
This issue has been resolved.
CR00017659
TTY2Previously, it was not possible to configure a TTY service on the router (by
using commands like create service).
This issue has been resolved.
CR00017662
Core2Stopping and restarting two fans on the switch in a particular order could
put the fan fault detection mechanism into a state in which the system LED
would not flash for a fan fault.
This issue has been resolved.
CR00017724
IGMP2When the switch had a hardware filter configured that would match and
discard a received IGMP packet, IGMP snooping still processed the packet
and added the details to its snooping database.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - - - -
YYYYYY- - YYY
Y-Y--------
----Y------
---YYYYY---
Version 291-10
C613-10488-00 REV G
Features in 291-0820
CRModuleLevelDescription
CR00017731
IP Gateway,
DHCP
2When the DHCP server was enabled on a router or switch that also had a
local IP interface defined by using the set ip local command, outgoing
DHCP server packets would use the set ip local command's IP address as
their source address. Furthermore, if the broadcast flag was set to TRUE in
the DHCP Discover message that the server was replying to, then the server
would send the DHCP Offer packet out the wrong IP interface with the
wrong source IP address. Microsoft Windows Vista has the broadcast flag
set to TRUE.
These issues have been resolved. The DHCP server configuration now
ignores any local IP interfaces set by using the set ip local command, and
the server now sends the Offer message out the interface that it received
the Discover on.
CR00017749
Switching2If a multicast route had an odd number of downstream interfaces attached
to it, and the last downstream interface was deleted, the second to last
downstream interface could experience a loss of packets.
This issue has been resolved.
CR00017816
PIM2PIM would sometimes start forwarding duplicate packets from the RP to
downstream interfaces if the SPT Bit had been set and had become unset.
This issue has been resolved.
CR00017906
VLAN, MSTP2If ports were removed from a VLAN and MSTP was enabled, then the port
removal was not included in the configuration displayed by the command
show config dynam or saved by the command create config.
create pki keyupdate) only worked if their parameters were entered in a
particular order.
This issue has been resolved.
3The command add fire policy=name rule=number act=allow int=int
ip=ipadd list=filename would incorrectly be rejected, with an error
message stating that list and ip were mutually exclusive.
This issue has been resolved, so that list and ip can be used together in the
same firewall rule.
TACA CS+3If TACACS+ was used for authentication and the TACACS+ server went
down during an authentication attempt, the router or switch added the
attempted login names to the TACACS+ user list (as displayed in output of
the show tacplus user command). However, the router or switch correctly
did not log users in with those names.
This issue has been resolved.
IP Gateway3Sometimes an incorrect error message was printed if a user tried to enable
IP multicast switching on a device that did not support it.
This issue has been resolved.
Firewall3The firewall message “Port scan from <source> is underway” was repeated
more times than messages about other attack events. This could cause
confusion.
This issue has been resolved. The message is now displayed with the same
frequency as other firewall attack event messages.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
YYYYYY- - - - Y
YYYYYYYYYYY
---YYYYY---
YYYYYY- - - - Y
CR00003356
Version 291-10
C613-10488-00 REV G
Firewall3The firewall sometimes did not report that an attack had finished until
several minutes after it actually finished.
This issue has been resolved.
YYYYYY- - - - Y
Features in 291-0822
CRModuleLevelDescription
CR00004004
File3The show file command did not check whether the specified file system
was valid. If an invalid file system type was entered (such as show file=abc:*.*), the router or switch reported that no files found instead of
reporting that the file system abc did not exist.
This issue has been resolved.
CR00005048
GUI3The following issues occurred with the GUI:
■ the menu item and related page title for configuring PPPoE and PPPoA
interfaces was incorrectly named “PPP”. This issue has been resolved by
changing the names to “PPPoE / PPPoA”.
■ the UPnP selection option on the firewall pages did not work. This issue
has been resolved.
Note that if you want to use the GUI to configure a PPP interface over ISDN,
use the Dial-up menu option to do so.
CR00005187
LACP3If a user attempted to enable LACP on AT-9800 series switches—which do
not support LACP—the switch incorrectly said that the module had been
enabled.
This issue has been resolved. The switch now displays an error message
instead.
CR00005894
Classifier3Previously, a classifier with protocol=ip matched both IPv4 and IPv6
packets when used with software QoS, instead of only matching IPv4
packets.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
Y-Y--------
----------Y
YYYYY- - - - - -
CR00005940
Version 291-10
C613-10488-00 REV G
BGP3There were several cases in BGP where an error was discovered in an
incoming packet, but the incorrect error subcode was reported in the
accompanying NOTIFICATION message. Also, NOTIFICATION messages did
not contain the aberrant data in their data fields, as required by the RFC.
These issues have been resolved.
YYYYYY- - YYY
Features in 291-0823
CRModuleLevelDescription
CR00006303
SNMP3On AR725 and AR745 routers, which have no VLAN support, an SNMP Get
request for dot1qMaxVlanId or dot1qMaxSupportedVlans incorrectly
returned a value.
This issue has been resolved.
CR00006613
Bridge3Predefined bridge protocols XEROX PUP and PUP Addr Trans with the
encapsulation of EthII and protocol type 0x0200 and 0x0201 are invalid
and obsolete, since they are less than the minimum ETHII protocol type of
1500 (decimal). Bridging with these protocols could cause the router to
reboot.
This issue has been resolved by replacing the predefined protocol types with
the more modern equivalents 0x0a00 and 0x0a01. Also, if you enter a
protocol type less than the minimum, the router now displays an error
message.
CR00007394
GUI3When a user used the GUI to attempt to delete a local interface that was in
use by another protocol, the operation (correctly) failed, but the GUI did not
display an error message to explain the failure.
This issue has been resolved.
CR00007404
MSTP3If a network running MSTP was connected to a network running RSTP and
MSTP message debugging was enabled on a switch, the debug output
could loop for a very long time with invalid data.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
-Y---------
YYY--------
YYYY- YYY- YY
- - - YYYYYYY-
CR00007926
Version 291-10
C613-10488-00 REV G
Switching,
IP Gateway
3The x900 series switches did not send an ICMP Redirect packet when they
received a packet and the route to the packet’s destination was back to the
packet’s sender. The switches routed the packet back to the source but did
not send an ICMP Redirect message.
This issue has been resolved. The x900 series switches now send an ICMP
Redirect message.
--------Y--
Features in 291-0824
CRModuleLevelDescription
CR00008122
TTY3When prompted to enter a file name while using the command line file
editing utility, no more than 23 characters could be typed, even if the
existing characters were deleted using the backspace key.
This issue has been resolved.
CR00008378
Firewall3The command enable firewall notify=port port=asyn-number was not
available on switches, only on routers. If a user created a configuration on
a router and used this option, the configuration had to be modified if
transferred to a switch.
This issue has been resolved. The notify=port option and the port
parameter are now available on switches. However, these port parameters
have been deprecated in favour of the asyn parameters, so warning
messages are printed to indicate this if the commands are used.
CR00009086
Switching3When the commands enable switch port=number automdi and
disable switch port=number automdi were executed from a telnet
session, some INFO messages were output to the asyn0 console session
instead of the telnet session.
This issue has been resolved.
CR00010144
STP, SNMP3Previously, newRoot and topologychange traps (located at
1.3.6.1.2.1.17.0) were only generated by the bridging module.
This has been extended to the STP module. Please note that this applies
only to standard STP, not Rapid STP.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
---YYY----Y
--------YY-
- - - YYYYYYYY
CR00010229
Version 291-10
C613-10488-00 REV G
Install, SNMP3Previously, MIB objects instRelMajor, instRelMinor and instRelInterim values
were only correct for bootrom (default) builds.
This issue has been resolved. Now the correct values are returned for these
objects when the current install matches the temporary or preferred install.
YYYYYYYYYYY
Features in 291-0825
CRModuleLevelDescription
CR00010306
Install3If a user attempted to enter a filename with an invalid format, the resulting
error message did not correctly describe the format that should have been
used. Also, the router or switch returned an incorrect error message when
a user attempted to delete a non-existent release licence file.
These issues have been resolved.
CR00010315
BGP3Previously, it was possible to enter bad BGP peer IP addresses, such as
0.x.x.x, 127.x.x.x and 255.255.255.255.
This issue has been resolved.
CR00010465
Switching3The “?” help for the command show switch sock=con inst=value
showed a maximum value of 4294967295.
This issue has been resolved. Valid instance values are 0 and 1.
CR00010538
Firewall3When firewall events were recorded in the Notify queue (displayed in
output of the command show firewall event=notify), the IP address
shown would be the address of the very first packet that belonged to that
event flow. For example, if 64 host scan packets were required to trigger a
host scan event and the first packet had a target IP of 1.1.1.1 and the 64th
had an IP of 1.1.1.64, then the IP address recorded would be 1.1.1.1, even
though the event was not actually recorded until the 64th packet arrived.
Additionally, the source and destination ports in this display would always
show as 0.
These issues have been resolved.The IP addresses shown are now those of
the particular packet that triggered the event notification, and the source
and destination ports match the actual ports used by that packet.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
YYYYYY- - YYY
---YYYY----
YYYYYY- - - - Y
CR00010976
Version 291-10
C613-10488-00 REV G
PPP3If the router or switch received an Echo-Request that did not comply with
RFC 1661, it processed and replied to the Echo-Request.
This issue has been resolved. Non-complying Echo-Requests are now
ignored.
YYYYYY- - YYY
Features in 291-0826
CRModuleLevelDescription
CR00010979
PPP3PPP incorrectly ACKed a LCP ConfigureRequest containing the Magic-
Number option with a value of 0.
This issue has been resolved.
CR00010984
PPP3If the router or switch received an incorrectly formatted PAP request packet,
it used to process the packet. This issue has been resolved—now it silently
discards the packet.
Also, if the router or switch received a PAP request packet with a zero
length user ID, it used to send the packet to the authentication database.
This issue has been resolved—now it NAKs the packet.
CR00011223
Core3On AT-8948 and AT-9924SP switches with an empty PSU bay, an SNMP
walk through of the fanAndPsPsuStatusTable would display lines for the
non-existent PSU, with the value of “no such instance”.
This issue has been resolved. The walk through now only includes installed
PSUs.
CR00011259
GUI3Some of the features supported in the web-based GUI did not have a
complete set of online help pages generated for them.
This issue has been resolved.
CR00011315
IP Gateway3When the limit for the number of IP interfaces was reached and a user tried
to add another IP interface over a VLAN, the router or switch displayed the
following misleading error message:
Error (3005273): No more VLAN interfaces may be added.
This issue has been resolved. The error message is now:
Error (3005273): No more IP interfaces over VLANs may be added.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
YYYYYY- - YYY
--------YY-
YYYY- YYY- YY
YYYYYYYYYYY
Version 291-10
C613-10488-00 REV G
Features in 291-0827
CRModuleLevelDescription
CR00011438
Ping3When the router or switch pinged a host whose hostname consisted only
of the digits 0-9 and the letters A-F, it treated the given hostname as a
hexadecimal IPX address even if the hostname was in the host list.
This issue has been resolved. Now, when the router or switch pings a host
using a hostname, it checks the hostname in the host list first. If it does not
find the host in the host list, then it treats the hostname as an IPX address.
CR00011824
Firewall3When a firewall UDP session starts up, the session timeout should be 5
minutes for the first 5 packets of the session, then change to the configured
UDP session timeout value. Previously, the timeout changed after the 6th
UDP packet belonging to that session, instead of after the 5th packet.
This issue has been resolved.
CR00012066
IP Gateway3The command show ip cassi command is obsolete but was still available.
This issue has been resolved. The command has been removed from the
command line. To obtain the same information, use the command show conf dyn=ip.
CR00012168
Classifier3Output of the show classifier command displayed only the hexadecimal
protocol value for IP SNAP, instead of also displaying the protocol name.
This issue has been resolved. The output now displays:
0000000800 (IP SNAP)
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
YYYYYY- - - - Y
YYYYYYYYYYY
YYYYYYYYYYY
CR00012885
CR00013352
Version 291-10
C613-10488-00 REV G
OSPF, GUI3If there were virtual OSPF interfaces, then the OSPF Interfaces GUI page
showed all interfaces as belonging to the backbone area (0.0.0.0).
This issue has been resolved.
STP3The help displayed by the command set stp port=all ? listed some
parameters twice.
This issue has been resolved.
YYYY- YYY- YY
- - - YYYYYYYY
Features in 291-0828
CRModuleLevelDescription
CR00013494
IP Gateway3Once a default local IP address had been set, it could not be deleted. This
was because the default interface does not have an interface number, but
to delete a local interface, the user must specify the interface’s number.
This issue has been resolved, by adding an option called default to the
delete ip local command. To delete the default local interface’s address,
use the command:
delete ip local=default
Note that this resets the interface, including removing its IP address, but
does not remove the interface itself.
CR00013543
DHCP3If a user attempted to add a policy option to a DHCP policy by using the set
command instead of the add command, then the resulting error message
did not clearly indicate the cause of the error.
For example, entering the command:
set dhcp policy=test arptimeout=234
resulted in the error message:
Error (3070061): ARPTIMEOUT not found.
This issue has been resolved. The error message now reads:
Error (3070279): Option ARPTIMEOUT was not found in policy test or
was not added using the ADD DHCP POLICY command.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
YYYYYYYYYYY
CR00013635
CR00013637
Version 291-10
C613-10488-00 REV G
Ping,
Traceroute
Ping,
Traceroute
3In the set trace command, it was possible to specify a minimum TTL value
that was higher than the maximum TTL value.
This issue has been resolved. The minttl and maxttl parameter are now
checked to ensure that the value of minttl is less than or equal to the value
of maxttl.
3If the value specified for the minimum time-to-live parameter (minttl) of
the traceroute command exceeded the value set for the maximum timeto-live parameter (maxttl), the router or switch would attempt to execute
the trace rather than generate an error message.
This issue has been resolved.
YYYYYYYYYYY
YYYYYYYYYYY
Features in 291-0829
CRModuleLevelDescription
CR00013832
EPSR, SNMP3When a user destroyed an EPSR domain, SNMP Requests returned
information about the domain even though it no longer existed.
This issue has been resolved.
CR00013920
Ping,
Traceroute
3If a user attempted to perform a traceroute without specifying the address
to trace (either in the trace or set trace commands), the router or switch
attempted to trace 0.0.0.0.
This issue has been resolved. The router or switch now displays an error
message.
CR00014103
VRRP, GUI3The VRRP priority could not be modified through the GUI—the priority
option was there but did nothing.
This issue has been resolved.
CR00014137
PPP3A PPPoE Access Concentrator service that had been added by using the
acinterface parameter to specify a VLAN (or by using the deprecated vlan
parameter) could be deleted without specifying the acinterface parameter
(or the deprecated vlan parameter).
This issue has been resolved.
CR00014159
3RSTP (correctly) only uses the top 4 of the available 16 bits for the bridge
priority. If a user enters a value that is not a multiple of 4096, the switch
rounds the value down. Previously, the switch did not inform users when it
rounded the value.
This issue has been resolved. The switch now displays an info message
when it rounds the bridge priority.
Note that this only happens for RSTP. STP uses all 16 bits for the bridge
priority.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
--------YY-
YYYYYYYYYYY
YYYY- YYY- YY
YYYYYY- - YYY
- - - YYYYYYYY
CR00014203
Version 291-10
C613-10488-00 REV G
OSPF3When OSPF was disabled and a BGP redistribution definition existed, then
the obsolete command set ospf bgplimit=limit did not update the limit
in the BGP redistribution definition. This meant that the limit was incorrect
when OSPF was enabled again.
This issue has been resolved.
YYYYYY––YYY
Features in 291-0830
CRModuleLevelDescription
CR00014304
LLDP3The help displayed for the LLDP port parameter (in such commands as
show lldp port=?) incorrectly indicated that the port parameter is a
“string 1 to 255 characters long”. The port parameter is instead an
Ethernet switch port number or a range of numbers.
This issue has been resolved. The help is now correct.
CR00014330
Ping3The maximum value for the delay parameter of the ping command was
too long.
This issue has been resolved by changing the range for the delay from
0-4294967295 to 0-604800. This new maximum is the number of seconds
in one week.
CR00014879
Switching,
RSTP, SNMP
3Previously, an incorrect value was returned for the port number when
responding to an SNMP Request for MIB object dot1dSTPRootPort.
This issue has been resolved.
CR00015466
Core, Install,
PoE
3The output of the show cpu command on the AT-8624POE switch showed
relatively high CPU usage when the device was idle.
This issue has been resolved.
CR00016183
File3If a user attempted to delete a locked file, such as the currently-installed
GUI resource file, the router or switch displayed both an operation error
message and an operation successful message.
This issue has been resolved by removing the incorrect operation successful
message.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
Y- YYYYYYYYY
YYYYYYYYYYY
- - - YYYYYYYY
------Y----
YYYYYYYYYYY
CR00016429
Version 291-10
C613-10488-00 REV G
OSPF3Previously, OSPF logged the same message for two separate errors. These
errors were when OSPF rejected a database description message because:
■ the neighbour was in a state of “down” or “attempt”, or
■ the MTU received from the neighbour was larger than the receiving
system could handle.
This issue has been resolved. Separate error log messages are now
generated for these two errors.
YYYYYYYYYYY
Loading...
+ 69 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.