Patch 86222-22
For Rapier Switches and AR800 Series
Modular Switching Routers
Introduction
This patch release note lists the issues addressed and enhancements made in
patch 86222-22 for Software Release 2.2.2 on existing models of Rapier L3
managed switches and AR800 Series L3 modular switching routers. Patch file
details are listed in Table 1.
Table 1: Patch file details for Patch 86222-22.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
This release note should be read in conjunction with the following documents:
■Release Note: Software Release 2.2.2 for Rapier Switches, AR300 and
AR700 Series Routers, and AR800 Series Modular Switching Routers
(Document Number C613-10313-00 Rev A) available from
■Rapier Switch Documentation Set for Software Release 2.2.1 available on
the Documentation and Tools CD-ROM packaged with your switch, or
from www.alliedtelesyn.co.nz/documentation/documentation.html
■AR800 Series Modular Switching Router Documentation Set for Software
Release 2.2.1 available on the Documentation and Tools CD-ROM
packaged with your switching router, or from www.alliedtelesyn.co.nz/
documentation/documentation.html.
WARNING: Using a patch for a different model or software release may cause
unpredictable results, including disruption to the network. Information in this
release note is subject to change without notice and does not represent a
commitment on the part of Allied Telesyn International. While every effort has
been made to ensure that the information contained within this document and
the features and changes described are accurate, Allied Telesyn International
can not accept any type of liability for errors in, or omissions arising from the
use of this information.
86s-222.rez
12-Dec-2002
86222-22.paz
957598 bytes
.
.
Simply connecting the world
2Patch Release Note
Features in 86222-22
PCR 02136 Module: FIREWALLNetwork affecting: No
The firewall was blocking outbound ICMP packets when the associated
private interface had a ‘deny all’ rule. The passing of ICMP packets should
be controlled by the ICMP_FORWARDING and PING parameters. This
issue has been resolved.
PCR 02184Module: FFS FILE TTYNetwork affecting: No
This patch supersedes PCRs 02073, 02081, 02086 and 02105. In addition to
enhancements in the preceding PCRs, this PCR now also resolves the
following issues:
•If a compaction was started within 60ms of a file write commencing, the
file being written was placed in the wrong location in the file system.
This led to file corruption during subsequent compactions.
•If a file load occurred during compaction, an incomplete copy of the file
was loaded. The load also put the file into the wrong part of the file
system once the compaction had moved beyond the part of the file that
had been loaded.
•A fatal error occurred during compaction if a file was marked as deleted
when it was being transferred.
•Sometimes during compaction when the file system was erasing blocks
belonging to deleted files, one of the files was transferred rather than
deleted. However, its directory entry was deleted, so the file was not
visible with a SHOW FILE command but was visible with a SHOW
FFILE command.
•During compaction if the amount of free space was less than two erase
blocks (including the "spare" erase block), the file system erroneously
reported that a large amount of space was available for a new file due
to an underflow problem. When a new file was written it would corrupt
existing data.
•If the file system was completely full and the deletion of a single file led
to a compaction, the file system reported that it was continually
compacting. This was because it was repeatedly searching through a
linked list of file headers.
•A byte of data from FLASH was incorrectly returning the value 0xFF.
•When a file was renamed using upper case letters, the renamed file did
not appear in the file directory but did appear in FLASH. Also, if a
SHOW FFILE CHECK command was executed after renaming the file,
the file system would appear to hang. All file names must now be lower
case.
•Multiple TTY sessions could edit the same file. This caused
unpredictable behaviour when the TTY sessions closed the files.
A new command, SHOW FFILE VERIFY, has been added. This command
steps through the file system headers starting with file zero and finishing at
the end of the last reachable file. It then verifies that all FLASH locations
from the end of the last reachable file to the beginning of file zero are in an
erased state. Errors are reported as they are found.
Patch 86222-22 for Software Release 2.2.2
C613-10319-00 REV U
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers3
PCR 02192Module: IPNetwork affecting: No
The source IP address in DVMRP prune and graft messages was incorrect.
This issue has been resolved.
PCR: 02241Module: FIREWALLNetwork affecting: No
Firewall subnet NAT rules were not working correctly from the private to
the public side of the firewall. Traffic from the public to private side
(destined for subnet NAT) was discarded. These issues have been resolved.
ICMP traffic no longer causes a RADIUS lookup for access authentication,
but is now checked by ICMP handlers for attacks and eligibility. If the ICMP
traffic matches a NAT rule, NAT will occur on inbound and outbound
traffic. HTTP 1.0 requests sometimes caused the firewall HTTP proxy to
close prematurely. Cached TCP sessions were sometimes not hit correctly.
These issues have been resolved.
PCR: 02359Module: IPGNetwork affecting: No
When an IP Multihomed interface was used as an OSPF interface,
neighbour relationships were only established if the IP interface for OSPF
was added first in the configuration. Now, OSPF establishes neighbour
relationships regardless of the IP Multihomed interface configuration order.
PCR: 02395Module: VRRP, TRGNetwork affecting: No
The SHOW VRRP command now shows the number of trigger activations
for the Upmaster and Downmaster triggers.
PCR: 02396Module: DHCPNetwork affecting: No
DHCP RENEW request messages are now unicast (as defined in the RFC),
not broadcast.
PCR 02400Module: CORE, FFS, FILE,
Network affecting: No
INSTALL, SCR
If a problem occurred with NVS, some cri tical files were lost. As a result, the
equipment was forced to load only boot ROM software at boot time. This
patch combined with the new version of the boot ROM software (pr1-1.2.0
for the AR700 series) resolves this issue.
PCR 02408Module: SWINetwork affecting: No
The EPORT parameter in the SHOW SWITCH L3FILTER ENTRY command
was displaying incorrectly after an issue was resolved in PCR02374. The
command now displays correctly.
PCR: 02427Module: DHCPNetwork affecting: No
Patch 86222-22 for Software Release 2.2.2
C613-10319-00 REV U
DHCP entry reclaim checks are now delayed by 10 seconds if the entry is
unroutable because the interface is not up.
PCR: 02463Module: DVMRP, IPGNetwork affecting: No
Support for multi-homed interfaces has been added.
PCR 02465Module: TTYNetwork affecting: No
Under some circumstances a fatal error occurred if a large amount of data
was pasted onto the command line. This issue has been resolved.
4Patch Release Note
PCR: 02489Module: SWINetwork affecting: No
When the switch was under heavy learning load, some MAC address were
lost. This issue has been resolved.
PCR 02506Module: OSPF, IPGNetwork affecting: No
In the ADD IP ROUTE FILTER command, when the optional parameter
INTERFACE was included, the filter was not applied to the flooding of
OSPF external LSAs. Also, in the command SHOW IP ROUTE FILTER, the
output of the interface name was truncated when the name was more than
six characters long. These issues have been resolved.
PCR: 02509Module: DVMRPNetwork affecting: No
The source net mask has been removed from DVMRP prune, graft and
graft-ack messages.
PCR 02526Module: DVMRPNetwork affecting: No
Under some circumstances, multiple default routes were created for
DVMRP. This issue has been resolved.
PCR 02538Module: DVMRPNetwork affecting: No
The source mask is now always 0xffffffff in the DVMRP forwarding table.
The temporary route in the DVMRP route table was not displaying
correctly. This issue has been resolved.
An IGMP entry was erroneously added for the reserved IP address. This
issue has been resolved.
Features in 86222-21
Patch file details are listed in Table 2:
Table 2: Patch file details for Patch 86222-21.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
86s-222.rez
03-Oct-2002
86222-21.paz
408864 bytes
Patch 86222-21 includes all issues resolved and enhancements released in
previous patches for Software Release 2.2.2, and the following enhancements:
PCR: 02167Module: FIREWALLNetwork affecting: No
Locally generated ICMP messages, that were passed out through a firewall
interface because they were associated with another packet flow, had their
source address changed to that of the associated packet flow and were also
forwarded with incorrect IP checksums. This only occurred when there was
no NAT associated with the packet flow. This issue has been resolved.
Patch 86222-22 for Software Release 2.2.2
C613-10319-00 REV U
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers5
PCR: 02236Module: FIREWALLNetwork affecting: No
Sometimes the retransmission of an FTP packet was not permitted through
the Firewall. This issue has been resolved.
PCR: 02245Module: VRRPNetwork affecting: No
VRRP returned an incorrect MAC address for an ARP request. This issue
has been resolved.
PCR: 02327Module: IPG/FIREWALLNetwork affecting: No
In some situations, multihomed interfaces caused the Firewall to apply
NAT and rules incorrectly when packets were received from a subnet that
was not attached to the receiving interface. This issue has been resolved.
PCR: 02329Module: DHCPNetwork affecting: No
An ARP entry for a host has been removed whenever a DHCP DISCOVER
or DHCP REQUEST message is received from the host. This allows for
clients changing ports on a switch.
PCR: 02332Module: IPSECNetwork affecting: No
The sequence number extracted from the AH and ESP header was in the
wrong endian mode, which caused an FTP error with IPSEC anti-replay.
This issue has been resolved.
PCR: 02343Module: PPPNetwork affecting: No
When acting as a PPPoE Access Concentrator (AC), if a PPPoE client sent
discovery packets without the "host-unique" tag, the discovery packets sent
by the AC were corrupted. This issue has been resolved.
PCR: 02368Module: IPG/IGMPNetwork affecting: No
IGMP failed to create an automatic IGMP membership with no joining port
when it received multicast data that no ports were interested in, when IP
TimeToLive was set to 1 second. Also, IGMP erroneously sent a query on an
IGMP enabled IP interface even when IGMP was disabled. These issues
have been resolved.
PCR: 02374Module: SWINetwork affecting: No
In the ADD SWITCH L3FILTER command, the EPORT parameter
incorrectly accepted the value 62-63 as multicast and broadcast ports 63-64.
This issue has been resolved.
PCR: 02397Module: DVMRPNetwork affecting: No
Patch 86222-22 for Software Release 2.2.2
C613-10319-00 REV U
After a prune lifetime had expired, the interface was not joined back to the
DVMRP multicast delivery tree. This issue has been resolved.
PCR: 02404Module: IPGNetwork affecting: No
DVMRP multicast forwarding failed to send tagged packets to a tagged
port. Packets were erroneously sent untagged to tagged ports. This issue
has been resolved.
6Patch Release Note
Features in 86222-20
Patch file details for Patch 86222-20 are listed in Table 3:
Table 3: Patch file details for Patch 86222-20.
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
86s-222.rez
23-Aug-2002
86222-20.paz
397708 bytes
Patch 86222-20 includes all issues resolved and enhancements released in
previous patches for Software Release 2.2.2, and the following enhancements:
PCR: 01226Module: IGMPNetwork affecting: Yes
The IGMP specific query sent by the router/switch now contains the correct
default response time of 1 second. Also, ifOutOctets in the VLAN interface
MIB now increments correctly.
PCR: 01270Module: APPLENetwork affecting: No
If a port did not belong to an ethernet interface, or was not directly
connected to the seed port it could not receive advertised router numbers.
This issue has been resolved.
PCR: 01285Module: OSPFNetwork affecting: No
When an interface went down (or was disabled) on an AS border router, the
external routes were not removed from the routing domain. Such routes are
now removed by premature aging.
PCR: 02024Module: IPGNetwork affecting: No
Proxy Arp can now be used on VLAN interfaces.
PCR: 02122Module: FIREWALLNetwork affecting: No
A fatal error sometimes occurred if a TCP session originating on the public
side of the firewall sent packets before the session was established with the
host on the private side of the firewall. This issue has been resolved.
PCR: 02128Module: FIREWALLNetwork affecting: No
Some FTP packets handled by the firewall were forwarded with incorrect
sequence numbers, causing FTP sessions to fail. This issue has been
resolved.
PCR: 02150Module: CORE, SNMPNetwork affecting: No
When passing 64-bit counters in an SNMP packet, only the lower 32 bits
were passed. Now the full 64 bits of the counter will be returned if all are
required.
PCR: 02158Module: FIREWALLNetwork affecting: No
When a TCP RST/ACK was received by a firewall interface, the packet that
was passed to the other side of the firewall lost the ACK flag, and had an
incorrect ACK number. This issue has been resolved.
Patch 86222-22 for Software Release 2.2.2
C613-10319-00 REV U
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers7
PCR 02161Module: IPGNetwork affecting: No
The IP Filter SIZE parameter was not being applied correctly. This issue has
been resolved.
PCR 02162Module: IPGNetwork affecting: No
The SET IP FILTER command would not update the SIZE parameter
correctly. This issue has been resolved.
PCR 02172Module: IPGNetwork affecting: No
The TOS field in IP packets was not being processed by IP POLICY filters
with an identifier greater than 7. This issue has been resolved.
PCR: 02174Module: FIREWALLNetwork affecting: No
A feature has been added that makes pings pass from the source IP address
of the public interface to the IP address on the private interface in the
firewall.
PCR: 02195Module: SWINetwork affecting: No
If a port on a Rapier 48 or Rapier 48 i went down, some associated entries
were not promptly removed from the forwarding, Layer 3 and default IP
tables. This issue has been resolved.
PCR: 02198Module: DHCPNetwork affecting: Yes
This PCR includes the following enhancements:
•A new command, SET DHCP EXTENDID allows for multiple DHCP
clients, and handling of arbitrary client IDs on the server.
•Static DHCP entries now return to the correct state when timing out.
•DHCP entry hashes now have memory protection to prevent fatal
errors.
•DHCP client now retransmits XID correctly.
•Lost OFFER messages on the server are now handled correctly.
•The DHCP server now correctly handles DHCP clients being moved to
a different interface on the DHCP server after they’ve been allocated an
IP address.
PCR: 02203Module: IPGNetwork affecting: No
Responses to DNS requests received by a DNS relay agent, and forwarded
to the DNS server, were returned to the requester with a source IP address
of the DNS server rather than the DNS relay agent. This issue has been
resolved.
Patch 86222-22 for Software Release 2.2.2
C613-10319-00 REV U
PCR: 02208Module: LOGNetwork affecting: No
Log messages are no longer stored in NVS.
PCR: 02214Module: IPGNetwork affecting: No
A buffer leak occurred when a large number of flows (over 4000) were in use
and needed to be recycled. This issue has been resolved.
8Patch Release Note
PCR: 02215Module: FILENetwork affecting: No
When the only feature licence in the feature licence file was disabled, the
licence file stored on FLASH memory did not change. This was due to a
previous enhancement in PCR 02184 which prevented existing files being
deleted before a new version was stored. This issue has been resolved.
PCR: 02220Module: SWINetwork affecting: No
The EPORT parameter in the ADD SWITCH L3FILTER ENTRY and SET
SWITCH L3FILTER ENTRY commands was matching multicast and
broadcast packets with software filtering. This issue has been resolved.
PCR: 02224Module: SWINetwork affecting: No
Some switch chip register values have been changed to improve QoS
support on Rapier G6 and Rapier G6f switches.
PCR: 02229Module: IPGNetwork affecting: No
The PURGE IP command now resets the IP route cache counters to zero.
PCR: 02242Module: IPGNetwork affecting: No
On a Rapier 24, adding an IP interface over a FR interface caused an
ASSERT debug fatal error. This issue has been resolved.
PCR: 02246Module: VRRPNetwork affecting: No
The ARL entry for the virtual router MAC was incorrectly showing a
numerical value. The entry now shows the CPU’s port value.
PCR: 02250Module: FIREWALLNetwork affecting: No
Sometimes the Firewall erroneously used NAT. This issue has been
resolved.
PCR: 02259Module: DHCP, IPGNetwork affecting: No
A dual Ethernet router was incorrectly accepting an IP address from a
DHCP server when the offered address was on the same network as the
other Ethernet interface. An error is now recorded when DHCP offers an
address that is in the same subnet as another interface.
PCR: 02260Module: TTYNetwork affecting: No
When a ‘\n’(LF) character was received, the router/switch did not
recognise this as the termination of a command over Telnet. This issue has
been resolved.
PCR: 02262Module: DNSNetwork affecting: No
Responses to MX record requests were not handled correctly if the preferred
name in the MX record differed from the one that was requested. This issue
has been resolved.
Patch 86222-22 for Software Release 2.2.2
C613-10319-00 REV U
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers9
PCR: 02263Module: VRRPNetwork affecting: No
The virtual MAC address was used as the source MAC for all packets
forwarded on an interface associated with a Virtual Router (VR). This was
confusing when multiple VRs were defined over the same interface because
only one virtual MAC address was ever used. The other virtual MAC
addresses (for the other VR's) were only used if the source IP address
matched the VR’s IP address. To avoid this confusion, the system MAC
address is now always used unless the source IP address of the packet is the
same as the VR’s IP address.
PCR: 02264Module: PIM, DVMRP, SWINetwork affecting: No
PIM or DVMRP failed to see any data if IGMP snooping was on and
DVMRP or PIM was enabled after the data stream had reached the router/
switch. This issue has been resolved.
PCR: 02265Module: FIREWALLNetwork affecting: No
MAC address lists were not working with Firewall rules. This issue has
been resolved.
PCR: 02268Module: FIREWALLNetwork affecting: No
HTTP requests from a fixed IP address were erroneously reported as a host
scan attack in the Firewall deny queue. This issue has been resolved.
PCR: 02269Module: DUART, TMNetwork affecting: No
Under certain circumstances, the Asyn Loopback Test failed. This issue has
been resolved.
PCR: 02274Module: TPADNetwork affecting: No
ARL message interrupts have been re-enabled after a software table rebuild
to fix synchronisation of the software forwarding database with the
hardware table.
PCR: 02275Module: OSPFNetwork affecting: No
Some routes were not added into the OSPF route list, and therefore were not
added into the IP route table. This issue has been resolved.
PCR: 02276Module: FIREWALLNetwork affecting: No
The CREATE CONFIG command did not save the SOURCEPORT
parameter to the configuration file when the low value of the source port
range was set to zero. This issue has been resolved.
PCR: 02287Module: IPGNetwork affecting: No
Patch 86222-22 for Software Release 2.2.2
C613-10319-00 REV U
Existing IGMP groups were not deleted when IGMP was disabled globally
or on the associated interface. This gave the groups very high timeout
values. This issue has been resolved.
PCR: 02299Module: VRRPNetwork affecting: No
If a packet with a destination IP address equal to a VRRP IP address was
received when the router didn’t own the IP address, (because it didn’t have
an interface with that IP address) the router incorrectly tried to forward the
packet and send an ICMP “redirect” message to the source. Now, if such a
packet is received, it will be discarded and an ICMP “host unreachable”
message will be sent to the source.
Loading...
+ 21 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.