Allied Telesis Network Router AT WA1104G 10 User Manual

Software Maintenance Release Note

Maintenance Version 291-10

for AR415S, AR440S, AR441S, AR442S, AR450S, AR725, AR745, AR750S, AR750S-DP, and AR770S routers and

AT-8600, AT-8700XL, Rapier i, Rapier w, AT-8800, AT-8900, x900-48, AT-9900, and AT-9800 Series switches

This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 291-10 for Software Version 2.9.1. Version

details are listed in the following table:

Models

Series

Release File

Date

Size (bytes)

GUI file

AR415S, AR440S, AR441S, AR442S, AR450S

AR400

54291-10.rez

24 July 2007

4946220

415s_291-10_en_d.rsc

440s_291-10_en_d.rsc

441s_291-10_en_d.rsc

442s_291-10_en_d.rsc

450s_291-10_en_d.rsc

AR750S, AR750S-DP, AR770S

AR725, AR745

AR7x0S

AR7x5

55291-10.rez

52291-10.rez

24 July 2007

4074888

4114292

750s_291-10_en_d.rsc (AR750S and AR750S-DP)

_725_291-10_en_d.rsc

_745_291-10_en_d.rsc

AT-8624T/2M, AT-8624PoE, AT-8648T/2SP

AT-8600

sr291-10.rez

24 July 2007

2468216

8624t_291-10_en_d.rsc

8624poe_291-10_en_d.rsc

8648t_291-10_en_d.rsc

AT-8724XL, AT-8748XL

AT-8700XL

Rapier i

87291-10.rez

86291-10.rez

24 July 2007

2411128

4587048

8724_291-10_en_d.rsc

8748_291-10_en_d.rsc

Rapier 24i, Rapier 48i, Rapier 16fi

r24i_291-10_en_d.rsc

r16i_291-10_en_d.rsc

r48i_291-10_en_d.rsc

Rapier 48w

Rapier w

86291-10.rez

24 July 2007

4587048

Download from Www.Somanuals.com. All Manuals Search And Download.

Levels

Some of the issues addressed in this Maintenance Version include a level number. This number reflects the importance of the issue that has been resolved. The

levels are:

Level 1

Level 2

Level 3

Level 4

This issue will cause significant interruption to network services, and there is no work-around.

This issue will cause interruption to network service, however there is a work-around.

This issue will seldom appear, and will cause minor inconvenience.

This issue represents a cosmetic change and does not affect network operation.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-10

Software Maintenance Version 291-10 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:

■

“Y” indicates that the resolution is available in Version 291-10 for that product series.

“–” indicates that the issue did not apply to that product series.

Level 1

No level 1 issues

Level 2

Module

Level

Description

Switching,

DHCP

Snooping

Enabling DHCP snooping (correctly) adds a hardware filter to all untrusted

ports, to block all IP traffic coming from those ports. Previously, disabling

DHCP snooping did not delete these filters. This meant that the switch

dropped all IP traffic from the previously-untrusted ports until the switch

was restarted.

CR00016759

Also, attempting to manually delete the hardware filters did not actually

remove them.

These issues have been resolved. The switch now removes the filters if you

disable DHCP snooping or manually delete the filters.

IP Gateway

If the user did not specify the destination and dmask parameters when

entering the set ip filter command, the destination and dmask of the

filters were reset to any.

CR00018655

CR00018656

Also, it was not possible to delete an IP filter by using the delete ip filter

command, even when all required parameters were present.

These issues have been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-10

Module

Level

Description

Switching

The resolution to CR 444 meant that packets processed by the CPU are now

subjected to the same filtering as packets switched in hardware. However,

this filtering did not always return the expected results. Sometimes its IP

address matching was incorrect, and it did not correctly process filters with

an action of nodrop.

CR00018663

These issues have been resolved.

OSPF

On a router or switch with OSPF redistribution enabled, OSPF did not

redistribute the interface route when an interface came up (for example,

after a reboot).

CR00018691

This issue has been resolved.

QoS

QoS policies, traffic classes, and flow groups could not have an ID number

of 0 (zero).

CR00018693

CR00018778

This issue has been resolved.

IP NAT, Firewall

When using IP NAT, the router or switch would reboot when processing

TCP SYN packets.

This issue only occurred with IP NAT, which is configured by using the add

ip nat command. It did not occur with firewall NAT.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-10

Level 3

Module

Ping

Level

Description

Traceroute (the trace command) did not work. It returned the error “The

destination is either unspecified or invalid” even if the destination was

reachable.

CR00018514

This issue has been resolved.

Level 4

No level 4 issues

Enhancements

No enhancements

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-09

Software Maintenance Version 291-09 includes the enhancement in the following table, which is available for x900-48FE and x900-48FE-N switches.

Level 1-4

No level 1-4 issues

Enhancements

Module

Core

Level

Description

CPU fan monitoring is now disabled by default on x900-48FE and

x900-48FE-N switches. Monitoring the fan is unnecessary unless an

accelerator card is installed on the switch, so disabling monitoring reduces

the number of messages that the switch displays and logs.

CR00018530

To enable monitoring, use the command:

enable cpufanmonitoring

To disable it again, use the command:

disable cpufanmonitoring

When monitoring is enabled, the command show system displays the

CPU fan status in the entry labelled “Main fan”.

Note that this behaviour is already available on AT-8948 switches.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Software Maintenance Version 291-08 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:

■

“Y” indicates that the resolution is available in Version 291-08 for that product series.

“–” indicates that the issue did not apply to that product series.

Level 1

No level 1 issues

Level 2

Module

Level

Description

Switching,

IGMP,

IP Gateway

If a packet should have matched a hardware filter with a deny action and

have been discarded, but an IP routing entry had not yet been learnt for the

packet, then the packet was not discarded.

CR00000444

This issue has been resolved and the packet is now discarded.

Switching

Firewall

When a nodrop action was specified on a port as part of an L3 filter, it was

observed that the port was still dropping packets. This was observed after

the ARP entry for the destination IP expired from the switch’s L3 table.

CR00000484

CR00001231

This issue has been resolved.

The router or switch sometimes recorded more events in its deny event

queue than was specified by the detail parameter of the set firewall

policy attack command.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

Level

Description

Classifier

The following issues existed with classifiers:

CR00003495

■ classifiers matching protocol=ipv6 and ipprotocol=icmp could be

created more than once

■ classifiers matching protocol=ipv6 and ipprotocol=1 could be created

but were meaningless because 1 represents IPv4 ICMP

■ classifiers matching protocol=ip and ipprotocol=58 could be created

but were meaningless because 58 represents IPv6 ICMP.

These issues have been resolved.

Also, classifiers now default to protocol=ip (IPv4) if:

■ no value is specified for the protocol parameter, or

■ protocol=any and ipprotocol=icmp.

VLAN

BGP

Removing then re-adding ports to a Nested VLAN, with rapid STP enabled,

caused the port in the Alternate Discarding state to leak a small number of

packets.

CR00004018

CR00005472

CR00005812

This issue has been resolved.

When BGP was in the OpenSent state and it received an out-of-sequence

message (such as a KeepAlive message), BGP would return to the Idle state.

This issue has been resolved. BGP now sends a notification message to the

other BGP peer, as expected.

IP Gateway

When the router or switch received an IP packet whose length was greater

than the MTU on the outgoing link, and the packet contained an IP option

that was not designed to be fragmented (such as Timestamp), then the

resulting constituent fragments would have incorrect IP header lengths.

This could lead to data corruption.

On routers, this issue applied to all routed packets. On switches, it applied

to packets processed by the CPU, not to packets switched in hardware.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

RIPng

Level

Description

The following issues occurred with RIPng:

CR00007178

■ RIPng dropped requests from peers with non link-local addresses.

■ for a solicited response, if the routes did not exist on the device, RIPng

returned a metric of 0 for them instead of returning a metric of 16

■ RIPng performed split-horizon checking for solicited responses

■ RIPng used the link-local address to respond to all requests, even if the

request used a non link-local address and therefore the reply should

have also used a non link-local address

These issues have been resolved.

Install, MIB

Previously, the MIB objects configFile and createConfigFile would return the

current configuration file, and the MIB object currentConfigFile would

return 'no such object'.

CR00008847

This issue has been resolved. The objects configFile and createConfigFile

now return the boot configuration file. The object currentConfigFile now

returns the current configuration file.

Classifier

Firewall

The output of the show classifier=number command did not show the

protocol number.

CR00009473

CR00010654

This issue has been resolved.

When adding a firewall application rule, it was possible to specify FTP as the

application but not specify the command parameter. This meant that the

rule would allow all FTP commands through, even if action=deny had

been specified.

This issue has been resolved by making the command parameter

mandatory when the application is specified as FTP.

PPP

If the router or switch received an LCP packet with an unrecognised code,

it responded with a CodeReject packet of incorrect length that did not

respect the established MRU of the peer.

CR00010951

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

PPP

Level

Description

If the router or switch received an LCP packet with an unrecognised

protocol, it responded with a ProtocolReject packet of incorrect length that

did not respect the established MRU of the peer.

CR00010967

This issue has been resolved.

PPP

When the established Maximum Receive Unit (MRU) of the remote PPP peer

was greater than the established MRU of the local PPP peer, Echo Reply

packets did not respect the established MRU of the remote peer.

CR00010968

This issue has been resolved.

Core

VPN, GUI

OSPF

In most circumstances the stack dump for an AR7x5 router was invalid and

did not contain complete information about the cause of a reboot.

CR00011231

CR00012218

CR00012727

This issue has been resolved.

Enabling VPN (IPsec) on the GUI caused the GUI VPN page to stop

displaying information about some or all of the existing VPN policies.

This issue has been resolved.

Sometimes when a type 7 external LSA was translated to a type 5 external

LSA the forwarding address was set to 0.0.0.0 in the translated type 5 LSA.

This issue has been resolved, so that the forwarding address is always

copied from the type 7 LSA being translated.

OSPF

When the router or switch is acting as an area border router and one of the

areas is an NSSA (Not So Stubby Area), the router or switch will create a

default route for the NSSA and inject this into the NSSA. Previously, the

router or switch was also redistributing this route into other areas as a static

route when static route redistribution was turned on. This was not desirable

behaviour.

CR00012751

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

TTY

Level

Description

Unexpected characters could appear on the terminal emulator display

when the column size was set greater than 80 and the user edited a

command that spanned more than one line of the display.

CR00012871

This issue has been resolved.

DVMRP,

If a frame relay interface was configured as a DVMRP interface, then the

DLC value was not correctly generated in output of the command show

config dynam or in the configuration script generated by the command

create config.

CR00013597

Frame Relay

This issue has been resolved.

Core, SNMP

Previously, SNMP returned an incorrect product ID number for AR750S-DP

routers.

CR00013660

CR00013735

This issue has been resolved. The value of the sysObjectID object is now 80

for AR750S-DP routers.

LACP,

Switching

When moving ports from an LACP-controlled trunk to a manually-

configured trunk, ports were incorrectly set in an STP blocking state.

Therefore, traffic would not flow over the trunk.

This issue has been resolved.

Note: When you move ports from an LACP-controlled trunk to a manually-

configured trunk, you must delete the ports from LACP.

OSPF

If the obsolete command set ospf rip=both was entered, the router or

switch correctly automatically replaced it with the following two

commands in the dynamic configuration:

CR00013763

add ospf redistribute protcol=rip

set ospf rip=export

However, if the command create config was used to save the

configuration, after system start-up the configuration file did not contain

the command add ospf redistribute protocol=rip. This meant that OSPF

stopped redistributing RIP routes after a reboot.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

IPv6

Level

Description

If a user shortened the prefix length of an IPv6 interface address, then

lengthened it, it became impossible to change the prefix length again.

CR00013778

This issue has been resolved.

MSTP

L2TP

Executing the commands disable mstp port=number or enable mstp

port=number would not disable or enable the port on all MSTIs.

CR00013893

CR00013982

CR00014044

This issue has been resolved.

An L2TP call could be deleted when still attached to the PPP interface.

Doing this caused the router or switch to reboot.

This issue has been resolved.

IGMP

When large numbers of multicast streams were passing through the switch

and there was no multicast routing protocol running (such as PIM or

DVMRP), the CPU would experience regular periods of extended high

utilisation. This could result in lost control packets and network instability.

This issue has been resolved.

TTY

When a file was redirected (for example, by a trigger), if the mail hostname

was not available or not configured, the router or switch would reboot.

CR00014146

CR00014230

CR00014295

CR00014320

This issue has been resolved.

If the built-in editor was used to delete the last line of a file, the router or

switch could reboot.

This issue has been resolved.

IGMP

OSPF

IGMP snooping would process IGMP protocol packets that had incorrect IP

TTL fields (i.e. that had values other than 1).

This issue has been resolved.

Occasionally, when OSPF was started, not all the Type-7 LSAs were

translated into Type-5 LSAs.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

PIM6

Level

Description

If an IPv6 accelerator was used, and the upstream router forwarded IPv6

multicast data just before the prune limit timer expired, then the

downstream router sometimes did not send the prune until significantly

after the timer expired.

CR00014827

This issue has been resolved.

MSTP, GUI

Using the web-based GUI to set the Point-to-Point Link in the MSTP CIST

Port configuration to a non-default value would generate an error.

CR00015169

CR00015805

This issue has been resolved.

ISAKMP, IPv6

During the boot up, the router or switch waited 5 seconds before

beginning ISAKMP prenegotiation. For VPN tunnels over IPsec for IPv6, this

was not long enough for the router or switch’s interfaces to come up before

prenegotiation began.

Also, the router or switch did not obtain the most recent active ISAKMP SA

when multiple SAs existed.

These issues have been resolved. The router or switch now waits 6 seconds,

and obtains the most recent SA and uses that for Phase 2 negotiations.

Switching

If the switch had a large number of routes in its forwarding database (FDB),

and the command show switch fdb was used to display the contents of

the FDB, and the switch’s CPU was busy at the time, then the switch

sometimes rebooted.

CR00015964

CR00016262

CR00016340

This issue has been resolved.

Load

When attempting to upload files from the switch using TFTP to an IPv4

server address, the router or switch reported an error if IPv6 was not

enabled. It was not possible to upload files using TFTP to an IPv6 server

address at all.

These issues have been resolved.

DHCP

Snooping

DHCP Snooping has been enhanced to operate in a customised VLAN ID

translation (VID translation) environment. Previously, DHCP Snooping was

not supported with VID translation.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

IPv6

Level

Description

The timer that governs the interval between repeated neighbour

solicitation messages could only be configured by using the ndretrans

parameter of the set ipv6 nd command, and not through router

advertisements that the router or switch received from other routers.

CR00016587

This issue has been resolved. Instead of using the ndretrans parameter of

the command set ipv6 nd, use the retrans parameter to configure the

timer interval. Also,routers or switches acting as hosts will now correctly

update their timer values to the value specified in any router advertisements

that they receive.

DHCP6

Previously, it was possible to enter the incomplete commands delete

dhcp6 policy=name or set dhcp6 policy=name without specifying any

other parameters.

CR00016592

CR00016840

This issue has been resolved. If this is done, the router or switch now

displays the warning:

Warning (2117007): One or more parameters may be missing.

STP

Previously, when the switch was a Spanning Tree root bridge in a network

and a user raised the switch’s root bridge priority enough to stop the switch

from being the root bridge, unnecessary delays in convergence occurred.

This issue has been resolved.

IP Gateway

ISAKMP

The set ip filter command would not accept the protocol parameter.

CR00016956

CR00016964

This issue has been resolved.

When the router or switch negotiated an IPsec tunnel with RFC3947 NAT-

T, its NAT-OA payload had two bytes of reserved fields after the ID field

instead of the three bytes specified by RFC 3947. This could prevent the

tunnel from working properly when the tunnel was between an Allied

Telesis router or switch and some other vendor.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

ATM

Level

Description

If a PPP instance was destroyed after an attached ATM channel had been

modified using the set atm channel command, the router rebooted. The

router could also reboot if an ATM channel was deleted under similar

circumstances.

CR00016985

This issue has been resolved.

IPsec

AlliedWare IPsec would not interoperate with Microsoft Windows Vista

VPN clients. This was because Microsoft changed the IPSec behaviour in

Vista such that Vista's private local IP address is sent as the local

identification instead of an FQDN. When an IPSec tunnel between

AlliedWare and Vista was brought up, the hosts could not communicate.

CR00016989

CR00017081

This issue has been resolved. AlliedWare IPsec can now communicate with

peers that send their private local IP address as the local identification.

Classifier

The show classifier command did not allow users to display only the

classifiers that had their IP source address and MAC source address

parameters set to dhcpsnooping.

This issue has been resolved. For example, the command show classifier

ipsa=dhcpsnooping now displays those classifiers that have their IP

source address set to dhcpsnooping.

Also, it is no longer possible to create two identical classifiers with DHCP

snooping parameters.

Firewall

When the router was acting as a firewall and performing DNS relay, it used

the local IP interface private address as the source address for some packets

that it sent out the public interface. When the router acts as a DNS relay, it

receives DNS requests from the private interface and sends a new packet

on the public interface. These new packets were given the wrong address.

CR00017093

This issue has been resolved. Such packets now have their source address

set to the public interface address as required.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

IPsec

Level

Description

If an IPsec tunnel with no encryption (NULL) was negotiated in AlliedWare

over NAT-T, the ESP packets did not contain an RFC 3948 compliant

checksum. This means that some vendors may have discarded packets sent

by the AlliedWare peer over such a tunnel.

CR00017226

This issue has been resolved.

Note the null encryption is useful for debugging the traffic over an IPsec

tunnel and should not be used in a working IPsec solution.

IPsec

An IPSec checksum recalculation error occurred with UDP traffic when the

ESP encapsulation was added.

CR00017227

CR00017255

This issue has been resolved.

Switching

Previously, trunk members were given the STP state in hardware of port 1,

instead of having the STP state of the lead port in the trunk. The software

state (as displayed with the command show stp port) was correct.

This issue has been resolved.

Switching

When using multi-homed IP interfaces on a VLAN, it was possible that L3

hardware switching would stop for all multi-homed interfaces on that

VLAN, if one of the multi-homed interfaces was removed or went into an

administratively down state.

CR00017256

CR00017337

This issue has been resolved.

It was possible to set up a classifier that matched MPLS frames at layer 2,

but the switch would not correctly match these MPLS frames against the

classifier.

This issue has been resolved. The switch now correctly matches MPLS

frames against such a classifier.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

QoS,

Level

Description

Some small memory access violations existed in DHCP snooping.

These violations have been resolved.

CR00017368

DHCP

Snooping

Also, a new console error message is displayed if a user tries to add a

duplicate classifier to a QoS policy. For example, if traffic class 101 belongs

to policy 2 and a user tries to add a flow group to traffic class 101 when

the flow group’s classifier is number 54 and already belongs to policy 2, the

following message is displayed:

Error (3099297): Duplicate classifier (54) on policy 2.

A similar new log message has also been added, which says:

Duplicate classifier (<number>) found on <string> <number>

Note that a classifier can exist in two separate policies but cannot exist

twice in the same policy.

IP Gateway

The router or switch could reboot when the local interface address had

been specified by using the set ip local command, and then the underlying

interface from which the local interface took its address was either deleted

or had its address changed. In both these cases, the local interface was

correctly reset back to an undefined address, but a route to this address was

not deleted. This could cause routing difficulties and a reboot when packets

for that address were received.

CR00017456

This issue has been resolved. The route is now correctly deleted.

Firewall

When a VoIP call using SIP was initiated from the public side of the firewall,

occasionally the firewall created two UDP sessions for the call with different

UDP source ports. This happened if the first packets of the STP (voice data)

stream arrived earlier than the 200 OK message that was supposed to

establish the session. The result was that the public side caller could not

hear the call.

CR00017488

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

ISAKMP

Level

Description

The router or switch sometimes could not establish a VPN when the remote

peer was behind a NAT gateway and the router or switch’s remote ID was

set to default.

CR00017518

This issue has been resolved.

PPP

If a PPPoE AC service had been added, but AC mode had not been enabled

by using the enable ppp ac command, PADI frames were processed

anyway, potentially leading to a reboot.

CR00017634

This issue has been resolved.

TTY

Previously, it was not possible to configure a TTY service on the router (by

using commands like create service).

CR00017659

CR00017662

This issue has been resolved.

Core

Stopping and restarting two fans on the switch in a particular order could

put the fan fault detection mechanism into a state in which the system LED

would not flash for a fan fault.

This issue has been resolved.

IGMP

When the switch had a hardware filter configured that would match and

discard a received IGMP packet, IGMP snooping still processed the packet

and added the details to its snooping database.

CR00017724

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

Level

Description

IP Gateway,

DHCP

When the DHCP server was enabled on a router or switch that also had a

local IP interface defined by using the set ip local command, outgoing

DHCP server packets would use the set ip local command's IP address as

their source address. Furthermore, if the broadcast flag was set to TRUE in

the DHCP Discover message that the server was replying to, then the server

would send the DHCP Offer packet out the wrong IP interface with the

wrong source IP address. Microsoft Windows Vista has the broadcast flag

set to TRUE.

CR00017731

These issues have been resolved. The DHCP server configuration now

ignores any local IP interfaces set by using the set ip local command, and

the server now sends the Offer message out the interface that it received

the Discover on.

Switching

If a multicast route had an odd number of downstream interfaces attached

to it, and the last downstream interface was deleted, the second to last

downstream interface could experience a loss of packets.

CR00017749

This issue has been resolved.

PIM

PIM would sometimes start forwarding duplicate packets from the RP to

downstream interfaces if the SPT Bit had been set and had become unset.

CR00017816

CR00017906

This issue has been resolved.

VLAN, MSTP

If ports were removed from a VLAN and MSTP was enabled, then the port

removal was not included in the configuration displayed by the command

show config dynam or saved by the command create config.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Level 3

Module

PKI

Level

Description

Some PKI commands (including add pki ldap, create pki enroll, and

create pki keyupdate) only worked if their parameters were entered in a

particular order.

CR00000503

This issue has been resolved.

The command add fire policy=name rule=number act=allow int=int

ip=ipadd list=filename would incorrectly be rejected, with an error

message stating that list and ip were mutually exclusive.

CR00001106

CR00001438

This issue has been resolved, so that list and ip can be used together in the

same firewall rule.

TACACS+

If TACACS+ was used for authentication and the TACACS+ server went

down during an authentication attempt, the router or switch added the

attempted login names to the TACACS+ user list (as displayed in output of

the show tacplus user command). However, the router or switch correctly

did not log users in with those names.

This issue has been resolved.

IP Gateway

Firewall

Sometimes an incorrect error message was printed if a user tried to enable

IP multicast switching on a device that did not support it.

CR00002587

CR00003354

This issue has been resolved.

The firewall message “Port scan from <source> is underway” was repeated

more times than messages about other attack events. This could cause

confusion.

This issue has been resolved. The message is now displayed with the same

frequency as other firewall attack event messages.

Firewall

The firewall sometimes did not report that an attack had finished until

several minutes after it actually finished.

CR00003356

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

File

Level

Description

The show file command did not check whether the specified file system

was valid. If an invalid file system type was entered (such as show

file=abc:*.*), the router or switch reported that no files found instead of

reporting that the file system abc did not exist.

CR00004004

This issue has been resolved.

GUI

The following issues occurred with the GUI:

CR00005048

■ the menu item and related page title for configuring PPPoE and PPPoA

interfaces was incorrectly named “PPP”. This issue has been resolved by

changing the names to “PPPoE / PPPoA”.

■ the UPnP selection option on the firewall pages did not work. This issue

has been resolved.

Note that if you want to use the GUI to configure a PPP interface over ISDN,

use the Dial-up menu option to do so.

LACP

If a user attempted to enable LACP on AT-9800 series switches—which do

not support LACP—the switch incorrectly said that the module had been

enabled.

CR00005187

This issue has been resolved. The switch now displays an error message

instead.

Classifier

BGP

Previously, a classifier with protocol=ip matched both IPv4 and IPv6

packets when used with software QoS, instead of only matching IPv4

packets.

CR00005894

CR00005940

This issue has been resolved.

There were several cases in BGP where an error was discovered in an

incoming packet, but the incorrect error subcode was reported in the

accompanying NOTIFICATION message. Also, NOTIFICATION messages did

not contain the aberrant data in their data fields, as required by the RFC.

These issues have been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

SNMP

Level

Description

On AR725 and AR745 routers, which have no VLAN support, an SNMP Get

request for dot1qMaxVlanId or dot1qMaxSupportedVlans incorrectly

returned a value.

CR00006303

This issue has been resolved.

Bridge

Predefined bridge protocols XEROX PUP and PUP Addr Trans with the

encapsulation of EthII and protocol type 0x0200 and 0x0201 are invalid

and obsolete, since they are less than the minimum ETHII protocol type of

1500 (decimal). Bridging with these protocols could cause the router to

reboot.

CR00006613

This issue has been resolved by replacing the predefined protocol types with

the more modern equivalents 0x0a00 and 0x0a01. Also, if you enter a

protocol type less than the minimum, the router now displays an error

message.

GUI

When a user used the GUI to attempt to delete a local interface that was in

use by another protocol, the operation (correctly) failed, but the GUI did not

display an error message to explain the failure.

CR00007394

CR00007404

CR00007926

This issue has been resolved.

MSTP

If a network running MSTP was connected to a network running RSTP and

MSTP message debugging was enabled on a switch, the debug output

could loop for a very long time with invalid data.

This issue has been resolved.

Switching,

IP Gateway

The x900 series switches did not send an ICMP Redirect packet when they

received a packet and the route to the packet’s destination was back to the

packet’s sender. The switches routed the packet back to the source but did

not send an ICMP Redirect message.

This issue has been resolved. The x900 series switches now send an ICMP

Redirect message.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

TTY

Level

Description

When prompted to enter a file name while using the command line file

editing utility, no more than 23 characters could be typed, even if the

existing characters were deleted using the backspace key.

CR00008122

This issue has been resolved.

Firewall

The command enable firewall notify=port port=asyn-number was not

available on switches, only on routers. If a user created a configuration on

a router and used this option, the configuration had to be modified if

transferred to a switch.

CR00008378

This issue has been resolved. The notify=port option and the port

parameter are now available on switches. However, these port parameters

have been deprecated in favour of the asyn parameters, so warning

messages are printed to indicate this if the commands are used.

Switching

When the commands enable switch port=number automdi and

disable switch port=number automdi were executed from a telnet

session, some INFO messages were output to the asyn0 console session

instead of the telnet session.

CR00009086

This issue has been resolved.

STP, SNMP

Previously, newRoot and topologychange traps (located at

1.3.6.1.2.1.17.0) were only generated by the bridging module.

CR00010144

CR00010229

This has been extended to the STP module. Please note that this applies

only to standard STP, not Rapid STP.

Install, SNMP

Previously, MIB objects instRelMajor, instRelMinor and instRelInterim values

were only correct for bootrom (default) builds.

This issue has been resolved. Now the correct values are returned for these

objects when the current install matches the temporary or preferred install.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

Install

Level

Description

If a user attempted to enter a filename with an invalid format, the resulting

error message did not correctly describe the format that should have been

used. Also, the router or switch returned an incorrect error message when

a user attempted to delete a non-existent release licence file.

CR00010306

These issues have been resolved.

BGP

Previously, it was possible to enter bad BGP peer IP addresses, such as

0.x.x.x, 127.x.x.x and 255.255.255.255.

CR00010315

CR00010465

CR00010538

This issue has been resolved.

Switching

Firewall

The “?” help for the command show switch sock=con inst=value

showed a maximum value of 4294967295.

This issue has been resolved. Valid instance values are 0 and 1.

When firewall events were recorded in the Notify queue (displayed in

output of the command show firewall event=notify), the IP address

shown would be the address of the very first packet that belonged to that

event flow. For example, if 64 host scan packets were required to trigger a

host scan event and the first packet had a target IP of 1.1.1.1 and the 64th

had an IP of 1.1.1.64, then the IP address recorded would be 1.1.1.1, even

though the event was not actually recorded until the 64th packet arrived.

Additionally, the source and destination ports in this display would always

show as 0.

These issues have been resolved.The IP addresses shown are now those of

the particular packet that triggered the event notification, and the source

and destination ports match the actual ports used by that packet.

PPP

If the router or switch received an Echo-Request that did not comply with

RFC 1661, it processed and replied to the Echo-Request.

CR00010976

This issue has been resolved. Non-complying Echo-Requests are now

ignored.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

PPP

Level

Description

PPP incorrectly ACKed a LCP ConfigureRequest containing the Magic-

Number option with a value of 0.

CR00010979

This issue has been resolved.

PPP

If the router or switch received an incorrectly formatted PAP request packet,

it used to process the packet. This issue has been resolved—now it silently

discards the packet.

CR00010984

CR00011223

Also, if the router or switch received a PAP request packet with a zero

length user ID, it used to send the packet to the authentication database.

This issue has been resolved—now it NAKs the packet.

Core

On AT-8948 and AT-9924SP switches with an empty PSU bay, an SNMP

walk through of the fanAndPsPsuStatusTable would display lines for the

non-existent PSU, with the value of “no such instance”.

This issue has been resolved. The walk through now only includes installed

PSUs.

GUI

Some of the features supported in the web-based GUI did not have a

complete set of online help pages generated for them.

CR00011259

CR00011315

This issue has been resolved.

IP Gateway

When the limit for the number of IP interfaces was reached and a user tried

to add another IP interface over a VLAN, the router or switch displayed the

following misleading error message:

Error (3005273): No more VLAN interfaces may be added.

This issue has been resolved. The error message is now:

Error (3005273): No more IP interfaces over VLANs may be added.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

Ping

Level

Description

When the router or switch pinged a host whose hostname consisted only

of the digits 0-9 and the letters A-F, it treated the given hostname as a

hexadecimal IPX address even if the hostname was in the host list.

CR00011438

This issue has been resolved. Now, when the router or switch pings a host

using a hostname, it checks the hostname in the host list first. If it does not

find the host in the host list, then it treats the hostname as an IPX address.

Firewall

When a firewall UDP session starts up, the session timeout should be 5

minutes for the first 5 packets of the session, then change to the configured

UDP session timeout value. Previously, the timeout changed after the 6th

UDP packet belonging to that session, instead of after the 5th packet.

CR00011824

This issue has been resolved.

IP Gateway

Classifier

The command show ip cassi command is obsolete but was still available.

CR00012066

CR00012168

This issue has been resolved. The command has been removed from the

command line. To obtain the same information, use the command show

conf dyn=ip.

Output of the show classifier command displayed only the hexadecimal

protocol value for IP SNAP, instead of also displaying the protocol name.

This issue has been resolved. The output now displays:

0000000800 (IP SNAP)

OSPF, GUI

STP

If there were virtual OSPF interfaces, then the OSPF Interfaces GUI page

showed all interfaces as belonging to the backbone area (0.0.0.0).

CR00012885

CR00013352

This issue has been resolved.

The help displayed by the command set stp port=all ? listed some

parameters twice.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

Level

Description

IP Gateway

Once a default local IP address had been set, it could not be deleted. This

was because the default interface does not have an interface number, but

to delete a local interface, the user must specify the interface’s number.

CR00013494

This issue has been resolved, by adding an option called default to the

delete ip local command. To delete the default local interface’s address,

use the command:

delete ip local=default

Note that this resets the interface, including removing its IP address, but

does not remove the interface itself.

DHCP

If a user attempted to add a policy option to a DHCP policy by using the set

command instead of the add command, then the resulting error message

did not clearly indicate the cause of the error.

CR00013543

For example, entering the command:

set dhcp policy=test arptimeout=234

resulted in the error message:

Error (3070061): ARPTIMEOUT not found.

This issue has been resolved. The error message now reads:

Error (3070279): Option ARPTIMEOUT was not found in policy test or

was not added using the ADD DHCP POLICY command.

Ping,

Traceroute

In the set trace command, it was possible to specify a minimum TTL value

that was higher than the maximum TTL value.

CR00013635

CR00013637

This issue has been resolved. The minttl and maxttl parameter are now

checked to ensure that the value of minttl is less than or equal to the value

of maxttl.

Ping,

Traceroute

If the value specified for the minimum time-to-live parameter (minttl) of

the traceroute command exceeded the value set for the maximum time-

to-live parameter (maxttl), the router or switch would attempt to execute

the trace rather than generate an error message.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

Level

Description

EPSR, SNMP

When a user destroyed an EPSR domain, SNMP Requests returned

information about the domain even though it no longer existed.

CR00013832

This issue has been resolved.

Ping,

Traceroute

If a user attempted to perform a traceroute without specifying the address

to trace (either in the trace or set trace commands), the router or switch

attempted to trace 0.0.0.0.

CR00013920

This issue has been resolved. The router or switch now displays an error

message.

VRRP, GUI

PPP

The VRRP priority could not be modified through the GUI—the priority

option was there but did nothing.

CR00014103

CR00014137

This issue has been resolved.

A PPPoE Access Concentrator service that had been added by using the

acinterface parameter to specify a VLAN (or by using the deprecated vlan

parameter) could be deleted without specifying the acinterface parameter

(or the deprecated vlan parameter).

This issue has been resolved.

RSTP (correctly) only uses the top 4 of the available 16 bits for the bridge

priority. If a user enters a value that is not a multiple of 4096, the switch

rounds the value down. Previously, the switch did not inform users when it

rounded the value.

CR00014159

This issue has been resolved. The switch now displays an info message

when it rounds the bridge priority.

Note that this only happens for RSTP. STP uses all 16 bits for the bridge

priority.

OSPF

When OSPF was disabled and a BGP redistribution definition existed, then

the obsolete command set ospf bgplimit=limit did not update the limit

in the BGP redistribution definition. This meant that the limit was incorrect

when OSPF was enabled again.

–

CR00014203

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

LLDP

Level

Description

The help displayed for the LLDP port parameter (in such commands as

show lldp port=?) incorrectly indicated that the port parameter is a

“string 1 to 255 characters long”. The port parameter is instead an

Ethernet switch port number or a range of numbers.

CR00014304

This issue has been resolved. The help is now correct.

Ping

The maximum value for the delay parameter of the ping command was

CR00014330

too long.

This issue has been resolved by changing the range for the delay from

0-4294967295 to 0-604800. This new maximum is the number of seconds

in one week.

Switching,

RSTP, SNMP

Previously, an incorrect value was returned for the port number when

responding to an SNMP Request for MIB object dot1dSTPRootPort.

CR00014879

CR00015466

CR00016183

This issue has been resolved.

Core, Install,

PoE

The output of the show cpu command on the AT-8624POE switch showed

relatively high CPU usage when the device was idle.

This issue has been resolved.

File

If a user attempted to delete a locked file, such as the currently-installed

GUI resource file, the router or switch displayed both an operation error

message and an operation successful message.

This issue has been resolved by removing the incorrect operation successful

message.

OSPF

Previously, OSPF logged the same message for two separate errors. These

errors were when OSPF rejected a database description message because:

CR00016429

■ the neighbour was in a state of “down” or “attempt”, or

■ the MTU received from the neighbour was larger than the receiving

system could handle.

This issue has been resolved. Separate error log messages are now

generated for these two errors.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

PPP

Level

Description

It is valid to use the command create ppp=number to create a PPP

interface without specifying the underlying layer 1 interface. However,

executing this command, or including it in a boot script, resulted in an error.

CR00016452

This issue has been resolved.

IPv6

If IPv6 was disabled and a user entered any of the following commands:

CR00016578

add ipv6 interface

add ipv6 6to4

add ipv6 tunnel

create ipv6 interface

enable ipv6 advertising

then the router or switch correctly displayed a warning message to indicate

that IPv6 was disabled and also correctly performed the specified

configuration. However, it did not display an “Operation successful”

message to indicate that the configuration had changed.

This issue has been resolved. The router or switch now displays the

“Operation successful” message as well as the warning message.

ATM

Sometimes, the router displayed the following error message:

CR00016735

Internal Error: speed mismatch causing transmit internal rate underrun

error.

This was due to a mismatch in the synchronisation between the internal

rate of the ATM controller in the CPU and the speed of the ATM PHY

connector. This synchronisation mismatch had a small impact on ATM

performance.

This issue has been resolved.

TTY

If a user was accessing the router or switch via telnet, and sent a ^P (break)

character followed by the character d or D, then the router or switch

displayed an unwanted diagnostic message.

CR00016925

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

Level

Description

Port

Authentication

On termination of an 802.1x session, an accounting message is sent to the

Radius server. This enhancement implements the Acct-Input-Octets,

Acct-Output-Octets, Acct-Input-Packets, and Acct-Output-Packets fields in

the message.

CR00017019

Note that this enhancement only applies to ports in single-supplicant mode.

These fields in the accounting message for ports in multi-supplicant mode

still all have a value of 0.

Level 4

Module

Level

Description

GUI, Switch

The Diagnostics > Layer 2 Forwarding Database page of the GUI displayed

extra internal (SYS or CPU) entries.

–

CR00011228

This issue has been resolved. The GUI and the command show switch fdb

now display the same information.

Switch

Previously, if you used the ? or Tab keys to obtain help for the set switch

ageingtimer command, the resulting help said that valid entries were from

0 to 4294967295. However, the correct range of values is from 16 to

4080 seconds for AR750S routers and from 10 to 630 seconds for AR770S

routers.

CR00013409

This issue has been resolved. The “?” help now displays the correct ranges.

OSPF

TTY

The command purge ospf did not delete OSPF redistribution definitions.

CR00014205

CR00014302

This issue has been resolved.

If the router or switch configuration file contained the command set tty

idle, the router or switch produced a corrupted log message when it

started up.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Enhancements

Module

Level

Description

BGP

The BGP counter output display has been significantly improved. Also, the

command show bgp counter=all now prints out the RIB, UPDATE, DB and

PROCESS counters.

CR00012822

MACFF,

MAC-forced forwarding has been enhanced for use in a hospitality

situation, such as a hotel. The enhanced solution allows hotel guests to

connect to the network without having to change their IP settings, while

still ensuring privacy for each guest. Typically some guests will obtain their

IP address from the hotel's DHCP server and others will have statically

configured IP addresses in their PCs.

CR00016099

DHCP

Snooping

The solution is designed to interoperate with a specialised Access Router

that is able to deal with the full range of IP addresses that will be in use on

the guests' PCs. The Nomadix Access Gateway (from www.nomadix.com)

is an example of such a specialised access router.

Configuration of the new feature is similar to the existing MAC-forced

forwarding configuration. On each edge switch, you also need to enter the

following new command before enabling DHCP snooping:

disable dhcpsnooping ipfiltering

You also need to turn on ARP security and allow authorised clients to send

only unicast packets, by entering the following commands:

enable dhcpsnooping arpsecurity

enable dhcpsnooping strictunicast

This enhancement also introduces the ability to add MACFF servers with

static MAC addresses, rather than relying on ARP to determine them based

on IP addresses. To do this, enter the command:

add macff server mac=macaddr

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

Level

Description

This software release supports the new x900-48FS switch. For an overview

of the switch, see “Support for the new x900-48FS switch—CR00016662”

on page 92.

CR00016662

CR00016891

CR00017335

CR00017937

PPP

This enhancement enables the PPPoE client to establish a session promptly

after a restart or power cycle. This is done by sending a PPPoE Active

Discovery Terminate (PADT) frame in response to a frame received with an

unknown PPPoE session ID.

CR00016913

CR00017197

CR00017395

SSH, User,

RADIUS

SSH sessions to the router or switch can now be authenticated via RADIUS.

The router or switch attempts to authenticate an SSH user via RADIUS if the

user to be authenticated is not configured in the local user database and

the router or switch has RADIUS configured.

Firewall

This enhancement enables the firewall to establish accurate MSS

(Maximum Segment Size) values for TCP sessions without using the MTU

discovery process. MTU discovery depends on ICMP error packets, so does

not work in networks that do not forward ICMP error packets.

To enable this feature, use the command:

enable firewall policy=name adjusttcpmss

The adjusttcpmss parameter enables the firewall to adjust the MSS value

stored inside incoming TCP SYN packets, to reflect the lower of the two

MTU values on the ingress and egress interfaces. Normally, for example, if

a TCP SYN packet arrives from an interface with an MTU of 1500 and leaves

on an interface with an MTU of 1000, the MSS inside the SYN packet will

remain at 1460. When this feature is enabled, the MSS will be adjusted to

960 because the firewall knows that the egress interface has a smaller

MTU. Note that the firewall does not change the original MSS value if it is

already lower than the values of the ingress and egress interfaces.

To disable this feature, use the command:

disable firewall policy=name adjusttcpmss

This feature is disabled by default.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-08

Module

Level

Description

IGMP

Snooping

The IGMP snooping fast leave option has been enhanced, to make it

available when multiple clients are attached to a single port on the

snooping switch. For configuration information, see “IGMP snooping fast

leave in multiple host mode—CR00017482” on page 93.

CR00017482

WAN Load

Balancing

WAN load balancing can now also balance traffic across IP interfaces that

are configured on VLANs. This means it is now available for the following

IP interfaces:

CR00017532

CR00017701

■ eth (such as eth0)

■ ppp (such as ppp0)

■ vlan (such as vlan1)

IGMP

IGMP filtering is now available on AT-8600 series switches.

For more information, see the IP Multicasting chapter of the switch’s

Software Reference, or How To Configure IGMP for Multicasting on Routers

and Managed Layer 3 Switches, available from www.alliedtelesis.com/

resources/literature/howto.aspx.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-07

Software Maintenance Version 291-07 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:

■

“Y” indicates that the resolution is available in Version 291-07 for that product series.

“–” indicates that the issue did not apply to that product series.

Level 1

No level 1 issues

Level 2

Module

Level

Description

IP Gateway

If two routes to the same destination were present in a switch, and the

route of lower preference was deleted (in other words, the route whose

details were present in the hardware routing database), then the hardware

routing database was not updated with the remaining route as it should

have been. This could cause serious routing issues.

CR00017869

This issue has been resolved so that hardware routing database updates are

carried out correctly.

Switch

Running the command show switch tab=ip could result in a reboot if a

CR00018039

large number of routes (10,000 or more) were present on the switch.

This issue has been resolved so that the command can run no matter how

many routes are present on the switch. However, the output from the

command may be truncated due to buffer space restrictions.

Level 3

No level 3 issues

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-06

Level 4

No level 4 issues

Enhancements

No enhancements

Features in 291-06

Software Maintenance Version 291-06 provided support for the new Rapier 48w switch. For more information, see “Support for the new Rapier 48w switch” on

page 95.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Software Maintenance Version 291-05 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:

■

“Y” indicates that the resolution is available in Version 291-05 for that product series.

“–” indicates that the issue did not apply to that product series.

Level 1

No level 1 issues

Level 2

Module

Level

Description

IGMP

Snooping

When a port left a multicast group, the router or switch assigned the All Groups

port to that multicast group. This could be seen in the output of the command

show ip igmp—the list of ports for the group would include the All Groups port.

CR00007737

This issue has been resolved.

WAN load

balancer,

Firewall

The router rebooted if a user cleared all active WAN load balancer sessions on a

router that had more than approximately 15000 active sessions.

CR00010003

CR00011533

This issue has been resolved

Also, the maximum session limit for the WAN load balancer should be 2 * the

firewall session limit. On AR415S and AR442S routers, users can increase the

firewall session limit by adding special feature licenses. Previously, if the firewall

session limit changed, it was necessary to reboot the router to update the WAN

load balancer session limit.

This issue has been resolved. The WAN load balancer limit now updates when

you enable the firewall session license.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

VLAN

Level

Description

Previously, it was possible to destroy a VLAN when it was configured as an IP

interface.

CR00012980

This issue has been resolved. Now, you can only destroy a VLAN if it has no IP

configuration.

IPsec

The router or switch would establish IPsec Security Associations (SAs) if ISAKMP

was enabled but IPsec was disabled.

CR00013041

This issue has been resolved. The router or switch only sets up SAs if IPsec is

enabled.

User,

802.1x

If the reauthentication period for 802.1x port authentication was set to less than

20 seconds, the router or switch sometimes rebooted.

CR00013500

CR00013527

This issue has been resolved.

OSPF

When the router or switch produced an OSPF type 7 LSA, it sometimes specified

a route out of an interface that was down. This would stop the router or switch

from forwarding traffic to the route’s destination.

This issue has been resolved.

GUI

SHDSL

OSPF

Previously, some GUI pages did not display correctly in version 7 of Internet

Explorer.

CR00014344

CR00014851

CR00014955

This issue has been resolved.

Very occasionally, an AR442S router would reboot if SHDSL interface train-up

took an excessively long time.

This issue has been resolved.

The router or switch sometimes rebooted when converting OSPF type 7 LSAs to

type 5 LSAs. This issue has been resolved by increasing the robustness of the

translation mechanism.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

Firewall

Level

Description

When only NAT was enabled on the firewall, during some TCP connections in

which either end of the connection sends FIN (finished) messages immediately

after sending some data and the other end ACKs (acknowledges) the data and

the FIN message consecutively, the firewall sometimes incorrectly interpreted the

first ACK message (intended for the data) as belonging to the FIN message and

prematurely shut the connection down. This could prevent the firewall from

opening up new connections using the same port numbers.

CR00015569

This issue has been resolved.

BGP,

When BGP learned new best routes for a particular destination, it did not always

clear any active IP flows that used the previous best route. Therefore, the router

or switch continued to forward traffic sub-optimally.

CR00015592

IP Gateway

This issue has been resolved. Now, when BGP inserts new routes into the IP route

table, it deletes all active route flows, so any active flows change to using the new

route. The time taken to delete a full table of IP flows has also been greatly

reduced.

Switch

VRRP

Sometimes IP routed traffic would be sent out the correct port, but with the

destination MAC of another device on the network. This issue was most likely to

occur in configurations that use multi-homed interfaces on multiple VLANs for

end devices.

CR00015736

CR00015822

CR00015861

This issue has been resolved.

When the command enable ip macdisparity was used, and a static ARP entry

was configured with an L2 multicast MAC address, the switch should have

broadcast traffic to that multicast MAC address out all ports in the VLAN. This

was not happening.

This issue has been resolved.

After manually disabling the master VRRP router, sometimes a backup router that

should assume master status would not do so, and VRRP would cease to function

properly.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

DHCPv6

Level

Description

For DHCPv6, the router or switch now supports Prefix Delegation according to

RFC 3633. The previous implementation was according to an Internet draft and

did not interoperate with other DHCPv6 implementations.

CR00015938

This issue has been resolved.

DHCPv6

The DHCPv6 client regularly wrote the file client6.dhc, which over time caused

unnecessary Flash compactions.

CR00015974

This issue has been resolved. The DHCPv6 client now only writes the file when

the contents are different from the previous time that the file was written. This

greatly reduces the number of Flash compactions caused.

DHCPv6

TPAD

DHCPv6 authentication did not work correctly.

CR00015984

CR00015989

This issue has been resolved. You can now configure the router or switch to

authenticate DHCPv6 exchanges.

When using the TPAD autodial feature and sending multiple transactions over a

TCP/IP connection, the router or switch responded to good APACS packets by

sending an ACK. This ACK was unnecessary and could cause interoperability

issues.

This issue has been resolved. The router or switch no longer sends the ACK in

these circumstances.

IP Gateway,

Firewall

Previously it was not possible to add a static ARP entry for the corresponding

partner address of a /31 subnet interface.

CR00016034

CR00016060

This issue has been resolved. The router or switch will now also allow /31 ARP

requests to pass through the firewall.

IGMP

If a port was disabled from being an All Routers group port for IGMP, and that

port received All Routers group traffic, it would incorrectly be added to the All

Routers group.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

Level

Description

IPsec, IPv6

When the icmptype parameter was changed to none for an IPv6 IPsec policy, an

incorrect ICMP type value was displayed in output of the command show config

dyn and saved in the configuration file produced by the command create

config.

CR00016128

This issue has been resolved.

GUI, Firewall

When configuring the firewall with the GUI, the Policy options tab did not

update its display when options were changed from the default settings. For

example, if the user cleared a checkbox and clicked the Apply button, the router

correctly turned off that option, but the GUI showed a check in the checkbox.

CR00016180

This issue has been resolved.

Core

SYN

The router or switch’s handling of soft errors has been further improved. Soft

errors are spontaneous changes in the information stored in a digital circuit,

caused by physical effects.

CR00016200

CR00016288

The polarity of the CD output of RS-232 DCE and V.35 DCE SYN cables was

reversed—it was ON when OFF was selected and vice-versa.

This issue affected AR750S, AR770S, and AR44xS series routers.

This issue has been resolved.

Load

The upload command did not always work if the server parameter was set with

the set load command instead of being specified in the upload command.

CR00016303

CR00016327

This issue has been resolved.

IP Gateway

If a policy filter was configured, ping sometimes failed. This happened because

the router or switch assigned the ICMP echo replies to an IP flow without

checking that the interface for the echo replies matched the interface for the

flow. Therefore, the router or switch could use the wrong flow to forward the

replies.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

DHCPv6

Level

Description

If an IPv6 DHCP client was forced to rebind to a router or switch acting as a DHCP

server, the server returned incorrect timing parameters to the client. Some clients

were able to cope with this, but others could end up losing their DHCP lease.

CR00016364

This issue has been resolved.

DHCPv6

The following issues occurred with DHCPv6:

CR00016365

■ The option IDs for DNS name server and domain search list were incorrect. This

caused interoperability issues with other implementations.

■ The domain names specified in the domain name option were encoded

incorrectly. This caused interoperability issues with other implementations.

■ If a user entered two DNS servers for a DHCPv6 policy, then saved the

configuration, the command was not saved correctly. When the router or

switch ran the configuration on start-up, it added only the second DNS server

to the policy.

These issues have been resolved.

IGMP Proxy,

Switch,

IP Gateway

If IGMP proxy was enabled and multicast data was received on a downstream

VLAN interface, that data would be transmitted to other interfaces. Also, the

VLAN interface that received the data would forward two copies of the packet

to other ports on that VLAN.

CR00016379

These issues have been resolved.

IP Gateway

STP

ARP did not work correctly on logical /31 interfaces, which prevented regular IPv4

communications from working over these logical /31 interfaces.

CR00016394

CR00016418

This issue has been resolved.

If the switch received IGMP packets on the non-lead port of a trunk group which

was participating in a Spanning Tree, in some circumstances the switch would

forward the packets out of an STP-blocked port in the trunk.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

BGP

Level

Description

When BGP capability matching was changed to strict, that setting was not

displayed in output of the command show config dyn or saved in the

configuration file produced by the command create config. When the router or

switch ran the configuration file on start-up, the capability matching setting

reverted to the default of loose.

CR00016489

This issue has been resolved.

PPP

An interoperability issue with a malfunctioning PPP peer meant that the peer

could ACK an IP address of 0.0.0.0 when it was required to offer a valid public IP

address.

CR00016526

This issue has been resolved. The router or switch now refuses to accept this

incorrect negotiation and instead resends a configure request for an IP address.

IPv6

Switch

BGP

The router or switch sometimes rebooted after receiving an IPv6 router

advertisement, or after the command set ipv6 interface was entered.

CR00016576

CR00016621

CR00016698

This issue has been resolved.

On 48-port switches, hardware filters with the eport parameter specified did not

always behave correctly.

This issue has been resolved.

The following issues occurred when using BGP aggregate specifications (created

using the command add bgp aggregate):

■ When an aggregate route was originated from routes learnt from external

peers, and then all of the contributing child routes were withdrawn by the

external peers, the aggregate route was not removed from the routing table.

It could still be advertised to external peers.

■ When a network or import entry (add bgp network or add bgp import)

resulted in a route entry that had the same prefix length as the aggregate

specification, then BGP (correctly) originated the aggregate route. However,

deleting the network or import definition did not remove the aggregate route

from the routing table.

These issues have been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

TCP, Telnet

ISDN

Level

Description

The speed of the output from the Telnet server has been increased.

CR00016727

CR00016762

For AR44xS series routers with system territory set to USA, the ISDN Q.931 SPIDs

failed to initialize to the ISDN exchange/ISDN USA profile simulator (both manual

and auto SPIDs) after a reboot.

This happened because the router did not write *.spd files to Flash memory, so

the SPID initialization failed on reboot because the SPIDs did not exist.

This issue has been resolved. The *.spd files are now correctly written to Flash

memory, which allows SPIDs to initialise after a reboot.

Bridge

If an Ethernet packet, including its FCS (Frame Check Sequence), was

encapsulated in PPP and bridged to a VLAN interface, the packet could contain

two FCS values.

CR00016804

This issue has been resolved.

Frame Relay

Firewall

When the MTU of a Frame Relay logical interface was modified (by using the

command set interface=fr-int mtu=value), incorrect interface and MTU

settings were displayed in output of the command show config dyn and were

saved in the configuration file produced by the command create config.

CR00016855

CR00016856

When the firewall policy for an interface had a NAT type of ENAPT, the firewall

did not correctly translate the destination addresses of incoming packets that

matched “allow” rules.

This issue has been resolved.

Classifier

When a non-default protocol was specified for a classifier, in some circumstances

that protocol setting was not displayed in output of the command show config

dyn or saved in the configuration file produced by the command create config.

When the router or switch ran the resulting configuration file on start-up, the

protocol setting was lost.

CR00016911

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

Core

Level

Description

Some versions of the AT-G8T GBIC prevented the switch from detecting and

setting up the AT-A47 expansion board correctly. This issue occurred on start-up

when the GBIC was installed and had a link up.

CR00016940

This issue has been resolved.

IP Gateway

When there were multiple routes to a destination and the best route was deleted

from the switch’s hardware routing table, the switch did not use the alternative

route. Also, the switch only used the best route, even if ECMP was supported.

CR00016941

CR00017006

This issue has been resolved. When multiple routes exist and the best route is

deleted from the hardware table, the switch now adds the next best route to the

hardware table correctly. If the switch supports ECMP, all routes are now added

to hardware, not just the best route.

Switch

Previously, the link to the AT-G8T GBIC would not come up automatically when

its auto-negotiation slide switch was set to “on”. This was because the switch

configured the GBIC in a fixed speed mode by default.

This issue has been resolved. The link now comes up automatically when the

auto-negotiation slide switch is set to “on”. To bring the link up when auto-

negotiation is set to “off”, use the command:

set swi port=port-list speed=1000mf

IGMP

Snooping

If a port on the router or switch joined and left many IP multicast groups, the

router or switch sometimes did not transmit all multicast packets to all receivers.

CR00017031

CR00017036

This issue has been resolved.

Switch

In some trunk configurations, the STP state of trunks was incorrectly applied to

non-trunk ports. This could result in incorrect traffic flows in the network. This

issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

DHCPv6

Level

Description

DHCPv6 prefix delegation contained the followed issues:

CR00017074

■ previously, the command create dhcp6 range accepted ranges with an

invalid prefix length.

This issue has been resolved. The router or switch now displays an error unless

the prefix length is in the range 48-64.

■ previously, when the router or switch requested a prefix to delegate to its

appint interfaces, it could only use prefixes of length 48 or 64.

This issue has been resolved. The requesting router or switch can now use any

prefix that has been delegated to it, as long as the prefix length is less than or

equal to 64 bits.

■ The requesting router or switch would allocate an address to the interface

through which it connects to the delegating router or switch.

This issue has been resolved. The router or switch no longer does this.

IPsec

When entering the command set ipsec policy, the value of the

respondsetbadspi was incorrectly reset to its default of false, unless it was also

included in the set command.

CR00017076

This issue has been resolved.

IP Gateway

Telnet

When the router or switch’s Local address was pinged, the router or switch

responded from the interface address of the interface through which it received

the ping, instead of the Local address to which the ping was sent. This issue has

been resolved.

CR00017146

CR00017151

When Reverse Telnet was enabled the command shell was (correctly) disabled on

all ASYN ports apart from ASYN0. However when Reverse Telnet was disabled

again, the command shell was not re-enabled on the other ASYN ports.

This issue has been resolved.

VLAN, IGMP

Snooping

When a user configured IGMP static router ports, the configuration file produced

by the command create config could be invalid. When the router or switch ran

the resulting configuration file on start-up, it produced an error instead of

configuring the router ports.

CR00017239

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

Level

Description

WAN Load

Balancer

If two WAN load balancer healthcheck hosts were defined, and one was

unreachable and the other was reachable, WAN load balancer resources were

(correctly) in the UP state because at least one healthcheck host was reachable.

However, removing the reachable host (by using the command delete wanlb

healthcheck) should have changed the WAN load balancer resources to the

DOWN state, but did not.

CR00017257

This issue has been resolved. If the only healthcheck host available is unreachable

and the resource is currently in the UP state, the next unreachable healthcheck

received from that host now forces the resource to the DOWN state.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Level 3

Module

Core

Level

Description

Some early software versions, on some products, supported the command show

system temperature. This command was deprecated after version 2.6.4. If a

user entered this command on any product, the following message was

displayed:

CR00008225

Info (1034107): SHOW SYSTEM TEMPERATURE is no longer available. Please

use SHOW SYSTEM ENVIRONMENTAL instead.

However, only the following products use the show system environmental

command to display the temperature: AR750S and AR770S routers, and

AT-8600, AT-8800, AT-8948, x900-48, and AT-9900 series switches.

Other products use show system instead. On the other products, the above

error message was incorrect because it stated that the show system

environmental command was available.

This issue has been resolved. On products that do not use show system

environmental, the following error message is displayed if you enter the show

system temperature command:

Info (1034090): Command unavailable on this product.

File

If a user tried to copy a small file (less than 32 bytes) in Flash when there was not

enough free Flash space for the file and its header, the router or switch did not

generate an error message, and the copying could appear to have succeeded.

CR00009036

This issue has been resolved. The error message:

Insufficient space to store file [file name]

is now displayed under those conditions.

Core

The show cpu statistics were unnecessarily inaccurate. For example, a router or

switch that was effectively idle showed a CPU usage of 10% to 12%.

CR00010518

CR00010710

This issue has been resolved. When the router or switch is effectively idle, the CPU

usage now displays as less than 5%.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

Level

Description

PIM, PIM6,

ECMP

Previously, the switch’s count of PIM4 and PIM6 bad Bootstrap Messages (BSMs)

could be high, because the switch forwarded BSMs over interfaces that

contained an Equal Cost Multipath (ECMP) route to the receiving interface.

CR00011629

This issue has been resolved. BSMs are no longer forwarded via all interfaces

contained in an ECMP group, but only via one interface in the group.

IGMP

PPP

When an IGMP filter was destroyed, switch ports that used the filter did not have

their IGMP filter setting returned to “None”.

CR00012495

CR00014324

This issue has been resolved.

The interface MIB ifInOctets and ifOutOctets counters displayed by the show

ppp counter command incorrectly included the lower layer framing octets and

were 5 octets per frame greater than they should have been.

This issue has been resolved.

QoS,

DHCP

snooping

DHCP snooping accepted a minimum of one new client per QoS flow group,

instead of a minimum of one new client per port. This meant that DHCP

snooping sometimes did not respect the lease limit (maxlease) on a port.

CR00014919

CR00015092

This issue has been resolved.

ATM

Previously, the information output by the “?” help for the ATM channel pcr

parameter was incorrect.

This issue has been resolved. The “?” help now displays:

required - decimal in the range 32-155000 (dependant on physical interface)

If you enter a value larger than the maximum PCR allowed on a specific physical

interface, the router now displays the following message for ADSL:

The PCR supplied was too large, the maximum is 1024

and the following message for SHDSL:

The PCR supplied was too large, the maximum is 4608

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

ASYN

Level

Description

Under some circumstances, when a PC terminal emulator was opened to

communicate with a router or switch after the router or switch had fully booted

up, the login prompt did not immediately display. To display the login prompt, it

was necessary to remove and re-insert the cable. This issue applied to all models’

ASYN ports except ports on the AR024 PIC.

CR00015558

This issue has been resolved.

DHCP6

In the command create dhcp6 range, the ip parameter correctly has the syntax

prefix1[-prefix2]. However, the second prefix was previously not optional.

CR00015690

This issue has been resolved, so that the second prefix (of the form ipv6address/

prefixlength) is no longer required. If you do not enter a second prefix, it is now

calculated from the first prefix. The second prefix has the same prefix length at

the first and has all 1s in the non-significant part of the address. For example, the

second prefix for 3ffe:1:2:3::/64 would be 3ffe:1:2:3:ffff:ffff:ffff:ffff/64.

SNMP, Switch

The SNMP objects dot3StatsSQETestErrors and dot3StatsCarrierSenseErrors are

not supported on AR750S, AR410, and AR450S routers. Previously SNMP GET

got a random value for these objects.

CR00015881

CR00015969

This issue has been resolved. SNMP GET now gets 0 for these objects.

WAN load

balancer

After the command reset wanlb resource=all was entered, WAN load balancer

resources would show their state as “UP” even if the underlying IP interface was

down.

This issue has been resolved.

DHCPv6

When a DHCPv6 client was soliciting for servers, the selection of the best server

did not proceed in the way specified by the RFC.

CR00016001

CR00016177

This issue has been resolved.

Switch, MIB

The default value of the MIB object ifJackType for the GBIC slot on AT-8800 series

switches was incorrect if no GBIC card was plugged in.

This issue has been resolved. The default value is now “other(1)”.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

QoS

Level

Description

If a QoS policy uses the same classifier more than once, the router or switch now

displays a warning message. You should not use a classifier more than once in a

policy because the operation of such policies is unpredictable.

CR00016228

DHCPv6

For the command create dhcp6 range, DHCPv6 now checks that the specified

CR00016463

address or prefix range is valid for the specified type of range.

Valid options are:

■

address1-address2 (e.g. 3ffe:1:2:3:4:5::1-3ffe:1:2:3:4:6::ffff)

This is a range of addresses for address assignment (type=normal or

type=temporary).

address/prefixLen (e.g. 3ffe:1:2:3:4:5::/96)

This is a range of addresses for address assignment (type=normal or

type=temporary).

address/prefixLen-address/prefixLen (e.g. 3ffe:1:2::/48-3ffe:1:40::/48)

This is a range of prefixes for prefix assignment (type=pd).

Core

For revision M1 of AR770S routers, the low-end threshold for monitoring the 1.2

volt rail was too high. This caused power supply monitoring false alarms.

CR00016799

CR00017008

To check the router revision, use the command show system and check the

“Rev” entry underneath the time and date.

This issue has been resolved—the threshold is now correct.

Revisions M3-1and later of the AR745 router do not support Redundant Power

Supplies. Therefore, for these routers, RPS monitoring information has been

removed from output of the command show system, and it is no longer

possible to use the command set sys rpsmonitor.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Level 4

Module

IGMP

Level

Description

If a static IGMP port went link down, it was not shown in the “Static Ports” list

CR00000396

in the output of the show ip igmp command. This was only a display issue.

This issue has been resolved.

Install

It is no longer possible to specify a compact flash file as the boot configuration

file. If the command set config=cf:filename.cfg is entered, the router or switch

does not change the current boot configuration file and instead displays the

following error message:

CR00011560

Cannot specify configuration file in Compact Flash

IGMP

The list of parameters output by the “?” help for show ip igmp ? incorrectly

included “IGMP”.

CR00013976

CR00015543

This issue has been resolved.

Bridge

In output of the command show bridge spanning, the bridge identifier was

correctly displayed as a hexadecimal number, but it was not obvious that the

number was hexadecimal.

This issue has been resolved. The output now has 0x in front of the hexadecimal

number, to make it clear that it is hexadecimal.

QoS, Switch

When a QoS policy was associated with a port that was set to a speed less than

the maximum speed of the port, a warning message would be displayed on the

console session and in the log when the port state changed to UP. This message

stated that the QoS policy operation may be affected by the speed setting of the

port. Having this message displayed on the console was considered unnecessary

and potentially confusing.

CR00016126

CR00016451

This issue has been resolved.The message is now only displayed in the log.

IP Gateway

When a second metric was displayed in the output of the command show ip

route (because of OSPF, for example) this metric was truncated to 2 characters.

This issue has been resolved. The output now displays both metrics in a field up

to 10 characters long.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Enhancements

Module

Level

Description

GUI

An ADSL connection option has been added to the Wizards page of the GUI for

AR44xS routers. This option links to the xDSL configuration section, which lets

you configure all basic ADSL or SHDSL settings on one convenient page.

CR00014288

If your router GUI does not open at the Wizards page, click on the Wizards

button at the top of the left-hand menu to access it.

PPP

This enhancement increases the amount of time that the router or switch waits

for a CHAP Success message. This enables the router or switch to successfully

complete authentication, even in particularly slow networks.

CR00014667

CR00015432

The first authentication attempt still times out after 3 seconds, but the second

attempt takes 6 seconds to time out, and any further attempts take 9 seconds.

ADSL, GUI

The GUI for AR440S and AR441S routers now displays statistics for the ADSL

port. You can now see:

■ a pop-up summary box, by clicking on the port on the System Status page

■ ADSL port details, by selecting the new ADSL Statistics page in the Diagnostics

■ ASDL port counters, by selecting the new ADSL Counters page under Layer 1

Counters in the Diagnostics menu

Software QoS,

PPP, Ethernet,

VoIP

The router or switch now supports software QoS on PPPoE interfaces.

Note that this enhancement is not available on AR770S routers.

CR00016078

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

Level

Description

IPsec, IPv6

To establish a tunnelled IPsec connection for IPv6, you may need to specify the

source IP interface in the IPsec and ISAKMP policies. This enhancement enables

you to do so.

CR00016150

To specify the source interface, use the srcinterface parameter in the

commands:

create ipsec policy=name <other parameters>

set ipsec policy=name <other parameters>

create isakmp policy=name <other parameters>

set isakmp policy=name <other parameters>

The global address of the source interface (if available) will be used as the local

address of the policy.

Load, MIBs

With this enhancement, you can use SNMP to:

■ set parameters for uploading files from the router or switch, and

■ upload files to a TFTP server

CR00016221

SNMP already lets you save the current configuration to a file on the router or

switch. You can use this with the new options to back up the configuration to a

TFTP server.

For more information, see “Backing up the configuration with SNMP—

CR00016221” on page 96.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

Level

Description

DHCP

Snooping

This enhancement enables the router or switch to log discarded ARP requests

when ARP security is enabled. By default, discarded ARP requests are not logged.

To turn logging on, use the command:

CR00016234

enable dhcpsnooping log=arpsecurity

To turn it off, use the command:

disable dhcpsnooping log=arpsecurity

To see whether it is enabled, use the existing command:

show dhcpsnooping

and check the new “Logging enabled” entry.

To view the log entries, use the command:

show log

MACFF

It is now possible to use MAC-forced forwarding on non-private VLANs. Because

MAC-forced forwarding is primarily a security feature, the switch displays a

warning message if you do so.

CR00016285

This enhancement allows you to use MAC-forced forwarding to limit broadcast

traffic in a network where private VLANs are not appropriate.

Switch

MSTP

AT-8948, AT-9900 and x900-48 series switches now support AT-SPTX tri-speed

Cu SFPs.

CR00016361

CR00016437

In the command set mstp configname=name, the switch now accepts the

character “.” in the name.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

Core

Level

Description

This enhancement disables CPU fan monitoring on AT-8948 switches. Monitoring

the fan is unnecessary unless an accelerator card is installed on the switch, so

disabling monitoring reduces the number of messages that the switch displays

and logs.

CR00016459

To enable monitoring, use the command:

enable cpufanmonitoring

To disable it again, use the command:

disable cpufanmonitoring

When monitoring is enabled, the command show system displays the CPU fan

status in the entry labelled “Main fan”.

SNMP

This enhancement enables you to specify whether SNMP adds 0x00 padding

when the most significant 9 bits of an object’s value are all 1, or whether the

encoding follows the ASN.01 BER rule, which cuts off the most significant byte

of 0xff. This setting has an impact on all integer type MIB objects, including 32

bit and 64 bit counter objects.

CR00016523

To add the padding, use the command:

set snmp asnberpadding={on|yes|true}

For examples, see “SNMP ASN.01 BER Padding—CR00016523” on page 99.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-05

Module

IP NAT

Level

Description

This enhancement enables you to turn off TCP state and sequence checking in IP

NAT. It also allows all ICMP packets go through IP NAT.

CR00016758

To do this, use the command:

enable ip nat bypasstcp

When bypasstcp is enabled, IP NAT performs IP address and port translation for

TCP packets and forwards the packets, regardless of the TCP sequence number

and the current TCP state. It also allows ICMP echo reply and other ICMP packets

to initiate a session and get forwarded.

To disable the bypassing, use the command:

disable ip nat bypasstcp

Bypassing is disabled by default because it degrades the security of IP NAT.

However, it is useful when you need NAT on VRRP routers.

Note that this enhancement does not apply to firewall NAT.

IP Gateway

This enhancement allows ARPs to move between ports on the router’s VLAN

interfaces.This assists with wireless station roaming.

CR00016776

To enable this feature, use the command:

enable ip arp silentroam

To disable it, use the command:

disable ip arp silentroam

Core

The default summertime dates have been updated to reflect the changes for

North America made by the American Energy Policy Act of 2005.

CR00016785

CR00016977

By default, summertime now starts on the second Sunday in March and ends on

the first Sunday in November.

Script

This enhancement enables you to use aliases in commands in script files. The

router or switch expands the aliases when it runs the script (except when it runs

the script at start-up).

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Software Maintenance Version 291-04 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:

■

“Y” indicates that the resolution is available in Version 291-04 for that product series.

“–” indicates that the issue did not apply to that product series.

Level 1

Module

Level

Description

ISAKMP,

Logging

It was possible for invalid log messages to overwrite the log message buffer and

cause the router or switch to reboot. Such invalid log messages could occur with

VPN tunnels, for example.

CR00013787

This issue has been resolved.

TTY, User

When a user telnets into the router or switch, to login via RADIUS authentication,

the telnet connection establishes and then user login authentication starts.

Previously, if the remote user closed the telnet connection before RADIUS

responded to the authentication request, then the router or switch rebooted

when it received the RADIUS Reply message.

CR00013813

CR00013963

This issue has been resolved. The router or switch now does not reboot if the

telnet connection is closed before the RADIUS Reply message arrives.

Switch

Under heavy broadcast traffic, it was possible for the switch forwarding database

(FDB) to lock up.

–

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Core

Level

Description

DHCP Snooping determines when a client lease will expire by taking the current

time and adding the client's assigned lease period to it. Previously, DHCP

Snooping did not update this expiry time if the switch's clock time changed,

which can happen because of NTP, summertime, or a user manually re-setting the

time. Therefore, if the switch's clock time changed, DHCP clients could expire

and lose connectivity.

–

CR00014145

DHCP

Snooping

This issue has been resolved. If the switch's clock changes, DHCP Snooping now

updates its client expiry times.

Core

AR442S routers did not run the user-specified configuration script at start up.

–

CR00016314

Also, they incorrectly displayed the message “INFO: Initialising Flash File System”

twice during start up.

These issues have been resolved.

Level 2

Module

BGP

Level

Description

Turning defaultoriginate on or off for a BGP peer (by using the command add

bgp peer) did not cause BGP to generate an update, even if automatic updating

was enabled (enable bgp autosoftupdate).

–

CR00010511

This issue has been resolved.

L2TP

Setting a timeout on L2TP packet debugging caused the router or switch to

reboot.

CR00012564

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

HTTP

Level

Description

A badly formed response from a particular HTTP server caused the router or

switch to reboot when it attempted to load a non-existent file from that server.

CR00013592

This issue has been resolved.

IP Gateway

IGMP, VLAN

When an IP packet was queued by the ENCO module or other applications, and

the IP flow for the packet became invalid while the packet was queued, the

router or switch sometimes rebooted.

–

CR00013700

CR00013791

This issue has been resolved.

Disabling IGMP snooping correctly increased the number of L3 filter matches

available. However, if the configuration was saved and then run after a reboot,

the switch incorrectly limited the number of L3 filter matches to the number

available when IGMP snooping was enabled. If the maximum number of matches

had been configured, this meant that some matches were missing after a reboot.

–

This issue has been resolved.

Switch

In very rare circumstances, a port could stop transmitting traffic if its speed was

modified or it was reset while under heavy traffic load.

–

CR00013823

CR00013929

This issue has been resolved.

ADSL

ATM

When performing RFC1483 encapsulation of Ethernet frames, the AR44xS

routers did not pad frames out to the 64-byte minimum frame size (the RFC does

not require such padding to be performed). This resulted in an interoperability

issue with ATM switches that discarded (rather than padded) the undersize

frames upon decapsulating them.

Ethernet

The effect of this was that when an AR44xS router was connected to an ATM

network that contained such switches, the router could fail to connect at the PPP

session level.

This issue has been resolved. The router now always pads undersize Ethernet

frames to the 64-byte minimum frame size before it performs RFC1483

encapsulation. This avoids the possibility of this interoperability issue.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Switch

Level

Description

When the router generated packets (such as ARP requests) and sent them out

multiple LAN ports, it always sent them as untagged packets.

–

CR00014228

This issue has been resolved, so that LAN traffic will be tagged or untagged as

specified in the VLAN port configuration.

Switch

If a user explicitly set the learn limit to zero by entering the command:

–

CR00014269

set switch port=number learn=0 intrusion=discard

and the learn limit had either not been explicitly set previously or had been

explicitly set to a non-zero value, then the switch would not learn any MAC

addresses. It treated 0 as meaning “learn 0 addresses” instead of meaning “no

limit”.

This issue has been resolved. A learn limit of 0 means “no limit” in all

circumstances.

Switch

Packet loss sometimes occurred when an IGMP snooping group timed out.

This issue has been resolved.

–

CR00014298

CR00014323

Switch

EPSR

When EPSR was used in a network with a 10Mbps multicast or broadcast flow,

the EPSR ring frequently alternated between a state of failed and complete.

This issue has been resolved.

Bridge, Switch,

VLAN

Bridging STP did not work if a VLAN was added as a bridge port.

This issue has been resolved.

–

CR00014340

CR00014437

Core

Install

If a switch’s configuration was saved (by using the command create

config=filename), and then the command set config=filename was entered,

the configuration file should have been propagated through the stack to other

switches that did not have a file of that name. This did not happen.

Stacking

This issue has been resolved.

Load

Attempts to upload a file to a TFTP server failed if a invalid IP address was

specified in previous attempts.

CR00014673

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

PIM

Level

Description

If a PIM interface was set as the BSR candidate interface (by using the command

add pim bsrcandidate interface=interface) and that interface went down,

PIM would select another interface as the BSR candidate interface. The router or

switch also set the new interface as the BSR candidate interface in the dynamic

configuration.

–

CR00014714

This issue has been resolved. PIM only looks for a new interface to use as the BSR

candidate address if the user has not specified an interface.

Reverse Telnet

RIPv6

Reverse Telnet used to filter out Ctrl-D characters, making it impossible to

perform certain actions on the remote device.

–

CR00014748

CR00014795

This issue has been resolved.

When a user disabled RIPv6 or deleted a RIPv6 interface, the router or switch

correctly set the metric of any affected RIPv6 routes to 16, indicating that the

route was unavailable. However, the router or switch continued to try to use such

routes to route packets if no alternative better routes existed.

This issue has been resolved. When a route’s metric is 16, it is no longer used to

route traffic.

Switch

When STP detected a topology change and therefore the switch flushed its ARP

table entries, sometimes the switch did not remove entries for non-lead trunk

ports. Therefore, ARP entries for these ports contained incorrect routing

information. These incorrect entries were not replaced until after they timed out.

–

CR00014834

CR00014925

This issue has been resolved.

IP Gateway

When the switch had a static route to a destination, and a user added a more

specific static route to the same destination, then the switch should have

removed the less specific route from its hardware switching table, but did not.

This stopped the switch from routing packets to that destination.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Level

Description

Core

If a terminal emulator started up after the router started up, the router did not

display a login or command prompt. This issue occurred with some terminal

emulators (including Tera Term Pro) when connecting to the AR415S router.

–

CR00014987

Switch

This issue has been resolved.

PKI

When adding a certificate to PKI, if the length of the public key in the certificate

was longer then 2048 bits (256 bytes) the router or switch could reboot.

–

CR00015032

CR00015071

This issue has been resolved.

IP Gateway

Routing over a PPP interface could fail if the switch had a default route out an

Ethernet port. The default route switched all packets, even those destined for the

PPP interface.

This issue has been resolved. The resolution involves adding routes over the PPP

interface to the switch hardware tables with an instruction to trap these packets

to the CPU. Therefore these routes now appear in the hardware tables, and can

be displayed by using the command show switch table=ip.

Classifier,

DHCP

snooping,

When MAC-forced forwarding (MACFF) was running, the switch did not filter

multicast packets correctly.

–

CR00015087

CR00015156

This issue has been resolved.

Switch, MACFF

Switch

On AR750S, AR750S-DP, and AR400 Series routers, if a user set a switch port to

autonegotiate speed and duplex mode (by using the command set switch

port=number speed=auto), the link went down.

This issue has been resolved.

Firewall

If a VoIP call came in through the SIP ALG from the public side of the firewall and

was then transferred by the device on the private side, the firewall session was

not always updated. When this happened, the person to whom the call was

transferred could not hear the person who had called.

–

CR00015207

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

GUI

Level

Description

The GUI could not be used to access the dual power supply AR750S-DP router.

–

CR00015348

This issue has been resolved. The GUI resource file to use is

750s_281-06_en_d.rsc.

IP Gateway

If you defined an IP filter without specifying the optional type parameter, the

default value of type=traffic was added to the filter in the dynamic

configuration. This prevented you from using the configuration file with software

version 2.7.6 and older releases.

CR00015396

This issue has been resolved. The type parameter is only added to the dynamic

configuration if you enter a value for it.

Ethernet

Switch

If an AR020 PRI E1/T1 PIC was installed on an AR415S, the router’s Ethernet

interface stopped receiving unicast or multicast packets correctly—it only

received broadcasts correctly.

–

CR00015474

CR00015638

This issue has been resolved.

On AR770S routers, when generating multicast or broadcast CPU traffic out a

VLAN that had multiple active switch ports in it, the traffic would only egress

port 1.

This issue has been resolved.

Switch

ADSL

Mirroring the traffic on port 1 of any line card caused the switch to lose packets.

–

CR00015697

CR00015925

The ADSL Annex B firmware has been updated on AR441S routers. This improved

interoperability with some DSLAMs.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Switch

Level

Description

It was not possible to set a tri-speed SFP to a fixed speed in the configuration

script that the AT-9924SP switch runs when it starts up.

–

CR00015936

This issue has been resolved, so the SFP can be set to a fixed speed from the

configuration script

Also, it was possible to use the command set swi port=number speed on an

empty SFP bay. The command reported that the operation had been successful,

but an inserted SFP was instead set to its previous or default setting.

This issue has been resolved. It is no longer possible to set the speed of an empty

SFP bay.

IPv6

Sometimes, when a router or switch received an IPv6 router advertisement

message, it incorrectly created a duplicate of an already-existing interface route.

If a user then deleted the IPv6 interface that these two routes belonged to, the

router or switch could reboot.

–

CR00015949

This issue has been resolved.

WAN Load

Balancing

The following issues occurred with WAN load balancing (WANLB):

CR00015971

CR00015937

CR00015864

■ when a WANLB resource port became unavailable, existing sessions on the

unavailable resource did not move to a backup resource

■ if packets were sent over a WANLB session, then that session timed out, and

then the same packets were sent again, a new session did not establish. This

stopped the packets from being sent the second time.

■ when WANLB was used with Firewall NAT, the orphan timeout setting of

WANLB sessions was not updated correctly. This could mean that WANLB

resources appeared to be available when they were not.

These issues have been resolved.

User

If the router or switch used RADIUS authentication and all the RADIUS servers

were unavailable, then the device correctly checked its user database for a

RADIUS backup user and authenticated that user. However, if that user then

logged out, they were unable to log in again until after the RADIUS server Dead

Time timer had expired.

CR00016037

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Level 3

Module

Level

Description

GUI, IGMP

The graphical user interface (GUI) listed an invalid local interface in the Interface

drop-down list on the page for adding a static IGMP association.

–

CR00007000

This issue has been resolved.

Switch

If many VLANs simultaneously went from up to down, or down to up, the switch

became unresponsive for a period of time.

–

CR00009274

CR00009302

IP Gateway

This issue has been improved by reducing the processing overhead for VLAN state

changes.

Switch

The number of filters that can be created on an AT-8848 switch is limited by the

number of filter matches available. Previously, if a user attempted to create a

filter, and an existing filter already used the same filter match as the new filter,

the switch counted this as two matches being used. This reduced the number of

available filters.

–

This issue has been resolved.

BGP

When a peer’s inroutemap filter assigned an incoming route to a well-known

BGP community, the router or switch did not use the community’s restricted

advertisement settings, such as NoExport or NoAdvertise.

CR00009478

This issue has been resolved.

Also, output of the command show bgp peer now shows whether a route has

been assigned to a community. This is indicated by a flag “m”, as shown in bold

in the following route entry example:

> 192.2.2.0/24

192.168.1.2

IGP

100

m SEQ 1;

The flag “m” indicates that this route has at least one community attached to it.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Level

Description

IP Gateway

If an IP interface was added and deleted many times, an excessive number of

memory buffers became full.

CR00010136

Also, when an IP interface was deleted, the IGMP query timer (set ip igmp

int=interface querytimeout=value) sometimes continued running and later

caused the router or switch to reboot.

These issues have been resolved.

IP Gateway

When running the boot ROM release, it was possible to configure the router or

switch as a DHCP client by using the command add ip interface=int ip=dhcp.

However, the boot ROM release does not include the DHCP client feature, so the

router or switch did not receive an IP address via DHCP.

–

CR00012230

CR00012493

This issue has been resolved. It is no longer possible to configure the router or

switch as a DHCP client when running the boot ROM release.

IP Gateway,

IGMP Proxy

Where IGMP proxy is enabled, only one upstream interface may be defined.

Previously, when the command add ip interface=int ip=ipadd

igmpproxy=upstream was used to try to create a second upstream interface,

an error message was correctly displayed. However, the interface was still added,

using igmpproxy=off.

This issue has been resolved. The second interface is no longer added if this error

occurs.

Also, if an interface had been set as the upstream interface and was later

changed to a downstream interface, a different upstream interface could not be

specified, even though there was no active upstream interface.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

User

Level

Description

When authenticating users via RADIUS, the number of times that the router or

switch attempts to contact the RADIUS server is determined by the Server

Retransmit Count (displayed in output of the command show radius).

Previously, this count incorrectly included the initial request. For example, a

Retransmit Count of 3 meant that up to 3 attempts were made to contact the

server.

CR00012585

This issue has been resolved, so that the Retransmit Count no longer counts the

initial request. For example, a Retransmit Count of 3 now means that up to 4

attempts are made to contact the server.

BGP

DHCP

File

When the router or switch had thousands of static routes and BGP static import

was periodically turned on and off, BGP used an excessive number of memory

buffers. Excessive buffer use could also occur with BGP in other rare

circumstances.

–

CR00012832

CR00012858

CR00013150

This issue has been resolved.

Previously, it was not possible to have multiple static DHCP entries with the same

client ID (MAC address), even if the static entries were for different DHCP ranges.

This issue has been resolved. You can now add static DHCP entries for a given

MAC address to multiple ranges. Note that you cannot have multiple entries for

a given MAC address on the same range.

If a boot configuration script included a command to delete a file followed by a

command to create a file of the same name, a fatal exception occurred when the

router or switch ran that script on reboot.

This issue has been resolved so that the fatal exception no longer occurs.

However, you should avoid putting such file operations into boot configuration

scripts. To enhance multi-tasking, the file handler performs file operations in the

background. This is not possible when executing a boot configuration script, so

the file operations may be queued until after boot-up. In this case, this means

that the file deletion will not be finished before the file creation command tries

to execute.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

IGMP

Level

Description

When IGMP fast leave was enabled and the switch received a leave message via

a trunk port, the switch only removed the port from the multicast group if the

port was the master trunk port.

–

CR00013629

This issue has been resolved. When fast leave is enabled, non-master trunk ports

now leave multicast groups as soon as the switch receives a leave message.

Switch,

IP Gateway

For layer 3 Jumbo frames, this software version improves initial layer 3 flow setup

and handling of flows that exceed the layer 3 MTU mid-flow.

–

CR00013694

CR00014038

IGMP

The IGMP Default Timeout Interval is automatically calculated by IGMP in

accordance with RFC 2236, but the following command allows you to over-ride

the calculated value:

IP Gateway

set ip igmp timeout=value

Previously, the router or switch sometimes set the interval to the calculated value

instead of using the value entered in the command above.

This issue has been resolved.

DHCP

Snooping

Previously, DHCP snooping correctly refused to allocate new DHCP leases once

the maxleases value had been exceeded, but it did so by discarding the server’s

acknowledgement message instead of forwarding it to the client. Therefore, the

DHCP server recorded the address as allocated, which meant the IP address range

could be exhausted.

–

CR00014047

CR00014152

This issue has been resolved. The server no longer records addresses as allocated

once the maxleases value is exceeded.

Switch

On AR415S, AR44xS, AR750S and AR770S routers, when a switch port went

down or was reset by using the command reset switch port=number, this

deleted the dynamically-learned forwarding entries for all ports.

–

This issue has been resolved. Now entries are only deleted for the port that went

down or was specified in the command.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Firewall

Level

Description

When the firewall was performing NAT on UDP video streams and two streams

started up at the same time, sometimes one or both streams displayed excessive

jitter.

–

CR00014163

This issue has been resolved.

Core

The following issues occurred with environmental monitoring:

–

CR00014178

■ on AR750S and AR770S routers, the values reported by the show system

command were incorrect for the first few seconds after a cold restart

■ on AR770S routers, the router did not indicate power supply problems

through log messages or the system LED

These issues have been resolved.

BGP

The default setting for BGP capability matching is now loose instead of strict.

This matches the requirements of RFC 4271.

–

CR00014285

CR00014305

Switch

On AT-8748XL and Rapier 48i switches, mirroring did not work when:

■ only one (not both) of the uplinks had an expansion module installed and

■ that uplink (port 49 or 50) was the mirror port

–

This issue has been resolved.

GUI, Log

If the user cleared the Queue Output checkbox on the Modify Log Output

Definition page of the GUI, it displayed an error instead of making the change.

–

CR00014313

CR00014327

This issue has been resolved. The GUI can now be used to turn off queuing of

logging output.

MSTP, GUI

When using the GUI to configure the MSTP CIST, users had to specify the external

and internal port path costs. If these were not specified, the GUI gave an error

instead of configuring the CIST.

This issue has been resolved. By default, the GUI now specifies “default” for the

path costs. This value of “default” leaves the current setting unchanged.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Level

Description

IP Gateway,

Switch

If a port had static ARP entries defined for a VLAN, then adding the port to

another VLAN made those static ARP entries inactive.

–

CR00014328

Also, deleting a port from a VLAN would delete all static ARP entries that were

defined on that port, including entries for other VLANs. Note that this deletion

issue did not occur on Rapier i, AT-8800, AT-8700XL, or AT-8600 Series switches.

Both of these issues have been resolved.

PIM6

If a user changes the PIMv6 BSR candidate priority to the same value as the

currently-elected BSR’s priority, then the router or switch should be elected as the

BSR if its IPv6 address is higher than the currently-elected BSR. This did not

happen.

–

CR00014652

CR00014659

This issue has been resolved.

DHCP

On the DHCP server, a user could create two static DHCP entries for the same

client in one range. This was only possible if the client had first obtained a

dynamic address from the server.

This issue has been resolved. It is now impossible to add the same static client

twice, even when that client has a pre-existing dynamic entry.

IGMP

Snooping

When the router or switch received an IGMP Leave message, it did not update

IGMP Snooping counters correctly in some circumstances.

–

CR00014724

CR00014746

This issue has been resolved.

WANLB,

IP Gateway

It was possible to delete an IP interface that was configured as a WAN load

balancer resource.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Level

Description

BOOTP

It was possible to add a BOOTP relay destination using an interface that was not

running IP. It was also possible to delete an IP interface even though BOOTP relay

destinations were defined for the interface. Both of these situations could allow

the router or switch to be mis-configured.

CR00014755

IP Gateway

This issue has been resolved by adding checks for these situations to the

command handlers. It is no longer possible to add a BOOTP relay destination

using an interface not in use by IP, and no longer possible to delete an IP interface

if BOOTP relay has destinations defined using that interface.

PIMv6

GUI

The command show pim6 staterefresh sometimes corrupted the terminal

display output with random characters. To recover, it was necessary to reset the

terminal session.

–

CR00014782

CR00014872

This issue has been resolved.

The router or switch rebooted if the Opera browser was used to browse to its

GUI.

This issue has been resolved. However, note that the GUI does not fully support

Opera. Some functionality may not be available.

GUI

HTTP pipelining did not operate correctly on some web browsers when browsing

to the GUI. This made some images very slow to load.

–

CR00015107

CR00015126

This issue has been resolved.

IP Gateway

For IP filters of type=routing, the first filter entry could not be set to match on

the following IP address/mask pair:

source=0.0.0.0 smask=255.255.255.255

This IP address/mask pair corresponds to the default route.

This issue has been resolved. You can now match on the default route in the first

entry of a filter.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Level

Description

IP Gateway

DHCP

When a router or switch was configured to use DHCP to assign an address on an

interface, and then set to have a static address on that interface, the DHCP client

in the router or switch would continue to negotiate with the DHCP server. This

tied up a DHCP lease.

CR00015148

This issue has been resolved. Assigning a static address to an interface will stop

the DHCP client from requesting an address from a DHCP server.

Load

File upload via the IPv6 version of TFTP was not operating correctly.

This issue has been resolved.

–

CR00015155

CR00015159

IP Gateway

If the router or switch received an IP subnet broadcast packet that was directed

to a unicast MAC address, it incorrectly responded with an ICMP unreachable

message, unless an appropriate IP helper configuration existed.

This issue has been resolved. When there is no IP helper configuration, the

behaviour now depends correctly on the setting of the directedbroadcast

parameter for the IP interface. If directedbroadcast=on, the packet is sent out

as a MAC broadcast. If directedbroadcast=off, the packet is dropped. ICMP

unreachable messages are not sent in any case.

IGMP snooping

VLAN

The command add igmpsnooping vlan=vlan routerport=port adds a static

IGMP router port, for a specific VLAN and port pair. Previously, it was possible to

remove the port from that VLAN without updating the static router port

association.

–

CR00015258

CR00015346

This issue has been resolved. When you remove a static router port from a VLAN,

the router or switch now removes that port from the static router port list and

updates all layer 2 entries.

Switch

The 64-bit counter type objects in the ifXTable of the Interfaces Group MIB (RFC

2863) returned non-zero values for ports that had never been up.

–

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Level

Description

IP Gateway

Subnet broadcast packets would not be routed correctly when the interface to

which the subnet broadcast was destinated was an interface on the device, but

its link status was down. Even though an alternate route to the destination

existed, the device would send the packets incorrectly.

CR00015666

This issue has been resolved. When a subnet broadcast is received, it will be

correctly forwarded to an alternate route even if the destination interface is

down.

Switch

If the switch received a packet on a port and therefore started using MAC-based

authentication to authenticate the port, and then received another packet during

the authentication process, then occasionally the switch dropped the second

packet.

–

CR00015798

CR00016058

This issue has been resolved.

Ethernet

The AR415S router processed some IP multicast packets incorrectly on its eth0

interface.

CR00015915

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Level 4

Module

Core

Level

Description

When the router or switch rebooted, its internal clock lost approximately

1 second.

–

CR00004677

This issue has been resolved. The time loss on reboot has been reduced.

Core, Utility

The following issues occurred with the commands show debug active and

disable debug active:

CR00009087

■ The command did not adequately warn users if an invalid module number had

been entered into the active parameter.

This issue has been resolved. The router or switch now displays an error unless

the value is between 1 and 142.

■ The CLI “?” help description for the active parameter listed an incorrect

number range and also listed modules that cannot be manipulated through

this command.

This issue has been resolved. The “?” help description is now correct.

QoS

The “?” help description for switch commands that accept a value in bytes (or

similar units such as kbytes or bytes/s) incorrectly indicated that the units were

bps. The commands this issue applied to depend on the switch model, but

include commands such as:

–

CR00011695

create qos trafficclass=value maxburst=?

create qos policy=value dtcmaxburst=?

set qos red=value start1=?

set swi port=value bcl=?

set swi dlfl=?

This issue has been resolved. The “?” help description now displays the correct

units.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

MSTP

Level

Description

If the command set mstp cist port=value was entered with no other

parameters, the resulting error message (“One or more parameters may be

missing”) was displayed as an INFO message.

–

CR00012602

This issue has been resolved. The message now displays as an ERROR message.

SNMP, Core,

TTY

The MIB object hrSystemNumUsers displayed the number of login users since the

router or switch started up, instead of the number of currently-active login users.

–

CR00013045

CR00013112

CR00013188

This issue has been resolved.

IP Gateway

LACP

The blackhole parameter of the commands add and set ip route had no “?”

help description.

This issue has been resolved.

Previously, when an attempt to add a port to LACP was unsuccessful, the switch

displayed an appropriate warning message followed incorrectly by an “operation

successful” message.

This issue has been resolved. The switch no longer displays “operation

successful” when port addition fails.

IP Gateway

TACPLUS

The output of the command show ip route did not contain any spaces between

the route tag value and the metric value when the tag value was long.

CR00013221

CR00013260

This issue has been resolved by adding the missing spaces. The content and

relative position of the values have not changed.

If a user added a TACACS+ server when TACACS+ was not enabled, previously

the router or switch displayed a single “info” message that indicated that the

module was not enabled, but did not display a message confirming the server

addition. However, the router or switch did add the server.

This issue has been resolved. TACACS+ is now consistent with other modules—

the router or switch displays the following “warning” and “info” messages:

Warning (2111049): The TACP module is not enabled.

Info (1111003): Operation successful.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Ping

Level

Description

Previously, if you used the ? or Tab keys to obtain help about the timeout

parameter for the ping command, the resulting help said that the maximum

timeout was 65535. However, the correct maximum is 60 seconds.

CR00013463

This issue has been resolved. The “?” help now displays the correct range of

values.

Install

When a router or switch was using a trial licence for release software and the trial

period elapsed, the router or switch rebooted without indicating the reason for

the reboot.

CR00013589

This issue has been resolved. The following error messages now explain why the

router or switch is rebooting:

ERROR: There are no valid licences available for the current software release.

The device will now reboot.

ERROR: The trial licence for the current software release has expired.

The device will now reboot.

NTP

Output of the command show ntp displays a “Host Address” field. This is the

address of the interface from which the router or switch sends NTP packets.

Previously, if the IP address changed, the “Host Address” field did not change,

even though NTP used the new address.

CR00013640

CR00014106

This issue has been resolved.

Core

If the router or switch runs a configuration file on start-up that contains the

command set summertime before the command enable summertime, a log

message on start-up says that summertime needs to be enabled. However,

summertime is correctly applied to the router or switch.

Previously, if you configured summertime then saved the configuration by using

the command create config, set summertime came before enable

summertime in the resulting configuration file.

This issue has been resolved. When you save the configuration, enable

summertime now comes before set summertime in the resulting configuration

file, so the log message is not produced.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

VLAN

Level

Description

The following error message:

–

CR00014151

“Error (3089399): Operation not allowed on a .NESTED port.”

contained an extraneous “.” before the word “NESTED”.

This issue has been resolved. The “.” has been removed.

Core

LLDP

The show exception command did not display the correct exception type for

watchdog exceptions on AR750S, AR750S-DP, or AR770S routers.

–

CR00014170

CR00014250

This issue has been resolved. The correct exception type is now displayed.

In output of the command show lldp localdata, the field lldpLocSysDesc gives

information about the router or switch model and software version. Previously,

this information was sometimes split incorrectly across 3 rows.

This issue has been resolved. The information now displays correctly.

DDNS

If a user made a configuration change to DDNS (dynamic DNS) when DDNS was

not enabled, previously the router displayed a message that indicated that the

module was not enabled, but did not display a message confirming the change.

However, the router did make the change.

–

CR00014318

This issue has been resolved. DDNS is now consistent with other modules—the

router displays the following “warning” and “info” messages:

Warning (2142049): The DDNS module is not enabled.

Info (1142003): Operation successful.

GUI

The GUI included pages for configuring MAC-based port authentication.

However, this feature is not available on AT-9800 Series switches.

–

CR00014367

CR00014712

This issue has been resolved. The GUI pages have been removed.

Firewall

If the router or switch renumbered a firewall rule, it displays a message.

Previously, this message had a status of “info” instead of “warning”.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

DHCP

Level

Description

Previously, when a user entered the command delete dhcp range=range

ip=ipadd, the router or switch would display an “Operation successful”

message, even when the client entry in question was unused.

CR00014750

This issue has been resolved. For unused clients, this command now results in the

following new message:

“Nothing to delete, client is unused.”

VLAN, Bridging

It was possible to specify a value of 0 for the ageingtimer parameter in the

command add and set vlan=vlan bridge, even though this value was

meaningless.

–

CR00014778

CR00015080

CR00015130

This issue has been resolved. The lowest valid value for ageingtimer is 1.

ATM

When an SHDSL or ADSL interface re-trained after having been in a “link up”

state, spurious error messages could appear on the console.

This issue has been resolved. The messages were not genuine error messages and

no longer appear.

Switch

The following commands have been deprecated in software versions 2.9.1 and

later, and therefore (correctly) have no effect on the switch:

set switch port=number thrashlimit=value

set switch port=number thrashrefill=value

Previously, if a user entered these commands, the switch incorrectly displayed an

“Operation successful” message.

This issue has been resolved. The switch now displays a warning message

indicating that the commands are deprecated.

For information about the commands that replace these commands, see the

“Limiting Rapid MAC Movement” section of the Switching chapter of the

Software Reference.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Enhancements

Module

Level

Description

Core

It is now possible to hotswap NSMs on NEBS-compliant Rapier i switches.

–

CR00003036

To hotswap the NSM, press the Hot Swap button beside the NSM, check that the

Swap LED turns on and the In Use LED turns off, then remove the NSM. Place the

new NSM in the bay, then press the Hot Swap button again to make the NSM

available for use.

IP Gateway

The IP implementation has been enhanced to accept IP interfaces with a /31

netmask. This results in a slightly non-standard subnet that has no network

address or broadcast address. This has become a popular extension to IP, because

it reduces wastage of IP addresses on point-to-point links.

CR00012881

Many

This enhancement extended the “?” help for VRRP, OSPF, SNMP, IP routes, user

database, VLANs, logging, and file management. The “?” help for these (and

several other) modules now gives information about all command parameters.

–

CR00013129

CR00013449

Firewall

The firewall now supports FTP sessions that use the security extensions defined in

RFC 2228. Previously, the firewall dropped sessions that used those security

extensions.

This enhancement makes more-secure FTP available between private-side clients

and public-side servers, and between public-side clients and private-side servers.

Telnet

TTY

This enhancement enables you to select whether the system name appears at the

prevent it from appearing, use the command:

CR00013610

SET TELnet LOGINSYStemname=OFF

Note that the login prompt appears before you log into the router or switch.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Core

Level

Description

AR770S routers have a CPU fan that the software now monitors in the same

manner as the main fan. The state of the CPU fan is displayed along with that of

the main (chassis) fan in the output of the show system command.

–

CR00013992

If a problem develops with the CPU fan, the router notifies you in the following

ways:

■ The system LED flashes in a single flash pattern

■ An SNMP trap is issued on the fanAndPSMainFanStatus atRouter private MIB

object

■ A log message is generated that says “CPU fan status is not good”.

File

The commands create file, add file, reset file permanentredirect, and show

file permanentredirect were not supported on AR725 and AR745 routers.

These commands enable you to save the output of other router commands in

text files on the router.

–

CR00014067

For more information about these commands, see the “Managing the File

System” chapter of the Software Reference.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

BOOTP

Level

Description

This enhancement enables you to associate a BOOTP relay destination with a

given interface. To do this, use the new optional interface parameter in the

command:

CR00014172

ADD BOOTp RELAy=ipadd INTerface=interface

BOOTP packets received on this interface are relayed to the specified relay

destination only. You can define the same interface for multiple relay

destinations; the router or switch relays any BOOTP packets received to each relay

destination.

If you do not specify an interface, the destination becomes a “generic”

destination. If the router or switch receives a BOOTP message on an interface for

which no specific destination is defined, the router or switch relays the message

to all generic destinations. This is the same as the behaviour prior to this

enhancement.

To remove a destination that is associated with an interface, use the command:

DELete BOOTp RELAy=ipadd INTerface=interface

To see the interfaces that each destination is associated with, use the pre-existing

command:

SHow BOOTp RELAy

DHCP

Snooping

DHCP snooping records its client database into a file in NVS (if possible) or Flash

memory. In previous versions, that file was named bindings.dsn. From this

version, the file structure has changed and the file is now named bind0002.dsn.

–

CR00014238

When you upgrade a switch to this version, the switch creates the new client

database file 10 seconds after initialising the new version. After that, you can

safely delete the old bindings.dns file, if desired.

Note that the functionality of DHCP snooping has not changed, only the

filename.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Level

Description

BGP

This enhancement enables you to force BGP to select the best route on the basis

of network prefix alone, instead of on the basis of preference, then metric, then

network prefix.

–

CR00014241

IP Gateway

To do this:

1. Give the desired dynamic routing protocol a preference of 0, which is the

preference of interface routes, by using the command:

SET IP ROUte PREFerence=0 PROTocol={BGP-ext|BGP-int|OSPF-EXT1|

OSPF-EXT2|OSPF-INTEr|OSPF-INTRa|OSPF-Other|RIP|ALL}

2. Create a route map to give matching routes the same metric as your interface

routes. To change the metric, use the command:

ADD IP ROUTEMap=routemap ENTry=1..4294967295 SET METric=1

3. Add the route map as a filter to the BGP peers by using the command:

ADD BGP PEer=ipadd REMoteas=1..65534 INRoutemap=routemap [other

optional parameters]

The above process gives matching routes the same preference and metric as

interface routes. This forces IP routing to compare the network prefixes of the

interface route and the other routes. IP routing then chooses the most specific

route as the best route for that destination, instead of automatically choosing the

interface route as the best route without considering any other routes which may

have more specific network prefixes.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Level

Description

DHCP

Snooping,

MACFF

The following enhancements have been made to DHCP snooping, to support

MAC-forced forwarding:

–

CR00014300

■ MAC-forced forwarding checks the DHCP snooping database to find out

which router has been assigned to each DHCP client. DHCP snooping

determines this from the router list in DHCP acknowledgement messages.

However, some clients do not request a router. DHCP snooping now modifies

request messages from such clients, to ensure that they request a router. This

enables MAC-forced forwarding to interoperate with such clients.

■ Output from the command show dhcpsnooping database now displays the

list of routers that are assigned to each client, as shown in bold in the

following example:

Current valid entries

MAC Address

IP Address

Expires(s) VLAN Port ID Source

Router list

---------------------------------------------------------------------

00-00-cd-28-06-7b

192.168.99.1 52

Dynamic

192.168.199.254

Ethernet

Switch

This enhancement enables you to use 100 Mbps fiber SFPs with AR770S routers.

Support has been added for AT-SFPX/15 and AT-SFPX/40 SFPs.

–

CR00014354

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

DNS

Level

Description

A new log message has been added to provide more information about rejected

DNS requests. The message has a log type of 052 / IPDNS and subtype 002 /

UNRES, and reads:

CR00014715

DNS request for <domain-name> rejected by server. Code <number>,

<explanation>.

The following codes and explanations exist:

0: No Error—no error occurred

1: Format Error—there was a problem with the message construction

2: Server Failure—there was a problem with the server itself

3: Name Error—the name does not exist in the domain

4: Query Not Implemented—the received query was not supported

5: Refused—Refused for policy, rather than technical, reasons

6: YX Domain—the name exists when it should not

7: YX RR Set— a resource record exists that should not exist

8: NX RR Set— a resource record that should exist does not exist

9: Not Authoritative—the receiving server is not authoritative

10: Not Within Zone—the specified name is not within the zone specified in the

message

DDNS

When you activate a Dynamic DNS (DDNS) update (by entering the command

activate ddns update), the router now warns you of possible negative

consequences and prompts you for whether or not to continue.

–

CR00014728

Also, if you attempt to activate a DDNS update when DDNS is disabled, the router

displays a warning message that indicates that DDNS is disabled.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-04

Module

Level

Description

IP Gateway

OSPF

When OSPF is running over an on-demand PPP link and the link goes down, IP

notifies OSPF that the link is down and OSPF stops sending Hello packets over the

link. In a network in which routes over the PPP link are all dynamically learnt

through OSPF, the PPP link will not come back up because without OSPF there

are no routes to direct traffic at that link.

–

CR00014845

This enhancement enables you to stop IP from notifying OSPF that the PPP link is

down. OSPF keeps sending Hello messages, which bring the link back up again.

To enable this feature, set the new optional notifyospfdown parameter to no

in one of the commands:

ADD IP INTerface=int NOTIfyospfdown={NO|YES} [other parameters]

SET IP INTerface=int NOTIfyospfdown={NO|YES} [other parameters]

The default value for this parameter is yes, which means that IP notifies OSPF

when the interface goes down and OSPF sets the interface state to Down. OSPF

does not send Hello messages to the interface, and OSPF is inactive on the

interface until it receives an Up notification. This is the behaviour prior to this

enhancement. Also note the following points:

■ the parameter applies to the entire IP interface, not an individual logical

interface. Setting it on one logical interface sets it on all other logical

interfaces associated with the same IP interface.

■ the parameter only applies to on-demand PPP links. IP always sends

notifications for other interfaces, even if this parameter is set to no.

To see the parameter setting, use the existing command show ip interface.

Switch, EPSR

Switch

EPSR uses a classifier-based hardware filter to select packets in the control VLAN.

The hardware filter now only uses 2 of the available 16 bytes to match packets.

This increases the number of other classifier-based features you can use when

running EPSR.

–

CR00015269

CR00015628

The switch now fully recognises the latest revision of the AT-SPTX SPF, so all of

the features of the SFP can be utilised.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-03

Software Maintenance Version 291-03 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:

■

“Y” in a white column indicates that the resolution is available in Version 291-03 for that product series.

“-” in a white column indicates that the issue did not apply to that product series.

a grey-shaded column indicates that Version 291-03 has not been released on that product series.

“-” in a grey column indicates that the issue did not apply to that product series.

“Y” in a grey column indicates that the issue applied to that product series. These issues are resolved in the next Version (291-04).

Level 1

No level 1 issues

Level 2

Module

Level

Description

Switch

RIPng

Creating a large number of IPv6 RIPng interfaces (more than 250) sometimes

caused the switch to reboot.

–

CR00014960

This issue has been resolved.

IPv6

If a large number of IPv6 multicast routes were added (more than1000) on a

switch with an IPv6 accelerator card, the switch could reboot.

–

CR00015102

CR00015585

This issue has been resolved.

ATM

AR442S routers sometimes rebooted while using the Test Facility to test the

SHDSL interface.

This issue has been resolved.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-03

Module

IPv6

Level

Description

When a switch was heavily loaded with IPv6 traffic, it could reboot because a

large quantity of traffic was queued while waiting for a neighbour's MAC

address to resolve.

–

CR00015678

This issue has been resolved by limiting the number of packets that can be

queued while waiting for a neighbour's MAC address to resolve.

Level 3

Module

QoS

Level

Description

By default, queue lengths were set to the maximum possible values for each port

type. This could make low-priority queues inappropriately starve higher-priority

queues of buffer resource.

–

CR00013270

This issue has been resolved. The default queue length has been reduced to 128

frames for all port types. If required, you can change them by using the existing

command:

SET QOS POrt={port-list|ALL} EGRessqueue[=queue-list] [Length=16..3648]

[other optional parameters]

LLDP

The switch included a permanent L3 filter to stop CDP (Cisco Discovery Protocol)

packets from being forwarded. This made one less L3 filter match available to

users.

–

CR00014306

Switch

This issue has been resolved. CDP still requires an L3 filter, but the filter is

automatically created when CDP is enabled and destroyed when CDP is disabled.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-03

Module

QoS

Level

Description

Destroying a traffic class or flow group also destroyed all classifiers that were

associated with that traffic class or flow group.

–

CR00014959

This issue has been resolved. User-created classifiers are no longer destroyed.

Automatically-created classifiers are still destroyed, such as classifiers for DHCP

snooping.

Switch

When the switch performed layer 3 routing across a trunk, it did not balance

traffic across all ports in the trunk group.

–

CR00015510

This issue has been resolved.

If the switch received a packet on a port and therefore started using MAC-based

authentication to authenticate the port, and then received another packet during

the authentication process, then occasionally the switch dropped the second

packet.

CR00015798

CR00016058

This issue has been resolved.

Level 4

No level 4 issues

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Features in 291-02

Enhancements

Module

Level

Description

IGMP

snooping,

IGMP snooping learns which ports have routers attached to them, so it can

forward relevant IGMP messages out those ports. By default, snooping identifies

router ports by looking for ports that receive specific multicast packets (such as

IGMP queries, PIM messages, OSPF messages, and RIP messages).

–

CR00014222

Switch,

VLAN

In some network configurations, this learning process cannot identify all router

ports. For such networks, this enhancement enables you to statically configure

particular ports as multicast router ports.

To specify the static router ports, use the new command:

add igmpsnooping vlan={vlan-name|1..4094} routerport=port-list

To stop ports from being static router ports, use the new command:

delete igmpsnooping vlan={vlan-name|1..4094} routerport=port-list

To list the static router ports, use the existing command:

show igmpsnooping

and check the new “Static Router Ports” field.

Features in 291-02

Version 291-02 was not released.

Features in 291-01

Version 291-01 was not released.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Support for the new x900-48FS switch—CR00016662

The x900-48FS is a new model in the x900 Series of layer 3 gigabit and fast Ethernet switches. Its key features are:

■

Multi-layer Fast Ethernet switch

48-port 100BASE-X SFP sockets, 100 Mbps, full or half duplex

4-port 1000BASE-X SFP uplink sockets, 1000 Mbps, full duplex

Support for hot-swappable SFP modules

Hot-swappable, load sharing PSUs

1U height, rack-mountable

Non-blocking Layer 2 and Layer 3 IP switching

IPv6-ready hardware for accelerated unicast and multicast routing

4096 Layer 2 multicast entries

1024 Layer 3 IPv4 multicast entries

4096 logical IPv6 interfaces

32MBytes of fixed flash

256MBytes of Synchronous DRAM, expandable to 512MBytes with DIMM

CompactFlash slot for hot-swappable expansion of flash memory up to 128MBytes

x900-48FS front panel

ASYN0/CONS

For more information about the x900 Series and expansion options, see the Hardware Reference. The Hardware Reference is available from

www.alliedtelesis.co.nz/documentation/manuals.html.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

IGMP snooping fast leave in multiple host mode—CR00017482

The IGMP snooping fast leave option has been enhanced, to make it available when multiple clients are attached to a single port on the snooping switch. Fast

leave now has two modes available:

■

multiple host mode—the new feature. In multiple host mode, the snooper tracks which clients are joined to a given IP multicast group on a given port. As

soon as the last client leaves a group on a port, the snooper shuts off the multicast to that port.

■

single host mode—the existing functionality. In single host mode, as soon as the snooper receives a leave message for a group on a port, it shuts off the

multicast. This mode assumes that there are no other clients on the port that are still interested in receiving the multicast, so is suitable only when clients are

directly attached to the snooper.

To specify the new multiple mode, use the command:

set igmpsnooping vlan={vlan-name|1..4094|all} fastleave=multiple

To specify single mode, use either of the commands:

set igmpsnooping vlan={vlan-name|1..4094|all} fastleave=single

set igmpsnooping vlan={vlan-name|1..4094|all} fastleave=on

The command show igmpsnooping vlan has also been enhanced. The new command syntax is:

show igmpsnooping vlan={vlan-name|1..4094|all} [group={multicast-ip-address|allgroups}] [detail]

The group parameter lets you display information for only one group or for only the All Groups port (the allgroups option).

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

IGMP snooping fast leave in multiple host mode—CR00017482

The detail parameter displays more detailed information, including expiry times for each port, and in the case of multiple host fast leave mode, the list of hosts

on a port. The following example shows this.

IGMP Snooping

--------------------------------------------------------------------------

Status ........................... Enabled

Disabled All-groups ports ........ None

Vlan Name (vlan id) ..... default (1)

Fast Leave .............. Multiple Host Topology

Query Solicitation ...... Off

Static Router Ports ..... None

Group List .............. 2 groups

Group 224.0.1.22

Port 24

Timeout in 256 secs

Timeout in 257 secs

Hosts: 1

00-00-cd-27-be-f5 (172.20.176.200)

Timeout in 257 secs

Group 239.255.255.250

Port 24

Timeout in 258 secs

Timeout in 259 secs

Hosts: 1

00-00-cd-27-be-f5 (172.20.176.200)

Timeout in 259 secs

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Support for the new Rapier 48w switch

The Rapier 48w is a new model in the Rapier Series of layer 3 gigabit and fast Ethernet switches. Its key features are:

■

48-port 10BASE-T/100BASE-TX (RJ-45 connectors)

Two 1000BASE SFP ports

Two asynchronous serial console ports with DB9 connectors

One Network Service Module bay, with support for various WAN interface cards

Auto-negotiating Layer 3 Managed Switch

Enhanced switching core

Replaceable air filters and fan-only modules (FOMs) for NEBS applications

Rapier 48w front panel

Rapier 48w L3 Fast Ethernet Switch

FAN

NSM

PORTS 49-50

L/A

1000M LINK

ACT

SFP

INSTALLED

FAULT

PORTS 1-48

ACT

CLASS

LASER PRODUCT

DO NOT STARE

L/A

D/C

LINK 100M

ACT

LINK 10M

FULL DUP

HALF DUP

COL

INTO BEAM

STATUS

FAULT

ASYN0

ASYN1

POWER

SWAP

USE

HOT

RESET

SWAP

10 11

12 13

14 15

18 19

20 21

22 23

24 25

26 27

28 29

30 31

34 35

36 37

38 39

40 41

42 43

44 45

46 47

NSM

Rapier 48w rear panel

WARNING

This unit might have more

than one power input. To

reduce the risk of electric

shock, disconnect all power

inputs before servicing unit.

FOR CENTRALIZED DC

POWER CONNECTION,

INSTALL ONLY IN

40-60VDC

4.5A MAX

RESTRICTED AREA.

DUAL INPUTS

For more information about the Rapier Series and expansion options, see the Hardware Reference. The Hardware Reference is available from

www.alliedtelesis.co.nz/documentation/manuals.html.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Backing up the configuration with SNMP—CR00016221

With this enhancement, you can use SNMP to:

■

set parameters for uploading files from the router or switch, and

upload files to a TFTP server

SNMP already lets you save the current configuration to a file on the router or switch. You can use this with the new options to back up the configuration to a

TFTP server. To do this, perform the following steps.

1. Save the configuration

To save the current configuration, use SNMP SET createConfigFile. The following screenshot shows this for a file called tst.cfg.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Backing up the configuration with SNMP—CR00016221

2. Set the load parameters

To specify the server IP address, use SNMP SET loadServer. To set the filename, use SNMP SET loadFilename. The following screenshot shows setting the

filename to tst.cfg.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

Backing up the configuration with SNMP—CR00016221

3. Upload the file

To upload the file, use SNMP SET loadStatus and set it to a value of 8. The following screenshot shows this.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

SNMP ASN.01 BER Padding—CR00016523

This enhancement enables you to specify whether SNMP adds 0x00 padding when the most significant 9 bits of an object’s value are all 1, or whether the

encoding follows the ASN.01 BER rule, which cuts off the most significant byte of 0xff. This setting has an impact on all integer type MIB objects, including 32

bit and 64 bit counter objects.

To add the padding, use the command:

set snmp asnberpadding={on|yes|true}

To use the ASN.01 BER rule, which is the default, use the command:

set snmp asnberpadding={off|no|false}

The following table lists examples.

Bits

Value (decimal)

Value (hex)

asnberpadding setting

Encoding

counter32

4289592837

0xFFADFE05

off

41 05 00 ff ad fe 05

41 03 ad fe 05

counter64

18410715280977201498

0xFF800000ff80895A

46 09 00 ff 80 00 00 ff 80 89 5a

46 07 80 00 00 ff 80 89 5a

To see whether or not padding is added, use the command:

show snmp

and check the new “ASN.01 BER Padding” field.

Version 291-10

C613-10488-00 REV G

Download from Www.Somanuals.com. All Manuals Search And Download.

3M Wheelchair FR330 User Manual
Aastra Telecom Laptop REV 06 User Manual
Actiontec electronic Network Router GT701D User Manual
ADC Network Card SignalOn Series User Manual
AeroGarden Greenhouse Kit 300291 User Manual
Agilent Technologies Network Card 82350B User Manual
Airlink101 Network Router AR675W User Manual
Alliance Laundry Systems Washer Dryer CHM166C User Manual
Atmel Stereo Amplifier ATR7040 User Manual
Beckett Water Gardening Plumbing Product G325AG20 User Manual