Page 1
Software Maintenance Release Note
Maintenance Version 291-10
for AR415S, AR440S, AR441S, AR442S, AR450S, AR725, AR745, AR750S, AR750S-DP, and AR770S routers and
AT-8600, AT-8700XL, Rapier i, Rapier w, AT-8800, AT-8900, x900-48, AT-9900, and AT-9800 Series switches
This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 291-10 for Software Version 2.9.1. Version
details are listed in the following table:
Models Series Release File Date Size (bytes) GUI file
AR415S, AR440S, AR441S, AR442S, AR450S AR400 54291-10.rez 24 July 2007 4946220 415s_291-10_en_d.rsc
440s_291-10_en_d.rsc
441s_291-10_en_d.rsc
442s_291-10_en_d.rsc
450s_291-10_en_d.rsc
AR750S, AR750S-DP, AR770S AR7x0S 55291-10.rez 24 July 2007 4074888 750s_291-10_en_d.rsc (AR750S and AR750S-DP)
AR725, AR745 AR7x5 52291-10.rez 24 July 2007 4114292 _725_291-10_en_d.rsc
_745_291-10_en_d.rsc
AT-8624T/2M, AT-8624PoE, AT-8648T/2SP AT-86 00 sr291-10.rez 24 July 2007 2468216 8624t_291-10_en_d.rsc
8624poe_291-10_en_d.rsc
8648t_291-10_en_d.rsc
AT-8724XL, AT-8748XL AT-8700XL 87291-10.rez 24 July 2007 2411128 8724_291-10_en_d.rsc
8748_291-10_en_d.rsc
Rapier 24i, Rapier 48i, Rapier 16fi Rapier i 86291-10.rez 24 July 2007 4587048 r24i_291-10_en_d.rsc
r16i_291-10_en_d.rsc
r48i_291-10_en_d.rsc
Rapier 48w Rapier w 86291-10.rez 24 July 2007 4587048 -
Page 2
Enabling and Installing this Release 2
Models Series Release File Date Size (bytes) GUI file
AT-8824, AT-8848 AT-88 00 86291-10.rez 24 July 2007 4587048 8824_291-10_en_d.rsc
8848_291-10_en_d.rsc
AT-8948, AT8948i, x900-48FE, x900-48FE-N,
x900-48FS
AT-9924T, AT-9924SP, AT-9924T/4SP AT-99 00 89291-10.rez 24 July 2007 4884216 9924_291-10_en_d.rsc
AT-9812T, AT-9816GB AT-9800 sb291-10.rez 24 July 2007 3988344 9812_291-10_en_d.rsc
x900-48 89291-10.rez 24 July 2007 4884216 -
9816_291-10_en_d.rsc
Caution: Using a maintenance version on the wrong model may cause unpredictable results, including disruption to the network.
This maintenance release note should be read in conjunction with the following documents:
■ the Release Note for Software Version 2.9.1, available from www.alliedtelesis.co.nz/documentation/relnotes/relnotes.html, which describes the new
features since Version 2.8.1
■ your router or switch’s Document Set for Software Release 2.9.1. This document set is available on the CD-ROM that shipped with your router or switch, or
from www.alliedtelesis.co.nz/documentation/documentation.html
Caution: Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesis, Inc. While every
effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesis, Inc. can
not accept any type of liability for errors in or omissions arising from the use of this information.
Enabling and Installing this Release
To use this maintenance release you must have a base release license for Software Release 2.9.1. Contact your distributor or reseller for more information about
licences. To enable this release and install it as the preferred release, use the commands:
enable rel=xx291-10.rez num=2.9.1
set install=pref rel=xx291-10.rez
where xx is the prefix to the filename, as shown in the table on page 1. For example, to install the release on an x900-48FE switch, use the commands:
enable rel=89291-10.rez num=2.9.1
set install=pref rel=89291-10.rez
Version 291-10
C613-10488-00 REV G
Page 3
Levels 3
Levels
Some of the issues addressed in this Maintenance Version include a level number. This number reflects the importance of the issue that has been resolved. The
levels are:
Level 1 This issue will cause significant interruption to network services, and there is no work-around.
Level 2 This issue will cause interruption to network service, however there is a work-around.
Level 3 This issue will seldom appear, and will cause minor inconvenience.
Level 4 This issue represents a cosmetic change and does not affect network operation.
Version 291-10
C613-10488-00 REV G
Page 4
Features in 291-10 4
Features in 291-10
Software Maintenance Version 291-10 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■ “Y” indicates that the resolution is available in Version 291-10 for that product series.
■ “–” indicates that the issue did not apply to that product series.
Level 1
No level 1 issues
Level 2
CR Module Level Description
CR00016759
CR00018655
CR00018656
Version 291-10
C613-10488-00 REV G
Switching,
DHCP
Snooping
IP Gateway 2 If the user did not specify the destination and dmask parameters when
2 Enabling DHCP snooping (correctly) adds a hardware filter to all untrusted
ports, to block all IP traffic coming from those ports. Previously, disabling
DHCP snooping did not delete these filters. This meant that the switch
dropped all IP traffic from the previously-untrusted ports until the switch
was restarted.
Also, attempting to manually delete the hardware filters did not actually
remove them.
These issues have been resolved. The switch now removes the filters if you
disable DHCP snooping or manually delete the filters.
entering the set ip filter command, the destination and dmask of the
filters were reset to any.
Also, it was not possible to delete an IP filter by using the delete ip filter
command, even when all required parameters were present.
These issues have been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
--------YY-
YYYYYYYYYYY
Page 5
Features in 291-10 5
CR Module Level Description
CR00018663
Switching 2 The resolution to CR 444 meant that packets processed by the CPU are now
subjected to the same filtering as packets switched in hardware. However,
this filtering did not always return the expected results. Sometimes its IP
address matching was incorrect, and it did not correctly process filters with
an action of nodrop.
These issues have been resolved.
CR00018691
OSPF 2 On a router or switch with OSPF redistribution enabled, OSPF did not
redistribute the interface route when an interface came up (for example,
after a reboot).
This issue has been resolved.
CR00018693
QoS 2 QoS policies, traffic classes, and flow groups could not have an ID number
of 0 (zero).
This issue has been resolved.
CR00018778
IP NAT, Firewall 2 When using IP NAT, the router or switch would reboot when processing
TCP SYN packets.
This issue only occurred with IP NAT, which is configured by using the add
ip nat command. It did not occur with firewall NAT.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
---YYYYY---
YYYYYYYYYYY
- - - YYYYYYYY
YYY--------
Version 291-10
C613-10488-00 REV G
Page 6
Level 3
Features in 291-10 6
CR Module Level Description
CR00018514
Ping 3 Traceroute (the trace command) did not work. It returned the error “The
destination is either unspecified or invalid” even if the destination was
reachable.
This issue has been resolved.
Level 4
No level 4 issues
Enhancements
No enhancements
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
Version 291-10
C613-10488-00 REV G
Page 7
Features in 291-09 7
Features in 291-09
Software Maintenance Version 291-09 includes the enhancement in the following table, which is available for x900-48FE and x900-48FE-N switches.
Level 1-4
No level 1-4 issues
Enhancements
CR Module Level Description
CR00018530
Core - CPU fan monitoring is now disabled by default on x900-48FE and
x900-48FE-N switches. Monitoring the fan is unnecessary unless an
accelerator card is installed on the switch, so disabling monitoring reduces
the number of messages that the switch displays and logs.
To enable monitoring, use the command:
enable cpufanmonitoring
To disable it again, use the command:
disable cpufanmonitoring
When monitoring is enabled, the command show system displays the
CPU fan status in the entry labelled “Main fan”.
Note that this behaviour is already available on AT-8948 switches.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
- - - - - - - -Y- -
AT-9800
Version 291-10
C613-10488-00 REV G
Page 8
Features in 291-08 8
Features in 291-08
Software Maintenance Version 291-08 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■ “Y” indicates that the resolution is available in Version 291-08 for that product series.
■ “–” indicates that the issue did not apply to that product series.
Level 1
No level 1 issues
Level 2
CR Module Level Description
CR00000444
CR00000484
CR00001231
Version 291-10
C613-10488-00 REV G
Switching,
IGMP,
IP Gateway
Switching 2 When a nodrop action was specified on a port as part of an L3 filter, it was
Firewall 2 The router or switch sometimes recorded more events in its deny event
2 If a packet should have matched a hardware filter with a deny action and
have been discarded, but an IP routing entry had not yet been learnt for the
packet, then the packet was not discarded.
This issue has been resolved and the packet is now discarded.
observed that the port was still dropping packets. This was observed after
the ARP entry for the destination IP expired from the switch’s L3 table.
This issue has been resolved.
queue than was specified by the detail parameter of the set firewall
policy attack command.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
---YYYYY---
---YYYYY---
YYYYYY- - - - Y
Page 9
Features in 291-08 9
CR Module Level Description
CR00003495
Classifier 2 The following issues existed with classifiers:
■ classifiers matching protocol=ipv6 and ipprotocol=icmp could be
created more than once
■ classifiers matching protocol=ipv6 and ipprotocol=1 could be created
but were meaningless because 1 represents IPv4 ICMP
■ classifiers matching protocol=ip and ipprotocol=58 could be created
but were meaningless because 58 represents IPv6 ICMP.
These issues have been resolved.
Also, classifiers now default to protocol=ip (IPv4) if:
■ no value is specified for the protocol parameter, or
■ protocol=any and ipprotocol=icmp.
CR00004018
VLAN 2 Removing then re-adding ports to a Nested VLAN, with rapid STP enabled,
caused the port in the Alternate Discarding state to leak a small number of
packets.
This issue has been resolved.
CR00005472
BGP 2 When BGP was in the OpenSent state and it received an out-of-sequence
message (such as a KeepAlive message), BGP would return to the Idle state.
This issue has been resolved. BGP now sends a notification message to the
other BGP peer, as expected.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
---------Y-
YYYYYY- - YYY
CR00005812
Version 291-10
C613-10488-00 REV G
IP Gateway 2 When the router or switch received an IP packet whose length was greater
than the MTU on the outgoing link, and the packet contained an IP option
that was not designed to be fragmented (such as Timestamp), then the
resulting constituent fragments would have incorrect IP header lengths.
This could lead to data corruption.
On routers, this issue applied to all routed packets. On switches, it applied
to packets processed by the CPU, not to packets switched in hardware.
This issue has been resolved.
YYYYYYYYYYY
Page 10
Features in 291-08 10
CR Module Level Description
CR00007178
RIPng 2 The following issues occurred with RIPng:
■ RIPng dropped requests from peers with non link-local addresses.
■ for a solicited response, if the routes did not exist on the device, RIPng
returned a metric of 0 for them instead of returning a metric of 16
■ RIPng performed split-horizon checking for solicited responses
■ RIPng used the link-local address to respond to all requests, even if the
request used a non link-local address and therefore the reply should
have also used a non link-local address
These issues have been resolved.
CR00008847
Install, MIB 2 Previously, the MIB objects configFile and createConfigFile would return the
current configuration file, and the MIB object currentConfigFile would
return 'no such object'.
This issue has been resolved. The objects configFile and createConfigFile
now return the boot configuration file. The object currentConfigFile now
returns the current configuration file.
CR00009473
Classifier 2 The output of the show classifier=number command did not show the
protocol number.
This issue has been resolved.
CR00010654
Firewall 2 When adding a firewall application rule, it was possible to specify FTP as the
application but not specify the command parameter. This meant that the
rule would allow all FTP commands through, even if action=deny had
been specified.
This issue has been resolved by making the command parameter
mandatory when the application is specified as FTP.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
YYYYYYYYYYY
YYYYYYYYYYY
YYYYYY- - - - Y
CR00010951
Version 291-10
C613-10488-00 REV G
PPP 2 If the router or switch received an LCP packet with an unrecognised code,
it responded with a CodeReject packet of incorrect length that did not
respect the established MRU of the peer.
This issue has been resolved.
YYYYYY- - YYY
Page 11
Features in 291-08 11
CR Module Level Description
CR00010967
PPP 2 If the router or switch received an LCP packet with an unrecognised
protocol, it responded with a ProtocolReject packet of incorrect length that
did not respect the established MRU of the peer.
This issue has been resolved.
CR00010968
PPP 2 When the established Maximum Receive Unit (MRU) of the remote PPP peer
was greater than the established MRU of the local PPP peer, Echo Reply
packets did not respect the established MRU of the remote peer.
This issue has been resolved.
CR00011231
Core 2 In most circumstances the stack dump for an AR7x5 router was invalid and
did not contain complete information about the cause of a reboot.
This issue has been resolved.
CR00012218
VPN, GUI 2 Enabling VPN (IPsec) on the GUI caused the GUI VPN page to stop
displaying information about some or all of the existing VPN policies.
This issue has been resolved.
CR00012727
OSPF 2 Sometimes when a type 7 external LSA was translated to a type 5 external
LSA the forwarding address was set to 0.0.0.0 in the translated type 5 LSA.
This issue has been resolved, so that the forwarding address is always
copied from the type 7 LSA being translated.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
YYYYYY- - YYY
-Y---------
Y-Y--------
YYYYYYYYYYY
CR00012751
Version 291-10
C613-10488-00 REV G
OSPF 2 When the router or switch is acting as an area border router and one of the
areas is an NSSA (Not So Stubby Area), the router or switch will create a
default route for the NSSA and inject this into the NSSA. Previously, the
router or switch was also redistributing this route into other areas as a static
route when static route redistribution was turned on. This was not desirable
behaviour.
This issue has been resolved.
YYYYYYYYYYY
Page 12
Features in 291-08 12
CR Module Level Description
CR00012871
TTY 2 Unexpected characters could appear on the terminal emulator display
when the column size was set greater than 80 and the user edited a
command that spanned more than one line of the display.
This issue has been resolved.
CR00013597
DVMRP,
Frame Relay
2 If a frame relay interface was configured as a DVMRP interface, then the
DLC value was not correctly generated in output of the command show
config dynam or in the configuration script generated by the command
create config.
This issue has been resolved.
CR00013660
Core, SNMP 2 Previously, SNMP returned an incorrect product ID number for AR750S-DP
routers.
This issue has been resolved. The value of the sysObjectID object is now 80
for AR750S-DP routers.
CR00013735
LACP,
Switching
2 When moving ports from an LACP-controlled trunk to a manually-
configured trunk, ports were incorrectly set in an STP blocking state.
Therefore, traffic would not flow over the trunk.
This issue has been resolved.
Note: When you move ports from an LACP-controlled trunk to a manuallyconfigured trunk, you must delete the ports from LACP.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
YYYYY- - - - - -
--Y--------
--------YY-
CR00013763
Version 291-10
C613-10488-00 REV G
OSPF 2 If the obsolete command set ospf rip=both was entered, the router or
switch correctly automatically replaced it with the following two
commands in the dynamic configuration:
add ospf redistribute protcol=rip
set ospf rip=export
However, if the command create config was used to save the
configuration, after system start-up the configuration file did not contain
the command add ospf redistribute protocol=rip. This meant that OSPF
stopped redistributing RIP routes after a reboot.
This issue has been resolved.
YYYYYYYYYYY
Page 13
Features in 291-08 13
CR Module Level Description
CR00013778
CR00013893
CR00013982
CR00014044
CR00014146
CR00014230
IPv6 2 If a user shortened the prefix length of an IPv6 interface address, then
lengthened it, it became impossible to change the prefix length again.
This issue has been resolved.
MSTP 2 Executing the commands disable mstp port=number or enable mstp
port=number would not disable or enable the port on all MSTIs.
This issue has been resolved.
L2TP 2 An L2TP call could be deleted when still attached to the PPP interface.
Doing this caused the router or switch to reboot.
This issue has been resolved.
IGMP 2 When large numbers of multicast streams were passing through the switch
and there was no multicast routing protocol running (such as PIM or
DVMRP), the CPU would experience regular periods of extended high
utilisation. This could result in lost control packets and network instability.
This issue has been resolved.
TTY 2 When a file was redirected (for example, by a trigger), if the mail hostname
was not available or not configured, the router or switch would reboot.
This issue has been resolved.
TTY 2 If the built-in editor was used to delete the last line of a file, the router or
switch could reboot.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
- - - YYYYYYY-
YYYYY- - - - - -
----------Y
YYYYYYYYYYY
YYYYYYYYYYY
CR00014295
CR00014320
Version 291-10
C613-10488-00 REV G
IGMP 2 IGMP snooping would process IGMP protocol packets that had incorrect IP
TTL fields (i.e. that had values other than 1).
This issue has been resolved.
OSPF 2 Occasionally, when OSPF was started, not all the Type-7 LSAs were
translated into Type-5 LSAs.
This issue has been resolved.
Y- YYYYYYYYY
YYYYYYYYYYY
Page 14
Features in 291-08 14
CR Module Level Description
CR00014827
PIM6 2 If an IPv6 accelerator was used, and the upstream router forwarded IPv6
multicast data just before the prune limit timer expired, then the
downstream router sometimes did not send the prune until significantly
after the timer expired.
This issue has been resolved.
CR00015169
MSTP, GUI 2 Using the web-based GUI to set the Point-to-Point Link in the MSTP CIST
Port configuration to a non-default value would generate an error.
This issue has been resolved.
CR00015805
ISAKMP, IPv6 2 During the boot up, the router or switch waited 5 seconds before
beginning ISAKMP prenegotiation. For VPN tunnels over IPsec for IPv6, this
was not long enough for the router or switch’s interfaces to come up before
prenegotiation began.
Also, the router or switch did not obtain the most recent active ISAKMP SA
when multiple SAs existed.
These issues have been resolved. The router or switch now waits 6 seconds,
and obtains the most recent SA and uses that for Phase 2 negotiations.
CR00015964
Switching 2 If the switch had a large number of routes in its forwarding database (FDB),
and the command show switch fdb was used to display the contents of
the FDB, and the switch’s CPU was busy at the time, then the switch
sometimes rebooted.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
--------YY-
- - - YYYYYYY-
YYYYYY- - - - -
--------YY-
CR00016262
CR00016340
Version 291-10
C613-10488-00 REV G
Load 2 When attempting to upload files from the switch using TFTP to an IPv4
server address, the router or switch reported an error if IPv6 was not
enabled. It was not possible to upload files using TFTP to an IPv6 server
address at all.
These issues have been resolved.
DHCP
Snooping
2 DHCP Snooping has been enhanced to operate in a customised VLAN ID
translation (VID translation) environment. Previously, DHCP Snooping was
not supported with VID translation.
This issue has been resolved.
YYYYYY- - YYY
- - - YYYYYYY-
Page 15
Features in 291-08 15
CR Module Level Description
CR00016587
IPv6 2 The timer that governs the interval between repeated neighbour
solicitation messages could only be configured by using the ndretrans
parameter of the set ipv6 nd command, and not through router
advertisements that the router or switch received from other routers.
This issue has been resolved. Instead of using the ndretrans parameter of
the command set ipv6 nd, use the retrans parameter to configure the
timer interval. Also,routers or switches acting as hosts will now correctly
update their timer values to the value specified in any router advertisements
that they receive.
CR00016592
DHCP6 2 Previously, it was possible to enter the incomplete commands delete
dhcp6 policy=name or set dhcp6 policy=name without specifying any
other parameters.
This issue has been resolved. If this is done, the router or switch now
displays the warning:
Warning (2117007): One or more parameters may be missing.
CR00016840
STP 2 Previously, when the switch was a Spanning Tree root bridge in a network
and a user raised the switch’s root bridge priority enough to stop the switch
from being the root bridge, unnecessary delays in convergence occurred.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
YYYYYY- - YYY
- - - YYYYYYYY
CR00016956
CR00016964
Version 291-10
C613-10488-00 REV G
IP Gateway 2 The set ip filter command would not accept the protocol parameter.
This issue has been resolved.
ISAKMP 2 When the router or switch negotiated an IPsec tunnel with RFC3947 NAT-
T, its NAT-OA payload had two bytes of reserved fields after the ID field
instead of the three bytes specified by RFC 3947. This could prevent the
tunnel from working properly when the tunnel was between an Allied
Telesis router or switch and some other vendor.
This issue has been resolved.
YYYYYYYYYYY
YYYYYY- - - - -
Page 16
Features in 291-08 16
CR Module Level Description
CR00016985
ATM 2 If a PPP instance was destroyed after an attached ATM channel had been
modified using the set atm channel command, the router rebooted. The
router could also reboot if an ATM channel was deleted under similar
circumstances.
This issue has been resolved.
CR00016989
IPsec 2 AlliedWare IPsec would not interoperate with Microsoft Windows Vista
VPN clients. This was because Microsoft changed the IPSec behaviour in
Vista such that Vista's private local IP address is sent as the local
identification instead of an FQDN. When an IPSec tunnel between
AlliedWare and Vista was brought up, the hosts could not communicate.
This issue has been resolved. AlliedWare IPsec can now communicate with
peers that send their private local IP address as the local identification.
CR00017081
Classifier 2 The show classifier command did not allow users to display only the
classifiers that had their IP source address and MAC source address
parameters set to dhcpsnooping.
This issue has been resolved. For example, the command show classifier
ipsa=dhcpsnooping now displays those classifiers that have their IP
source address set to dhcpsnooping.
Also, it is no longer possible to create two identical classifiers with DHCP
snooping parameters.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
Y----------
YYYYYY- - - - -
--------YY-
CR00017093
Version 291-10
C613-10488-00 REV G
Firewall 2 When the router was acting as a firewall and performing DNS relay, it used
the local IP interface private address as the source address for some packets
that it sent out the public interface. When the router acts as a DNS relay, it
receives DNS requests from the private interface and sends a new packet
on the public interface. These new packets were given the wrong address.
This issue has been resolved. Such packets now have their source address
set to the public interface address as required.
YYYYYY- - - - Y
Page 17
Features in 291-08 17
CR Module Level Description
CR00017226
IPsec 2 If an IPsec tunnel with no encryption (NULL) was negotiated in AlliedWare
over NAT-T, the ESP packets did not contain an RFC 3948 compliant
checksum. This means that some vendors may have discarded packets sent
by the AlliedWare peer over such a tunnel.
This issue has been resolved.
Note the null encryption is useful for debugging the traffic over an IPsec
tunnel and should not be used in a working IPsec solution.
CR00017227
IPsec 2 An IPSec checksum recalculation error occurred with UDP traffic when the
ESP encapsulation was added.
This issue has been resolved.
CR00017255
Switching 2 Previously, trunk members were given the STP state in hardware of port 1,
instead of having the STP state of the lead port in the trunk. The software
state (as displayed with the command show stp port) was correct.
This issue has been resolved.
CR00017256
Switching 2 When using multi-homed IP interfaces on a VLAN, it was possible that L3
hardware switching would stop for all multi-homed interfaces on that
VLAN, if one of the multi-homed interfaces was removed or went into an
administratively down state.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - - - -
YYYYYY- - - - -
---YYYYY---
--------YY-
CR00017337
Version 291-10
C613-10488-00 REV G
Switching 2 It was possible to set up a classifier that matched MPLS frames at layer 2,
but the switch would not correctly match these MPLS frames against the
classifier.
This issue has been resolved. The switch now correctly matches MPLS
frames against such a classifier.
--------YY-
Page 18
Features in 291-08 18
CR Module Level Description
CR00017368
QoS,
DHCP
Snooping
2 Some small memory access violations existed in DHCP snooping.
These violations have been resolved.
Also, a new console error message is displayed if a user tries to add a
duplicate classifier to a QoS policy. For example, if traffic class 101 belongs
to policy 2 and a user tries to add a flow group to traffic class 101 when
the flow group’s classifier is number 54 and already belongs to policy 2, the
following message is displayed:
Error (3099297): Duplicate classifier (54) on policy 2.
A similar new log message has also been added, which says:
Duplicate classifier (<number>) found on <string> <number>
Note that a classifier can exist in two separate policies but cannot exist
twice in the same policy.
CR00017456
IP Gateway 2 The router or switch could reboot when the local interface address had
been specified by using the set ip local command, and then the underlying
interface from which the local interface took its address was either deleted
or had its address changed. In both these cases, the local interface was
correctly reset back to an undefined address, but a route to this address was
not deleted. This could cause routing difficulties and a reboot when packets
for that address were received.
This issue has been resolved. The route is now correctly deleted.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
- - - YYYYYYY-
YYYYYYYYYYY
CR00017488
Version 291-10
C613-10488-00 REV G
Firewall 2 When a VoIP call using SIP was initiated from the public side of the firewall,
occasionally the firewall created two UDP sessions for the call with different
UDP source ports. This happened if the first packets of the STP (voice data)
stream arrived earlier than the 200 OK message that was supposed to
establish the session. The result was that the public side caller could not
hear the call.
This issue has been resolved.
YYYYYY- - - - Y
Page 19
Features in 291-08 19
CR Module Level Description
CR00017518
ISAKMP 2 The router or switch sometimes could not establish a VPN when the remote
peer was behind a NAT gateway and the router or switch’s remote ID was
set to default.
This issue has been resolved.
CR00017634
PPP 2 If a PPPoE AC service had been added, but AC mode had not been enabled
by using the enable ppp ac command, PADI frames were processed
anyway, potentially leading to a reboot.
This issue has been resolved.
CR00017659
TTY 2 Previously, it was not possible to configure a TTY service on the router (by
using commands like create service).
This issue has been resolved.
CR00017662
Core 2 Stopping and restarting two fans on the switch in a particular order could
put the fan fault detection mechanism into a state in which the system LED
would not flash for a fan fault.
This issue has been resolved.
CR00017724
IGMP 2 When the switch had a hardware filter configured that would match and
discard a received IGMP packet, IGMP snooping still processed the packet
and added the details to its snooping database.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - - - -
YYYYYY- - YYY
Y-Y--------
----Y------
---YYYYY---
Version 291-10
C613-10488-00 REV G
Page 20
Features in 291-08 20
CR Module Level Description
CR00017731
IP Gateway,
DHCP
2 When the DHCP server was enabled on a router or switch that also had a
local IP interface defined by using the set ip local command, outgoing
DHCP server packets would use the set ip local command's IP address as
their source address. Furthermore, if the broadcast flag was set to TRUE in
the DHCP Discover message that the server was replying to, then the server
would send the DHCP Offer packet out the wrong IP interface with the
wrong source IP address. Microsoft Windows Vista has the broadcast flag
set to TRUE.
These issues have been resolved. The DHCP server configuration now
ignores any local IP interfaces set by using the set ip local command, and
the server now sends the Offer message out the interface that it received
the Discover on.
CR00017749
Switching 2 If a multicast route had an odd number of downstream interfaces attached
to it, and the last downstream interface was deleted, the second to last
downstream interface could experience a loss of packets.
This issue has been resolved.
CR00017816
PIM 2 PIM would sometimes start forwarding duplicate packets from the RP to
downstream interfaces if the SPT Bit had been set and had become unset.
This issue has been resolved.
CR00017906
VLAN, MSTP 2 If ports were removed from a VLAN and MSTP was enabled, then the port
removal was not included in the configuration displayed by the command
show config dynam or saved by the command create config.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
--------YY-
YYYYYYY- YYY
- - - YYYYYYY-
Version 291-10
C613-10488-00 REV G
Page 21
Level 3
Features in 291-08 21
CR Module Level Description
CR00000503
CR00001106
CR00001438
CR00002587
CR00003354
PKI 3 Some PKI commands (including add pki ldap, create pki enroll, and
create pki keyupdate) only worked if their parameters were entered in a
particular order.
This issue has been resolved.
3 The command add fire policy=name rule=number act=allow int=int
ip=ipadd list=filename would incorrectly be rejected, with an error
message stating that list and ip were mutually exclusive.
This issue has been resolved, so that list and ip can be used together in the
same firewall rule.
TACA CS+ 3 If TACACS+ was used for authentication and the TACACS+ server went
down during an authentication attempt, the router or switch added the
attempted login names to the TACACS+ user list (as displayed in output of
the show tacplus user command). However, the router or switch correctly
did not log users in with those names.
This issue has been resolved.
IP Gateway 3 Sometimes an incorrect error message was printed if a user tried to enable
IP multicast switching on a device that did not support it.
This issue has been resolved.
Firewall 3 The firewall message “Port scan from <source> is underway” was repeated
more times than messages about other attack events. This could cause
confusion.
This issue has been resolved. The message is now displayed with the same
frequency as other firewall attack event messages.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
YYYYYY- - - - Y
YYYYYYYYYYY
---YYYYY---
YYYYYY- - - - Y
CR00003356
Version 291-10
C613-10488-00 REV G
Firewall 3 The firewall sometimes did not report that an attack had finished until
several minutes after it actually finished.
This issue has been resolved.
YYYYYY- - - - Y
Page 22
Features in 291-08 22
CR Module Level Description
CR00004004
File 3 The show file command did not check whether the specified file system
was valid. If an invalid file system type was entered (such as show
file=abc:*.*), the router or switch reported that no files found instead of
reporting that the file system abc did not exist.
This issue has been resolved.
CR00005048
GUI 3 The following issues occurred with the GUI:
■ the menu item and related page title for configuring PPPoE and PPPoA
interfaces was incorrectly named “PPP”. This issue has been resolved by
changing the names to “PPPoE / PPPoA”.
■ the UPnP selection option on the firewall pages did not work. This issue
has been resolved.
Note that if you want to use the GUI to configure a PPP interface over ISDN,
use the Dial-up menu option to do so.
CR00005187
LACP 3 If a user attempted to enable LACP on AT-9800 series switches—which do
not support LACP—the switch incorrectly said that the module had been
enabled.
This issue has been resolved. The switch now displays an error message
instead.
CR00005894
Classifier 3 Previously, a classifier with protocol=ip matched both IPv4 and IPv6
packets when used with software QoS, instead of only matching IPv4
packets.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
Y-Y--------
----------Y
YYYYY- - - - - -
CR00005940
Version 291-10
C613-10488-00 REV G
BGP 3 There were several cases in BGP where an error was discovered in an
incoming packet, but the incorrect error subcode was reported in the
accompanying NOTIFICATION message. Also, NOTIFICATION messages did
not contain the aberrant data in their data fields, as required by the RFC.
These issues have been resolved.
YYYYYY- - YYY
Page 23
Features in 291-08 23
CR Module Level Description
CR00006303
SNMP 3 On AR725 and AR745 routers, which have no VLAN support, an SNMP Get
request for dot1qMaxVlanId or dot1qMaxSupportedVlans incorrectly
returned a value.
This issue has been resolved.
CR00006613
Bridge 3 Predefined bridge protocols XEROX PUP and PUP Addr Trans with the
encapsulation of EthII and protocol type 0x0200 and 0x0201 are invalid
and obsolete, since they are less than the minimum ETHII protocol type of
1500 (decimal). Bridging with these protocols could cause the router to
reboot.
This issue has been resolved by replacing the predefined protocol types with
the more modern equivalents 0x0a00 and 0x0a01. Also, if you enter a
protocol type less than the minimum, the router now displays an error
message.
CR00007394
GUI 3 When a user used the GUI to attempt to delete a local interface that was in
use by another protocol, the operation (correctly) failed, but the GUI did not
display an error message to explain the failure.
This issue has been resolved.
CR00007404
MSTP 3 If a network running MSTP was connected to a network running RSTP and
MSTP message debugging was enabled on a switch, the debug output
could loop for a very long time with invalid data.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
-Y---------
YYY--------
YYYY- YYY- YY
- - - YYYYYYY-
CR00007926
Version 291-10
C613-10488-00 REV G
Switching,
IP Gateway
3 The x900 series switches did not send an ICMP Redirect packet when they
received a packet and the route to the packet’s destination was back to the
packet’s sender. The switches routed the packet back to the source but did
not send an ICMP Redirect message.
This issue has been resolved. The x900 series switches now send an ICMP
Redirect message.
--------Y--
Page 24
Features in 291-08 24
CR Module Level Description
CR00008122
TTY 3 When prompted to enter a file name while using the command line file
editing utility, no more than 23 characters could be typed, even if the
existing characters were deleted using the backspace key.
This issue has been resolved.
CR00008378
Firewall 3 The command enable firewall notify=port port=asyn-number was not
available on switches, only on routers. If a user created a configuration on
a router and used this option, the configuration had to be modified if
transferred to a switch.
This issue has been resolved. The notify=port option and the port
parameter are now available on switches. However, these port parameters
have been deprecated in favour of the asyn parameters, so warning
messages are printed to indicate this if the commands are used.
CR00009086
Switching 3 When the commands enable switch port=number automdi and
disable switch port=number automdi were executed from a telnet
session, some INFO messages were output to the asyn0 console session
instead of the telnet session.
This issue has been resolved.
CR00010144
STP, SNMP 3 Previously, newRoot and topologychange traps (located at
1.3.6.1.2.1.17.0) were only generated by the bridging module.
This has been extended to the STP module. Please note that this applies
only to standard STP, not Rapid STP.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
---YYY----Y
--------YY-
- - - YYYYYYYY
CR00010229
Version 291-10
C613-10488-00 REV G
Install, SNMP 3 Previously, MIB objects instRelMajor, instRelMinor and instRelInterim values
were only correct for bootrom (default) builds.
This issue has been resolved. Now the correct values are returned for these
objects when the current install matches the temporary or preferred install.
YYYYYYYYYYY
Page 25
Features in 291-08 25
CR Module Level Description
CR00010306
Install 3 If a user attempted to enter a filename with an invalid format, the resulting
error message did not correctly describe the format that should have been
used. Also, the router or switch returned an incorrect error message when
a user attempted to delete a non-existent release licence file.
These issues have been resolved.
CR00010315
BGP 3 Previously, it was possible to enter bad BGP peer IP addresses, such as
0.x.x.x, 127.x.x.x and 255.255.255.255.
This issue has been resolved.
CR00010465
Switching 3 The “?” help for the command show switch sock=con inst=value
showed a maximum value of 4294967295.
This issue has been resolved. Valid instance values are 0 and 1.
CR00010538
Firewall 3 When firewall events were recorded in the Notify queue (displayed in
output of the command show firewall event=notify), the IP address
shown would be the address of the very first packet that belonged to that
event flow. For example, if 64 host scan packets were required to trigger a
host scan event and the first packet had a target IP of 1.1.1.1 and the 64th
had an IP of 1.1.1.64, then the IP address recorded would be 1.1.1.1, even
though the event was not actually recorded until the 64th packet arrived.
Additionally, the source and destination ports in this display would always
show as 0.
These issues have been resolved.The IP addresses shown are now those of
the particular packet that triggered the event notification, and the source
and destination ports match the actual ports used by that packet.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
YYYYYY- - YYY
---YYYY----
YYYYYY- - - - Y
CR00010976
Version 291-10
C613-10488-00 REV G
PPP 3 If the router or switch received an Echo-Request that did not comply with
RFC 1661, it processed and replied to the Echo-Request.
This issue has been resolved. Non-complying Echo-Requests are now
ignored.
YYYYYY- - YYY
Page 26
Features in 291-08 26
CR Module Level Description
CR00010979
PPP 3 PPP incorrectly ACKed a LCP ConfigureRequest containing the Magic-
Number option with a value of 0.
This issue has been resolved.
CR00010984
PPP 3 If the router or switch received an incorrectly formatted PAP request packet,
it used to process the packet. This issue has been resolved—now it silently
discards the packet.
Also, if the router or switch received a PAP request packet with a zero
length user ID, it used to send the packet to the authentication database.
This issue has been resolved—now it NAKs the packet.
CR00011223
Core 3 On AT-8948 and AT-9924SP switches with an empty PSU bay, an SNMP
walk through of the fanAndPsPsuStatusTable would display lines for the
non-existent PSU, with the value of “no such instance”.
This issue has been resolved. The walk through now only includes installed
PSUs.
CR00011259
GUI 3 Some of the features supported in the web-based GUI did not have a
complete set of online help pages generated for them.
This issue has been resolved.
CR00011315
IP Gateway 3 When the limit for the number of IP interfaces was reached and a user tried
to add another IP interface over a VLAN, the router or switch displayed the
following misleading error message:
Error (3005273): No more VLAN interfaces may be added.
This issue has been resolved. The error message is now:
Error (3005273): No more IP interfaces over VLANs may be added.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
YYYYYY- - YYY
--------YY-
YYYY- YYY- YY
YYYYYYYYYYY
Version 291-10
C613-10488-00 REV G
Page 27
Features in 291-08 27
CR Module Level Description
CR00011438
Ping 3 When the router or switch pinged a host whose hostname consisted only
of the digits 0-9 and the letters A-F, it treated the given hostname as a
hexadecimal IPX address even if the hostname was in the host list.
This issue has been resolved. Now, when the router or switch pings a host
using a hostname, it checks the hostname in the host list first. If it does not
find the host in the host list, then it treats the hostname as an IPX address.
CR00011824
Firewall 3 When a firewall UDP session starts up, the session timeout should be 5
minutes for the first 5 packets of the session, then change to the configured
UDP session timeout value. Previously, the timeout changed after the 6th
UDP packet belonging to that session, instead of after the 5th packet.
This issue has been resolved.
CR00012066
IP Gateway 3 The command show ip cassi command is obsolete but was still available.
This issue has been resolved. The command has been removed from the
command line. To obtain the same information, use the command show
conf dyn=ip.
CR00012168
Classifier 3 Output of the show classifier command displayed only the hexadecimal
protocol value for IP SNAP, instead of also displaying the protocol name.
This issue has been resolved. The output now displays:
0000000800 (IP SNAP)
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
YYYYYY- - - - Y
YYYYYYYYYYY
YYYYYYYYYYY
CR00012885
CR00013352
Version 291-10
C613-10488-00 REV G
OSPF, GUI 3 If there were virtual OSPF interfaces, then the OSPF Interfaces GUI page
showed all interfaces as belonging to the backbone area (0.0.0.0).
This issue has been resolved.
STP 3 The help displayed by the command set stp port=all ? listed some
parameters twice.
This issue has been resolved.
YYYY- YYY- YY
- - - YYYYYYYY
Page 28
Features in 291-08 28
CR Module Level Description
CR00013494
IP Gateway 3 Once a default local IP address had been set, it could not be deleted. This
was because the default interface does not have an interface number, but
to delete a local interface, the user must specify the interface’s number.
This issue has been resolved, by adding an option called default to the
delete ip local command. To delete the default local interface’s address,
use the command:
delete ip local=default
Note that this resets the interface, including removing its IP address, but
does not remove the interface itself.
CR00013543
DHCP 3 If a user attempted to add a policy option to a DHCP policy by using the set
command instead of the add command, then the resulting error message
did not clearly indicate the cause of the error.
For example, entering the command:
set dhcp policy=test arptimeout=234
resulted in the error message:
Error (3070061): ARPTIMEOUT not found.
This issue has been resolved. The error message now reads:
Error (3070279): Option ARPTIMEOUT was not found in policy test or
was not added using the ADD DHCP POLICY command.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
YYYYYYYYYYY
CR00013635
CR00013637
Version 291-10
C613-10488-00 REV G
Ping,
Traceroute
Ping,
Traceroute
3 In the set trace command, it was possible to specify a minimum TTL value
that was higher than the maximum TTL value.
This issue has been resolved. The minttl and maxttl parameter are now
checked to ensure that the value of minttl is less than or equal to the value
of maxttl.
3 If the value specified for the minimum time-to-live parameter (minttl) of
the traceroute command exceeded the value set for the maximum timeto-live parameter (maxttl), the router or switch would attempt to execute
the trace rather than generate an error message.
This issue has been resolved.
YYYYYYYYYYY
YYYYYYYYYYY
Page 29
Features in 291-08 29
CR Module Level Description
CR00013832
EPSR, SNMP 3 When a user destroyed an EPSR domain, SNMP Requests returned
information about the domain even though it no longer existed.
This issue has been resolved.
CR00013920
Ping,
Traceroute
3 If a user attempted to perform a traceroute without specifying the address
to trace (either in the trace or set trace commands), the router or switch
attempted to trace 0.0.0.0.
This issue has been resolved. The router or switch now displays an error
message.
CR00014103
VRRP, GUI 3 The VRRP priority could not be modified through the GUI—the priority
option was there but did nothing.
This issue has been resolved.
CR00014137
PPP 3 A PPPoE Access Concentrator service that had been added by using the
acinterface parameter to specify a VLAN (or by using the deprecated vlan
parameter) could be deleted without specifying the acinterface parameter
(or the deprecated vlan parameter).
This issue has been resolved.
CR00014159
3 RSTP (correctly) only uses the top 4 of the available 16 bits for the bridge
priority. If a user enters a value that is not a multiple of 4096, the switch
rounds the value down. Previously, the switch did not inform users when it
rounded the value.
This issue has been resolved. The switch now displays an info message
when it rounds the bridge priority.
Note that this only happens for RSTP. STP uses all 16 bits for the bridge
priority.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
--------YY-
YYYYYYYYYYY
YYYY- YYY- YY
YYYYYY- - YYY
- - - YYYYYYYY
CR00014203
Version 291-10
C613-10488-00 REV G
OSPF 3 When OSPF was disabled and a BGP redistribution definition existed, then
the obsolete command set ospf bgplimit=limit did not update the limit
in the BGP redistribution definition. This meant that the limit was incorrect
when OSPF was enabled again.
This issue has been resolved.
YYYYYY––YYY
Page 30
Features in 291-08 30
CR Module Level Description
CR00014304
LLDP 3 The help displayed for the LLDP port parameter (in such commands as
show lldp port=?) incorrectly indicated that the port parameter is a
“string 1 to 255 characters long”. The port parameter is instead an
Ethernet switch port number or a range of numbers.
This issue has been resolved. The help is now correct.
CR00014330
Ping 3 The maximum value for the delay parameter of the ping command was
too long.
This issue has been resolved by changing the range for the delay from
0-4294967295 to 0-604800. This new maximum is the number of seconds
in one week.
CR00014879
Switching,
RSTP, SNMP
3 Previously, an incorrect value was returned for the port number when
responding to an SNMP Request for MIB object dot1dSTPRootPort.
This issue has been resolved.
CR00015466
Core, Install,
PoE
3 The output of the show cpu command on the AT-8624POE switch showed
relatively high CPU usage when the device was idle.
This issue has been resolved.
CR00016183
File 3 If a user attempted to delete a locked file, such as the currently-installed
GUI resource file, the router or switch displayed both an operation error
message and an operation successful message.
This issue has been resolved by removing the incorrect operation successful
message.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
Y- YYYYYYYYY
YYYYYYYYYYY
- - - YYYYYYYY
------Y----
YYYYYYYYYYY
CR00016429
Version 291-10
C613-10488-00 REV G
OSPF 3 Previously, OSPF logged the same message for two separate errors. These
errors were when OSPF rejected a database description message because:
■ the neighbour was in a state of “down” or “attempt”, or
■ the MTU received from the neighbour was larger than the receiving
system could handle.
This issue has been resolved. Separate error log messages are now
generated for these two errors.
YYYYYYYYYYY
Page 31
Features in 291-08 31
CR Module Level Description
CR00016452
PPP 3 It is valid to use the command create ppp=number to create a PPP
interface without specifying the underlying layer 1 interface. However,
executing this command, or including it in a boot script, resulted in an error.
This issue has been resolved.
CR00016578
IPv6 3 If IPv6 was disabled and a user entered any of the following commands:
add ipv6 interface
add ipv6 6to4
add ipv6 tunnel
create ipv6 interface
enable ipv6 advertising
then the router or switch correctly displayed a warning message to indicate
that IPv6 was disabled and also correctly performed the specified
configuration. However, it did not display an “Operation successful”
message to indicate that the configuration had changed.
This issue has been resolved. The router or switch now displays the
“Operation successful” message as well as the warning message.
CR00016735
ATM 3 Sometimes, the router displayed the following error message:
Internal Error: speed mismatch causing transmit internal rate underrun
error.
This was due to a mismatch in the synchronisation between the internal
rate of the ATM controller in the CPU and the speed of the ATM PHY
connector. This synchronisation mismatch had a small impact on ATM
performance.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
YYYYYY- - YYY
Y----------
CR00016925
Version 291-10
C613-10488-00 REV G
TTY 3 If a user was accessing the router or switch via telnet, and sent a ^P (break)
character followed by the character d or D, then the router or switch
displayed an unwanted diagnostic message.
This issue has been resolved.
YYYYYYYYYYY
Page 32
Features in 291-08 32
CR Module Level Description
CR00017019
Port
Authentication
3 On termination of an 802.1x session, an accounting message is sent to the
Radius server. This enhancement implements the Acct-Input-Octets,
Acct-Output-Octets, Acct-Input-Packets, and Acct-Output-Packets fields in
the message.
Note that this enhancement only applies to ports in single-supplicant mode.
These fields in the accounting message for ports in multi-supplicant mode
still all have a value of 0.
Level 4
CR Module Level Description
CR00011228
CR00013409
GUI, Switch 4 The Diagnostics > Layer 2 Forwarding Database page of the GUI displayed
extra internal (SYS or CPU) entries.
This issue has been resolved. The GUI and the command show switch fdb
now display the same information.
Switch 4 Previously, if you used the ? or Tab keys to obtain help for the set switch
ageingtimer command, the resulting help said that valid entries were from
0 to 4294967295. However, the correct range of values is from 16 to
4080 seconds for AR750S routers and from 10 to 630 seconds for AR770S
routers.
This issue has been resolved. The “?” help now displays the correct ranges.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYYY
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
–––YYYYY–––
––Y––––––––
CR00014205
CR00014302
Version 291-10
C613-10488-00 REV G
OSPF 4 The command purge ospf did not delete OSPF redistribution definitions.
This issue has been resolved.
TTY 4 If the router or switch configuration file contained the command set tty
idle, the router or switch produced a corrupted log message when it
started up.
This issue has been resolved.
YYYYYYYYYYY
YYYYYYYYYYY
Page 33
Enhancements
Features in 291-08 33
CR Module Level Description
CR00012822
CR00016099
BGP - The BGP counter output display has been significantly improved. Also, the
command show bgp counter=all now prints out the RIB, UPDATE, DB and
PROCESS counters.
MACFF,
DHCP
Snooping
- MAC-forced forwarding has been enhanced for use in a hospitality
situation, such as a hotel. The enhanced solution allows hotel guests to
connect to the network without having to change their IP settings, while
still ensuring privacy for each guest. Typically some guests will obtain their
IP address from the hotel's DHCP server and others will have statically
configured IP addresses in their PCs.
The solution is designed to interoperate with a specialised Access Router
that is able to deal with the full range of IP addresses that will be in use on
the guests' PCs. The Nomadix Access Gateway (from www.nomadix.com)
is an example of such a specialised access router.
Configuration of the new feature is similar to the existing MAC-forced
forwarding configuration. On each edge switch, you also need to enter the
following new command before enabling DHCP snooping:
disable dhcpsnooping ipfiltering
You also need to turn on ARP security and allow authorised clients to send
only unicast packets, by entering the following commands:
enable dhcpsnooping arpsecurity
enable dhcpsnooping strictunicast
This enhancement also introduces the ability to add MACFF servers with
static MAC addresses, rather than relying on ARP to determine them based
on IP addresses. To do this, enter the command:
add macff server mac=macaddr
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYY- - YYY
---YYYYY---
Version 291-10
C613-10488-00 REV G
Page 34
Features in 291-08 34
CR Module Level Description
CR00016662
CR00016891
CR00017335
- This software release supports the new x900-48FS switch. For an overview
of the switch, see “Support for the new x900-48FS switch—CR00016662”
on page 92.
CR00017937
CR00016913
CR00017197
CR00017395
PPP - This enhancement enables the PPPoE client to establish a session promptly
after a restart or power cycle. This is done by sending a PPPoE Active
Discovery Terminate (PADT) frame in response to a frame received with an
unknown PPPoE session ID.
SSH, User,
RADIUS
Firewall - This enhancement enables the firewall to establish accurate MSS
- SSH sessions to the router or switch can now be authenticated via RADIUS.
The router or switch attempts to authenticate an SSH user via RADIUS if the
user to be authenticated is not configured in the local user database and
the router or switch has RADIUS configured.
(Maximum Segment Size) values for TCP sessions without using the MTU
discovery process. MTU discovery depends on ICMP error packets, so does
not work in networks that do not forward ICMP error packets.
To enable this feature, use the command:
enable firewall policy=name adjusttcpmss
The adjusttcpmss parameter enables the firewall to adjust the MSS value
stored inside incoming TCP SYN packets, to reflect the lower of the two
MTU values on the ingress and egress interfaces. Normally, for example, if
a TCP SYN packet arrives from an interface with an MTU of 1500 and leaves
on an interface with an MTU of 1000, the MSS inside the SYN packet will
remain at 1460. When this feature is enabled, the MSS will be adjusted to
960 because the firewall knows that the egress interface has a smaller
MTU. Note that the firewall does not change the original MSS value if it is
already lower than the values of the ingress and egress interfaces.
To disable this feature, use the command:
disable firewall policy=name adjusttcpmss
This feature is disabled by default.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
--------Y--
YYYYYY- - YYY
YYYYYYYYYYY
YYYYYY- - - - Y
Version 291-10
C613-10488-00 REV G
Page 35
Features in 291-08 35
CR Module Level Description
CR00017482
IGMP
Snooping
- The IGMP snooping fast leave option has been enhanced, to make it
available when multiple clients are attached to a single port on the
snooping switch. For configuration information, see “IGMP snooping fast
leave in multiple host mode—CR00017482” on page 93.
CR00017532
WAN Load
Balancing
- WAN load balancing can now also balance traffic across IP interfaces that
are configured on VLANs. This means it is now available for the following
IP interfaces:
■ eth (such as eth0)
■ ppp (such as ppp0)
■ vlan (such as vlan1)
CR00017701
IGMP - IGMP filtering is now available on AT-8600 series switches.
For more information, see the IP Multicasting chapter of the switch’s
Software Reference, or How To Configure IGMP for Multicasting on Routers
and Managed Layer 3 Switches, available from www.alliedtelesis.com/
resources/literature/howto.aspx.
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
Y- YYYYYYYYY
Y-Y--------
------Y----
Version 291-10
C613-10488-00 REV G
Page 36
Features in 291-07 36
Features in 291-07
Software Maintenance Version 291-07 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■ “Y” indicates that the resolution is available in Version 291-07 for that product series.
■ “–” indicates that the issue did not apply to that product series.
Level 1
No level 1 issues
Level 2
CR Module Level Description
CR00017869
CR00018039
IP Gateway 2 If two routes to the same destination were present in a switch, and the
route of lower preference was deleted (in other words, the route whose
details were present in the hardware routing database), then the hardware
routing database was not updated with the remaining route as it should
have been. This could cause serious routing issues.
This issue has been resolved so that hardware routing database updates are
carried out correctly.
Switch 2 Running the command show switch tab=ip could result in a reboot if a
large number of routes (10,000 or more) were present on the switch.
This issue has been resolved so that the command can run no matter how
many routes are present on the switch. However, the output from the
command may be truncated due to buffer space restrictions.
Level 3
No level 3 issues
Version 291-10
C613-10488-00 REV G
AR400
AR7x5
AR7x0S
Rapier i
Rapier w
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
---------YY
---------YY
Page 37
Features in 291-06 37
Level 4
No level 4 issues
Enhancements
No enhancements
Features in 291-06
Software Maintenance Version 291-06 provided support for the new Rapier 48w switch. For more information, see “Support for the new Rapier 48w switch” on
page 95.
Version 291-10
C613-10488-00 REV G
Page 38
Features in 291-05 38
Features in 291-05
Software Maintenance Version 291-05 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■ “Y” indicates that the resolution is available in Version 291-05 for that product series.
■ “–” indicates that the issue did not apply to that product series.
Level 1
No level 1 issues
Level 2
CR Module Level Description
CR00007737
CR00010003
CR00011533
Version 291-10
C613-10488-00 REV G
IGMP
Snooping
WAN load
balancer,
Firewall
2 When a port left a multicast group, the router or switch assigned the All Groups
port to that multicast group. This could be seen in the output of the command
show ip igmp—the list of ports for the group would include the All Groups port.
This issue has been resolved.
2 The router rebooted if a user cleared all active WAN load balancer sessions on a
router that had more than approximately 15000 active sessions.
This issue has been resolved
Also, the maximum session limit for the WAN load balancer should be 2 * the
firewall session limit. On AR415S and AR442S routers, users can increase the
firewall session limit by adding special feature licenses. Previously, if the firewall
session limit changed, it was necessary to reboot the router to update the WAN
load balancer session limit.
This issue has been resolved. The WAN load balancer limit now updates when
you enable the firewall session license.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
Y- YYYYYYYY
YYY-------
Page 39
Features in 291-05 39
CR Module Level Description
CR00012980
CR00013041
CR00013500
CR00013527
CR00014344
VLAN 2 Previously, it was possible to destroy a VLAN when it was configured as an IP
interface.
This issue has been resolved. Now, you can only destroy a VLAN if it has no IP
configuration.
IPsec 2 The router or switch would establish IPsec Security Associations (SAs) if ISAKMP
was enabled but IPsec was disabled.
This issue has been resolved. The router or switch only sets up SAs if IPsec is
enabled.
User,
802.1x
OSPF 2 When the router or switch produced an OSPF type 7 LSA, it sometimes specified
GUI 2 Previously, some GUI pages did not display correctly in version 7 of Internet
2 If the reauthentication period for 802.1x port authentication was set to less than
20 seconds, the router or switch sometimes rebooted.
This issue has been resolved.
a route out of an interface that was down. This would stop the router or switch
from forwarding traffic to the route’s destination.
This issue has been resolved.
Explorer.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
Y- YYYYYYYY
YYYYY- - - - -
YYYYYYYYYY
YYYYYYYYYY
-----Y----
CR00014851
CR00014955
Version 291-10
C613-10488-00 REV G
SHDSL 2 Very occasionally, an AR442S router would reboot if SHDSL interface train-up
took an excessively long time.
This issue has been resolved.
OSPF 2 The router or switch sometimes rebooted when converting OSPF type 7 LSAs to
type 5 LSAs. This issue has been resolved by increasing the robustness of the
translation mechanism.
This issue has been resolved.
Y---------
YYYYYYYYYY
Page 40
Features in 291-05 40
CR Module Level Description
CR00015569
Firewall 2 When only NAT was enabled on the firewall, during some TCP connections in
which either end of the connection sends FIN (finished) messages immediately
after sending some data and the other end ACKs (acknowledges) the data and
the FIN message consecutively, the firewall sometimes incorrectly interpreted the
first ACK message (intended for the data) as belonging to the FIN message and
prematurely shut the connection down. This could prevent the firewall from
opening up new connections using the same port numbers.
This issue has been resolved.
CR00015592
BGP,
IP Gateway
2 When BGP learned new best routes for a particular destination, it did not always
clear any active IP flows that used the previous best route. Therefore, the router
or switch continued to forward traffic sub-optimally.
This issue has been resolved. Now, when BGP inserts new routes into the IP route
table, it deletes all active route flows, so any active flows change to using the new
route. The time taken to delete a full table of IP flows has also been greatly
reduced.
CR00015736
Switch 2 Sometimes IP routed traffic would be sent out the correct port, but with the
destination MAC of another device on the network. This issue was most likely to
occur in configurations that use multi-homed interfaces on multiple VLANs for
end devices.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYY- - - - Y
YYYYY- - YYY
-------YY-
CR00015822
CR00015861
Version 291-10
C613-10488-00 REV G
Switch 2 When the command enable ip macdisparity was used, and a static ARP entry
was configured with an L2 multicast MAC address, the switch should have
broadcast traffic to that multicast MAC address out all ports in the VLAN. This
was not happening.
This issue has been resolved.
VRRP 2 After manually disabling the master VRRP router, sometimes a backup router that
should assume master status would not do so, and VRRP would cease to function
properly.
This issue has been resolved.
-------YY-
YYYYYYYYYY
Page 41
Features in 291-05 41
CR Module Level Description
CR00015938
DHCPv6 2 For DHCPv6, the router or switch now supports Prefix Delegation according to
RFC 3633. The previous implementation was according to an Internet draft and
did not interoperate with other DHCPv6 implementations.
This issue has been resolved.
CR00015974
DHCPv6 2 The DHCPv6 client regularly wrote the file client6.dhc, which over time caused
unnecessary Flash compactions.
This issue has been resolved. The DHCPv6 client now only writes the file when
the contents are different from the previous time that the file was written. This
greatly reduces the number of Flash compactions caused.
CR00015984
DHCPv6 2 DHCPv6 authentication did not work correctly.
This issue has been resolved. You can now configure the router or switch to
authenticate DHCPv6 exchanges.
CR00015989
TPAD 2 When using the TPAD autodial feature and sending multiple transactions over a
TCP/IP connection, the router or switch responded to good APACS packets by
sending an ACK. This ACK was unnecessary and could cause interoperability
issues.
This issue has been resolved. The router or switch no longer sends the ACK in
these circumstances.
CR00016034
IP Gateway,
Firewall
2 Previously it was not possible to add a static ARP entry for the corresponding
partner address of a /31 subnet interface.
This issue has been resolved. The router or switch will now also allow /31 ARP
requests to pass through the firewall.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYY- - YYY
YYYYY- - YYY
YYYYY- - YYY
YYYY- - - - - -
YYYYY- - - - Y
CR00016060
Version 291-10
C613-10488-00 REV G
IGMP 2 If a port was disabled from being an All Routers group port for IGMP, and that
port received All Routers group traffic, it would incorrectly be added to the All
Routers group.
This issue has been resolved.
Y- YYYYYYYY
Page 42
Features in 291-05 42
CR Module Level Description
CR00016128
IPsec, IPv6 2 When the icmptype parameter was changed to none for an IPv6 IPsec policy, an
incorrect ICMP type value was displayed in output of the command show config
dyn and saved in the configuration file produced by the command create
config.
This issue has been resolved.
CR00016180
GUI, Firewall 2 When configuring the firewall with the GUI, the Policy options tab did not
update its display when options were changed from the default settings. For
example, if the user cleared a checkbox and clicked the Apply button, the router
correctly turned off that option, but the GUI showed a check in the checkbox.
This issue has been resolved.
CR00016200
Core 2 The router or switch’s handling of soft errors has been further improved. Soft
errors are spontaneous changes in the information stored in a digital circuit,
caused by physical effects.
CR00016288
SYN 2 The polarity of the CD output of RS-232 DCE and V.35 DCE SYN cables was
reversed—it was ON when OFF was selected and vice-versa.
This issue affected AR750S, AR770S, and AR44xS series routers.
This issue has been resolved.
CR00016303
Load 2 The upload command did not always work if the server parameter was set with
the set load command instead of being specified in the upload command.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYY- - - - -
Y---------
YYYYYYYYYY
Y-Y-------
YYYYYYYYYY
CR00016327
Version 291-10
C613-10488-00 REV G
IP Gateway 2 If a policy filter was configured, ping sometimes failed. This happened because
the router or switch assigned the ICMP echo replies to an IP flow without
checking that the interface for the echo replies matched the interface for the
flow. Therefore, the router or switch could use the wrong flow to forward the
replies.
This issue has been resolved.
YYYYYYYYYY
Page 43
Features in 291-05 43
CR Module Level Description
CR00016364
DHCPv6 2 If an IPv6 DHCP client was forced to rebind to a router or switch acting as a DHCP
server, the server returned incorrect timing parameters to the client. Some clients
were able to cope with this, but others could end up losing their DHCP lease.
This issue has been resolved.
CR00016365
DHCPv6 2 The following issues occurred with DHCPv6:
■ The option IDs for DNS name server and domain search list were incorrect. This
caused interoperability issues with other implementations.
■ The domain names specified in the domain name option were encoded
incorrectly. This caused interoperability issues with other implementations.
■ If a user entered two DNS servers for a DHCPv6 policy, then saved the
configuration, the command was not saved correctly. When the router or
switch ran the configuration on start-up, it added only the second DNS server
to the policy.
These issues have been resolved.
CR00016379
IGMP Proxy,
Switch,
IP Gateway
2 If IGMP proxy was enabled and multicast data was received on a downstream
VLAN interface, that data would be transmitted to other interfaces. Also, the
VLAN interface that received the data would forward two copies of the packet
to other ports on that VLAN.
These issues have been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYY- - YYY
YYYYY- - YYY
Y- YYYYYYY-
CR00016394
CR00016418
Version 291-10
C613-10488-00 REV G
IP Gateway 2 ARP did not work correctly on logical /31 interfaces, which prevented regular IPv4
communications from working over these logical /31 interfaces.
This issue has been resolved.
STP 2 If the switch received IGMP packets on the non-lead port of a trunk group which
was participating in a Spanning Tree, in some circumstances the switch would
forward the packets out of an STP-blocked port in the trunk.
This issue has been resolved.
YYYYYYYYYY
- - - YYYYYYY
Page 44
Features in 291-05 44
CR Module Level Description
CR00016489
BGP 2 When BGP capability matching was changed to strict, that setting was not
displayed in output of the command show config dyn or saved in the
configuration file produced by the command create config. When the router or
switch ran the configuration file on start-up, the capability matching setting
reverted to the default of loose.
This issue has been resolved.
CR00016526
PPP 2 An interoperability issue with a malfunctioning PPP peer meant that the peer
could ACK an IP address of 0.0.0.0 when it was required to offer a valid public IP
address.
This issue has been resolved. The router or switch now refuses to accept this
incorrect negotiation and instead resends a configure request for an IP address.
CR00016576
IPv6 2 The router or switch sometimes rebooted after receiving an IPv6 router
advertisement, or after the command set ipv6 interface was entered.
This issue has been resolved.
CR00016621
Switch 2 On 48-port switches, hardware filters with the eport parameter specified did not
always behave correctly.
This issue has been resolved.
CR00016698
BGP 2 The following issues occurred when using BGP aggregate specifications (created
using the command add bgp aggregate):
■ When an aggregate route was originated from routes learnt from external
peers, and then all of the contributing child routes were withdrawn by the
external peers, the aggregate route was not removed from the routing table.
It could still be advertised to external peers.
■ When a network or import entry (add bgp network or add bgp import)
resulted in a route entry that had the same prefix length as the aggregate
specification, then BGP (correctly) originated the aggregate route. However,
deleting the network or import definition did not remove the aggregate route
from the routing table.
These issues have been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYY- - YYY
YYYYY- - YYY
YYYYY- - YYY
---YYYY---
YYYYY- - YYY
Version 291-10
C613-10488-00 REV G
Page 45
Features in 291-05 45
CR Module Level Description
CR00016727
CR00016762
TCP, Telnet 2 The speed of the output from the Telnet server has been increased. Y Y Y Y Y Y Y Y Y Y
ISDN 2 For AR44xS series routers with system territory set to USA, the ISDN Q.931 SPIDs
failed to initialize to the ISDN exchange/ISDN USA profile simulator (both manual
and auto SPIDs) after a reboot.
This happened because the router did not write *.spd files to Flash memory, so
the SPID initialization failed on reboot because the SPIDs did not exist.
This issue has been resolved. The *.spd files are now correctly written to Flash
memory, which allows SPIDs to initialise after a reboot.
CR00016804
Bridge 2 If an Ethernet packet, including its FCS (Frame Check Sequence), was
encapsulated in PPP and bridged to a VLAN interface, the packet could contain
two FCS values.
This issue has been resolved.
CR00016855
Frame Relay 2 When the MTU of a Frame Relay logical interface was modified (by using the
command set interface=fr-int mtu=value), incorrect interface and MTU
settings were displayed in output of the command show config dyn and were
saved in the configuration file produced by the command create config.
CR00016856
Firewall 2 When the firewall policy for an interface had a NAT type of ENAPT, the firewall
did not correctly translate the destination addresses of incoming packets that
matched “allow” rules.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
Y---------
YYY-------
YYYY- - - - - -
YYYYY- - - - Y
CR00016911
Version 291-10
C613-10488-00 REV G
Classifier 2 When a non-default protocol was specified for a classifier, in some circumstances
that protocol setting was not displayed in output of the command show config
dyn or saved in the configuration file produced by the command create config.
When the router or switch ran the resulting configuration file on start-up, the
protocol setting was lost.
This issue has been resolved.
YYYYYYYYYY
Page 46
Features in 291-05 46
CR Module Level Description
CR00016940
Core 2 Some versions of the AT-G8T GBIC prevented the switch from detecting and
setting up the AT-A47 expansion board correctly. This issue occurred on start-up
when the GBIC was installed and had a link up.
This issue has been resolved.
CR00016941
IP Gateway 2 When there were multiple routes to a destination and the best route was deleted
from the switch’s hardware routing table, the switch did not use the alternative
route. Also, the switch only used the best route, even if ECMP was supported.
This issue has been resolved. When multiple routes exist and the best route is
deleted from the hardware table, the switch now adds the next best route to the
hardware table correctly. If the switch supports ECMP, all routes are now added
to hardware, not just the best route.
CR00017006
Switch 2 Previously, the link to the AT-G8T GBIC would not come up automatically when
its auto-negotiation slide switch was set to “on”. This was because the switch
configured the GBIC in a fixed speed mode by default.
This issue has been resolved. The link now comes up automatically when the
auto-negotiation slide switch is set to “on”. To bring the link up when autonegotiation is set to “off”, use the command:
set swi port=port-list speed=1000mf
CR00017031
IGMP
Snooping
2 If a port on the router or switch joined and left many IP multicast groups, the
router or switch sometimes did not transmit all multicast packets to all receivers.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
-----Y----
- - - YYYYYYY
---------Y
Y- YYYYYYYY
CR00017036
Version 291-10
C613-10488-00 REV G
Switch 2 In some trunk configurations, the STP state of trunks was incorrectly applied to
non-trunk ports. This could result in incorrect traffic flows in the network. This
issue has been resolved.
-------YY-
Page 47
Features in 291-05 47
CR Module Level Description
CR00017074
DHCPv6 2 DHCPv6 prefix delegation contained the followed issues:
■ previously, the command create dhcp6 range accepted ranges with an
invalid prefix length.
This issue has been resolved. The router or switch now displays an error unless
the prefix length is in the range 48-64.
■ previously, when the router or switch requested a prefix to delegate to its
appint interfaces, it could only use prefixes of length 48 or 64.
This issue has been resolved. The requesting router or switch can now use any
prefix that has been delegated to it, as long as the prefix length is less than or
equal to 64 bits.
■ The requesting router or switch would allocate an address to the interface
through which it connects to the delegating router or switch.
This issue has been resolved. The router or switch no longer does this.
CR00017076
IPsec 2 When entering the command set ipsec policy, the value of the
respondsetbadspi was incorrectly reset to its default of false, unless it was also
included in the set command.
This issue has been resolved.
CR00017146
IP Gateway 2 When the router or switch’s Local address was pinged, the router or switch
responded from the interface address of the interface through which it received
the ping, instead of the Local address to which the ping was sent. This issue has
been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYY- - YYY
YYYYY- - - - -
YYYYYYYYYY
CR00017151
CR00017239
Version 291-10
C613-10488-00 REV G
Te ln e t 2 When Reverse Telnet was enabled the command shell was (correctly) disabled on
all ASYN ports apart from ASYN0. However when Reverse Telnet was disabled
again, the command shell was not re-enabled on the other ASYN ports.
This issue has been resolved.
VLAN, IGMP
Snooping
2 When a user configured IGMP static router ports, the configuration file produced
by the command create config could be invalid. When the router or switch ran
the resulting configuration file on start-up, it produced an error instead of
configuring the router ports.
This issue has been resolved.
YYYY- - - - - -
Y- YYYYYYYY
Page 48
Features in 291-05 48
CR Module Level Description
CR00017257
WAN Load
Balancer
2 If two WAN load balancer healthcheck hosts were defined, and one was
unreachable and the other was reachable, WAN load balancer resources were
(correctly) in the UP state because at least one healthcheck host was reachable.
However, removing the reachable host (by using the command delete wanlb
healthcheck) should have changed the WAN load balancer resources to the
DOWN state, but did not.
This issue has been resolved. If the only healthcheck host available is unreachable
and the resource is currently in the UP state, the next unreachable healthcheck
received from that host now forces the resource to the DOWN state.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYY-------
Version 291-10
C613-10488-00 REV G
Page 49
Level 3
Features in 291-05 49
CR Module Level Description
CR00008225
CR00009036
Core 3 Some early software versions, on some products, supported the command show
system temperature. This command was deprecated after version 2.6.4. If a
user entered this command on any product, the following message was
displayed:
Info (1034107): SHOW SYSTEM TEMPERATURE is no longer available. Please
use SHOW SYSTEM ENVIRONMENTAL instead.
However, only the following products use the show system environmental
command to display the temperature: AR750S and AR770S routers, and
AT-8600, AT-8800, AT-8948, x900-48, and AT-9900 series switches.
Other products use show system instead. On the other products, the above
error message was incorrect because it stated that the show system
environmental command was available.
This issue has been resolved. On products that do not use show system
environmental, the following error message is displayed if you enter the show
system temperature command:
Info (1034090): Command unavailable on this product.
File 3 If a user tried to copy a small file (less than 32 bytes) in Flash when there was not
enough free Flash space for the file and its header, the router or switch did not
generate an error message, and the copying could appear to have succeeded.
This issue has been resolved. The error message:
Insufficient space to store file [file name]
is now displayed under those conditions.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YY- Y- - Y- - Y
YYYYYYYYYY
CR00010518
CR00010710
Version 291-10
C613-10488-00 REV G
Core 3 The show cpu statistics were unnecessarily inaccurate. For example, a router or
switch that was effectively idle showed a CPU usage of 10% to 12%.
This issue has been resolved. When the router or switch is effectively idle, the CPU
usage now displays as less than 5%.
-Y------Y-
Page 50
Features in 291-05 50
CR Module Level Description
CR00011629
PIM, PIM6,
ECMP
3 Previously, the switch’s count of PIM4 and PIM6 bad Bootstrap Messages (BSMs)
could be high, because the switch forwarded BSMs over interfaces that
contained an Equal Cost Multipath (ECMP) route to the receiving interface.
This issue has been resolved. BSMs are no longer forwarded via all interfaces
contained in an ECMP group, but only via one interface in the group.
CR00012495
IGMP 3 When an IGMP filter was destroyed, switch ports that used the filter did not have
their IGMP filter setting returned to “None”.
This issue has been resolved.
CR00014324
PPP 3 The interface MIB ifInOctets and ifOutOctets counters displayed by the show
ppp counter command incorrectly included the lower layer framing octets and
were 5 octets per frame greater than they should have been.
This issue has been resolved.
CR00014919
QoS,
DHCP
snooping
3 DHCP snooping accepted a minimum of one new client per QoS flow group,
instead of a minimum of one new client per port. This meant that DHCP
snooping sometimes did not respect the lease limit (maxlease) on a port.
This issue has been resolved.
CR00015092
ATM 3 Previously, the information output by the “?” help for the ATM channel pcr
parameter was incorrect.
This issue has been resolved. The “?” help now displays:
required - decimal in the range 32-155000 (dependant on physical interface)
If you enter a value larger than the maximum PCR allowed on a specific physical
interface, the router now displays the following message for ADSL:
The PCR supplied was too large, the maximum is 1024
and the following message for SHDSL:
The PCR supplied was too large, the maximum is 4608
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
-------YY-
YYYYYYYYYY
YYYYY- - YYY
- - - YYYYYY-
Y---------
Version 291-10
C613-10488-00 REV G
Page 51
Features in 291-05 51
CR Module Level Description
CR00015558
ASYN 3 Under some circumstances, when a PC terminal emulator was opened to
communicate with a router or switch after the router or switch had fully booted
up, the login prompt did not immediately display. To display the login prompt, it
was necessary to remove and re-insert the cable. This issue applied to all models’
ASYN ports except ports on the AR024 PIC.
This issue has been resolved.
CR00015690
DHCP6 3 In the command create dhcp6 range, the ip parameter correctly has the syntax
prefix1[-prefix2]. However, the second prefix was previously not optional.
This issue has been resolved, so that the second prefix (of the form ipv6address/
prefixlength) is no longer required. If you do not enter a second prefix, it is now
calculated from the first prefix. The second prefix has the same prefix length at
the first and has all 1s in the non-significant part of the address. For example, the
second prefix for 3ffe:1:2:3::/64 would be 3ffe:1:2:3:ffff:ffff:ffff:ffff/64.
CR00015881
SNMP, Switch 3 The SNMP objects dot3StatsSQETestErrors and dot3StatsCarrierSenseErrors are
not supported on AR750S, AR410, and AR450S routers. Previously SNMP GET
got a random value for these objects.
This issue has been resolved. SNMP GET now gets 0 for these objects.
CR00015969
WAN load
balancer
3 After the command reset wanlb resource=all was entered, WAN load balancer
resources would show their state as “UP” even if the underlying IP interface was
down.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYY
YYYYY- - YYY
Y-Y-------
YYY-------
CR00016001
CR00016177
Version 291-10
C613-10488-00 REV G
DHCPv6 3 When a DHCPv6 client was soliciting for servers, the selection of the best server
did not proceed in the way specified by the RFC.
This issue has been resolved.
Switch, MIB 3 The default value of the MIB object ifJackType for the GBIC slot on AT-8800 series
switches was incorrect if no GBIC card was plugged in.
This issue has been resolved. The default value is now “other(1)”.
YYYYY- - YYY
----Y-----
Page 52
Features in 291-05 52
CR Module Level Description
CR00016228
QoS 3 If a QoS policy uses the same classifier more than once, the router or switch now
displays a warning message. You should not use a classifier more than once in a
policy because the operation of such policies is unpredictable.
CR00016463
DHCPv6 3 For the command create dhcp6 range, DHCPv6 now checks that the specified
address or prefix range is valid for the specified type of range.
Valid options are:
■ address1-address2 (e.g. 3ffe:1:2:3:4:5::1-3ffe:1:2:3:4:6::ffff)
This is a range of addresses for address assignment (type=normal or
type=temporary).
■ address/prefixLen (e.g. 3ffe:1:2:3:4:5::/96)
This is a range of addresses for address assignment (type=normal or
type=temporary).
■ address/prefixLen-address/prefixLen (e.g. 3ffe:1:2::/48-3ffe:1:40::/48)
This is a range of prefixes for prefix assignment (type=pd).
CR00016799
Core 3 For revision M1 of AR770S routers, the low-end threshold for monitoring the 1.2
volt rail was too high. This caused power supply monitoring false alarms.
To check the router revision, use the command show system and check the
“Rev” entry underneath the time and date.
This issue has been resolved—the threshold is now correct.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYY
YYYYY- - YYY
--Y-------
CR00017008
Version 291-10
C613-10488-00 REV G
Core 3 Revisions M3-1and later of the AR745 router do not support Redundant Power
Supplies. Therefore, for these routers, RPS monitoring information has been
removed from output of the command show system, and it is no longer
possible to use the command set sys rpsmonitor.
-Y--------
Page 53
Level 4
Features in 291-05 53
CR Module Level Description
CR00000396
CR00011560
CR00013976
CR00015543
CR00016126
IGMP 4 If a static IGMP port went link down, it was not shown in the “Static Ports” list
in the output of the show ip igmp command. This was only a display issue.
This issue has been resolved.
Install 4 It is no longer possible to specify a compact flash file as the boot configuration
file. If the command set config=cf:filename.cfg is entered, the router or switch
does not change the current boot configuration file and instead displays the
following error message:
Cannot specify configuration file in Compact Flash
IGMP 4 The list of parameters output by the “?” help for show ip igmp ? incorrectly
included “IGMP”.
This issue has been resolved.
Bridge 4 In output of the command show bridge spanning, the bridge identifier was
correctly displayed as a hexadecimal number, but it was not obvious that the
number was hexadecimal.
This issue has been resolved. The output now has 0x in front of the hexadecimal
number, to make it clear that it is hexadecimal.
QoS, Switch 4 When a QoS policy was associated with a port that was set to a speed less than
the maximum speed of the port, a warning message would be displayed on the
console session and in the log when the port state changed to UP. This message
stated that the QoS policy operation may be affected by the speed setting of the
port. Having this message displayed on the console was considered unnecessary
and potentially confusing.
This issue has been resolved.The message is now only displayed in the log.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8 600
AT-8700XL
x900-48
AT-9900
AT-9 800
YYYYYYYYYY
--Y----YYY
YYYYYYYYYY
YYY-------
- - - YYYYYYY
CR00016451
Version 291-10
C613-10488-00 REV G
IP Gateway 4 When a second metric was displayed in the output of the command show ip
route (because of OSPF, for example) this metric was truncated to 2 characters.
This issue has been resolved. The output now displays both metrics in a field up
to 10 characters long.
YYYYYYYYYY
Page 54
Enhancements
Features in 291-05 54
CR Module Level Description
CR00014288
GUI - An ADSL connection option has been added to the Wizards page of the GUI for
AR44xS routers. This option links to the xDSL configuration section, which lets
you configure all basic ADSL or SHDSL settings on one convenient page.
If your router GUI does not open at the Wizards page, click on the Wizards
button at the top of the left-hand menu to access it.
CR00014667
PPP - This enhancement increases the amount of time that the router or switch waits
for a CHAP Success message. This enables the router or switch to successfully
complete authentication, even in particularly slow networks.
The first authentication attempt still times out after 3 seconds, but the second
attempt takes 6 seconds to time out, and any further attempts take 9 seconds.
CR00015432
ADSL, GUI - The GUI for AR440S and AR441S routers now displays statistics for the ADSL
port. You can now see:
■ a pop-up summary box, by clicking on the port on the System Status page
■ ADSL port details, by selecting the new ADSL Statistics page in the Diagnostics
menu
■ ASDL port counters, by selecting the new ADSL Counters page under Layer 1
Counters in the Diagnostics menu
CR00016078
Software QoS,
PPP, Ethernet,
VoI P
- The router or switch now supports software QoS on PPPoE interfaces.
Note that this enhancement is not available on AR770S routers.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
Y---------
YYYYY- - YYY
Y---------
YYYY- - - - - -
Version 291-10
C613-10488-00 REV G
Page 55
Features in 291-05 55
CR Module Level Description
CR00016150
IPsec, IPv6 - To establish a tunnelled IPsec connection for IPv6, you may need to specify the
source IP interface in the IPsec and ISAKMP policies. This enhancement enables
you to do so.
To specify the source interface, use the srcinterface parameter in the
commands:
create ipsec policy=name <other parameters>
set ipsec policy=name <other parameters>
create isakmp policy=name <other parameters>
set isakmp policy=name <other parameters>
The global address of the source interface (if available) will be used as the local
address of the policy.
CR00016221
Load, MIBs - With this enhancement, you can use SNMP to:
■ set parameters for uploading files from the router or switch, and
■ upload files to a TFTP server
SNMP already lets you save the current configuration to a file on the router or
switch. You can use this with the new options to back up the configuration to a
TFTP server.
For more information, see “Backing up the configuration with SNMP—
CR00016221” on page 96.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYY- - - - -
YYYYYYYYYY
Version 291-10
C613-10488-00 REV G
Page 56
Features in 291-05 56
CR Module Level Description
CR00016234
DHCP
Snooping
- This enhancement enables the router or switch to log discarded ARP requests
when ARP security is enabled. By default, discarded ARP requests are not logged.
To turn logging on, use the command:
enable dhcpsnooping log=arpsecurity
To turn it off, use the command:
disable dhcpsnooping log=arpsecurity
To see whether it is enabled, use the existing command:
show dhcpsnooping
and check the new “Logging enabled” entry.
To view the log entries, use the command:
show log
CR00016285
MACFF - It is now possible to use MAC-forced forwarding on non-private VLANs. Because
MAC-forced forwarding is primarily a security feature, the switch displays a
warning message if you do so.
This enhancement allows you to use MAC-forced forwarding to limit broadcast
traffic in a network where private VLANs are not appropriate.
CR00016361
Switch - AT-8948, AT-9900 and x900-48 series switches now support AT-SPTX tri-speed
Cu SFPs.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
- - - YYYYYY-
- - - YYYYYY-
-------YY-
CR00016437
Version 291-10
C613-10488-00 REV G
MSTP - In the command set mstp configname=name, the switch now accepts the
character “.” in the name.
- - - YYYYYY-
Page 57
Features in 291-05 57
CR Module Level Description
CR00016459
Core - This enhancement disables CPU fan monitoring on AT-8948 switches. Monitoring
the fan is unnecessary unless an accelerator card is installed on the switch, so
disabling monitoring reduces the number of messages that the switch displays
and logs.
To enable monitoring, use the command:
enable cpufanmonitoring
To disable it again, use the command:
disable cpufanmonitoring
When monitoring is enabled, the command show system displays the CPU fan
status in the entry labelled “Main fan”.
CR00016523
SNMP - This enhancement enables you to specify whether SNMP adds 0x00 padding
when the most significant 9 bits of an object’s value are all 1, or whether the
encoding follows the ASN.01 BER rule, which cuts off the most significant byte
of 0xff. This setting has an impact on all integer type MIB objects, including 32
bit and 64 bit counter objects.
To add the padding, use the command:
set snmp asnberpadding={on|yes|true}
For examples, see “SNMP ASN.01 BER Padding—CR00016523” on page 99.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
-------Y--
YYYYYYYYYY
Version 291-10
C613-10488-00 REV G
Page 58
Features in 291-05 58
CR Module Level Description
CR00016758
IP NAT - This enhancement enables you to turn off TCP state and sequence checking in IP
NAT. It also allows all ICMP packets go through IP NAT.
To do this, use the command:
enable ip nat bypasstcp
When bypasstcp is enabled, IP NAT performs IP address and port translation for
TCP packets and forwards the packets, regardless of the TCP sequence number
and the current TCP state. It also allows ICMP echo reply and other ICMP packets
to initiate a session and get forwarded.
To disable the bypassing, use the command:
disable ip nat bypasstcp
Bypassing is disabled by default because it degrades the security of IP NAT.
However, it is useful when you need NAT on VRRP routers.
Note that this enhancement does not apply to firewall NAT.
CR00016776
IP Gateway - This enhancement allows ARPs to move between ports on the router’s VLAN
interfaces.This assists with wireless station roaming.
To enable this feature, use the command:
enable ip arp silentroam
To disable it, use the command:
disable ip arp silentroam
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYY-------
Y-Y-------
CR00016785
CR00016977
Version 291-10
C613-10488-00 REV G
Core - The default summertime dates have been updated to reflect the changes for
North America made by the American Energy Policy Act of 2005.
By default, summertime now starts on the second Sunday in March and ends on
the first Sunday in November.
Script - This enhancement enables you to use aliases in commands in script files. The
router or switch expands the aliases when it runs the script (except when it runs
the script at start-up).
YYYYYYYYYY
YYYYYYYYYY
Page 59
Features in 291-04 59
Features in 291-04
Software Maintenance Version 291-04 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■ “Y” indicates that the resolution is available in Version 291-04 for that product series.
■ “–” indicates that the issue did not apply to that product series.
Level 1
CR Module Level Description
CR00013787
CR00013813
CR00013963
ISAKMP,
Logging
TTY, User 1 When a user telnets into the router or switch, to login via RADIUS authentication,
Switch 1 Under heavy broadcast traffic, it was possible for the switch forwarding database
1 It was possible for invalid log messages to overwrite the log message buffer and
cause the router or switch to reboot. Such invalid log messages could occur with
VPN tunnels, for example.
This issue has been resolved.
the telnet connection establishes and then user login authentication starts.
Previously, if the remote user closed the telnet connection before RADIUS
responded to the authentication request, then the router or switch rebooted
when it received the RADIUS Reply message.
This issue has been resolved. The router or switch now does not reboot if the
telnet connection is closed before the RADIUS Reply message arrives.
(FDB) to lock up.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8 600
AT-8700XL
x900-48
AT-9900
AT-9 800
YYYYYYYYYY
YYYYYYYYYY
–––––––YY–
Version 291-10
C613-10488-00 REV G
Page 60
Features in 291-04 60
CR Module Level Description
CR00014145
CR00016314
Core
DHCP
Snooping
Core 1 AR442S routers did not run the user-specified configuration script at start up.
1 DHCP Snooping determines when a client lease will expire by taking the current
time and adding the client's assigned lease period to it. Previously, DHCP
Snooping did not update this expiry time if the switch's clock time changed,
which can happen because of NTP, summertime, or a user manually re-setting the
time. Therefore, if the switch's clock time changed, DHCP clients could expire
and lose connectivity.
This issue has been resolved. If the switch's clock changes, DHCP Snooping now
updates its client expiry times.
Also, they incorrectly displayed the message “INFO: Initialising Flash File System”
twice during start up.
These issues have been resolved.
Level 2
CR Module Level Description
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
–––YYYYYY–
Y–––––––––
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
CR00010511
CR00012564
Version 291-10
C613-10488-00 REV G
BGP 2 Turning defaultoriginate on or off for a BGP peer (by using the command add
bgp peer) did not cause BGP to generate an update, even if automatic updating
was enabled (enable bgp autosoftupdate).
This issue has been resolved.
L2TP 2 Setting a timeout on L2TP packet debugging caused the router or switch to
reboot.
This issue has been resolved.
YYYYY––YYY
YYYYY––YYY
Page 61
Features in 291-04 61
CR Module Level Description
CR00013592
HTTP 2 A badly formed response from a particular HTTP server caused the router or
switch to reboot when it attempted to load a non-existent file from that server.
This issue has been resolved.
CR00013700
IP Gateway 2 When an IP packet was queued by the ENCO module or other applications, and
the IP flow for the packet became invalid while the packet was queued, the
router or switch sometimes rebooted.
This issue has been resolved.
CR00013791
IGMP, VLAN 2 Disabling IGMP snooping correctly increased the number of L3 filter matches
available. However, if the configuration was saved and then run after a reboot,
the switch incorrectly limited the number of L3 filter matches to the number
available when IGMP snooping was enabled. If the maximum number of matches
had been configured, this meant that some matches were missing after a reboot.
This issue has been resolved.
CR00013823
Switch 2 In very rare circumstances, a port could stop transmitting traffic if its speed was
modified or it was reset while under heavy traffic load.
This issue has been resolved.
CR00013929
ADSL
ATM
Ethernet
2 When performing RFC1483 encapsulation of Ethernet frames, the AR44xS
routers did not pad frames out to the 64-byte minimum frame size (the RFC does
not require such padding to be performed). This resulted in an interoperability
issue with ATM switches that discarded (rather than padded) the undersize
frames upon decapsulating them.
The effect of this was that when an AR44xS router was connected to an ATM
network that contained such switches, the router could fail to connect at the PPP
session level.
This issue has been resolved. The router now always pads undersize Ethernet
frames to the 64-byte minimum frame size before it performs RFC1483
encapsulation. This avoids the possibility of this interoperability issue.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYY
YYYYYYYYYY
–––YYYY–––
–––––––––Y
Y–––––––––
Version 291-10
C613-10488-00 REV G
Page 62
Features in 291-04 62
CR Module Level Description
CR00014228
CR00014269
CR00014298
CR00014323
CR00014340
Switch 2 When the router generated packets (such as ARP requests) and sent them out
multiple LAN ports, it always sent them as untagged packets.
This issue has been resolved, so that LAN traffic will be tagged or untagged as
specified in the VLAN port configuration.
Switch 2 If a user explicitly set the learn limit to zero by entering the command:
set switch port=number learn=0 intrusion=discard
and the learn limit had either not been explicitly set previously or had been
explicitly set to a non-zero value, then the switch would not learn any MAC
addresses. It treated 0 as meaning “learn 0 addresses” instead of meaning “no
limit”.
This issue has been resolved. A learn limit of 0 means “no limit” in all
circumstances.
Switch 2 Packet loss sometimes occurred when an IGMP snooping group timed out.
This issue has been resolved.
Switch
EPSR
Bridge, Switch,
VLAN
2 When EPSR was used in a network with a 10Mbps multicast or broadcast flow,
the EPSR ring frequently alternated between a state of failed and complete.
This issue has been resolved.
2 Bridging STP did not work if a VLAN was added as a bridge port.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
––Y–––––––
–––––––YY–
–––––––YY–
–––––––YY–
Y–Y–––––––
CR00014437
CR00014673
Version 291-10
C613-10488-00 REV G
Core
Install
Stacking
Load 2 Attempts to upload a file to a TFTP server failed if a invalid IP address was
2 If a switch’s configuration was saved (by using the command create
config=filename), and then the command set config=filename was entered,
the configuration file should have been propagated through the stack to other
switches that did not have a file of that name. This did not happen.
This issue has been resolved.
specified in previous attempts.
This issue has been resolved.
–––YYYYYY–
YYYYYYYYYY
Page 63
Features in 291-04 63
CR Module Level Description
CR00014714
PIM 2 If a PIM interface was set as the BSR candidate interface (by using the command
add pim bsrcandidate interface=interface) and that interface went down,
PIM would select another interface as the BSR candidate interface. The router or
switch also set the new interface as the BSR candidate interface in the dynamic
configuration.
This issue has been resolved. PIM only looks for a new interface to use as the BSR
candidate address if the user has not specified an interface.
CR00014748
Reverse Telnet 2 Reverse Telnet used to filter out Ctrl-D characters, making it impossible to
perform certain actions on the remote device.
This issue has been resolved.
CR00014795
RIPv6 2 When a user disabled RIPv6 or deleted a RIPv6 interface, the router or switch
correctly set the metric of any affected RIPv6 routes to 16, indicating that the
route was unavailable. However, the router or switch continued to try to use such
routes to route packets if no alternative better routes existed.
This issue has been resolved. When a route’s metric is 16, it is no longer used to
route traffic.
CR00014834
Switch 2 When STP detected a topology change and therefore the switch flushed its ARP
table entries, sometimes the switch did not remove entries for non-lead trunk
ports. Therefore, ARP entries for these ports contained incorrect routing
information. These incorrect entries were not replaced until after they timed out.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYY––YYY
YYYY––––––
YYYYY––YYY
–––YYYYYYY
CR00014925
Version 291-10
C613-10488-00 REV G
IP Gateway 2 When the switch had a static route to a destination, and a user added a more
specific static route to the same destination, then the switch should have
removed the less specific route from its hardware switching table, but did not.
This stopped the switch from routing packets to that destination.
This issue has been resolved.
–––YYYY–––
Page 64
Features in 291-04 64
CR Module Level Description
CR00014987
Core
Switch
2 If a terminal emulator started up after the router started up, the router did not
display a login or command prompt. This issue occurred with some terminal
emulators (including Tera Term Pro) when connecting to the AR415S router.
This issue has been resolved.
CR00015032
PKI 2 When adding a certificate to PKI, if the length of the public key in the certificate
was longer then 2048 bits (256 bytes) the router or switch could reboot.
This issue has been resolved.
CR00015071
IP Gateway 2 Routing over a PPP interface could fail if the switch had a default route out an
Ethernet port. The default route switched all packets, even those destined for the
PPP interface.
This issue has been resolved. The resolution involves adding routes over the PPP
interface to the switch hardware tables with an instruction to trap these packets
to the CPU. Therefore these routes now appear in the hardware tables, and can
be displayed by using the command show switch table=ip.
CR00015087
Classifier,
DHCP
snooping,
2 When MAC-forced forwarding (MACFF) was running, the switch did not filter
multicast packets correctly.
This issue has been resolved.
Switch, MACFF
CR00015156
Switch 2 On AR750S, AR750S-DP, and AR400 Series routers, if a user set a switch port to
autonegotiate speed and duplex mode (by using the command set switch
port=number speed=auto), the link went down.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
Y–––––––––
YYYYYYYYYY
–––––––YYY
–––YYYY–––
Y–Y–––––––
CR00015207
Version 291-10
C613-10488-00 REV G
Firewall 2 If a VoIP call came in through the SIP ALG from the public side of the firewall and
was then transferred by the device on the private side, the firewall session was
not always updated. When this happened, the person to whom the call was
transferred could not hear the person who had called.
This issue has been resolved.
YYYYY––––Y
Page 65
Features in 291-04 65
CR Module Level Description
CR00015348
GUI 2 The GUI could not be used to access the dual power supply AR750S-DP router.
This issue has been resolved. The GUI resource file to use is
750s_281-06_en_d.rsc.
CR00015396
IP Gateway 2 If you defined an IP filter without specifying the optional type parameter, the
default value of type=traffic was added to the filter in the dynamic
configuration. This prevented you from using the configuration file with software
version 2.7.6 and older releases.
This issue has been resolved. The type parameter is only added to the dynamic
configuration if you enter a value for it.
CR00015474
Ethernet 2 If an AR020 PRI E1/T1 PIC was installed on an AR415S, the router’s Ethernet
interface stopped receiving unicast or multicast packets correctly—it only
received broadcasts correctly.
This issue has been resolved.
CR00015638
Switch 2 On AR770S routers, when generating multicast or broadcast CPU traffic out a
VLAN that had multiple active switch ports in it, the traffic would only egress
port 1.
This issue has been resolved.
CR00015697
Switch 2 Mirroring the traffic on port 1 of any line card caused the switch to lose packets.––––––––––
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
––Y–––––––
YYYYYYYYYY
Y–––––––––
––Y–––––––
CR00015925
Version 291-10
C613-10488-00 REV G
ADSL 2 The ADSL Annex B firmware has been updated on AR441S routers. This improved
interoperability with some DSLAMs.
Y–––––––––
Page 66
Features in 291-04 66
CR Module Level Description
CR00015936
Switch 2 It was not possible to set a tri-speed SFP to a fixed speed in the configuration
script that the AT-9924SP switch runs when it starts up.
This issue has been resolved, so the SFP can be set to a fixed speed from the
configuration script
Also, it was possible to use the command set swi port=number speed on an
empty SFP bay. The command reported that the operation had been successful,
but an inserted SFP was instead set to its previous or default setting.
This issue has been resolved. It is no longer possible to set the speed of an empty
SFP bay.
CR00015949
IPv6 2 Sometimes, when a router or switch received an IPv6 router advertisement
message, it incorrectly created a duplicate of an already-existing interface route.
If a user then deleted the IPv6 interface that these two routes belonged to, the
router or switch could reboot.
This issue has been resolved.
CR00015971
CR00015937
CR00015864
WAN Load
Balancing
2 The following issues occurred with WAN load balancing (WANLB):
■ when a WANLB resource port became unavailable, existing sessions on the
unavailable resource did not move to a backup resource
■ if packets were sent over a WANLB session, then that session timed out, and
then the same packets were sent again, a new session did not establish. This
stopped the packets from being sent the second time.
■ when WANLB was used with Firewall NAT, the orphan timeout setting of
WANLB sessions was not updated correctly. This could mean that WANLB
resources appeared to be available when they were not.
These issues have been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
––––––––Y–
YYYYY––YYY
YYY–––––––
CR00016037
Version 291-10
C613-10488-00 REV G
User 2 If the router or switch used RADIUS authentication and all the RADIUS servers
were unavailable, then the device correctly checked its user database for a
RADIUS backup user and authenticated that user. However, if that user then
logged out, they were unable to log in again until after the RADIUS server Dead
Time timer had expired.
This issue has been resolved.
YYYYYYYYYY
Page 67
Level 3
Features in 291-04 67
CR Module Level Description
CR00007000
CR00009274
CR00009302
CR00009478
GUI, IGMP 3 The graphical user interface (GUI) listed an invalid local interface in the Interface
drop-down list on the page for adding a static IGMP association.
This issue has been resolved.
Switch
IP Gateway
Switch 3 The number of filters that can be created on an AT-8848 switch is limited by the
BGP 3 When a peer’s inroutemap filter assigned an incoming route to a well-known
3 If many VLANs simultaneously went from up to down, or down to up, the switch
became unresponsive for a period of time.
This issue has been improved by reducing the processing overhead for VLAN state
changes.
number of filter matches available. Previously, if a user attempted to create a
filter, and an existing filter already used the same filter match as the new filter,
the switch counted this as two matches being used. This reduced the number of
available filters.
This issue has been resolved.
BGP community, the router or switch did not use the community’s restricted
advertisement settings, such as NoExport or NoAdvertise.
This issue has been resolved.
Also, output of the command show bgp peer now shows whether a route has
been assigned to a community. This is indicated by a flag “m”, as shown in bold
in the following route entry example:
> 192.2.2.0/24 192.168.1.2 IGP - 100
m SEQ 1;
The flag “m” indicates that this route has at least one community attached to it.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYY–YY
–––––––YY–
––––Y–––––
YYYYY––YYY
Version 291-10
C613-10488-00 REV G
Page 68
Features in 291-04 68
CR Module Level Description
CR00010136
IP Gateway 3 If an IP interface was added and deleted many times, an excessive number of
memory buffers became full.
Also, when an IP interface was deleted, the IGMP query timer (set ip igmp
int=interface querytimeout=value) sometimes continued running and later
caused the router or switch to reboot.
These issues have been resolved.
CR00012230
IP Gateway 3 When running the boot ROM release, it was possible to configure the router or
switch as a DHCP client by using the command add ip interface=int ip=dhcp.
However, the boot ROM release does not include the DHCP client feature, so the
router or switch did not receive an IP address via DHCP.
This issue has been resolved. It is no longer possible to configure the router or
switch as a DHCP client when running the boot ROM release.
CR00012493
IP Gateway,
IGMP Proxy
3 Where IGMP proxy is enabled, only one upstream interface may be defined.
Previously, when the command add ip interface=int ip=ipadd
igmpproxy=upstream was used to try to create a second upstream interface,
an error message was correctly displayed. However, the interface was still added,
using igmpproxy=off.
This issue has been resolved. The second interface is no longer added if this error
occurs.
Also, if an interface had been set as the upstream interface and was later
changed to a downstream interface, a different upstream interface could not be
specified, even though there was no active upstream interface.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYY
YYYYYYYYYY
YYYYYYYYY–
Version 291-10
C613-10488-00 REV G
Page 69
Features in 291-04 69
CR Module Level Description
CR00012585
User 3 When authenticating users via RADIUS, the number of times that the router or
switch attempts to contact the RADIUS server is determined by the Server
Retransmit Count (displayed in output of the command show radius).
Previously, this count incorrectly included the initial request. For example, a
Retransmit Count of 3 meant that up to 3 attempts were made to contact the
server.
This issue has been resolved, so that the Retransmit Count no longer counts the
initial request. For example, a Retransmit Count of 3 now means that up to 4
attempts are made to contact the server.
CR00012832
BGP 3 When the router or switch had thousands of static routes and BGP static import
was periodically turned on and off, BGP used an excessive number of memory
buffers. Excessive buffer use could also occur with BGP in other rare
circumstances.
This issue has been resolved.
CR00012858
DHCP 3 Previously, it was not possible to have multiple static DHCP entries with the same
client ID (MAC address), even if the static entries were for different DHCP ranges.
This issue has been resolved. You can now add static DHCP entries for a given
MAC address to multiple ranges. Note that you cannot have multiple entries for
a given MAC address on the same range.
CR00013150
File 3 If a boot configuration script included a command to delete a file followed by a
command to create a file of the same name, a fatal exception occurred when the
router or switch ran that script on reboot.
This issue has been resolved so that the fatal exception no longer occurs.
However, you should avoid putting such file operations into boot configuration
scripts. To enhance multi-tasking, the file handler performs file operations in the
background. This is not possible when executing a boot configuration script, so
the file operations may be queued until after boot-up. In this case, this means
that the file deletion will not be finished before the file creation command tries
to execute.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYY
YYYYY––YYY
YYYYYYYYYY
YYYYYYYYYY
Version 291-10
C613-10488-00 REV G
Page 70
Features in 291-04 70
CR Module Level Description
CR00013629
IGMP 3 When IGMP fast leave was enabled and the switch received a leave message via
a trunk port, the switch only removed the port from the multicast group if the
port was the master trunk port.
This issue has been resolved. When fast leave is enabled, non-master trunk ports
now leave multicast groups as soon as the switch receives a leave message.
CR00013694
CR00014038
Switch,
IP Gateway
IGMP
IP Gateway
3 For layer 3 Jumbo frames, this software version improves initial layer 3 flow setup
and handling of flows that exceed the layer 3 MTU mid-flow.
3 The IGMP Default Timeout Interval is automatically calculated by IGMP in
accordance with RFC 2236, but the following command allows you to over-ride
the calculated value:
set ip igmp timeout=value
Previously, the router or switch sometimes set the interval to the calculated value
instead of using the value entered in the command above.
This issue has been resolved.
CR00014047
DHCP
Snooping
3 Previously, DHCP snooping correctly refused to allocate new DHCP leases once
the maxleases value had been exceeded, but it did so by discarding the server’s
acknowledgement message instead of forwarding it to the client. Therefore, the
DHCP server recorded the address as allocated, which meant the IP address range
could be exhausted.
This issue has been resolved. The server no longer records addresses as allocated
once the maxleases value is exceeded.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
–––YYYYYY–
––––––––Y–
YYYYYYYYYY
–––YYYYYY–
CR00014152
Version 291-10
C613-10488-00 REV G
Switch 3 On AR415S, AR44xS, AR750S and AR770S routers, when a switch port went
down or was reset by using the command reset switch port=number, this
deleted the dynamically-learned forwarding entries for all ports.
This issue has been resolved. Now entries are only deleted for the port that went
down or was specified in the command.
Y–Y–––––––
Page 71
Features in 291-04 71
CR Module Level Description
CR00014163
Firewall 3 When the firewall was performing NAT on UDP video streams and two streams
started up at the same time, sometimes one or both streams displayed excessive
jitter.
This issue has been resolved.
CR00014178
Core 3 The following issues occurred with environmental monitoring:
■ on AR750S and AR770S routers, the values reported by the show system
command were incorrect for the first few seconds after a cold restart
■ on AR770S routers, the router did not indicate power supply problems
through log messages or the system LED
These issues have been resolved.
CR00014285
BGP 3 The default setting for BGP capability matching is now loose instead of strict.
This matches the requirements of RFC 4271.
CR00014305
Switch 3 On AT-8748XL and Rapier 48i switches, mirroring did not work when:
■ only one (not both) of the uplinks had an expansion module installed and
■ that uplink (port 49 or 50) was the mirror port
This issue has been resolved.
CR00014313
GUI, Log 3 If the user cleared the Queue Output checkbox on the Modify Log Output
Definition page of the GUI, it displayed an error instead of making the change.
This issue has been resolved. The GUI can now be used to turn off queuing of
logging output.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYY–––––
––Y–––––––
YYYYY YYY
–––Y––Y–––
YYYYYYY–YY
CR00014327
Version 291-10
C613-10488-00 REV G
MSTP, GUI 3 When using the GUI to configure the MSTP CIST, users had to specify the external
and internal port path costs. If these were not specified, the GUI gave an error
instead of configuring the CIST.
This issue has been resolved. By default, the GUI now specifies “default” for the
path costs. This value of “default” leaves the current setting unchanged.
–––YYYYYY–
Page 72
Features in 291-04 72
CR Module Level Description
CR00014328
IP Gateway,
Switch
3 If a port had static ARP entries defined for a VLAN, then adding the port to
another VLAN made those static ARP entries inactive.
Also, deleting a port from a VLAN would delete all static ARP entries that were
defined on that port, including entries for other VLANs. Note that this deletion
issue did not occur on Rapier i, AT-8800, AT-8700XL, or AT-8600 Series switches.
Both of these issues have been resolved.
CR00014652
PIM6 3 If a user changes the PIMv6 BSR candidate priority to the same value as the
currently-elected BSR’s priority, then the router or switch should be elected as the
BSR if its IPv6 address is higher than the currently-elected BSR. This did not
happen.
This issue has been resolved.
CR00014659
DHCP 3 On the DHCP server, a user could create two static DHCP entries for the same
client in one range. This was only possible if the client had first obtained a
dynamic address from the server.
This issue has been resolved. It is now impossible to add the same static client
twice, even when that client has a pre-existing dynamic entry.
CR00014724
IGMP
Snooping
3 When the router or switch received an IGMP Leave message, it did not update
IGMP Snooping counters correctly in some circumstances.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
Y–YYYYYYYY
YYYYY––YYY
YYYYYYYYYY
Y–YYYYYYYY
CR00014746
Version 291-10
C613-10488-00 REV G
WANLB,
IP Gateway
3 It was possible to delete an IP interface that was configured as a WAN load
balancer resource.
This issue has been resolved.
YY––––––––
Page 73
Features in 291-04 73
CR Module Level Description
CR00014755
BOOTP
IP Gateway
3 It was possible to add a BOOTP relay destination using an interface that was not
running IP. It was also possible to delete an IP interface even though BOOTP relay
destinations were defined for the interface. Both of these situations could allow
the router or switch to be mis-configured.
This issue has been resolved by adding checks for these situations to the
command handlers. It is no longer possible to add a BOOTP relay destination
using an interface not in use by IP, and no longer possible to delete an IP interface
if BOOTP relay has destinations defined using that interface.
CR00014782
PIMv6 3 The command show pim6 staterefresh sometimes corrupted the terminal
display output with random characters. To recover, it was necessary to reset the
terminal session.
This issue has been resolved.
CR00014872
GUI 3 The router or switch rebooted if the Opera browser was used to browse to its
GUI.
This issue has been resolved. However, note that the GUI does not fully support
Opera. Some functionality may not be available.
CR00015107
GUI 3 HTTP pipelining did not operate correctly on some web browsers when browsing
to the GUI. This made some images very slow to load.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYY
YYYYY––YYY
YYYYYYYYYY
YYYYYYY–YY
CR00015126
Version 291-10
C613-10488-00 REV G
IP Gateway 3 For IP filters of type=routing, the first filter entry could not be set to match on
the following IP address/mask pair:
source=0.0.0.0 smask=255.255.255.255
This IP address/mask pair corresponds to the default route.
This issue has been resolved. You can now match on the default route in the first
entry of a filter.
YYYYYYYYYY
Page 74
Features in 291-04 74
CR Module Level Description
CR00015148
IP Gateway
DHCP
3 When a router or switch was configured to use DHCP to assign an address on an
interface, and then set to have a static address on that interface, the DHCP client
in the router or switch would continue to negotiate with the DHCP server. This
tied up a DHCP lease.
This issue has been resolved. Assigning a static address to an interface will stop
the DHCP client from requesting an address from a DHCP server.
CR00015155
Load 3 File upload via the IPv6 version of TFTP was not operating correctly.
This issue has been resolved.
CR00015159
IP Gateway 3 If the router or switch received an IP subnet broadcast packet that was directed
to a unicast MAC address, it incorrectly responded with an ICMP unreachable
message, unless an appropriate IP helper configuration existed.
This issue has been resolved. When there is no IP helper configuration, the
behaviour now depends correctly on the setting of the directedbroadcast
parameter for the IP interface. If directedbroadcast=on, the packet is sent out
as a MAC broadcast. If directedbroadcast=off, the packet is dropped. ICMP
unreachable messages are not sent in any case.
CR00015258
IGMP snooping
VLAN
3 The command add igmpsnooping vlan=vlan routerport=port adds a static
IGMP router port, for a specific VLAN and port pair. Previously, it was possible to
remove the port from that VLAN without updating the static router port
association.
This issue has been resolved. When you remove a static router port from a VLAN,
the router or switch now removes that port from the static router port list and
updates all layer 2 entries.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYY
YYYYY––YYY
YYYYYYYYYY
Y–YYYYYYYY
CR00015346
Version 291-10
C613-10488-00 REV G
Switch 3 The 64-bit counter type objects in the ifXTable of the Interfaces Group MIB (RFC
2863) returned non-zero values for ports that had never been up.
This issue has been resolved.
Y–Y–––––––
Page 75
Features in 291-04 75
CR Module Level Description
CR00015666
IP Gateway 3 Subnet broadcast packets would not be routed correctly when the interface to
which the subnet broadcast was destinated was an interface on the device, but
its link status was down. Even though an alternate route to the destination
existed, the device would send the packets incorrectly.
This issue has been resolved. When a subnet broadcast is received, it will be
correctly forwarded to an alternate route even if the destination interface is
down.
CR00015798
Switch 3 If the switch received a packet on a port and therefore started using MAC-based
authentication to authenticate the port, and then received another packet during
CR00016058
the authentication process, then occasionally the switch dropped the second
packet.
This issue has been resolved.
CR00015915
Ethernet 3 The AR415S router processed some IP multicast packets incorrectly on its eth0
interface.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYY
YYYYYYYYY–
Y–––––––––
Version 291-10
C613-10488-00 REV G
Page 76
Level 4
Features in 291-04 76
CR Module Level Description
CR00004677
Core 4 When the router or switch rebooted, its internal clock lost approximately
1 second.
This issue has been resolved. The time loss on reboot has been reduced.
CR00009087
Core, Utility 4 The following issues occurred with the commands show debug active and
disable debug active:
■ The command did not adequately warn users if an invalid module number had
been entered into the active parameter.
This issue has been resolved. The router or switch now displays an error unless
the value is between 1 and 142.
■ The CLI “?” help description for the active parameter listed an incorrect
number range and also listed modules that cannot be manipulated through
this command.
This issue has been resolved. The “?” help description is now correct.
CR00011695
QoS 4 The “?” help description for switch commands that accept a value in bytes (or
similar units such as kbytes or bytes/s) incorrectly indicated that the units were
bps. The commands this issue applied to depend on the switch model, but
include commands such as:
create qos trafficclass=value maxburst=?
create qos policy=value dtcmaxburst=?
set qos red=value start1=?
set swi port=value bcl=?
set swi dlfl=?
This issue has been resolved. The “?” help description now displays the correct
units.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYY–YYYY
YYYYYYYYYY
–––YYYYYYY
Version 291-10
C613-10488-00 REV G
Page 77
Features in 291-04 77
CR Module Level Description
CR00012602
MSTP 4 If the command set mstp cist port=value was entered with no other
parameters, the resulting error message (“One or more parameters may be
missing”) was displayed as an INFO message.
This issue has been resolved. The message now displays as an ERROR message.
CR00013045
SNMP, Core,
TTY
4 The MIB object hrSystemNumUsers displayed the number of login users since the
router or switch started up, instead of the number of currently-active login users.
This issue has been resolved.
CR00013112
IP Gateway 4 The blackhole parameter of the commands add and set ip route had no “?”
help description.
This issue has been resolved.
CR00013188
LACP 4 Previously, when an attempt to add a port to LACP was unsuccessful, the switch
displayed an appropriate warning message followed incorrectly by an “operation
successful” message.
This issue has been resolved. The switch no longer displays “operation
successful” when port addition fails.
CR00013221
IP Gateway 4 The output of the command show ip route did not contain any spaces between
the route tag value and the metric value when the tag value was long.
This issue has been resolved by adding the missing spaces. The content and
relative position of the values have not changed.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
–––YYYYYY–
YYYYYYYYYY
–––––––YY–
–––YYYYYY–
YYYYYYYYYY
CR00013260
Version 291-10
C613-10488-00 REV G
TAC PLUS 4 If a user added a TACACS+ server when TACACS+ was not enabled, previously
the router or switch displayed a single “info” message that indicated that the
module was not enabled, but did not display a message confirming the server
addition. However, the router or switch did add the server.
This issue has been resolved. TACACS+ is now consistent with other modules—
the router or switch displays the following “warning” and “info” messages:
Warning (2111049): The TACP module is not enabled.
Info (1111003): Operation successful.
YYYYYYYYYY
Page 78
Features in 291-04 78
CR Module Level Description
CR00013463
Ping 4 Previously, if you used the ? or Tab keys to obtain help about the timeout
parameter for the ping command, the resulting help said that the maximum
timeout was 65535. However, the correct maximum is 60 seconds.
This issue has been resolved. The “?” help now displays the correct range of
values.
CR00013589
Install 4 When a router or switch was using a trial licence for release software and the trial
period elapsed, the router or switch rebooted without indicating the reason for
the reboot.
This issue has been resolved. The following error messages now explain why the
router or switch is rebooting:
ERROR: There are no valid licences available for the current software release.
The device will now reboot.
ERROR: The trial licence for the current software release has expired.
The device will now reboot.
CR00013640
NTP 4 Output of the command show ntp displays a “Host Address” field. This is the
address of the interface from which the router or switch sends NTP packets.
Previously, if the IP address changed, the “Host Address” field did not change,
even though NTP used the new address.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYY
YYYYYYYYYY
YYYYYYYYYY
CR00014106
Version 291-10
C613-10488-00 REV G
Core 4 If the router or switch runs a configuration file on start-up that contains the
command set summertime before the command enable summertime, a log
message on start-up says that summertime needs to be enabled. However,
summertime is correctly applied to the router or switch.
Previously, if you configured summertime then saved the configuration by using
the command create config, set summertime came before enable
summertime in the resulting configuration file.
This issue has been resolved. When you save the configuration, enable
summertime now comes before set summertime in the resulting configuration
file, so the log message is not produced.
YYYYYYYYYY
Page 79
Features in 291-04 79
CR Module Level Description
CR00014151
VLAN 4 The following error message:
“Error (3089399): Operation not allowed on a .NESTED port.”
contained an extraneous “.” before the word “NESTED”.
This issue has been resolved. The “.” has been removed.
CR00014170
Core 4 The show exception command did not display the correct exception type for
watchdog exceptions on AR750S, AR750S-DP, or AR770S routers.
This issue has been resolved. The correct exception type is now displayed.
CR00014250
LLDP 4 In output of the command show lldp localdata, the field lldpLocSysDesc gives
information about the router or switch model and software version. Previously,
this information was sometimes split incorrectly across 3 rows.
This issue has been resolved. The information now displays correctly.
CR00014318
DDNS 4 If a user made a configuration change to DDNS (dynamic DNS) when DDNS was
not enabled, previously the router displayed a message that indicated that the
module was not enabled, but did not display a message confirming the change.
However, the router did make the change.
This issue has been resolved. DDNS is now consistent with other modules—the
router displays the following “warning” and “info” messages:
Warning (2142049): The DDNS module is not enabled.
Info (1142003): Operation successful.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
–––––––YY–
––Y–––––––
YYYYYYYYYY
Y–Y–––––––
CR00014367
CR00014712
Version 291-10
C613-10488-00 REV G
GUI 4 The GUI included pages for configuring MAC-based port authentication.
However, this feature is not available on AT-9800 Series switches.
This issue has been resolved. The GUI pages have been removed.
Firewall 4 If the router or switch renumbered a firewall rule, it displays a message.
Previously, this message had a status of “info” instead of “warning”.
This issue has been resolved.
–––––––––Y
YYYYY––––Y
Page 80
Features in 291-04 80
CR Module Level Description
CR00014750
DHCP 4 Previously, when a user entered the command delete dhcp range=range
ip=ipadd, the router or switch would display an “Operation successful”
message, even when the client entry in question was unused.
This issue has been resolved. For unused clients, this command now results in the
following new message:
“Nothing to delete, client is unused.”
CR00014778
VLAN, Bridging 4 It was possible to specify a value of 0 for the ageingtimer parameter in the
command add and set vlan=vlan bridge, even though this value was
meaningless.
This issue has been resolved. The lowest valid value for ageingtimer is 1.
CR00015080
ATM 4 When an SHDSL or ADSL interface re-trained after having been in a “link up”
state, spurious error messages could appear on the console.
This issue has been resolved. The messages were not genuine error messages and
no longer appear.
CR00015130
Switch 4 The following commands have been deprecated in software versions 2.9.1 and
later, and therefore (correctly) have no effect on the switch:
set switch port=number thrashlimit=value
set switch port=number thrashrefill=value
Previously, if a user entered these commands, the switch incorrectly displayed an
“Operation successful” message.
This issue has been resolved. The switch now displays a warning message
indicating that the commands are deprecated.
For information about the commands that replace these commands, see the
“Limiting Rapid MAC Movement” section of the Switching chapter of the
Software Reference.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYY
Y–YY––––––
Y–––––––––
–––––––YY–
Version 291-10
C613-10488-00 REV G
Page 81
Enhancements
Features in 291-04 81
CR Module Level Description
CR00003036
CR00012881
CR00013129
CR00013449
CR00013610
Core - It is now possible to hotswap NSMs on NEBS-compliant Rapier i switches.
To hotswap the NSM, press the Hot Swap button beside the NSM, check that the
Swap LED turns on and the In Use LED turns off, then remove the NSM. Place the
new NSM in the bay, then press the Hot Swap button again to make the NSM
available for use.
IP Gateway - The IP implementation has been enhanced to accept IP interfaces with a /31
netmask. This results in a slightly non-standard subnet that has no network
address or broadcast address. This has become a popular extension to IP, because
it reduces wastage of IP addresses on point-to-point links.
Many - This enhancement extended the “?” help for VRRP, OSPF, SNMP, IP routes, user
database, VLANs, logging, and file management. The “?” help for these (and
several other) modules now gives information about all command parameters.
Firewall - The firewall now supports FTP sessions that use the security extensions defined in
RFC 2228. Previously, the firewall dropped sessions that used those security
extensions.
This enhancement makes more-secure FTP available between private-side clients
and public-side servers, and between public-side clients and private-side servers.
Te ln e t
TTY
- This enhancement enables you to select whether the system name appears at the
login prompt for telnet client sessions. By default, the system name appears. To
prevent it from appearing, use the command:
SET TELnet LOGINSYStemname=OFF
Note that the login prompt appears before you log into the router or switch.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
–––Y––––––
YYYYYYYYYY
YYYYYYYYYY
YYYYY––––Y
YYYYYYYYYY
Version 291-10
C613-10488-00 REV G
Page 82
Features in 291-04 82
CR Module Level Description
CR00013992
Core - AR770S routers have a CPU fan that the software now monitors in the same
manner as the main fan. The state of the CPU fan is displayed along with that of
the main (chassis) fan in the output of the show system command.
If a problem develops with the CPU fan, the router notifies you in the following
ways:
■ The system LED flashes in a single flash pattern
■ An SNMP trap is issued on the fanAndPSMainFanStatus atRouter private MIB
object
■ A log message is generated that says “CPU fan status is not good”.
CR00014067
File - The commands create file, add file, reset file permanentredirect, and show
file permanentredirect were not supported on AR725 and AR745 routers.
These commands enable you to save the output of other router commands in
text files on the router.
For more information about these commands, see the “Managing the File
System” chapter of the Software Reference.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
––Y–––––––
–Y––––––––
Version 291-10
C613-10488-00 REV G
Page 83
Features in 291-04 83
CR Module Level Description
CR00014172
BOOTP - This enhancement enables you to associate a BOOTP relay destination with a
given interface. To do this, use the new optional interface parameter in the
command:
ADD BOOTp RELAy=ipadd INTerface=interface
BOOTP packets received on this interface are relayed to the specified relay
destination only. You can define the same interface for multiple relay
destinations; the router or switch relays any BOOTP packets received to each relay
destination.
If you do not specify an interface, the destination becomes a “generic”
destination. If the router or switch receives a BOOTP message on an interface for
which no specific destination is defined, the router or switch relays the message
to all generic destinations. This is the same as the behaviour prior to this
enhancement.
To remove a destination that is associated with an interface, use the command:
DELete BOOTp RELAy=ipadd INTerface=interface
To see the interfaces that each destination is associated with, use the pre-existing
command:
SHow BOOTp RELAy
CR00014238
DHCP
Snooping
- DHCP snooping records its client database into a file in NVS (if possible) or Flash
memory. In previous versions, that file was named bindings.dsn. From this
version, the file structure has changed and the file is now named bind0002.dsn.
When you upgrade a switch to this version, the switch creates the new client
database file 10 seconds after initialising the new version. After that, you can
safely delete the old bindings.dns file, if desired.
Note that the functionality of DHCP snooping has not changed, only the
filename.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYY
–––YYYYYY–
Version 291-10
C613-10488-00 REV G
Page 84
Features in 291-04 84
CR Module Level Description
CR00014241
BGP
IP Gateway
- This enhancement enables you to force BGP to select the best route on the basis
of network prefix alone, instead of on the basis of preference, then metric, then
network prefix.
To do this:
1. Give the desired dynamic routing protocol a preference of 0, which is the
preference of interface routes, by using the command:
SET IP ROUte PREFerence=0 PROTocol={BGP-ext|BGP-int|OSPF-EXT1|
OSPF-EXT2|OSPF-INTEr|OSPF-INTRa|OSPF-Other|RIP|ALL}
2. Create a route map to give matching routes the same metric as your interface
routes. To change the metric, use the command:
ADD IP ROUTEMap=routemap ENTry=1..4294967295 SET METric=1
3. Add the route map as a filter to the BGP peers by using the command:
ADD BGP PEer=ipadd REMoteas=1..65534 INRoutemap=routemap [other
optional parameters]
The above process gives matching routes the same preference and metric as
interface routes. This forces IP routing to compare the network prefixes of the
interface route and the other routes. IP routing then chooses the most specific
route as the best route for that destination, instead of automatically choosing the
interface route as the best route without considering any other routes which may
have more specific network prefixes.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYY––YYY
Version 291-10
C613-10488-00 REV G
Page 85
Features in 291-04 85
CR Module Level Description
CR00014300
DHCP
Snooping,
MACFF
- The following enhancements have been made to DHCP snooping, to support
MAC-forced forwarding:
■ MAC-forced forwarding checks the DHCP snooping database to find out
which router has been assigned to each DHCP client. DHCP snooping
determines this from the router list in DHCP acknowledgement messages.
However, some clients do not request a router. DHCP snooping now modifies
request messages from such clients, to ensure that they request a router. This
enables MAC-forced forwarding to interoperate with such clients.
■ Output from the command show dhcpsnooping database now displays the
list of routers that are assigned to each client, as shown in bold in the
following example:
Current valid entries
MAC Address IP Address Expires(s) VLAN Port ID Source
Router list
--------------------------------------------------------------------00-00-cd-28-06-7b 192.168.99.1 52 1 13 2 Dynamic
192.168.199.254
CR00014354
Ethernet
Switch
- This enhancement enables you to use 100 Mbps fiber SFPs with AR770S routers.
Support has been added for AT-SFPX/15 and AT-SFPX/40 SFPs.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
–––YYYYYY–
––Y–––––––
Version 291-10
C613-10488-00 REV G
Page 86
Features in 291-04 86
CR Module Level Description
CR00014715
DNS - A new log message has been added to provide more information about rejected
DNS requests. The message has a log type of 052 / IPDNS and subtype 002 /
UNRES, and reads:
DNS request for <domain-name> rejected by server. Code <number>,
<explanation>.
The following codes and explanations exist:
0: No Error—no error occurred
1: Format Error—there was a problem with the message construction
2: Server Failure—there was a problem with the server itself
3: Name Error—the name does not exist in the domain
4: Query Not Implemented—the received query was not supported
5: Refused—Refused for policy, rather than technical, reasons
6: YX Domain—the name exists when it should not
7: YX RR Set— a resource record exists that should not exist
8: NX RR Set— a resource record that should exist does not exist
9: Not Authoritative—the receiving server is not authoritative
10: Not Within Zone—the specified name is not within the zone specified in the
message
CR00014728
DDNS - When you activate a Dynamic DNS (DDNS) update (by entering the command
activate ddns update), the router now warns you of possible negative
consequences and prompts you for whether or not to continue.
Also, if you attempt to activate a DDNS update when DDNS is disabled, the router
displays a warning message that indicates that DDNS is disabled.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYYYYYYY
Y–Y–––––––
Version 291-10
C613-10488-00 REV G
Page 87
Features in 291-04 87
CR Module Level Description
CR00014845
IP Gateway
OSPF
- When OSPF is running over an on-demand PPP link and the link goes down, IP
notifies OSPF that the link is down and OSPF stops sending Hello packets over the
link. In a network in which routes over the PPP link are all dynamically learnt
through OSPF, the PPP link will not come back up because without OSPF there
are no routes to direct traffic at that link.
This enhancement enables you to stop IP from notifying OSPF that the PPP link is
down. OSPF keeps sending Hello messages, which bring the link back up again.
To enable this feature, set the new optional notifyospfdown parameter to no
in one of the commands:
ADD IP INTerface=int NOTIfyospfdown={NO|YES} [other parameters]
SET IP INTerface=int NOTIfyospfdown={NO|YES} [other parameters]
The default value for this parameter is yes, which means that IP notifies OSPF
when the interface goes down and OSPF sets the interface state to Down. OSPF
does not send Hello messages to the interface, and OSPF is inactive on the
interface until it receives an Up notification. This is the behaviour prior to this
enhancement. Also note the following points:
■ the parameter applies to the entire IP interface, not an individual logical
interface. Setting it on one logical interface sets it on all other logical
interfaces associated with the same IP interface.
■ the parameter only applies to on-demand PPP links. IP always sends
notifications for other interfaces, even if this parameter is set to no.
To see the parameter setting, use the existing command show ip interface.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
AT-9800
YYYYY––YYY
CR00015269
CR00015628
Version 291-10
C613-10488-00 REV G
Switch, EPSR - EPSR uses a classifier-based hardware filter to select packets in the control VLAN.
The hardware filter now only uses 2 of the available 16 bytes to match packets.
This increases the number of other classifier-based features you can use when
running EPSR.
Switch - The switch now fully recognises the latest revision of the AT-SPTX SPF, so all of
the features of the SFP can be utilised.
–––––––YY–
––––––––Y–
Page 88
Features in 291-03 88
Features in 291-03
Software Maintenance Version 291-03 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■ “Y” in a white column indicates that the resolution is available in Version 291-03 for that product series.
■ “-” in a white column indicates that the issue did not apply to that product series.
■ a grey-shaded column indicates that Version 291-03 has not been released on that product series.
“-” in a grey column indicates that the issue did not apply to that product series.
“Y” in a grey column indicates that the issue applied to that product series. These issues are resolved in the next Version (291-04).
Level 1
No level 1 issues
Level 2
CR Module Level Description
CR00014960
CR00015102
CR00015585
Version 291-10
C613-10488-00 REV G
Switch
RIPng
IPv6 2 If a large number of IPv6 multicast routes were added (more than1000) on a
ATM 2 AR442S routers sometimes rebooted while using the Test Facility to test the
2 Creating a large number of IPv6 RIPng interfaces (more than 250) sometimes
caused the switch to reboot.
This issue has been resolved.
switch with an IPv6 accelerator card, the switch could reboot.
This issue has been resolved.
SHDSL interface.
This issue has been resolved.
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT- 9900
– – –––– –YY–
– – –––– –YY–
Y – –––– ––––
AT-9800
Page 89
Features in 291-03 89
CR Module Level Description
CR00015678
IPv6 2 When a switch was heavily loaded with IPv6 traffic, it could reboot because a
large quantity of traffic was queued while waiting for a neighbour's MAC
address to resolve.
This issue has been resolved by limiting the number of packets that can be
queued while waiting for a neighbour's MAC address to resolve.
Level 3
CR Module Level Description
CR00013270
QoS 3 By default, queue lengths were set to the maximum possible values for each port
type. This could make low-priority queues inappropriately starve higher-priority
queues of buffer resource.
This issue has been resolved. The default queue length has been reduced to 128
frames for all port types. If required, you can change them by using the existing
command:
SET QOS POrt={port-list|ALL} EGRessqueue[=queue-list] [Length=16..3648]
[other optional parameters]
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
Y Y YYY– –YYY
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
– – –––– –YY–
AT-9800
AT-9800
CR00014306
Version 291-10
C613-10488-00 REV G
LLDP
Switch
3 The switch included a permanent L3 filter to stop CDP (Cisco Discovery Protocol)
packets from being forwarded. This made one less L3 filter match available to
users.
This issue has been resolved. CDP still requires an L3 filter, but the filter is
automatically created when CDP is enabled and destroyed when CDP is disabled.
– – –YYY Y– – –
Page 90
Features in 291-03 90
CR Module Level Description
CR00014959
CR00015510
CR00015798
CR00016058
QoS 3 Destroying a traffic class or flow group also destroyed all classifiers that were
associated with that traffic class or flow group.
This issue has been resolved. User-created classifiers are no longer destroyed.
Automatically-created classifiers are still destroyed, such as classifiers for DHCP
snooping.
Switch 3 When the switch performed layer 3 routing across a trunk, it did not balance
traffic across all ports in the trunk group.
This issue has been resolved.
Switch 3 If the switch received a packet on a port and therefore started using MAC-based
authentication to authenticate the port, and then received another packet during
the authentication process, then occasionally the switch dropped the second
packet.
This issue has been resolved.
Level 4
No level 4 issues
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
– – –YYY YYY–
– – –YYY Y– – –
Y Y YYYY YYY–
AT-9800
Version 291-10
C613-10488-00 REV G
Page 91
Enhancements
Features in 291-02 91
CR Module Level Description
CR00014222
IGMP
snooping,
Switch,
VLAN
- IGMP snooping learns which ports have routers attached to them, so it can
forward relevant IGMP messages out those ports. By default, snooping identifies
router ports by looking for ports that receive specific multicast packets (such as
IGMP queries, PIM messages, OSPF messages, and RIP messages).
In some network configurations, this learning process cannot identify all router
ports. For such networks, this enhancement enables you to statically configure
particular ports as multicast router ports.
To specify the static router ports, use the new command:
add igmpsnooping vlan={vlan-name|1..4094} routerport=port-list
To stop ports from being static router ports, use the new command:
delete igmpsnooping vlan={vlan-name|1..4094} routerport=port-list
To list the static router ports, use the existing command:
show igmpsnooping
and check the new “Static Router Ports” field.
Features in 291-02
AR400
AR7x5
AR7x0S
Rapier i
AT-8800
AT-8600
AT-8700XL
x900-48
AT-9900
Y – YYYY YYYY
AT-9800
Version 291-02 was not released.
Features in 291-01
Version 291-01 was not released.
Version 291-10
C613-10488-00 REV G
Page 92
Support for the new x900-48FS switch—CR00016662 92
Support for the new x900-48FS switch—CR00016662
The x900-48FS is a new model in the x900 Series of layer 3 gigabit and fast Ethernet switches. Its key features are:
■ Multi-layer Fast Ethernet switch
■ 48-port 100BASE-X SFP sockets, 100 Mbps, full or half duplex
■ 4-port 1000BASE-X SFP uplink sockets, 1000 Mbps, full duplex
■ Support for hot-swappable SFP modules
■ Hot-swappable, load sharing PSUs
■ 1U height, rack-mountable
■ Non-blocking Layer 2 and Layer 3 IP switching
■ IPv6-ready hardware for accelerated unicast and multicast routing
■ 4096 Layer 2 multicast entries
■ 1024 Layer 3 IPv4 multicast entries
■ 4096 logical IPv6 interfaces
■ 32MBytes of fixed flash
■ 256MBytes of Synchronous DRAM, expandable to 512 MBytes with DIMM
■ CompactFlash slot for hot-swappable expansion of flash memory up to 128MBytes
x900-48FS front panel
ASYN0/CONS
For more information about the x900 Series and expansion options, see the Hardware Reference. The Hardware Reference is available from
www.alliedtelesis.co.nz/documentation/manuals.html.
Version 291-10
C613-10488-00 REV G
Page 93
IGMP snooping fast leave in multiple host mode—CR00017482 93
IGMP snooping fast leave in multiple host mode—CR00017482
The IGMP snooping fast leave option has been enhanced, to make it available when multiple clients are attached to a single port on the snooping switch. Fast
leave now has two modes available:
■ multiple host mode—the new feature. In multiple host mode, the snooper tracks which clients are joined to a given IP multicast group on a given port. As
soon as the last client leaves a group on a port, the snooper shuts off the multicast to that port.
■ single host mode—the existing functionality. In single host mode, as soon as the snooper receives a leave message for a group on a port, it shuts off the
multicast. This mode assumes that there are no other clients on the port that are still interested in receiving the multicast, so is suitable only when clients are
directly attached to the snooper.
To specify the new multiple mode, use the command:
set igmpsnooping vlan={vlan-name|1..4094|all} fastleave=multiple
To specify single mode, use either of the commands:
set igmpsnooping vlan={vlan-name|1..4094|all} fastleave=single
set igmpsnooping vlan={vlan-name|1..4094|all} fastleave=on
The command show igmpsnooping vlan has also been enhanced. The new command syntax is:
show igmpsnooping vlan={vlan-name|1..4094|all} [group={multicast-ip-address|allgroups}] [detail]
The group parameter lets you display information for only one group or for only the All Groups port (the allgroups option).
Version 291-10
C613-10488-00 REV G
Page 94
IGMP snooping fast leave in multiple host mode—CR00017482 94
The detail parameter displays more detailed information, including expiry times for each port, and in the case of multiple host fast leave mode, the list of hosts
on a port. The following example shows this.
IGMP Snooping
--------------------------------------------------------------------------
Status ........................... Enabled
Disabled All-groups ports ........ None
Vlan Name (vlan id) ..... default (1)
Fast Leave .............. Multiple Host Topology
Query Solicitation ...... Off
Static Router Ports ..... None
Group List .............. 2 groups
Group 224.0.1.22 Timeout in 256 secs
Port 24 Timeout in 257 secs
Hosts: 1
00-00-cd-27-be-f5 (172.20.176.200) Timeout in 257 secs
Group 239.255.255.250 Timeout in 258 secs
Port 24 Timeout in 259 secs
Hosts: 1
00-00-cd-27-be-f5 (172.20.176.200) Timeout in 259 secs
Version 291-10
C613-10488-00 REV G
Page 95
Support for the new Rapier 48w switch 95
CLASS 1
LASER PRODUCT
DO NOT STARE
INTO BEAM
FAN 2FAN 1
STATUS
FAULT
POWER
SWAP
IN
USE
HOT
SWAP
NSM
RESET
NSM
123456789101112131415
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 313233 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
50
Rapier 48w L3
Fast Ethernet
Switch
PORTS 49-50
INSTALLED
FAULT
ACT
SFP
1000M LINK
L/A
D/C
L/A
FULL DUP HALF DUP COLACTLINK 100M ACT
LINK 10M
PORTS 1-48
ASYN1
ASYN0
WARNING
This unit might have more
than one power input. To
reduce the risk of electric
shock, disconnect all power
inputs before servicing unit.
FOR CENTRALIZED DC
POWER CONNECTION,
INSTALL ONLY IN A
RESTRICTED AREA.
40-60VDC
4.5A MAX
DUAL INPUTS
Support for the new Rapier 48w switch
The Rapier 48w is a new model in the Rapier Series of layer 3 gigabit and fast Ethernet switches. Its key features are:
■ 48-port 10BASE-T/100BASE-TX (RJ-45 connectors)
■ Two 1000BASE SFP ports
■ Two asynchronous serial console ports with DB9 connectors
■ One Network Service Module bay, with support for various WAN interface cards
■ Auto-negotiating Layer 3 Managed Switch
■ Enhanced switching core
■ Replaceable air filters and fan-only modules (FOMs) for NEBS applications
Rapier 48w front panel
Rapier 48w rear panel
For more information about the Rapier Series and expansion options, see the Hardware Reference. The Hardware Reference is available from
www.alliedtelesis.co.nz/documentation/manuals.html.
Version 291-10
C613-10488-00 REV G
Page 96
Backing up the configuration with SNMP—CR00016221 96
Backing up the configuration with SNMP—CR00016221
With this enhancement, you can use SNMP to:
■ set parameters for uploading files from the router or switch, and
■ upload files to a TFTP server
SNMP already lets you save the current configuration to a file on the router or switch. You can use this with the new options to back up the configuration to a
TFTP server. To do this, perform the following steps.
1. Save the configuration
To save the current configuration, use SNMP SET createConfigFile. The following screenshot shows this for a file called tst.cfg.
Version 291-10
C613-10488-00 REV G
Page 97
Backing up the configuration with SNMP—CR00016221 97
2. Set the load parameters
To specify the server IP address, use SNMP SET loadServer. To set the filename, use SNMP SET loadFilename. The following screenshot shows setting the
filename to tst.cfg.
Version 291-10
C613-10488-00 REV G
Page 98
Backing up the configuration with SNMP—CR00016221 98
3. Upload the file
To upload the file, use SNMP SET loadStatus and set it to a value of 8. The following screenshot shows this.
Version 291-10
C613-10488-00 REV G
Page 99
SNMP ASN.01 BER Padding—CR00016523 99
SNMP ASN.01 BER Padding—CR00016523
This enhancement enables you to specify whether SNMP adds 0x00 padding when the most significant 9 bits of an object’s value are all 1, or whether the
encoding follows the ASN.01 BER rule, which cuts off the most significant byte of 0xff. This setting has an impact on all integer type MIB objects, including 32
bit and 64 bit counter objects.
To add the padding, use the command:
set snmp asnberpadding={on|yes|true}
To use the ASN.01 BER rule, which is the default, use the command:
set snmp asnberpadding={off|no|false}
The following table lists examples.
Bits Value (decimal) Value (hex) asnberpadding setting Encoding
counter32 4289592837 0xFFADFE05 on 41 05 00 ff ad fe 05
off 41 03 ad fe 05
counter64 18410715280977201498 0xFF800000ff80895A on 46 09 00 ff 80 00 00 ff 80 89 5a
off 46 07 80 00 00 ff 80 89 5a
To see whether or not padding is added, use the command:
show snmp
and check the new “ASN.01 BER Padding” field.
Version 291-10
C613-10488-00 REV G
Loading...