Allied Telesis Network Router AT WA1104G 10 User Manual

Software Maintenance Release Note  
Maintenance Version 291-10  
for AR415S, AR440S, AR441S, AR442S, AR450S, AR725, AR745, AR750S, AR750S-DP, and AR770S routers and  
AT-8600, AT-8700XL, Rapier i, Rapier w, AT-8800, AT-8900, x900-48, AT-9900, and AT-9800 Series switches  
This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 291-10 for Software Version 2.9.1. Version  
details are listed in the following table:  
Models  
Series  
Release File  
Date  
Size (bytes)  
GUI file  
AR415S, AR440S, AR441S, AR442S, AR450S  
AR400  
54291-10.rez  
24 July 2007  
4946220  
415s_291-10_en_d.rsc  
440s_291-10_en_d.rsc  
441s_291-10_en_d.rsc  
442s_291-10_en_d.rsc  
450s_291-10_en_d.rsc  
AR750S, AR750S-DP, AR770S  
AR725, AR745  
AR7x0S  
AR7x5  
55291-10.rez  
52291-10.rez  
24 July 2007  
24 July 2007  
4074888  
4114292  
750s_291-10_en_d.rsc (AR750S and AR750S-DP)  
_725_291-10_en_d.rsc  
_745_291-10_en_d.rsc  
AT-8624T/2M, AT-8624PoE, AT-8648T/2SP  
AT-8600  
sr291-10.rez  
24 July 2007  
2468216  
8624t_291-10_en_d.rsc  
8624poe_291-10_en_d.rsc  
8648t_291-10_en_d.rsc  
AT-8724XL, AT-8748XL  
AT-8700XL  
Rapier i  
87291-10.rez  
86291-10.rez  
24 July 2007  
24 July 2007  
2411128  
4587048  
8724_291-10_en_d.rsc  
8748_291-10_en_d.rsc  
Rapier 24i, Rapier 48i, Rapier 16fi  
r24i_291-10_en_d.rsc  
r16i_291-10_en_d.rsc  
r48i_291-10_en_d.rsc  
Rapier 48w  
Rapier w  
86291-10.rez  
24 July 2007  
4587048  
-
Download from Www.Somanuals.com. All Manuals Search And Download.  
Levels  
3
Levels  
Some of the issues addressed in this Maintenance Version include a level number. This number reflects the importance of the issue that has been resolved. The  
levels are:  
Level 1  
Level 2  
Level 3  
Level 4  
This issue will cause significant interruption to network services, and there is no work-around.  
This issue will cause interruption to network service, however there is a work-around.  
This issue will seldom appear, and will cause minor inconvenience.  
This issue represents a cosmetic change and does not affect network operation.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-10  
4
Features in 291-10  
Software Maintenance Version 291-10 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:  
“Y” indicates that the resolution is available in Version 291-10 for that product series.  
” indicates that the issue did not apply to that product series.  
Level 1  
No level 1 issues  
Level 2  
CR  
Module  
Level  
2
Description  
Switching,  
DHCP  
Snooping  
Enabling DHCP snooping (correctly) adds a hardware filter to all untrusted  
ports, to block all IP traffic coming from those ports. Previously, disabling  
DHCP snooping did not delete these filters. This meant that the switch  
dropped all IP traffic from the previously-untrusted ports until the switch  
was restarted.  
-
-
-
-
-
-
-
-
Y
Y
-
CR00016759  
Also, attempting to manually delete the hardware filters did not actually  
remove them.  
These issues have been resolved. The switch now removes the filters if you  
disable DHCP snooping or manually delete the filters.  
IP Gateway  
2
If the user did not specify the destination and dmask parameters when  
entering the set ip filter command, the destination and dmask of the  
filters were reset to any.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00018655  
CR00018656  
Also, it was not possible to delete an IP filter by using the delete ip filter  
command, even when all required parameters were present.  
These issues have been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-10  
5
CR  
Module  
Level  
2
Description  
Switching  
The resolution to CR 444 meant that packets processed by the CPU are now  
subjected to the same filtering as packets switched in hardware. However,  
this filtering did not always return the expected results. Sometimes its IP  
address matching was incorrect, and it did not correctly process filters with  
an action of nodrop.  
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
CR00018663  
These issues have been resolved.  
OSPF  
2
On a router or switch with OSPF redistribution enabled, OSPF did not  
redistribute the interface route when an interface came up (for example,  
after a reboot).  
Y
Y
Y
Y
Y
Y
CR00018691  
This issue has been resolved.  
QoS  
2
2
QoS policies, traffic classes, and flow groups could not have an ID number  
of 0 (zero).  
-
-
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
CR00018693  
CR00018778  
This issue has been resolved.  
IP NAT, Firewall  
When using IP NAT, the router or switch would reboot when processing  
TCP SYN packets.  
Y
Y
Y
This issue only occurred with IP NAT, which is configured by using the add  
ip nat command. It did not occur with firewall NAT.  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-10  
6
Level 3  
CR  
Module  
Ping  
Level  
3
Description  
Traceroute (the trace command) did not work. It returned the error “The  
destination is either unspecified or invalid” even if the destination was  
reachable.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00018514  
This issue has been resolved.  
Level 4  
No level 4 issues  
Enhancements  
No enhancements  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-09  
7
Features in 291-09  
Software Maintenance Version 291-09 includes the enhancement in the following table, which is available for x900-48FE and x900-48FE-N switches.  
Level 1-4  
No level 1-4 issues  
Enhancements  
CR  
Module  
Core  
Level  
-
Description  
CPU fan monitoring is now disabled by default on x900-48FE and  
x900-48FE-N switches. Monitoring the fan is unnecessary unless an  
accelerator card is installed on the switch, so disabling monitoring reduces  
the number of messages that the switch displays and logs.  
-
-
-
-
-
-
-
-
Y
-
-
CR00018530  
To enable monitoring, use the command:  
enable cpufanmonitoring  
To disable it again, use the command:  
disable cpufanmonitoring  
When monitoring is enabled, the command show system displays the  
CPU fan status in the entry labelled “Main fan”.  
Note that this behaviour is already available on AT-8948 switches.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
8
Features in 291-08  
Software Maintenance Version 291-08 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:  
“Y” indicates that the resolution is available in Version 291-08 for that product series.  
” indicates that the issue did not apply to that product series.  
Level 1  
No level 1 issues  
Level 2  
CR  
Module  
Level  
2
Description  
Switching,  
IGMP,  
IP Gateway  
If a packet should have matched a hardware filter with a deny action and  
have been discarded, but an IP routing entry had not yet been learnt for the  
packet, then the packet was not discarded.  
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
Y
-
-
-
-
-
-
-
-
CR00000444  
This issue has been resolved and the packet is now discarded.  
Switching  
Firewall  
2
2
When a nodrop action was specified on a port as part of an L3 filter, it was  
observed that the port was still dropping packets. This was observed after  
the ARP entry for the destination IP expired from the switchs L3 table.  
-
-
-
-
CR00000484  
CR00001231  
This issue has been resolved.  
The router or switch sometimes recorded more events in its deny event  
queue than was specified by the detail parameter of the set firewall  
policy attack command.  
Y
Y
Y
Y
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
9
CR  
Module  
Level  
2
Description  
Classifier  
The following issues existed with classifiers:  
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00003495  
classifiers matching protocol=ipv6 and ipprotocol=icmp could be  
created more than once  
classifiers matching protocol=ipv6 and ipprotocol=1 could be created  
but were meaningless because 1 represents IPv4 ICMP  
classifiers matching protocol=ip and ipprotocol=58 could be created  
but were meaningless because 58 represents IPv6 ICMP.  
These issues have been resolved.  
Also, classifiers now default to protocol=ip (IPv4) if:  
no value is specified for the protocol parameter, or  
protocol=any and ipprotocol=icmp.  
VLAN  
BGP  
2
2
2
Removing then re-adding ports to a Nested VLAN, with rapid STP enabled,  
caused the port in the Alternate Discarding state to leak a small number of  
packets.  
-
-
-
-
-
-
-
-
-
Y
Y
Y
-
CR00004018  
CR00005472  
CR00005812  
This issue has been resolved.  
When BGP was in the OpenSent state and it received an out-of-sequence  
message (such as a KeepAlive message), BGP would return to the Idle state.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
This issue has been resolved. BGP now sends a notification message to the  
other BGP peer, as expected.  
IP Gateway  
When the router or switch received an IP packet whose length was greater  
than the MTU on the outgoing link, and the packet contained an IP option  
that was not designed to be fragmented (such as Timestamp), then the  
resulting constituent fragments would have incorrect IP header lengths.  
This could lead to data corruption.  
Y
Y
On routers, this issue applied to all routed packets. On switches, it applied  
to packets processed by the CPU, not to packets switched in hardware.  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
10  
CR  
Module  
RIPng  
Level  
2
Description  
The following issues occurred with RIPng:  
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00007178  
RIPng dropped requests from peers with non link-local addresses.  
for a solicited response, if the routes did not exist on the device, RIPng  
returned a metric of 0 for them instead of returning a metric of 16  
RIPng performed split-horizon checking for solicited responses  
RIPng used the link-local address to respond to all requests, even if the  
request used a non link-local address and therefore the reply should  
have also used a non link-local address  
These issues have been resolved.  
Install, MIB  
2
Previously, the MIB objects configFile and createConfigFile would return the  
current configuration file, and the MIB object currentConfigFile would  
return 'no such object'.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00008847  
This issue has been resolved. The objects configFile and createConfigFile  
now return the boot configuration file. The object currentConfigFile now  
returns the current configuration file.  
Classifier  
Firewall  
2
2
The output of the show classifier=number command did not show the  
protocol number.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
Y
CR00009473  
CR00010654  
This issue has been resolved.  
When adding a firewall application rule, it was possible to specify FTP as the  
application but not specify the command parameter. This meant that the  
rule would allow all FTP commands through, even if action=deny had  
been specified.  
This issue has been resolved by making the command parameter  
mandatory when the application is specified as FTP.  
PPP  
2
If the router or switch received an LCP packet with an unrecognised code,  
it responded with a CodeReject packet of incorrect length that did not  
respect the established MRU of the peer.  
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00010951  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
11  
CR  
Module  
PPP  
Level  
2
Description  
If the router or switch received an LCP packet with an unrecognised  
protocol, it responded with a ProtocolReject packet of incorrect length that  
did not respect the established MRU of the peer.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
Y
Y
Y
CR00010967  
This issue has been resolved.  
PPP  
2
When the established Maximum Receive Unit (MRU) of the remote PPP peer  
was greater than the established MRU of the local PPP peer, Echo Reply  
packets did not respect the established MRU of the remote peer.  
Y
CR00010968  
This issue has been resolved.  
Core  
VPN, GUI  
OSPF  
2
2
2
In most circumstances the stack dump for an AR7x5 router was invalid and  
did not contain complete information about the cause of a reboot.  
-
Y
-
-
-
-
-
-
-
-
-
-
CR00011231  
CR00012218  
CR00012727  
This issue has been resolved.  
Enabling VPN (IPsec) on the GUI caused the GUI VPN page to stop  
displaying information about some or all of the existing VPN policies.  
Y
Y
Y
Y
-
-
-
-
-
-
-
-
This issue has been resolved.  
Sometimes when a type 7 external LSA was translated to a type 5 external  
LSA the forwarding address was set to 0.0.0.0 in the translated type 5 LSA.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved, so that the forwarding address is always  
copied from the type 7 LSA being translated.  
OSPF  
2
When the router or switch is acting as an area border router and one of the  
areas is an NSSA (Not So Stubby Area), the router or switch will create a  
default route for the NSSA and inject this into the NSSA. Previously, the  
router or switch was also redistributing this route into other areas as a static  
route when static route redistribution was turned on. This was not desirable  
behaviour.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012751  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
12  
CR  
Module  
TTY  
Level  
2
Description  
Unexpected characters could appear on the terminal emulator display  
when the column size was set greater than 80 and the user edited a  
command that spanned more than one line of the display.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
CR00012871  
This issue has been resolved.  
DVMRP,  
2
If a frame relay interface was configured as a DVMRP interface, then the  
DLC value was not correctly generated in output of the command show  
config dynam or in the configuration script generated by the command  
create config.  
-
CR00013597  
Frame Relay  
This issue has been resolved.  
Core, SNMP  
2
2
Previously, SNMP returned an incorrect product ID number for AR750S-DP  
routers.  
-
-
-
-
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00013660  
CR00013735  
This issue has been resolved. The value of the sysObjectID object is now 80  
for AR750S-DP routers.  
LACP,  
Switching  
When moving ports from an LACP-controlled trunk to a manually-  
configured trunk, ports were incorrectly set in an STP blocking state.  
Therefore, traffic would not flow over the trunk.  
Y
Y
This issue has been resolved.  
Note: When you move ports from an LACP-controlled trunk to a manually-  
configured trunk, you must delete the ports from LACP.  
OSPF  
2
If the obsolete command set ospf rip=both was entered, the router or  
switch correctly automatically replaced it with the following two  
commands in the dynamic configuration:  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013763  
add ospf redistribute protcol=rip  
set ospf rip=export  
However, if the command create config was used to save the  
configuration, after system start-up the configuration file did not contain  
the command add ospf redistribute protocol=rip. This meant that OSPF  
stopped redistributing RIP routes after a reboot.  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
13  
CR  
Module  
IPv6  
Level  
2
Description  
If a user shortened the prefix length of an IPv6 interface address, then  
lengthened it, it became impossible to change the prefix length again.  
Y
-
Y
-
Y
-
Y
Y
Y
-
Y
Y
Y
-
Y
Y
-
-
-
Y
Y
-
Y
Y
-
Y
CR00013778  
This issue has been resolved.  
MSTP  
L2TP  
2
2
2
Executing the commands disable mstp port=number or enable mstp  
port=number would not disable or enable the port on all MSTIs.  
Y
-
Y
-
-
CR00013893  
CR00013982  
CR00014044  
This issue has been resolved.  
An L2TP call could be deleted when still attached to the PPP interface.  
Doing this caused the router or switch to reboot.  
Y
-
Y
-
Y
-
-
This issue has been resolved.  
IGMP  
When large numbers of multicast streams were passing through the switch  
and there was no multicast routing protocol running (such as PIM or  
DVMRP), the CPU would experience regular periods of extended high  
utilisation. This could result in lost control packets and network instability.  
-
-
-
-
-
Y
This issue has been resolved.  
TTY  
TTY  
2
2
2
2
When a file was redirected (for example, by a trigger), if the mail hostname  
was not available or not configured, the router or switch would reboot.  
Y
Y
Y
Y
Y
Y
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014146  
CR00014230  
CR00014295  
CR00014320  
This issue has been resolved.  
If the built-in editor was used to delete the last line of a file, the router or  
switch could reboot.  
This issue has been resolved.  
IGMP  
OSPF  
IGMP snooping would process IGMP protocol packets that had incorrect IP  
TTL fields (i.e. that had values other than 1).  
This issue has been resolved.  
Occasionally, when OSPF was started, not all the Type-7 LSAs were  
translated into Type-5 LSAs.  
Y
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
14  
CR  
Module  
PIM6  
Level  
2
Description  
If an IPv6 accelerator was used, and the upstream router forwarded IPv6  
multicast data just before the prune limit timer expired, then the  
downstream router sometimes did not send the prune until significantly  
after the timer expired.  
-
-
-
-
-
-
-
-
Y
Y
-
CR00014827  
This issue has been resolved.  
MSTP, GUI  
2
2
Using the web-based GUI to set the Point-to-Point Link in the MSTP CIST  
Port configuration to a non-default value would generate an error.  
-
-
-
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
-
-
CR00015169  
CR00015805  
This issue has been resolved.  
ISAKMP, IPv6  
During the boot up, the router or switch waited 5 seconds before  
beginning ISAKMP prenegotiation. For VPN tunnels over IPsec for IPv6, this  
was not long enough for the router or switchs interfaces to come up before  
prenegotiation began.  
Y
Y
Y
Also, the router or switch did not obtain the most recent active ISAKMP SA  
when multiple SAs existed.  
These issues have been resolved. The router or switch now waits 6 seconds,  
and obtains the most recent SA and uses that for Phase 2 negotiations.  
Switching  
2
2
2
If the switch had a large number of routes in its forwarding database (FDB),  
and the command show switch fdb was used to display the contents of  
the FDB, and the switchs CPU was busy at the time, then the switch  
sometimes rebooted.  
-
-
-
-
-
-
-
-
Y
Y
Y
Y
Y
Y
-
CR00015964  
CR00016262  
CR00016340  
This issue has been resolved.  
Load  
When attempting to upload files from the switch using TFTP to an IPv4  
server address, the router or switch reported an error if IPv6 was not  
enabled. It was not possible to upload files using TFTP to an IPv6 server  
address at all.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
These issues have been resolved.  
DHCP  
Snooping  
DHCP Snooping has been enhanced to operate in a customised VLAN ID  
translation (VID translation) environment. Previously, DHCP Snooping was  
not supported with VID translation.  
-
-
-
Y
Y
-
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
15  
CR  
Module  
IPv6  
Level  
2
Description  
The timer that governs the interval between repeated neighbour  
solicitation messages could only be configured by using the ndretrans  
parameter of the set ipv6 nd command, and not through router  
advertisements that the router or switch received from other routers.  
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00016587  
This issue has been resolved. Instead of using the ndretrans parameter of  
the command set ipv6 nd, use the retrans parameter to configure the  
timer interval. Also,routers or switches acting as hosts will now correctly  
update their timer values to the value specified in any router advertisements  
that they receive.  
DHCP6  
2
2
Previously, it was possible to enter the incomplete commands delete  
dhcp6 policy=name or set dhcp6 policy=name without specifying any  
other parameters.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
Y
Y
CR00016592  
CR00016840  
This issue has been resolved. If this is done, the router or switch now  
displays the warning:  
Warning (2117007): One or more parameters may be missing.  
STP  
Previously, when the switch was a Spanning Tree root bridge in a network  
and a user raised the switchs root bridge priority enough to stop the switch  
from being the root bridge, unnecessary delays in convergence occurred.  
-
-
-
Y
Y
This issue has been resolved.  
IP Gateway  
ISAKMP  
2
2
The set ip filter command would not accept the protocol parameter.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
CR00016956  
CR00016964  
This issue has been resolved.  
When the router or switch negotiated an IPsec tunnel with RFC3947 NAT-  
T, its NAT-OA payload had two bytes of reserved fields after the ID field  
instead of the three bytes specified by RFC 3947. This could prevent the  
tunnel from working properly when the tunnel was between an Allied  
Telesis router or switch and some other vendor.  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
16  
CR  
Module  
ATM  
Level  
2
Description  
If a PPP instance was destroyed after an attached ATM channel had been  
modified using the set atm channel command, the router rebooted. The  
router could also reboot if an ATM channel was deleted under similar  
circumstances.  
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00016985  
This issue has been resolved.  
IPsec  
2
AlliedWare IPsec would not interoperate with Microsoft Windows Vista  
VPN clients. This was because Microsoft changed the IPSec behaviour in  
Vista such that Vista's private local IP address is sent as the local  
identification instead of an FQDN. When an IPSec tunnel between  
AlliedWare and Vista was brought up, the hosts could not communicate.  
Y
Y
Y
Y
Y
CR00016989  
CR00017081  
This issue has been resolved. AlliedWare IPsec can now communicate with  
peers that send their private local IP address as the local identification.  
Classifier  
2
The show classifier command did not allow users to display only the  
classifiers that had their IP source address and MAC source address  
parameters set to dhcpsnooping.  
-
-
-
-
-
-
-
-
Y
Y
-
This issue has been resolved. For example, the command show classifier  
ipsa=dhcpsnooping now displays those classifiers that have their IP  
source address set to dhcpsnooping.  
Also, it is no longer possible to create two identical classifiers with DHCP  
snooping parameters.  
Firewall  
2
When the router was acting as a firewall and performing DNS relay, it used  
the local IP interface private address as the source address for some packets  
that it sent out the public interface. When the router acts as a DNS relay, it  
receives DNS requests from the private interface and sends a new packet  
on the public interface. These new packets were given the wrong address.  
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
CR00017093  
This issue has been resolved. Such packets now have their source address  
set to the public interface address as required.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
17  
CR  
Module  
IPsec  
Level  
2
Description  
If an IPsec tunnel with no encryption (NULL) was negotiated in AlliedWare  
over NAT-T, the ESP packets did not contain an RFC 3948 compliant  
checksum. This means that some vendors may have discarded packets sent  
by the AlliedWare peer over such a tunnel.  
Y
Y
Y
Y
Y
Y
-
-
-
-
-
CR00017226  
This issue has been resolved.  
Note the null encryption is useful for debugging the traffic over an IPsec  
tunnel and should not be used in a working IPsec solution.  
IPsec  
2
2
An IPSec checksum recalculation error occurred with UDP traffic when the  
ESP encapsulation was added.  
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
-
-
-
-
-
-
-
-
CR00017227  
CR00017255  
This issue has been resolved.  
Switching  
Previously, trunk members were given the STP state in hardware of port 1,  
instead of having the STP state of the lead port in the trunk. The software  
state (as displayed with the command show stp port) was correct.  
Y
Y
This issue has been resolved.  
Switching  
Switching  
2
2
When using multi-homed IP interfaces on a VLAN, it was possible that L3  
hardware switching would stop for all multi-homed interfaces on that  
VLAN, if one of the multi-homed interfaces was removed or went into an  
administratively down state.  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Y
Y
Y
Y
-
-
CR00017256  
CR00017337  
This issue has been resolved.  
It was possible to set up a classifier that matched MPLS frames at layer 2,  
but the switch would not correctly match these MPLS frames against the  
classifier.  
This issue has been resolved. The switch now correctly matches MPLS  
frames against such a classifier.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
18  
CR  
Module  
QoS,  
Level  
2
Description  
Some small memory access violations existed in DHCP snooping.  
These violations have been resolved.  
-
-
-
Y
Y
Y
Y
Y
Y
Y
-
CR00017368  
DHCP  
Snooping  
Also, a new console error message is displayed if a user tries to add a  
duplicate classifier to a QoS policy. For example, if traffic class 101 belongs  
to policy 2 and a user tries to add a flow group to traffic class 101 when  
the flow groups classifier is number 54 and already belongs to policy 2, the  
following message is displayed:  
Error (3099297): Duplicate classifier (54) on policy 2.  
A similar new log message has also been added, which says:  
Duplicate classifier (<number>) found on <string> <number>  
Note that a classifier can exist in two separate policies but cannot exist  
twice in the same policy.  
IP Gateway  
2
The router or switch could reboot when the local interface address had  
been specified by using the set ip local command, and then the underlying  
interface from which the local interface took its address was either deleted  
or had its address changed. In both these cases, the local interface was  
correctly reset back to an undefined address, but a route to this address was  
not deleted. This could cause routing difficulties and a reboot when packets  
for that address were received.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00017456  
This issue has been resolved. The route is now correctly deleted.  
Firewall  
2
When a VoIP call using SIP was initiated from the public side of the firewall,  
occasionally the firewall created two UDP sessions for the call with different  
UDP source ports. This happened if the first packets of the STP (voice data)  
stream arrived earlier than the 200 OK message that was supposed to  
establish the session. The result was that the public side caller could not  
hear the call.  
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
CR00017488  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
19  
CR  
Module  
ISAKMP  
Level  
2
Description  
The router or switch sometimes could not establish a VPN when the remote  
peer was behind a NAT gateway and the router or switchs remote ID was  
set to default.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
-
-
-
CR00017518  
This issue has been resolved.  
PPP  
2
If a PPPoE AC service had been added, but AC mode had not been enabled  
by using the enable ppp ac command, PADI frames were processed  
anyway, potentially leading to a reboot.  
Y
Y
Y
CR00017634  
This issue has been resolved.  
TTY  
2
2
Previously, it was not possible to configure a TTY service on the router (by  
using commands like create service).  
Y
-
-
-
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00017659  
CR00017662  
This issue has been resolved.  
Core  
Stopping and restarting two fans on the switch in a particular order could  
put the fan fault detection mechanism into a state in which the system LED  
would not flash for a fan fault.  
Y
This issue has been resolved.  
IGMP  
2
When the switch had a hardware filter configured that would match and  
discard a received IGMP packet, IGMP snooping still processed the packet  
and added the details to its snooping database.  
-
-
-
Y
Y
Y
Y
Y
-
-
-
CR00017724  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
20  
CR  
Module  
Level  
2
Description  
IP Gateway,  
DHCP  
When the DHCP server was enabled on a router or switch that also had a  
local IP interface defined by using the set ip local command, outgoing  
DHCP server packets would use the set ip local command's IP address as  
their source address. Furthermore, if the broadcast flag was set to TRUE in  
the DHCP Discover message that the server was replying to, then the server  
would send the DHCP Offer packet out the wrong IP interface with the  
wrong source IP address. Microsoft Windows Vista has the broadcast flag  
set to TRUE.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00017731  
These issues have been resolved. The DHCP server configuration now  
ignores any local IP interfaces set by using the set ip local command, and  
the server now sends the Offer message out the interface that it received  
the Discover on.  
Switching  
2
If a multicast route had an odd number of downstream interfaces attached  
to it, and the last downstream interface was deleted, the second to last  
downstream interface could experience a loss of packets.  
-
-
-
-
-
-
-
-
Y
Y
-
CR00017749  
This issue has been resolved.  
PIM  
2
2
PIM would sometimes start forwarding duplicate packets from the RP to  
downstream interfaces if the SPT Bit had been set and had become unset.  
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
Y
Y
Y
Y
-
CR00017816  
CR00017906  
This issue has been resolved.  
VLAN, MSTP  
If ports were removed from a VLAN and MSTP was enabled, then the port  
removal was not included in the configuration displayed by the command  
show config dynam or saved by the command create config.  
Y
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
21  
Level 3  
CR  
Module  
PKI  
Level  
3
Description  
Some PKI commands (including add pki ldap, create pki enroll, and  
create pki keyupdate) only worked if their parameters were entered in a  
particular order.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
CR00000503  
This issue has been resolved.  
3
3
The command add fire policy=name rule=number act=allow int=int  
ip=ipadd list=filename would incorrectly be rejected, with an error  
message stating that list and ip were mutually exclusive.  
Y
Y
CR00001106  
CR00001438  
This issue has been resolved, so that list and ip can be used together in the  
same firewall rule.  
TACACS+  
If TACACS+ was used for authentication and the TACACS+ server went  
down during an authentication attempt, the router or switch added the  
attempted login names to the TACACS+ user list (as displayed in output of  
the show tacplus user command). However, the router or switch correctly  
did not log users in with those names.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved.  
IP Gateway  
Firewall  
3
3
Sometimes an incorrect error message was printed if a user tried to enable  
IP multicast switching on a device that did not support it.  
-
-
-
Y
Y
Y
Y
Y
Y
Y
-
Y
-
-
-
-
-
-
CR00002587  
CR00003354  
This issue has been resolved.  
The firewall message “Port scan from <source> is underway” was repeated  
more times than messages about other attack events. This could cause  
confusion.  
Y
Y
Y
Y
This issue has been resolved. The message is now displayed with the same  
frequency as other firewall attack event messages.  
Firewall  
3
The firewall sometimes did not report that an attack had finished until  
several minutes after it actually finished.  
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
CR00003356  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
22  
CR  
Module  
File  
Level  
3
Description  
The show file command did not check whether the specified file system  
was valid. If an invalid file system type was entered (such as show  
file=abc:*.*), the router or switch reported that no files found instead of  
reporting that the file system abc did not exist.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00004004  
This issue has been resolved.  
GUI  
3
The following issues occurred with the GUI:  
-
-
-
-
-
-
-
-
-
CR00005048  
the menu item and related page title for configuring PPPoE and PPPoA  
interfaces was incorrectly named “PPP”. This issue has been resolved by  
changing the names to “PPPoE / PPPoA”.  
the UPnP selection option on the firewall pages did not work. This issue  
has been resolved.  
Note that if you want to use the GUI to configure a PPP interface over ISDN,  
use the Dial-up menu option to do so.  
LACP  
3
If a user attempted to enable LACP on AT-9800 series switches—which do  
not support LACP—the switch incorrectly said that the module had been  
enabled.  
-
-
-
-
-
-
-
-
-
-
Y
CR00005187  
This issue has been resolved. The switch now displays an error message  
instead.  
Classifier  
BGP  
3
3
Previously, a classifier with protocol=ip matched both IPv4 and IPv6  
packets when used with software QoS, instead of only matching IPv4  
packets.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
-
-
-
-
CR00005894  
CR00005940  
This issue has been resolved.  
There were several cases in BGP where an error was discovered in an  
incoming packet, but the incorrect error subcode was reported in the  
accompanying NOTIFICATION message. Also, NOTIFICATION messages did  
not contain the aberrant data in their data fields, as required by the RFC.  
Y
Y
Y
Y
These issues have been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
23  
CR  
Module  
SNMP  
Level  
3
Description  
On AR725 and AR745 routers, which have no VLAN support, an SNMP Get  
request for dot1qMaxVlanId or dot1qMaxSupportedVlans incorrectly  
returned a value.  
-
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00006303  
This issue has been resolved.  
Bridge  
3
Predefined bridge protocols XEROX PUP and PUP Addr Trans with the  
encapsulation of EthII and protocol type 0x0200 and 0x0201 are invalid  
and obsolete, since they are less than the minimum ETHII protocol type of  
1500 (decimal). Bridging with these protocols could cause the router to  
reboot.  
Y
Y
CR00006613  
This issue has been resolved by replacing the predefined protocol types with  
the more modern equivalents 0x0a00 and 0x0a01. Also, if you enter a  
protocol type less than the minimum, the router now displays an error  
message.  
GUI  
3
3
3
When a user used the GUI to attempt to delete a local interface that was in  
use by another protocol, the operation (correctly) failed, but the GUI did not  
display an error message to explain the failure.  
Y
-
Y
-
Y
-
Y
Y
-
-
Y
Y
-
Y
Y
-
Y
Y
-
-
Y
Y
-
Y
-
CR00007394  
CR00007404  
CR00007926  
This issue has been resolved.  
MSTP  
If a network running MSTP was connected to a network running RSTP and  
MSTP message debugging was enabled on a switch, the debug output  
could loop for a very long time with invalid data.  
Y
-
Y
Y
This issue has been resolved.  
Switching,  
IP Gateway  
The x900 series switches did not send an ICMP Redirect packet when they  
received a packet and the route to the packets destination was back to the  
packets sender. The switches routed the packet back to the source but did  
not send an ICMP Redirect message.  
-
-
-
-
This issue has been resolved. The x900 series switches now send an ICMP  
Redirect message.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
24  
CR  
Module  
TTY  
Level  
3
Description  
When prompted to enter a file name while using the command line file  
editing utility, no more than 23 characters could be typed, even if the  
existing characters were deleted using the backspace key.  
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
CR00008122  
This issue has been resolved.  
Firewall  
3
The command enable firewall notify=port port=asyn-number was not  
available on switches, only on routers. If a user created a configuration on  
a router and used this option, the configuration had to be modified if  
transferred to a switch.  
Y
CR00008378  
This issue has been resolved. The notify=port option and the port  
parameter are now available on switches. However, these port parameters  
have been deprecated in favour of the asyn parameters, so warning  
messages are printed to indicate this if the commands are used.  
Switching  
3
When the commands enable switch port=number automdi and  
disable switch port=number automdi were executed from a telnet  
session, some INFO messages were output to the asyn0 console session  
instead of the telnet session.  
-
-
-
-
-
-
-
-
Y
Y
-
CR00009086  
This issue has been resolved.  
STP, SNMP  
3
3
Previously, newRoot and topologychange traps (located at  
1.3.6.1.2.1.17.0) were only generated by the bridging module.  
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00010144  
CR00010229  
This has been extended to the STP module. Please note that this applies  
only to standard STP, not Rapid STP.  
Install, SNMP  
Previously, MIB objects instRelMajor, instRelMinor and instRelInterim values  
were only correct for bootrom (default) builds.  
Y
Y
Y
This issue has been resolved. Now the correct values are returned for these  
objects when the current install matches the temporary or preferred install.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
25  
CR  
Module  
Install  
Level  
3
Description  
If a user attempted to enter a filename with an invalid format, the resulting  
error message did not correctly describe the format that should have been  
used. Also, the router or switch returned an incorrect error message when  
a user attempted to delete a non-existent release licence file.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00010306  
These issues have been resolved.  
BGP  
3
3
3
Previously, it was possible to enter bad BGP peer IP addresses, such as  
0.x.x.x, 127.x.x.x and 255.255.255.255.  
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
-
Y
-
Y
-
CR00010315  
CR00010465  
CR00010538  
This issue has been resolved.  
Switching  
Firewall  
The “?” help for the command show switch sock=con inst=value  
showed a maximum value of 4294967295.  
Y
-
This issue has been resolved. Valid instance values are 0 and 1.  
When firewall events were recorded in the Notify queue (displayed in  
output of the command show firewall event=notify), the IP address  
shown would be the address of the very first packet that belonged to that  
event flow. For example, if 64 host scan packets were required to trigger a  
host scan event and the first packet had a target IP of 1.1.1.1 and the 64th  
had an IP of 1.1.1.64, then the IP address recorded would be 1.1.1.1, even  
though the event was not actually recorded until the 64th packet arrived.  
Additionally, the source and destination ports in this display would always  
show as 0.  
Y
Y
Y
-
-
Y
These issues have been resolved.The IP addresses shown are now those of  
the particular packet that triggered the event notification, and the source  
and destination ports match the actual ports used by that packet.  
PPP  
3
If the router or switch received an Echo-Request that did not comply with  
RFC 1661, it processed and replied to the Echo-Request.  
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00010976  
This issue has been resolved. Non-complying Echo-Requests are now  
ignored.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
26  
CR  
Module  
PPP  
Level  
3
Description  
PPP incorrectly ACKed a LCP ConfigureRequest containing the Magic-  
Number option with a value of 0.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
Y
Y
Y
CR00010979  
This issue has been resolved.  
PPP  
3
3
If the router or switch received an incorrectly formatted PAP request packet,  
it used to process the packet. This issue has been resolved—now it silently  
discards the packet.  
Y
CR00010984  
CR00011223  
Also, if the router or switch received a PAP request packet with a zero  
length user ID, it used to send the packet to the authentication database.  
This issue has been resolved—now it NAKs the packet.  
Core  
On AT-8948 and AT-9924SP switches with an empty PSU bay, an SNMP  
walk through of the fanAndPsPsuStatusTable would display lines for the  
non-existent PSU, with the value of “no such instance”.  
-
-
-
-
-
-
-
-
Y
Y
-
This issue has been resolved. The walk through now only includes installed  
PSUs.  
GUI  
3
3
Some of the features supported in the web-based GUI did not have a  
complete set of online help pages generated for them.  
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
Y
Y
Y
Y
Y
-
Y
Y
Y
Y
CR00011259  
CR00011315  
This issue has been resolved.  
IP Gateway  
When the limit for the number of IP interfaces was reached and a user tried  
to add another IP interface over a VLAN, the router or switch displayed the  
following misleading error message:  
Y
Y
Error (3005273): No more VLAN interfaces may be added.  
This issue has been resolved. The error message is now:  
Error (3005273): No more IP interfaces over VLANs may be added.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
27  
CR  
Module  
Ping  
Level  
3
Description  
When the router or switch pinged a host whose hostname consisted only  
of the digits 0-9 and the letters A-F, it treated the given hostname as a  
hexadecimal IPX address even if the hostname was in the host list.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00011438  
This issue has been resolved. Now, when the router or switch pings a host  
using a hostname, it checks the hostname in the host list first. If it does not  
find the host in the host list, then it treats the hostname as an IPX address.  
Firewall  
3
When a firewall UDP session starts up, the session timeout should be 5  
minutes for the first 5 packets of the session, then change to the configured  
UDP session timeout value. Previously, the timeout changed after the 6th  
UDP packet belonging to that session, instead of after the 5th packet.  
-
-
-
-
Y
CR00011824  
This issue has been resolved.  
IP Gateway  
Classifier  
3
3
The command show ip cassi command is obsolete but was still available.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012066  
CR00012168  
This issue has been resolved. The command has been removed from the  
command line. To obtain the same information, use the command show  
conf dyn=ip.  
Output of the show classifier command displayed only the hexadecimal  
protocol value for IP SNAP, instead of also displaying the protocol name.  
This issue has been resolved. The output now displays:  
0000000800 (IP SNAP)  
OSPF, GUI  
STP  
3
3
If there were virtual OSPF interfaces, then the OSPF Interfaces GUI page  
showed all interfaces as belonging to the backbone area (0.0.0.0).  
Y
-
Y
-
Y
-
Y
Y
-
Y
Y
Y
Y
Y
Y
-
Y
Y
Y
Y
CR00012885  
CR00013352  
This issue has been resolved.  
The help displayed by the command set stp port=all ? listed some  
Y
Y
parameters twice.  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
28  
CR  
Module  
Level  
3
Description  
IP Gateway  
Once a default local IP address had been set, it could not be deleted. This  
was because the default interface does not have an interface number, but  
to delete a local interface, the user must specify the interfaces number.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013494  
This issue has been resolved, by adding an option called default to the  
delete ip local command. To delete the default local interfaces address,  
use the command:  
delete ip local=default  
Note that this resets the interface, including removing its IP address, but  
does not remove the interface itself.  
DHCP  
3
If a user attempted to add a policy option to a DHCP policy by using the set  
command instead of the add command, then the resulting error message  
did not clearly indicate the cause of the error.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013543  
For example, entering the command:  
set dhcp policy=test arptimeout=234  
resulted in the error message:  
Error (3070061): ARPTIMEOUT not found.  
This issue has been resolved. The error message now reads:  
Error (3070279): Option ARPTIMEOUT was not found in policy test or  
was not added using the ADD DHCP POLICY command.  
Ping,  
Traceroute  
3
3
In the set trace command, it was possible to specify a minimum TTL value  
that was higher than the maximum TTL value.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013635  
CR00013637  
This issue has been resolved. The minttl and maxttl parameter are now  
checked to ensure that the value of minttl is less than or equal to the value  
of maxttl.  
Ping,  
Traceroute  
If the value specified for the minimum time-to-live parameter (minttl) of  
the traceroute command exceeded the value set for the maximum time-  
to-live parameter (maxttl), the router or switch would attempt to execute  
the trace rather than generate an error message.  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
29  
CR  
Module  
Level  
3
Description  
EPSR, SNMP  
When a user destroyed an EPSR domain, SNMP Requests returned  
information about the domain even though it no longer existed.  
-
-
-
-
-
-
-
-
Y
Y
Y
Y
-
CR00013832  
This issue has been resolved.  
Ping,  
Traceroute  
3
If a user attempted to perform a traceroute without specifying the address  
to trace (either in the trace or set trace commands), the router or switch  
attempted to trace 0.0.0.0.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013920  
This issue has been resolved. The router or switch now displays an error  
message.  
VRRP, GUI  
PPP  
3
3
The VRRP priority could not be modified through the GUI—the priority  
option was there but did nothing.  
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
Y
Y
-
Y
-
-
Y
Y
Y
Y
CR00014103  
CR00014137  
This issue has been resolved.  
A PPPoE Access Concentrator service that had been added by using the  
acinterface parameter to specify a VLAN (or by using the deprecated vlan  
parameter) could be deleted without specifying the acinterface parameter  
(or the deprecated vlan parameter).  
Y
Y
This issue has been resolved.  
3
RSTP (correctly) only uses the top 4 of the available 16 bits for the bridge  
priority. If a user enters a value that is not a multiple of 4096, the switch  
rounds the value down. Previously, the switch did not inform users when it  
rounded the value.  
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
CR00014159  
This issue has been resolved. The switch now displays an info message  
when it rounds the bridge priority.  
Note that this only happens for RSTP. STP uses all 16 bits for the bridge  
priority.  
OSPF  
3
When OSPF was disabled and a BGP redistribution definition existed, then  
the obsolete command set ospf bgplimit=limit did not update the limit  
in the BGP redistribution definition. This meant that the limit was incorrect  
when OSPF was enabled again.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014203  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
30  
CR  
Module  
LLDP  
Level  
3
Description  
The help displayed for the LLDP port parameter (in such commands as  
show lldp port=?) incorrectly indicated that the port parameter is a  
“string 1 to 255 characters long”. The port parameter is instead an  
Ethernet switch port number or a range of numbers.  
Y
Y
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014304  
This issue has been resolved. The help is now correct.  
Ping  
3
The maximum value for the delay parameter of the ping command was  
Y
Y
CR00014330  
too long.  
This issue has been resolved by changing the range for the delay from  
0-4294967295 to 0-604800. This new maximum is the number of seconds  
in one week.  
Switching,  
RSTP, SNMP  
3
3
3
Previously, an incorrect value was returned for the port number when  
responding to an SNMP Request for MIB object dot1dSTPRootPort.  
-
-
-
Y
-
Y
-
Y
-
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
CR00014879  
CR00015466  
CR00016183  
This issue has been resolved.  
Core, Install,  
PoE  
The output of the show cpu command on the AT-8624POE switch showed  
relatively high CPU usage when the device was idle.  
-
-
-
This issue has been resolved.  
File  
If a user attempted to delete a locked file, such as the currently-installed  
GUI resource file, the router or switch displayed both an operation error  
message and an operation successful message.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved by removing the incorrect operation successful  
message.  
OSPF  
3
Previously, OSPF logged the same message for two separate errors. These  
errors were when OSPF rejected a database description message because:  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016429  
the neighbour was in a state of “down” or “attempt”, or  
the MTU received from the neighbour was larger than the receiving  
system could handle.  
This issue has been resolved. Separate error log messages are now  
generated for these two errors.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
31  
CR  
Module  
PPP  
Level  
3
Description  
It is valid to use the command create ppp=number to create a PPP  
interface without specifying the underlying layer 1 interface. However,  
executing this command, or including it in a boot script, resulted in an error.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
Y
Y
Y
CR00016452  
This issue has been resolved.  
IPv6  
3
If IPv6 was disabled and a user entered any of the following commands:  
Y
CR00016578  
add ipv6 interface  
add ipv6 6to4  
add ipv6 tunnel  
create ipv6 interface  
enable ipv6 advertising  
then the router or switch correctly displayed a warning message to indicate  
that IPv6 was disabled and also correctly performed the specified  
configuration. However, it did not display an “Operation successful”  
message to indicate that the configuration had changed.  
This issue has been resolved. The router or switch now displays the  
“Operation successful” message as well as the warning message.  
ATM  
3
Sometimes, the router displayed the following error message:  
Y
-
-
-
-
-
-
-
-
-
-
CR00016735  
Internal Error: speed mismatch causing transmit internal rate underrun  
error.  
This was due to a mismatch in the synchronisation between the internal  
rate of the ATM controller in the CPU and the speed of the ATM PHY  
connector. This synchronisation mismatch had a small impact on ATM  
performance.  
This issue has been resolved.  
TTY  
3
If a user was accessing the router or switch via telnet, and sent a ^P (break)  
character followed by the character d or D, then the router or switch  
displayed an unwanted diagnostic message.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016925  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
32  
CR  
Module  
Level  
3
Description  
Port  
Authentication  
On termination of an 802.1x session, an accounting message is sent to the  
Radius server. This enhancement implements the Acct-Input-Octets,  
Acct-Output-Octets, Acct-Input-Packets, and Acct-Output-Packets fields in  
the message.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00017019  
Note that this enhancement only applies to ports in single-supplicant mode.  
These fields in the accounting message for ports in multi-supplicant mode  
still all have a value of 0.  
Level 4  
CR  
Module  
Level  
4
Description  
GUI, Switch  
The Diagnostics > Layer 2 Forwarding Database page of the GUI displayed  
extra internal (SYS or CPU) entries.  
Y
Y
Y
Y
Y
CR00011228  
This issue has been resolved. The GUI and the command show switch fdb  
now display the same information.  
Switch  
4
Previously, if you used the ? or Tab keys to obtain help for the set switch  
ageingtimer command, the resulting help said that valid entries were from  
0 to 4294967295. However, the correct range of values is from 16 to  
4080 seconds for AR750S routers and from 10 to 630 seconds for AR770S  
routers.  
Y
CR00013409  
This issue has been resolved. The “?” help now displays the correct ranges.  
OSPF  
TTY  
4
4
The command purge ospf did not delete OSPF redistribution definitions.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014205  
CR00014302  
This issue has been resolved.  
If the router or switch configuration file contained the command set tty  
idle, the router or switch produced a corrupted log message when it  
started up.  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
33  
Enhancements  
CR  
Module  
Level  
-
Description  
BGP  
The BGP counter output display has been significantly improved. Also, the  
command show bgp counter=all now prints out the RIB, UPDATE, DB and  
PROCESS counters.  
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
-
-
Y
-
Y
-
Y
CR00012822  
MACFF,  
-
MAC-forced forwarding has been enhanced for use in a hospitality  
situation, such as a hotel. The enhanced solution allows hotel guests to  
connect to the network without having to change their IP settings, while  
still ensuring privacy for each guest. Typically some guests will obtain their  
IP address from the hotel's DHCP server and others will have statically  
configured IP addresses in their PCs.  
Y
Y
-
CR00016099  
DHCP  
Snooping  
The solution is designed to interoperate with a specialised Access Router  
that is able to deal with the full range of IP addresses that will be in use on  
the guests' PCs. The Nomadix Access Gateway (from www.nomadix.com)  
is an example of such a specialised access router.  
Configuration of the new feature is similar to the existing MAC-forced  
forwarding configuration. On each edge switch, you also need to enter the  
following new command before enabling DHCP snooping:  
disable dhcpsnooping ipfiltering  
You also need to turn on ARP security and allow authorised clients to send  
only unicast packets, by entering the following commands:  
enable dhcpsnooping arpsecurity  
enable dhcpsnooping strictunicast  
This enhancement also introduces the ability to add MACFF servers with  
static MAC addresses, rather than relying on ARP to determine them based  
on IP addresses. To do this, enter the command:  
add macff server mac=macaddr  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
34  
CR  
Module  
Level  
-
Description  
This software release supports the new x900-48FS switch. For an overview  
of the switch, see “Support for the new x900-48FS switch—CR00016662”  
on page 92.  
-
-
-
-
-
-
-
-
Y
Y
Y
-
-
-
CR00016662  
CR00016891  
CR00017335  
CR00017937  
PPP  
-
-
-
This enhancement enables the PPPoE client to establish a session promptly  
after a restart or power cycle. This is done by sending a PPPoE Active  
Discovery Terminate (PADT) frame in response to a frame received with an  
unknown PPPoE session ID.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
-
Y
Y
Y
CR00016913  
CR00017197  
CR00017395  
SSH, User,  
RADIUS  
SSH sessions to the router or switch can now be authenticated via RADIUS.  
The router or switch attempts to authenticate an SSH user via RADIUS if the  
user to be authenticated is not configured in the local user database and  
the router or switch has RADIUS configured.  
Y
-
Y
-
Firewall  
This enhancement enables the firewall to establish accurate MSS  
(Maximum Segment Size) values for TCP sessions without using the MTU  
discovery process. MTU discovery depends on ICMP error packets, so does  
not work in networks that do not forward ICMP error packets.  
To enable this feature, use the command:  
enable firewall policy=name adjusttcpmss  
The adjusttcpmss parameter enables the firewall to adjust the MSS value  
stored inside incoming TCP SYN packets, to reflect the lower of the two  
MTU values on the ingress and egress interfaces. Normally, for example, if  
a TCP SYN packet arrives from an interface with an MTU of 1500 and leaves  
on an interface with an MTU of 1000, the MSS inside the SYN packet will  
remain at 1460. When this feature is enabled, the MSS will be adjusted to  
960 because the firewall knows that the egress interface has a smaller  
MTU. Note that the firewall does not change the original MSS value if it is  
already lower than the values of the ingress and egress interfaces.  
To disable this feature, use the command:  
disable firewall policy=name adjusttcpmss  
This feature is disabled by default.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-08  
35  
CR  
Module  
Level  
-
Description  
IGMP  
Snooping  
The IGMP snooping fast leave option has been enhanced, to make it  
available when multiple clients are attached to a single port on the  
snooping switch. For configuration information, see “IGMP snooping fast  
leave in multiple host mode—CR00017482” on page 93.  
Y
Y
-
-
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
CR00017482  
WAN Load  
Balancing  
-
-
WAN load balancing can now also balance traffic across IP interfaces that  
are configured on VLANs. This means it is now available for the following  
IP interfaces:  
-
-
CR00017532  
CR00017701  
eth (such as eth0)  
ppp (such as ppp0)  
vlan (such as vlan1)  
IGMP  
IGMP filtering is now available on AT-8600 series switches.  
-
-
-
-
-
-
Y
-
-
-
For more information, see the IP Multicasting chapter of the switchs  
Software Reference, or How To Configure IGMP for Multicasting on Routers  
and Managed Layer 3 Switches, available from www.alliedtelesis.com/  
resources/literature/howto.aspx.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-07  
36  
Features in 291-07  
Software Maintenance Version 291-07 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:  
“Y” indicates that the resolution is available in Version 291-07 for that product series.  
” indicates that the issue did not apply to that product series.  
Level 1  
No level 1 issues  
Level 2  
CR  
Module  
Level  
2
Description  
IP Gateway  
If two routes to the same destination were present in a switch, and the  
route of lower preference was deleted (in other words, the route whose  
details were present in the hardware routing database), then the hardware  
routing database was not updated with the remaining route as it should  
have been. This could cause serious routing issues.  
-
-
-
-
-
-
-
-
-
Y
Y
CR00017869  
This issue has been resolved so that hardware routing database updates are  
carried out correctly.  
Switch  
2
Running the command show switch tab=ip could result in a reboot if a  
-
-
-
-
-
-
-
-
-
Y
Y
CR00018039  
large number of routes (10,000 or more) were present on the switch.  
This issue has been resolved so that the command can run no matter how  
many routes are present on the switch. However, the output from the  
command may be truncated due to buffer space restrictions.  
Level 3  
No level 3 issues  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-06  
37  
Level 4  
No level 4 issues  
Enhancements  
No enhancements  
Features in 291-06  
Software Maintenance Version 291-06 provided support for the new Rapier 48w switch. For more information, see “Support for the new Rapier 48w switch” on  
page 95.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
38  
Features in 291-05  
Software Maintenance Version 291-05 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:  
“Y” indicates that the resolution is available in Version 291-05 for that product series.  
” indicates that the issue did not apply to that product series.  
Level 1  
No level 1 issues  
Level 2  
CR  
Module  
Level  
2
Description  
IGMP  
Snooping  
When a port left a multicast group, the router or switch assigned the All Groups  
port to that multicast group. This could be seen in the output of the command  
show ip igmp—the list of ports for the group would include the All Groups port.  
Y
Y
-
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
CR00007737  
This issue has been resolved.  
WAN load  
balancer,  
Firewall  
2
The router rebooted if a user cleared all active WAN load balancer sessions on a  
router that had more than approximately 15000 active sessions.  
Y
-
CR00010003  
CR00011533  
This issue has been resolved  
Also, the maximum session limit for the WAN load balancer should be 2 * the  
firewall session limit. On AR415S and AR442S routers, users can increase the  
firewall session limit by adding special feature licenses. Previously, if the firewall  
session limit changed, it was necessary to reboot the router to update the WAN  
load balancer session limit.  
This issue has been resolved. The WAN load balancer limit now updates when  
you enable the firewall session license.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
39  
CR  
Module  
VLAN  
Level  
2
Description  
Previously, it was possible to destroy a VLAN when it was configured as an IP  
interface.  
Y
Y
-
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
CR00012980  
This issue has been resolved. Now, you can only destroy a VLAN if it has no IP  
configuration.  
IPsec  
2
The router or switch would establish IPsec Security Associations (SAs) if ISAKMP  
was enabled but IPsec was disabled.  
Y
-
CR00013041  
This issue has been resolved. The router or switch only sets up SAs if IPsec is  
enabled.  
User,  
802.1x  
2
2
If the reauthentication period for 802.1x port authentication was set to less than  
20 seconds, the router or switch sometimes rebooted.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013500  
CR00013527  
This issue has been resolved.  
OSPF  
When the router or switch produced an OSPF type 7 LSA, it sometimes specified  
a route out of an interface that was down. This would stop the router or switch  
from forwarding traffic to the routes destination.  
This issue has been resolved.  
GUI  
SHDSL  
OSPF  
2
2
2
Previously, some GUI pages did not display correctly in version 7 of Internet  
Explorer.  
-
-
-
-
-
Y
-
-
-
-
-
CR00014344  
CR00014851  
CR00014955  
This issue has been resolved.  
Very occasionally, an AR442S router would reboot if SHDSL interface train-up  
took an excessively long time.  
Y
Y
-
-
-
-
-
-
-
-
This issue has been resolved.  
The router or switch sometimes rebooted when converting OSPF type 7 LSAs to  
type 5 LSAs. This issue has been resolved by increasing the robustness of the  
translation mechanism.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
40  
CR  
Module  
Firewall  
Level  
2
Description  
When only NAT was enabled on the firewall, during some TCP connections in  
which either end of the connection sends FIN (finished) messages immediately  
after sending some data and the other end ACKs (acknowledges) the data and  
the FIN message consecutively, the firewall sometimes incorrectly interpreted the  
first ACK message (intended for the data) as belonging to the FIN message and  
prematurely shut the connection down. This could prevent the firewall from  
opening up new connections using the same port numbers.  
Y
Y
Y
Y
Y
-
-
-
-
Y
CR00015569  
This issue has been resolved.  
BGP,  
2
When BGP learned new best routes for a particular destination, it did not always  
clear any active IP flows that used the previous best route. Therefore, the router  
or switch continued to forward traffic sub-optimally.  
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00015592  
IP Gateway  
This issue has been resolved. Now, when BGP inserts new routes into the IP route  
table, it deletes all active route flows, so any active flows change to using the new  
route. The time taken to delete a full table of IP flows has also been greatly  
reduced.  
Switch  
Switch  
VRRP  
2
2
2
Sometimes IP routed traffic would be sent out the correct port, but with the  
destination MAC of another device on the network. This issue was most likely to  
occur in configurations that use multi-homed interfaces on multiple VLANs for  
end devices.  
-
-
-
-
-
-
-
Y
Y
Y
Y
Y
Y
-
CR00015736  
CR00015822  
CR00015861  
This issue has been resolved.  
When the command enable ip macdisparity was used, and a static ARP entry  
was configured with an L2 multicast MAC address, the switch should have  
broadcast traffic to that multicast MAC address out all ports in the VLAN. This  
was not happening.  
-
-
-
-
-
-
-
-
This issue has been resolved.  
After manually disabling the master VRRP router, sometimes a backup router that  
should assume master status would not do so, and VRRP would cease to function  
properly.  
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
41  
CR  
Module  
DHCPv6  
Level  
2
Description  
For DHCPv6, the router or switch now supports Prefix Delegation according to  
RFC 3633. The previous implementation was according to an Internet draft and  
did not interoperate with other DHCPv6 implementations.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
Y
Y
Y
CR00015938  
This issue has been resolved.  
DHCPv6  
2
The DHCPv6 client regularly wrote the file client6.dhc, which over time caused  
unnecessary Flash compactions.  
Y
CR00015974  
This issue has been resolved. The DHCPv6 client now only writes the file when  
the contents are different from the previous time that the file was written. This  
greatly reduces the number of Flash compactions caused.  
DHCPv6  
TPAD  
2
2
DHCPv6 authentication did not work correctly.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
-
Y
-
Y
-
Y
-
CR00015984  
CR00015989  
This issue has been resolved. You can now configure the router or switch to  
authenticate DHCPv6 exchanges.  
When using the TPAD autodial feature and sending multiple transactions over a  
TCP/IP connection, the router or switch responded to good APACS packets by  
sending an ACK. This ACK was unnecessary and could cause interoperability  
issues.  
This issue has been resolved. The router or switch no longer sends the ACK in  
these circumstances.  
IP Gateway,  
Firewall  
2
2
Previously it was not possible to add a static ARP entry for the corresponding  
partner address of a /31 subnet interface.  
Y
Y
Y
-
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
CR00016034  
CR00016060  
This issue has been resolved. The router or switch will now also allow /31 ARP  
requests to pass through the firewall.  
IGMP  
If a port was disabled from being an All Routers group port for IGMP, and that  
port received All Routers group traffic, it would incorrectly be added to the All  
Routers group.  
Y
Y
Y
Y
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
42  
CR  
Module  
Level  
2
Description  
IPsec, IPv6  
When the icmptype parameter was changed to none for an IPv6 IPsec policy, an  
incorrect ICMP type value was displayed in output of the command show config  
dyn and saved in the configuration file produced by the command create  
config.  
Y
Y
Y
Y
Y
Y
-
-
-
-
-
-
-
-
-
-
CR00016128  
This issue has been resolved.  
GUI, Firewall  
2
When configuring the firewall with the GUI, the Policy options tab did not  
update its display when options were changed from the default settings. For  
example, if the user cleared a checkbox and clicked the Apply button, the router  
correctly turned off that option, but the GUI showed a check in the checkbox.  
-
-
-
-
CR00016180  
This issue has been resolved.  
Core  
SYN  
2
2
The router or switchs handling of soft errors has been further improved. Soft  
errors are spontaneous changes in the information stored in a digital circuit,  
caused by physical effects.  
Y
Y
Y
-
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
CR00016200  
CR00016288  
The polarity of the CD output of RS-232 DCE and V.35 DCE SYN cables was  
reversed—it was ON when OFF was selected and vice-versa.  
This issue affected AR750S, AR770S, and AR44xS series routers.  
This issue has been resolved.  
Load  
2
2
The upload command did not always work if the server parameter was set with  
the set load command instead of being specified in the upload command.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016303  
CR00016327  
This issue has been resolved.  
IP Gateway  
If a policy filter was configured, ping sometimes failed. This happened because  
the router or switch assigned the ICMP echo replies to an IP flow without  
checking that the interface for the echo replies matched the interface for the  
flow. Therefore, the router or switch could use the wrong flow to forward the  
replies.  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
43  
CR  
Module  
DHCPv6  
Level  
2
Description  
If an IPv6 DHCP client was forced to rebind to a router or switch acting as a DHCP  
server, the server returned incorrect timing parameters to the client. Some clients  
were able to cope with this, but others could end up losing their DHCP lease.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
Y
Y
Y
CR00016364  
This issue has been resolved.  
DHCPv6  
2
The following issues occurred with DHCPv6:  
Y
CR00016365  
The option IDs for DNS name server and domain search list were incorrect. This  
caused interoperability issues with other implementations.  
The domain names specified in the domain name option were encoded  
incorrectly. This caused interoperability issues with other implementations.  
If a user entered two DNS servers for a DHCPv6 policy, then saved the  
configuration, the command was not saved correctly. When the router or  
switch ran the configuration on start-up, it added only the second DNS server  
to the policy.  
These issues have been resolved.  
IGMP Proxy,  
Switch,  
IP Gateway  
2
If IGMP proxy was enabled and multicast data was received on a downstream  
VLAN interface, that data would be transmitted to other interfaces. Also, the  
VLAN interface that received the data would forward two copies of the packet  
to other ports on that VLAN.  
Y
-
Y
Y
Y
Y
Y
Y
Y
-
CR00016379  
These issues have been resolved.  
IP Gateway  
STP  
2
2
ARP did not work correctly on logical /31 interfaces, which prevented regular IPv4  
communications from working over these logical /31 interfaces.  
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016394  
CR00016418  
This issue has been resolved.  
If the switch received IGMP packets on the non-lead port of a trunk group which  
was participating in a Spanning Tree, in some circumstances the switch would  
forward the packets out of an STP-blocked port in the trunk.  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
44  
CR  
Module  
BGP  
Level  
2
Description  
When BGP capability matching was changed to strict, that setting was not  
displayed in output of the command show config dyn or saved in the  
configuration file produced by the command create config. When the router or  
switch ran the configuration file on start-up, the capability matching setting  
reverted to the default of loose.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
Y
Y
Y
CR00016489  
This issue has been resolved.  
PPP  
2
An interoperability issue with a malfunctioning PPP peer meant that the peer  
could ACK an IP address of 0.0.0.0 when it was required to offer a valid public IP  
address.  
Y
CR00016526  
This issue has been resolved. The router or switch now refuses to accept this  
incorrect negotiation and instead resends a configure request for an IP address.  
IPv6  
Switch  
BGP  
2
2
2
The router or switch sometimes rebooted after receiving an IPv6 router  
advertisement, or after the command set ipv6 interface was entered.  
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
-
-
Y
-
Y
-
Y
-
CR00016576  
CR00016621  
CR00016698  
This issue has been resolved.  
On 48-port switches, hardware filters with the eport parameter specified did not  
always behave correctly.  
Y
-
Y
-
This issue has been resolved.  
The following issues occurred when using BGP aggregate specifications (created  
Y
Y
Y
Y
Y
Y
using the command add bgp aggregate):  
When an aggregate route was originated from routes learnt from external  
peers, and then all of the contributing child routes were withdrawn by the  
external peers, the aggregate route was not removed from the routing table.  
It could still be advertised to external peers.  
When a network or import entry (add bgp network or add bgp import)  
resulted in a route entry that had the same prefix length as the aggregate  
specification, then BGP (correctly) originated the aggregate route. However,  
deleting the network or import definition did not remove the aggregate route  
from the routing table.  
These issues have been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
45  
CR  
Module  
TCP, Telnet  
ISDN  
Level  
Description  
2
2
The speed of the output from the Telnet server has been increased.  
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
CR00016727  
CR00016762  
For AR44xS series routers with system territory set to USA, the ISDN Q.931 SPIDs  
failed to initialize to the ISDN exchange/ISDN USA profile simulator (both manual  
and auto SPIDs) after a reboot.  
-
This happened because the router did not write *.spd files to Flash memory, so  
the SPID initialization failed on reboot because the SPIDs did not exist.  
This issue has been resolved. The *.spd files are now correctly written to Flash  
memory, which allows SPIDs to initialise after a reboot.  
Bridge  
2
If an Ethernet packet, including its FCS (Frame Check Sequence), was  
encapsulated in PPP and bridged to a VLAN interface, the packet could contain  
two FCS values.  
Y
Y
Y
-
-
-
-
-
-
-
CR00016804  
This issue has been resolved.  
Frame Relay  
Firewall  
2
2
When the MTU of a Frame Relay logical interface was modified (by using the  
command set interface=fr-int mtu=value), incorrect interface and MTU  
settings were displayed in output of the command show config dyn and were  
saved in the configuration file produced by the command create config.  
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
-
-
-
-
-
-
CR00016855  
CR00016856  
When the firewall policy for an interface had a NAT type of ENAPT, the firewall  
did not correctly translate the destination addresses of incoming packets that  
matched “allow” rules.  
Y
Y
This issue has been resolved.  
Classifier  
2
When a non-default protocol was specified for a classifier, in some circumstances  
that protocol setting was not displayed in output of the command show config  
dyn or saved in the configuration file produced by the command create config.  
When the router or switch ran the resulting configuration file on start-up, the  
protocol setting was lost.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016911  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
46  
CR  
Module  
Core  
Level  
2
Description  
Some versions of the AT-G8T GBIC prevented the switch from detecting and  
setting up the AT-A47 expansion board correctly. This issue occurred on start-up  
when the GBIC was installed and had a link up.  
-
-
-
-
-
-
-
-
Y
Y
-
-
-
-
CR00016940  
This issue has been resolved.  
IP Gateway  
2
When there were multiple routes to a destination and the best route was deleted  
from the switchs hardware routing table, the switch did not use the alternative  
route. Also, the switch only used the best route, even if ECMP was supported.  
Y
Y
Y
Y
Y
Y
CR00016941  
CR00017006  
This issue has been resolved. When multiple routes exist and the best route is  
deleted from the hardware table, the switch now adds the next best route to the  
hardware table correctly. If the switch supports ECMP, all routes are now added  
to hardware, not just the best route.  
Switch  
2
Previously, the link to the AT-G8T GBIC would not come up automatically when  
its auto-negotiation slide switch was set to “on”. This was because the switch  
configured the GBIC in a fixed speed mode by default.  
-
-
-
-
-
-
-
-
-
Y
This issue has been resolved. The link now comes up automatically when the  
auto-negotiation slide switch is set to “on”. To bring the link up when auto-  
negotiation is set to “off”, use the command:  
set swi port=port-list speed=1000mf  
IGMP  
Snooping  
2
2
If a port on the router or switch joined and left many IP multicast groups, the  
router or switch sometimes did not transmit all multicast packets to all receivers.  
Y
-
-
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
-
CR00017031  
CR00017036  
This issue has been resolved.  
Switch  
In some trunk configurations, the STP state of trunks was incorrectly applied to  
non-trunk ports. This could result in incorrect traffic flows in the network. This  
issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
47  
CR  
Module  
DHCPv6  
Level  
2
Description  
DHCPv6 prefix delegation contained the followed issues:  
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00017074  
previously, the command create dhcp6 range accepted ranges with an  
invalid prefix length.  
This issue has been resolved. The router or switch now displays an error unless  
the prefix length is in the range 48-64.  
previously, when the router or switch requested a prefix to delegate to its  
appint interfaces, it could only use prefixes of length 48 or 64.  
This issue has been resolved. The requesting router or switch can now use any  
prefix that has been delegated to it, as long as the prefix length is less than or  
equal to 64 bits.  
The requesting router or switch would allocate an address to the interface  
through which it connects to the delegating router or switch.  
This issue has been resolved. The router or switch no longer does this.  
IPsec  
2
When entering the command set ipsec policy, the value of the  
respondsetbadspi was incorrectly reset to its default of false, unless it was also  
included in the set command.  
Y
Y
Y
Y
Y
-
-
-
-
-
CR00017076  
This issue has been resolved.  
IP Gateway  
Telnet  
2
2
When the router or switchs Local address was pinged, the router or switch  
responded from the interface address of the interface through which it received  
the ping, instead of the Local address to which the ping was sent. This issue has  
been resolved.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
CR00017146  
CR00017151  
When Reverse Telnet was enabled the command shell was (correctly) disabled on  
all ASYN ports apart from ASYN0. However when Reverse Telnet was disabled  
again, the command shell was not re-enabled on the other ASYN ports.  
This issue has been resolved.  
VLAN, IGMP  
Snooping  
2
When a user configured IGMP static router ports, the configuration file produced  
by the command create config could be invalid. When the router or switch ran  
the resulting configuration file on start-up, it produced an error instead of  
configuring the router ports.  
Y
-
Y
Y
Y
Y
Y
Y
Y
Y
CR00017239  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
48  
CR  
Module  
Level  
2
Description  
WAN Load  
Balancer  
If two WAN load balancer healthcheck hosts were defined, and one was  
unreachable and the other was reachable, WAN load balancer resources were  
(correctly) in the UP state because at least one healthcheck host was reachable.  
However, removing the reachable host (by using the command delete wanlb  
healthcheck) should have changed the WAN load balancer resources to the  
DOWN state, but did not.  
Y
Y
Y
-
-
-
-
-
-
-
CR00017257  
This issue has been resolved. If the only healthcheck host available is unreachable  
and the resource is currently in the UP state, the next unreachable healthcheck  
received from that host now forces the resource to the DOWN state.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
49  
Level 3  
CR  
Module  
Core  
Level  
3
Description  
Some early software versions, on some products, supported the command show  
system temperature. This command was deprecated after version 2.6.4. If a  
user entered this command on any product, the following message was  
displayed:  
Y
Y
-
Y
-
-
Y
-
-
Y
CR00008225  
Info (1034107): SHOW SYSTEM TEMPERATURE is no longer available. Please  
use SHOW SYSTEM ENVIRONMENTAL instead.  
However, only the following products use the show system environmental  
command to display the temperature: AR750S and AR770S routers, and  
AT-8600, AT-8800, AT-8948, x900-48, and AT-9900 series switches.  
Other products use show system instead. On the other products, the above  
error message was incorrect because it stated that the show system  
environmental command was available.  
This issue has been resolved. On products that do not use show system  
environmental, the following error message is displayed if you enter the show  
system temperature command:  
Info (1034090): Command unavailable on this product.  
File  
3
3
If a user tried to copy a small file (less than 32 bytes) in Flash when there was not  
enough free Flash space for the file and its header, the router or switch did not  
generate an error message, and the copying could appear to have succeeded.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00009036  
This issue has been resolved. The error message:  
Insufficient space to store file [file name]  
is now displayed under those conditions.  
Core  
The show cpu statistics were unnecessarily inaccurate. For example, a router or  
switch that was effectively idle showed a CPU usage of 10% to 12%.  
-
-
-
-
-
-
-
-
CR00010518  
CR00010710  
This issue has been resolved. When the router or switch is effectively idle, the CPU  
usage now displays as less than 5%.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
50  
CR  
Module  
Level  
3
Description  
PIM, PIM6,  
ECMP  
Previously, the switchs count of PIM4 and PIM6 bad Bootstrap Messages (BSMs)  
could be high, because the switch forwarded BSMs over interfaces that  
contained an Equal Cost Multipath (ECMP) route to the receiving interface.  
-
-
-
-
-
-
-
Y
Y
-
CR00011629  
This issue has been resolved. BSMs are no longer forwarded via all interfaces  
contained in an ECMP group, but only via one interface in the group.  
IGMP  
PPP  
3
3
When an IGMP filter was destroyed, switch ports that used the filter did not have  
their IGMP filter setting returned to “None”.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
Y
Y
Y
Y
Y
CR00012495  
CR00014324  
This issue has been resolved.  
The interface MIB ifInOctets and ifOutOctets counters displayed by the show  
ppp counter command incorrectly included the lower layer framing octets and  
were 5 octets per frame greater than they should have been.  
This issue has been resolved.  
QoS,  
DHCP  
snooping  
3
3
DHCP snooping accepted a minimum of one new client per QoS flow group,  
instead of a minimum of one new client per port. This meant that DHCP  
snooping sometimes did not respect the lease limit (maxlease) on a port.  
-
-
-
-
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
-
-
CR00014919  
CR00015092  
This issue has been resolved.  
ATM  
Previously, the information output by the “?” help for the ATM channel pcr  
Y
parameter was incorrect.  
This issue has been resolved. The “?” help now displays:  
required - decimal in the range 32-155000 (dependant on physical interface)  
If you enter a value larger than the maximum PCR allowed on a specific physical  
interface, the router now displays the following message for ADSL:  
The PCR supplied was too large, the maximum is 1024  
and the following message for SHDSL:  
The PCR supplied was too large, the maximum is 4608  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
51  
CR  
Module  
ASYN  
Level  
3
Description  
Under some circumstances, when a PC terminal emulator was opened to  
communicate with a router or switch after the router or switch had fully booted  
up, the login prompt did not immediately display. To display the login prompt, it  
was necessary to remove and re-insert the cable. This issue applied to all models’  
ASYN ports except ports on the AR024 PIC.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015558  
This issue has been resolved.  
DHCP6  
3
In the command create dhcp6 range, the ip parameter correctly has the syntax  
prefix1[-prefix2]. However, the second prefix was previously not optional.  
-
-
Y
CR00015690  
This issue has been resolved, so that the second prefix (of the form ipv6address/  
prefixlength) is no longer required. If you do not enter a second prefix, it is now  
calculated from the first prefix. The second prefix has the same prefix length at  
the first and has all 1s in the non-significant part of the address. For example, the  
second prefix for 3ffe:1:2:3::/64 would be 3ffe:1:2:3:ffff:ffff:ffff:ffff/64.  
SNMP, Switch  
3
3
The SNMP objects dot3StatsSQETestErrors and dot3StatsCarrierSenseErrors are  
not supported on AR750S, AR410, and AR450S routers. Previously SNMP GET  
got a random value for these objects.  
Y
Y
-
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00015881  
CR00015969  
This issue has been resolved. SNMP GET now gets 0 for these objects.  
WAN load  
balancer  
After the command reset wanlb resource=all was entered, WAN load balancer  
resources would show their state as “UP” even if the underlying IP interface was  
down.  
Y
This issue has been resolved.  
DHCPv6  
3
3
When a DHCPv6 client was soliciting for servers, the selection of the best server  
did not proceed in the way specified by the RFC.  
Y
-
Y
-
Y
-
Y
-
Y
Y
-
-
-
-
Y
-
Y
-
Y
-
CR00016001  
CR00016177  
This issue has been resolved.  
Switch, MIB  
The default value of the MIB object ifJackType for the GBIC slot on AT-8800 series  
switches was incorrect if no GBIC card was plugged in.  
This issue has been resolved. The default value is now “other(1)”.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
52  
CR  
Module  
QoS  
Level  
3
Description  
If a QoS policy uses the same classifier more than once, the router or switch now  
displays a warning message. You should not use a classifier more than once in a  
policy because the operation of such policies is unpredictable.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
Y
Y
Y
Y
CR00016228  
DHCPv6  
3
For the command create dhcp6 range, DHCPv6 now checks that the specified  
Y
CR00016463  
address or prefix range is valid for the specified type of range.  
Valid options are:  
address1-address2 (e.g. 3ffe:1:2:3:4:5::1-3ffe:1:2:3:4:6::ffff)  
This is a range of addresses for address assignment (type=normal or  
type=temporary).  
address/prefixLen (e.g. 3ffe:1:2:3:4:5::/96)  
This is a range of addresses for address assignment (type=normal or  
type=temporary).  
address/prefixLen-address/prefixLen (e.g. 3ffe:1:2::/48-3ffe:1:40::/48)  
This is a range of prefixes for prefix assignment (type=pd).  
Core  
Core  
3
3
For revision M1 of AR770S routers, the low-end threshold for monitoring the 1.2  
volt rail was too high. This caused power supply monitoring false alarms.  
-
-
-
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00016799  
CR00017008  
To check the router revision, use the command show system and check the  
“Rev” entry underneath the time and date.  
This issue has been resolved—the threshold is now correct.  
Revisions M3-1and later of the AR745 router do not support Redundant Power  
Supplies. Therefore, for these routers, RPS monitoring information has been  
removed from output of the command show system, and it is no longer  
possible to use the command set sys rpsmonitor.  
Y
-
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
53  
Level 4  
CR  
Module  
IGMP  
Level  
4
Description  
If a static IGMP port went link down, it was not shown in the “Static Ports” list  
Y
-
Y
-
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
CR00000396  
in the output of the show ip igmp command. This was only a display issue.  
This issue has been resolved.  
Install  
4
It is no longer possible to specify a compact flash file as the boot configuration  
file. If the command set config=cf:filename.cfg is entered, the router or switch  
does not change the current boot configuration file and instead displays the  
following error message:  
Y
CR00011560  
Cannot specify configuration file in Compact Flash  
IGMP  
4
4
The list of parameters output by the “?” help for show ip igmp ? incorrectly  
included “IGMP”.  
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
CR00013976  
CR00015543  
This issue has been resolved.  
Bridge  
In output of the command show bridge spanning, the bridge identifier was  
correctly displayed as a hexadecimal number, but it was not obvious that the  
number was hexadecimal.  
This issue has been resolved. The output now has 0x in front of the hexadecimal  
number, to make it clear that it is hexadecimal.  
QoS, Switch  
4
When a QoS policy was associated with a port that was set to a speed less than  
the maximum speed of the port, a warning message would be displayed on the  
console session and in the log when the port state changed to UP. This message  
stated that the QoS policy operation may be affected by the speed setting of the  
port. Having this message displayed on the console was considered unnecessary  
and potentially confusing.  
-
-
-
Y
Y
Y
Y
Y
Y
Y
CR00016126  
CR00016451  
This issue has been resolved.The message is now only displayed in the log.  
IP Gateway  
4
When a second metric was displayed in the output of the command show ip  
route (because of OSPF, for example) this metric was truncated to 2 characters.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved. The output now displays both metrics in a field up  
to 10 characters long.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
54  
Enhancements  
CR  
Module  
Level  
-
Description  
GUI  
An ADSL connection option has been added to the Wizards page of the GUI for  
AR44xS routers. This option links to the xDSL configuration section, which lets  
you configure all basic ADSL or SHDSL settings on one convenient page.  
Y
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00014288  
If your router GUI does not open at the Wizards page, click on the Wizards  
button at the top of the left-hand menu to access it.  
PPP  
-
-
This enhancement increases the amount of time that the router or switch waits  
for a CHAP Success message. This enables the router or switch to successfully  
complete authentication, even in particularly slow networks.  
Y
Y
Y
Y
Y
Y
Y
CR00014667  
CR00015432  
The first authentication attempt still times out after 3 seconds, but the second  
attempt takes 6 seconds to time out, and any further attempts take 9 seconds.  
ADSL, GUI  
The GUI for AR440S and AR441S routers now displays statistics for the ADSL  
port. You can now see:  
-
-
-
-
-
-
-
a pop-up summary box, by clicking on the port on the System Status page  
ADSL port details, by selecting the new ADSL Statistics page in the Diagnostics  
menu  
ASDL port counters, by selecting the new ADSL Counters page under Layer 1  
Counters in the Diagnostics menu  
Software QoS,  
PPP, Ethernet,  
VoIP  
-
The router or switch now supports software QoS on PPPoE interfaces.  
Note that this enhancement is not available on AR770S routers.  
Y
Y
Y
Y
-
-
-
-
-
-
CR00016078  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
55  
CR  
Module  
Level  
-
Description  
IPsec, IPv6  
To establish a tunnelled IPsec connection for IPv6, you may need to specify the  
source IP interface in the IPsec and ISAKMP policies. This enhancement enables  
you to do so.  
Y
Y
Y
Y
Y
-
-
-
-
-
CR00016150  
To specify the source interface, use the srcinterface parameter in the  
commands:  
create ipsec policy=name <other parameters>  
set ipsec policy=name <other parameters>  
create isakmp policy=name <other parameters>  
set isakmp policy=name <other parameters>  
The global address of the source interface (if available) will be used as the local  
address of the policy.  
Load, MIBs  
-
With this enhancement, you can use SNMP to:  
set parameters for uploading files from the router or switch, and  
upload files to a TFTP server  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016221  
SNMP already lets you save the current configuration to a file on the router or  
switch. You can use this with the new options to back up the configuration to a  
TFTP server.  
For more information, see “Backing up the configuration with SNMP—  
CR00016221” on page 96.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
56  
CR  
Module  
Level  
-
Description  
DHCP  
Snooping  
This enhancement enables the router or switch to log discarded ARP requests  
when ARP security is enabled. By default, discarded ARP requests are not logged.  
To turn logging on, use the command:  
-
-
-
Y
Y
Y
Y
Y
Y
-
CR00016234  
enable dhcpsnooping log=arpsecurity  
To turn it off, use the command:  
disable dhcpsnooping log=arpsecurity  
To see whether it is enabled, use the existing command:  
show dhcpsnooping  
and check the new “Logging enabled” entry.  
To view the log entries, use the command:  
show log  
MACFF  
-
It is now possible to use MAC-forced forwarding on non-private VLANs. Because  
MAC-forced forwarding is primarily a security feature, the switch displays a  
warning message if you do so.  
-
-
-
Y
Y
Y
Y
Y
Y
-
CR00016285  
This enhancement allows you to use MAC-forced forwarding to limit broadcast  
traffic in a network where private VLANs are not appropriate.  
Switch  
MSTP  
-
-
AT-8948, AT-9900 and x900-48 series switches now support AT-SPTX tri-speed  
Cu SFPs.  
-
-
-
-
-
-
-
-
-
-
Y
Y
Y
Y
-
-
CR00016361  
CR00016437  
In the command set mstp configname=name, the switch now accepts the  
character “.” in the name.  
Y
Y
Y
Y
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
57  
CR  
Module  
Core  
Level  
-
Description  
This enhancement disables CPU fan monitoring on AT-8948 switches. Monitoring  
the fan is unnecessary unless an accelerator card is installed on the switch, so  
disabling monitoring reduces the number of messages that the switch displays  
and logs.  
-
-
-
-
-
-
-
Y
-
-
CR00016459  
To enable monitoring, use the command:  
enable cpufanmonitoring  
To disable it again, use the command:  
disable cpufanmonitoring  
When monitoring is enabled, the command show system displays the CPU fan  
status in the entry labelled “Main fan”.  
SNMP  
-
This enhancement enables you to specify whether SNMP adds 0x00 padding  
when the most significant 9 bits of an objects value are all 1, or whether the  
encoding follows the ASN.01 BER rule, which cuts off the most significant byte  
of 0xff. This setting has an impact on all integer type MIB objects, including 32  
bit and 64 bit counter objects.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016523  
To add the padding, use the command:  
set snmp asnberpadding={on|yes|true}  
For examples, see “SNMP ASN.01 BER Padding—CR00016523” on page 99.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-05  
58  
CR  
Module  
IP NAT  
Level  
-
Description  
This enhancement enables you to turn off TCP state and sequence checking in IP  
NAT. It also allows all ICMP packets go through IP NAT.  
Y
Y
Y
-
-
-
-
-
-
-
CR00016758  
To do this, use the command:  
enable ip nat bypasstcp  
When bypasstcp is enabled, IP NAT performs IP address and port translation for  
TCP packets and forwards the packets, regardless of the TCP sequence number  
and the current TCP state. It also allows ICMP echo reply and other ICMP packets  
to initiate a session and get forwarded.  
To disable the bypassing, use the command:  
disable ip nat bypasstcp  
Bypassing is disabled by default because it degrades the security of IP NAT.  
However, it is useful when you need NAT on VRRP routers.  
Note that this enhancement does not apply to firewall NAT.  
IP Gateway  
-
This enhancement allows ARPs to move between ports on the routers VLAN  
interfaces.This assists with wireless station roaming.  
Y
-
Y
-
-
-
-
-
-
-
CR00016776  
To enable this feature, use the command:  
enable ip arp silentroam  
To disable it, use the command:  
disable ip arp silentroam  
Core  
-
-
The default summertime dates have been updated to reflect the changes for  
North America made by the American Energy Policy Act of 2005.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016785  
CR00016977  
By default, summertime now starts on the second Sunday in March and ends on  
the first Sunday in November.  
Script  
This enhancement enables you to use aliases in commands in script files. The  
router or switch expands the aliases when it runs the script (except when it runs  
the script at start-up).  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
59  
Features in 291-04  
Software Maintenance Version 291-04 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:  
“Y” indicates that the resolution is available in Version 291-04 for that product series.  
” indicates that the issue did not apply to that product series.  
Level 1  
CR  
Module  
Level  
1
Description  
ISAKMP,  
Logging  
It was possible for invalid log messages to overwrite the log message buffer and  
cause the router or switch to reboot. Such invalid log messages could occur with  
VPN tunnels, for example.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013787  
This issue has been resolved.  
TTY, User  
1
When a user telnets into the router or switch, to login via RADIUS authentication,  
the telnet connection establishes and then user login authentication starts.  
Previously, if the remote user closed the telnet connection before RADIUS  
responded to the authentication request, then the router or switch rebooted  
when it received the RADIUS Reply message.  
Y
CR00013813  
CR00013963  
This issue has been resolved. The router or switch now does not reboot if the  
telnet connection is closed before the RADIUS Reply message arrives.  
Switch  
1
Under heavy broadcast traffic, it was possible for the switch forwarding database  
(FDB) to lock up.  
Y
Y
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
60  
CR  
Module  
Core  
Level  
1
Description  
DHCP Snooping determines when a client lease will expire by taking the current  
time and adding the client's assigned lease period to it. Previously, DHCP  
Snooping did not update this expiry time if the switch's clock time changed,  
which can happen because of NTP, summertime, or a user manually re-setting the  
time. Therefore, if the switch's clock time changed, DHCP clients could expire  
and lose connectivity.  
Y
Y
Y
Y
Y
Y
CR00014145  
DHCP  
Snooping  
This issue has been resolved. If the switch's clock changes, DHCP Snooping now  
updates its client expiry times.  
Core  
1
AR442S routers did not run the user-specified configuration script at start up.  
Y
CR00016314  
Also, they incorrectly displayed the message “INFO: Initialising Flash File System”  
twice during start up.  
These issues have been resolved.  
Level 2  
CR  
Module  
BGP  
Level  
2
Description  
Turning defaultoriginate on or off for a BGP peer (by using the command add  
bgp peer) did not cause BGP to generate an update, even if automatic updating  
was enabled (enable bgp autosoftupdate).  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00010511  
This issue has been resolved.  
L2TP  
2
Setting a timeout on L2TP packet debugging caused the router or switch to  
reboot.  
CR00012564  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
61  
CR  
Module  
HTTP  
Level  
2
Description  
A badly formed response from a particular HTTP server caused the router or  
switch to reboot when it attempted to load a non-existent file from that server.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013592  
This issue has been resolved.  
IP Gateway  
IGMP, VLAN  
2
2
When an IP packet was queued by the ENCO module or other applications, and  
the IP flow for the packet became invalid while the packet was queued, the  
router or switch sometimes rebooted.  
Y
CR00013700  
CR00013791  
This issue has been resolved.  
Disabling IGMP snooping correctly increased the number of L3 filter matches  
available. However, if the configuration was saved and then run after a reboot,  
the switch incorrectly limited the number of L3 filter matches to the number  
available when IGMP snooping was enabled. If the maximum number of matches  
had been configured, this meant that some matches were missing after a reboot.  
Y
Y
Y
Y
This issue has been resolved.  
Switch  
2
2
In very rare circumstances, a port could stop transmitting traffic if its speed was  
modified or it was reset while under heavy traffic load.  
Y
CR00013823  
CR00013929  
This issue has been resolved.  
ADSL  
ATM  
When performing RFC1483 encapsulation of Ethernet frames, the AR44xS  
routers did not pad frames out to the 64-byte minimum frame size (the RFC does  
not require such padding to be performed). This resulted in an interoperability  
issue with ATM switches that discarded (rather than padded) the undersize  
frames upon decapsulating them.  
Y
Ethernet  
The effect of this was that when an AR44xS router was connected to an ATM  
network that contained such switches, the router could fail to connect at the PPP  
session level.  
This issue has been resolved. The router now always pads undersize Ethernet  
frames to the 64-byte minimum frame size before it performs RFC1483  
encapsulation. This avoids the possibility of this interoperability issue.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
62  
CR  
Module  
Switch  
Level  
2
Description  
When the router generated packets (such as ARP requests) and sent them out  
multiple LAN ports, it always sent them as untagged packets.  
Y
CR00014228  
This issue has been resolved, so that LAN traffic will be tagged or untagged as  
specified in the VLAN port configuration.  
Switch  
2
If a user explicitly set the learn limit to zero by entering the command:  
Y
Y
CR00014269  
set switch port=number learn=0 intrusion=discard  
and the learn limit had either not been explicitly set previously or had been  
explicitly set to a non-zero value, then the switch would not learn any MAC  
addresses. It treated 0 as meaning “learn 0 addresses” instead of meaning “no  
limit”.  
This issue has been resolved. A learn limit of 0 means “no limit” in all  
circumstances.  
Switch  
2
2
Packet loss sometimes occurred when an IGMP snooping group timed out.  
This issue has been resolved.  
Y
Y
Y
Y
CR00014298  
CR00014323  
Switch  
EPSR  
When EPSR was used in a network with a 10Mbps multicast or broadcast flow,  
the EPSR ring frequently alternated between a state of failed and complete.  
This issue has been resolved.  
Bridge, Switch,  
VLAN  
2
2
Bridging STP did not work if a VLAN was added as a bridge port.  
This issue has been resolved.  
Y
Y
CR00014340  
CR00014437  
Core  
Install  
If a switchs configuration was saved (by using the command create  
config=filename), and then the command set config=filename was entered,  
the configuration file should have been propagated through the stack to other  
switches that did not have a file of that name. This did not happen.  
Y
Y
Y
Y
Y
Y
Stacking  
This issue has been resolved.  
Load  
2
Attempts to upload a file to a TFTP server failed if a invalid IP address was  
specified in previous attempts.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014673  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
63  
CR  
Module  
PIM  
Level  
2
Description  
If a PIM interface was set as the BSR candidate interface (by using the command  
add pim bsrcandidate interface=interface) and that interface went down,  
PIM would select another interface as the BSR candidate interface. The router or  
switch also set the new interface as the BSR candidate interface in the dynamic  
configuration.  
Y
Y
Y
Y
Y
Y
Y
Y
CR00014714  
This issue has been resolved. PIM only looks for a new interface to use as the BSR  
candidate address if the user has not specified an interface.  
Reverse Telnet  
RIPv6  
2
2
Reverse Telnet used to filter out Ctrl-D characters, making it impossible to  
perform certain actions on the remote device.  
Y
Y
Y
Y
Y
Y
Y
Y
CR00014748  
CR00014795  
This issue has been resolved.  
When a user disabled RIPv6 or deleted a RIPv6 interface, the router or switch  
correctly set the metric of any affected RIPv6 routes to 16, indicating that the  
route was unavailable. However, the router or switch continued to try to use such  
routes to route packets if no alternative better routes existed.  
Y
Y
Y
Y
This issue has been resolved. When a routes metric is 16, it is no longer used to  
route traffic.  
Switch  
2
2
When STP detected a topology change and therefore the switch flushed its ARP  
table entries, sometimes the switch did not remove entries for non-lead trunk  
ports. Therefore, ARP entries for these ports contained incorrect routing  
information. These incorrect entries were not replaced until after they timed out.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014834  
CR00014925  
This issue has been resolved.  
IP Gateway  
When the switch had a static route to a destination, and a user added a more  
specific static route to the same destination, then the switch should have  
removed the less specific route from its hardware switching table, but did not.  
This stopped the switch from routing packets to that destination.  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
64  
CR  
Module  
Level  
2
Description  
Core  
If a terminal emulator started up after the router started up, the router did not  
display a login or command prompt. This issue occurred with some terminal  
emulators (including Tera Term Pro) when connecting to the AR415S router.  
Y
CR00014987  
Switch  
This issue has been resolved.  
PKI  
2
2
When adding a certificate to PKI, if the length of the public key in the certificate  
was longer then 2048 bits (256 bytes) the router or switch could reboot.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015032  
CR00015071  
This issue has been resolved.  
IP Gateway  
Routing over a PPP interface could fail if the switch had a default route out an  
Ethernet port. The default route switched all packets, even those destined for the  
PPP interface.  
This issue has been resolved. The resolution involves adding routes over the PPP  
interface to the switch hardware tables with an instruction to trap these packets  
to the CPU. Therefore these routes now appear in the hardware tables, and can  
be displayed by using the command show switch table=ip.  
Classifier,  
DHCP  
snooping,  
2
2
When MAC-forced forwarding (MACFF) was running, the switch did not filter  
multicast packets correctly.  
Y
Y
Y
Y
CR00015087  
CR00015156  
This issue has been resolved.  
Switch, MACFF  
Switch  
On AR750S, AR750S-DP, and AR400 Series routers, if a user set a switch port to  
autonegotiate speed and duplex mode (by using the command set switch  
port=number speed=auto), the link went down.  
Y
Y
This issue has been resolved.  
Firewall  
2
If a VoIP call came in through the SIP ALG from the public side of the firewall and  
was then transferred by the device on the private side, the firewall session was  
not always updated. When this happened, the person to whom the call was  
transferred could not hear the person who had called.  
Y
Y
Y
Y
Y
Y
CR00015207  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
65  
CR  
Module  
GUI  
Level  
2
Description  
The GUI could not be used to access the dual power supply AR750S-DP router.  
Y
Y
CR00015348  
This issue has been resolved. The GUI resource file to use is  
750s_281-06_en_d.rsc.  
IP Gateway  
2
If you defined an IP filter without specifying the optional type parameter, the  
default value of type=traffic was added to the filter in the dynamic  
configuration. This prevented you from using the configuration file with software  
version 2.7.6 and older releases.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015396  
This issue has been resolved. The type parameter is only added to the dynamic  
configuration if you enter a value for it.  
Ethernet  
Switch  
2
2
If an AR020 PRI E1/T1 PIC was installed on an AR415S, the routers Ethernet  
interface stopped receiving unicast or multicast packets correctly—it only  
received broadcasts correctly.  
Y
CR00015474  
CR00015638  
This issue has been resolved.  
On AR770S routers, when generating multicast or broadcast CPU traffic out a  
VLAN that had multiple active switch ports in it, the traffic would only egress  
port 1.  
Y
This issue has been resolved.  
Switch  
ADSL  
2
2
Mirroring the traffic on port 1 of any line card caused the switch to lose packets.  
CR00015697  
CR00015925  
The ADSL Annex B firmware has been updated on AR441S routers. This improved  
interoperability with some DSLAMs.  
Y
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
66  
CR  
Module  
Switch  
Level  
2
Description  
It was not possible to set a tri-speed SFP to a fixed speed in the configuration  
script that the AT-9924SP switch runs when it starts up.  
Y
CR00015936  
This issue has been resolved, so the SFP can be set to a fixed speed from the  
configuration script  
Also, it was possible to use the command set swi port=number speed on an  
empty SFP bay. The command reported that the operation had been successful,  
but an inserted SFP was instead set to its previous or default setting.  
This issue has been resolved. It is no longer possible to set the speed of an empty  
SFP bay.  
IPv6  
2
2
Sometimes, when a router or switch received an IPv6 router advertisement  
message, it incorrectly created a duplicate of an already-existing interface route.  
If a user then deleted the IPv6 interface that these two routes belonged to, the  
router or switch could reboot.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015949  
This issue has been resolved.  
WAN Load  
Balancing  
The following issues occurred with WAN load balancing (WANLB):  
CR00015971  
CR00015937  
CR00015864  
when a WANLB resource port became unavailable, existing sessions on the  
unavailable resource did not move to a backup resource  
if packets were sent over a WANLB session, then that session timed out, and  
then the same packets were sent again, a new session did not establish. This  
stopped the packets from being sent the second time.  
when WANLB was used with Firewall NAT, the orphan timeout setting of  
WANLB sessions was not updated correctly. This could mean that WANLB  
resources appeared to be available when they were not.  
These issues have been resolved.  
User  
2
If the router or switch used RADIUS authentication and all the RADIUS servers  
were unavailable, then the device correctly checked its user database for a  
RADIUS backup user and authenticated that user. However, if that user then  
logged out, they were unable to log in again until after the RADIUS server Dead  
Time timer had expired.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016037  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
67  
Level 3  
CR  
Module  
Level  
3
Description  
GUI, IGMP  
The graphical user interface (GUI) listed an invalid local interface in the Interface  
drop-down list on the page for adding a static IGMP association.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00007000  
This issue has been resolved.  
Switch  
3
3
If many VLANs simultaneously went from up to down, or down to up, the switch  
became unresponsive for a period of time.  
Y
CR00009274  
CR00009302  
IP Gateway  
This issue has been improved by reducing the processing overhead for VLAN state  
changes.  
Switch  
The number of filters that can be created on an AT-8848 switch is limited by the  
number of filter matches available. Previously, if a user attempted to create a  
filter, and an existing filter already used the same filter match as the new filter,  
the switch counted this as two matches being used. This reduced the number of  
available filters.  
Y
Y
This issue has been resolved.  
BGP  
3
When a peers inroutemap filter assigned an incoming route to a well-known  
BGP community, the router or switch did not use the communitys restricted  
advertisement settings, such as NoExport or NoAdvertise.  
Y
Y
Y
Y
Y
Y
Y
CR00009478  
This issue has been resolved.  
Also, output of the command show bgp peer now shows whether a route has  
been assigned to a community. This is indicated by a flag “m”, as shown in bold  
in the following route entry example:  
> 192.2.2.0/24  
192.168.1.2  
IGP  
-
100  
m SEQ 1;  
The flag “m” indicates that this route has at least one community attached to it.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
68  
CR  
Module  
Level  
3
Description  
IP Gateway  
If an IP interface was added and deleted many times, an excessive number of  
memory buffers became full.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00010136  
Also, when an IP interface was deleted, the IGMP query timer (set ip igmp  
int=interface querytimeout=value) sometimes continued running and later  
caused the router or switch to reboot.  
These issues have been resolved.  
IP Gateway  
3
3
When running the boot ROM release, it was possible to configure the router or  
switch as a DHCP client by using the command add ip interface=int ip=dhcp.  
However, the boot ROM release does not include the DHCP client feature, so the  
router or switch did not receive an IP address via DHCP.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012230  
CR00012493  
This issue has been resolved. It is no longer possible to configure the router or  
switch as a DHCP client when running the boot ROM release.  
IP Gateway,  
IGMP Proxy  
Where IGMP proxy is enabled, only one upstream interface may be defined.  
Previously, when the command add ip interface=int ip=ipadd  
igmpproxy=upstream was used to try to create a second upstream interface,  
an error message was correctly displayed. However, the interface was still added,  
using igmpproxy=off.  
This issue has been resolved. The second interface is no longer added if this error  
occurs.  
Also, if an interface had been set as the upstream interface and was later  
changed to a downstream interface, a different upstream interface could not be  
specified, even though there was no active upstream interface.  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
69  
CR  
Module  
User  
Level  
3
Description  
When authenticating users via RADIUS, the number of times that the router or  
switch attempts to contact the RADIUS server is determined by the Server  
Retransmit Count (displayed in output of the command show radius).  
Previously, this count incorrectly included the initial request. For example, a  
Retransmit Count of 3 meant that up to 3 attempts were made to contact the  
server.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012585  
This issue has been resolved, so that the Retransmit Count no longer counts the  
initial request. For example, a Retransmit Count of 3 now means that up to 4  
attempts are made to contact the server.  
BGP  
DHCP  
File  
3
3
3
When the router or switch had thousands of static routes and BGP static import  
was periodically turned on and off, BGP used an excessive number of memory  
buffers. Excessive buffer use could also occur with BGP in other rare  
circumstances.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012832  
CR00012858  
CR00013150  
This issue has been resolved.  
Previously, it was not possible to have multiple static DHCP entries with the same  
client ID (MAC address), even if the static entries were for different DHCP ranges.  
Y
Y
Y
Y
This issue has been resolved. You can now add static DHCP entries for a given  
MAC address to multiple ranges. Note that you cannot have multiple entries for  
a given MAC address on the same range.  
If a boot configuration script included a command to delete a file followed by a  
command to create a file of the same name, a fatal exception occurred when the  
router or switch ran that script on reboot.  
This issue has been resolved so that the fatal exception no longer occurs.  
However, you should avoid putting such file operations into boot configuration  
scripts. To enhance multi-tasking, the file handler performs file operations in the  
background. This is not possible when executing a boot configuration script, so  
the file operations may be queued until after boot-up. In this case, this means  
that the file deletion will not be finished before the file creation command tries  
to execute.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
70  
CR  
Module  
IGMP  
Level  
3
Description  
When IGMP fast leave was enabled and the switch received a leave message via  
a trunk port, the switch only removed the port from the multicast group if the  
port was the master trunk port.  
Y
Y
Y
Y
Y
Y
CR00013629  
This issue has been resolved. When fast leave is enabled, non-master trunk ports  
now leave multicast groups as soon as the switch receives a leave message.  
Switch,  
IP Gateway  
3
3
For layer 3 Jumbo frames, this software version improves initial layer 3 flow setup  
and handling of flows that exceed the layer 3 MTU mid-flow.  
Y
Y
CR00013694  
CR00014038  
IGMP  
The IGMP Default Timeout Interval is automatically calculated by IGMP in  
accordance with RFC 2236, but the following command allows you to over-ride  
the calculated value:  
Y
Y
Y
Y
Y
Y
Y
Y
Y
IP Gateway  
set ip igmp timeout=value  
Previously, the router or switch sometimes set the interval to the calculated value  
instead of using the value entered in the command above.  
This issue has been resolved.  
DHCP  
Snooping  
3
Previously, DHCP snooping correctly refused to allocate new DHCP leases once  
the maxleases value had been exceeded, but it did so by discarding the servers  
acknowledgement message instead of forwarding it to the client. Therefore, the  
DHCP server recorded the address as allocated, which meant the IP address range  
could be exhausted.  
Y
Y
Y
Y
Y
Y
CR00014047  
CR00014152  
This issue has been resolved. The server no longer records addresses as allocated  
once the maxleases value is exceeded.  
Switch  
3
On AR415S, AR44xS, AR750S and AR770S routers, when a switch port went  
down or was reset by using the command reset switch port=number, this  
deleted the dynamically-learned forwarding entries for all ports.  
Y
Y
This issue has been resolved. Now entries are only deleted for the port that went  
down or was specified in the command.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
71  
CR  
Module  
Firewall  
Level  
3
Description  
When the firewall was performing NAT on UDP video streams and two streams  
started up at the same time, sometimes one or both streams displayed excessive  
jitter.  
Y
Y
Y
Y
Y
Y
CR00014163  
This issue has been resolved.  
Core  
3
The following issues occurred with environmental monitoring:  
CR00014178  
on AR750S and AR770S routers, the values reported by the show system  
command were incorrect for the first few seconds after a cold restart  
on AR770S routers, the router did not indicate power supply problems  
through log messages or the system LED  
These issues have been resolved.  
BGP  
3
3
The default setting for BGP capability matching is now loose instead of strict.  
This matches the requirements of RFC 4271.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014285  
CR00014305  
Switch  
On AT-8748XL and Rapier 48i switches, mirroring did not work when:  
only one (not both) of the uplinks had an expansion module installed and  
that uplink (port 49 or 50) was the mirror port  
Y
This issue has been resolved.  
GUI, Log  
3
3
If the user cleared the Queue Output checkbox on the Modify Log Output  
Definition page of the GUI, it displayed an error instead of making the change.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014313  
CR00014327  
This issue has been resolved. The GUI can now be used to turn off queuing of  
logging output.  
MSTP, GUI  
When using the GUI to configure the MSTP CIST, users had to specify the external  
and internal port path costs. If these were not specified, the GUI gave an error  
instead of configuring the CIST.  
Y
This issue has been resolved. By default, the GUI now specifies “default” for the  
path costs. This value of “default” leaves the current setting unchanged.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
72  
CR  
Module  
Level  
3
Description  
IP Gateway,  
Switch  
If a port had static ARP entries defined for a VLAN, then adding the port to  
another VLAN made those static ARP entries inactive.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014328  
Also, deleting a port from a VLAN would delete all static ARP entries that were  
defined on that port, including entries for other VLANs. Note that this deletion  
issue did not occur on Rapier i, AT-8800, AT-8700XL, or AT-8600 Series switches.  
Both of these issues have been resolved.  
PIM6  
3
3
If a user changes the PIMv6 BSR candidate priority to the same value as the  
currently-elected BSRs priority, then the router or switch should be elected as the  
BSR if its IPv6 address is higher than the currently-elected BSR. This did not  
happen.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014652  
CR00014659  
This issue has been resolved.  
DHCP  
On the DHCP server, a user could create two static DHCP entries for the same  
client in one range. This was only possible if the client had first obtained a  
dynamic address from the server.  
Y
Y
This issue has been resolved. It is now impossible to add the same static client  
twice, even when that client has a pre-existing dynamic entry.  
IGMP  
Snooping  
3
3
When the router or switch received an IGMP Leave message, it did not update  
IGMP Snooping counters correctly in some circumstances.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014724  
CR00014746  
This issue has been resolved.  
WANLB,  
IP Gateway  
It was possible to delete an IP interface that was configured as a WAN load  
balancer resource.  
Y
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
73  
CR  
Module  
Level  
3
Description  
BOOTP  
It was possible to add a BOOTP relay destination using an interface that was not  
running IP. It was also possible to delete an IP interface even though BOOTP relay  
destinations were defined for the interface. Both of these situations could allow  
the router or switch to be mis-configured.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014755  
IP Gateway  
This issue has been resolved by adding checks for these situations to the  
command handlers. It is no longer possible to add a BOOTP relay destination  
using an interface not in use by IP, and no longer possible to delete an IP interface  
if BOOTP relay has destinations defined using that interface.  
PIMv6  
GUI  
3
3
The command show pim6 staterefresh sometimes corrupted the terminal  
display output with random characters. To recover, it was necessary to reset the  
terminal session.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014782  
CR00014872  
This issue has been resolved.  
The router or switch rebooted if the Opera browser was used to browse to its  
GUI.  
Y
Y
This issue has been resolved. However, note that the GUI does not fully support  
Opera. Some functionality may not be available.  
GUI  
3
3
HTTP pipelining did not operate correctly on some web browsers when browsing  
to the GUI. This made some images very slow to load.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015107  
CR00015126  
This issue has been resolved.  
IP Gateway  
For IP filters of type=routing, the first filter entry could not be set to match on  
Y
the following IP address/mask pair:  
source=0.0.0.0 smask=255.255.255.255  
This IP address/mask pair corresponds to the default route.  
This issue has been resolved. You can now match on the default route in the first  
entry of a filter.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
74  
CR  
Module  
Level  
3
Description  
IP Gateway  
DHCP  
When a router or switch was configured to use DHCP to assign an address on an  
interface, and then set to have a static address on that interface, the DHCP client  
in the router or switch would continue to negotiate with the DHCP server. This  
tied up a DHCP lease.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015148  
This issue has been resolved. Assigning a static address to an interface will stop  
the DHCP client from requesting an address from a DHCP server.  
Load  
3
3
File upload via the IPv6 version of TFTP was not operating correctly.  
This issue has been resolved.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015155  
CR00015159  
IP Gateway  
If the router or switch received an IP subnet broadcast packet that was directed  
to a unicast MAC address, it incorrectly responded with an ICMP unreachable  
message, unless an appropriate IP helper configuration existed.  
Y
Y
This issue has been resolved. When there is no IP helper configuration, the  
behaviour now depends correctly on the setting of the directedbroadcast  
parameter for the IP interface. If directedbroadcast=on, the packet is sent out  
as a MAC broadcast. If directedbroadcast=off, the packet is dropped. ICMP  
unreachable messages are not sent in any case.  
IGMP snooping  
VLAN  
3
The command add igmpsnooping vlan=vlan routerport=port adds a static  
IGMP router port, for a specific VLAN and port pair. Previously, it was possible to  
remove the port from that VLAN without updating the static router port  
association.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015258  
CR00015346  
This issue has been resolved. When you remove a static router port from a VLAN,  
the router or switch now removes that port from the static router port list and  
updates all layer 2 entries.  
Switch  
3
The 64-bit counter type objects in the ifXTable of the Interfaces Group MIB (RFC  
2863) returned non-zero values for ports that had never been up.  
Y
Y
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
75  
CR  
Module  
Level  
3
Description  
IP Gateway  
Subnet broadcast packets would not be routed correctly when the interface to  
which the subnet broadcast was destinated was an interface on the device, but  
its link status was down. Even though an alternate route to the destination  
existed, the device would send the packets incorrectly.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015666  
This issue has been resolved. When a subnet broadcast is received, it will be  
correctly forwarded to an alternate route even if the destination interface is  
down.  
Switch  
3
3
If the switch received a packet on a port and therefore started using MAC-based  
authentication to authenticate the port, and then received another packet during  
the authentication process, then occasionally the switch dropped the second  
packet.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015798  
CR00016058  
This issue has been resolved.  
Ethernet  
The AR415S router processed some IP multicast packets incorrectly on its eth0  
interface.  
CR00015915  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
76  
Level 4  
CR  
Module  
Core  
Level  
4
Description  
When the router or switch rebooted, its internal clock lost approximately  
1 second.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00004677  
This issue has been resolved. The time loss on reboot has been reduced.  
Core, Utility  
4
The following issues occurred with the commands show debug active and  
disable debug active:  
Y
Y
CR00009087  
The command did not adequately warn users if an invalid module number had  
been entered into the active parameter.  
This issue has been resolved. The router or switch now displays an error unless  
the value is between 1 and 142.  
The CLI “?” help description for the active parameter listed an incorrect  
number range and also listed modules that cannot be manipulated through  
this command.  
This issue has been resolved. The “?” help description is now correct.  
QoS  
4
The “?” help description for switch commands that accept a value in bytes (or  
similar units such as kbytes or bytes/s) incorrectly indicated that the units were  
bps. The commands this issue applied to depend on the switch model, but  
include commands such as:  
Y
Y
Y
Y
Y
Y
Y
CR00011695  
create qos trafficclass=value maxburst=?  
create qos policy=value dtcmaxburst=?  
set qos red=value start1=?  
set swi port=value bcl=?  
set swi dlfl=?  
This issue has been resolved. The “?” help description now displays the correct  
units.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
77  
CR  
Module  
MSTP  
Level  
4
Description  
If the command set mstp cist port=value was entered with no other  
parameters, the resulting error message (“One or more parameters may be  
missing”) was displayed as an INFO message.  
Y
Y
Y
Y
Y
Y
CR00012602  
This issue has been resolved. The message now displays as an ERROR message.  
SNMP, Core,  
TTY  
4
4
4
The MIB object hrSystemNumUsers displayed the number of login users since the  
router or switch started up, instead of the number of currently-active login users.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013045  
CR00013112  
CR00013188  
This issue has been resolved.  
IP Gateway  
LACP  
The blackhole parameter of the commands add and set ip route had no “?”  
help description.  
This issue has been resolved.  
Previously, when an attempt to add a port to LACP was unsuccessful, the switch  
displayed an appropriate warning message followed incorrectly by an “operation  
successful” message.  
Y
Y
Y
Y
This issue has been resolved. The switch no longer displays “operation  
successful” when port addition fails.  
IP Gateway  
TACPLUS  
4
4
The output of the command show ip route did not contain any spaces between  
the route tag value and the metric value when the tag value was long.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013221  
CR00013260  
This issue has been resolved by adding the missing spaces. The content and  
relative position of the values have not changed.  
If a user added a TACACS+ server when TACACS+ was not enabled, previously  
the router or switch displayed a single “info” message that indicated that the  
module was not enabled, but did not display a message confirming the server  
addition. However, the router or switch did add the server.  
This issue has been resolved. TACACS+ is now consistent with other modules—  
the router or switch displays the following “warning” and “info” messages:  
Warning (2111049): The TACP module is not enabled.  
Info (1111003): Operation successful.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
78  
CR  
Module  
Ping  
Level  
4
Description  
Previously, if you used the ? or Tab keys to obtain help about the timeout  
parameter for the ping command, the resulting help said that the maximum  
timeout was 65535. However, the correct maximum is 60 seconds.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013463  
This issue has been resolved. The “?” help now displays the correct range of  
values.  
Install  
4
When a router or switch was using a trial licence for release software and the trial  
period elapsed, the router or switch rebooted without indicating the reason for  
the reboot.  
Y
CR00013589  
This issue has been resolved. The following error messages now explain why the  
router or switch is rebooting:  
ERROR: There are no valid licences available for the current software release.  
The device will now reboot.  
ERROR: The trial licence for the current software release has expired.  
The device will now reboot.  
NTP  
4
4
Output of the command show ntp displays a “Host Address” field. This is the  
address of the interface from which the router or switch sends NTP packets.  
Previously, if the IP address changed, the “Host Address” field did not change,  
even though NTP used the new address.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013640  
CR00014106  
This issue has been resolved.  
Core  
If the router or switch runs a configuration file on start-up that contains the  
command set summertime before the command enable summertime, a log  
message on start-up says that summertime needs to be enabled. However,  
summertime is correctly applied to the router or switch.  
Previously, if you configured summertime then saved the configuration by using  
the command create config, set summertime came before enable  
summertime in the resulting configuration file.  
This issue has been resolved. When you save the configuration, enable  
summertime now comes before set summertime in the resulting configuration  
file, so the log message is not produced.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
79  
CR  
Module  
VLAN  
Level  
4
Description  
The following error message:  
Y
Y
CR00014151  
“Error (3089399): Operation not allowed on a .NESTED port.”  
contained an extraneous “.” before the word “NESTED”.  
This issue has been resolved. The “.” has been removed.  
Core  
LLDP  
4
4
The show exception command did not display the correct exception type for  
watchdog exceptions on AR750S, AR750S-DP, or AR770S routers.  
Y
Y
CR00014170  
CR00014250  
This issue has been resolved. The correct exception type is now displayed.  
In output of the command show lldp localdata, the field lldpLocSysDesc gives  
information about the router or switch model and software version. Previously,  
this information was sometimes split incorrectly across 3 rows.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved. The information now displays correctly.  
DDNS  
4
If a user made a configuration change to DDNS (dynamic DNS) when DDNS was  
not enabled, previously the router displayed a message that indicated that the  
module was not enabled, but did not display a message confirming the change.  
However, the router did make the change.  
Y
Y
CR00014318  
This issue has been resolved. DDNS is now consistent with other modules—the  
router displays the following “warning” and “info” messages:  
Warning (2142049): The DDNS module is not enabled.  
Info (1142003): Operation successful.  
GUI  
4
4
The GUI included pages for configuring MAC-based port authentication.  
However, this feature is not available on AT-9800 Series switches.  
Y
Y
CR00014367  
CR00014712  
This issue has been resolved. The GUI pages have been removed.  
Firewall  
If the router or switch renumbered a firewall rule, it displays a message.  
Previously, this message had a status of “info” instead of “warning”.  
Y
Y
Y
Y
Y
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
80  
CR  
Module  
DHCP  
Level  
4
Description  
Previously, when a user entered the command delete dhcp range=range  
ip=ipadd, the router or switch would display an “Operation successful”  
message, even when the client entry in question was unused.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014750  
This issue has been resolved. For unused clients, this command now results in the  
following new message:  
“Nothing to delete, client is unused.”  
VLAN, Bridging  
4
4
4
It was possible to specify a value of 0 for the ageingtimer parameter in the  
command add and set vlan=vlan bridge, even though this value was  
meaningless.  
Y
Y
Y
Y
Y
Y
CR00014778  
CR00015080  
CR00015130  
This issue has been resolved. The lowest valid value for ageingtimer is 1.  
ATM  
When an SHDSL or ADSL interface re-trained after having been in a “link up”  
state, spurious error messages could appear on the console.  
This issue has been resolved. The messages were not genuine error messages and  
no longer appear.  
Switch  
The following commands have been deprecated in software versions 2.9.1 and  
later, and therefore (correctly) have no effect on the switch:  
set switch port=number thrashlimit=value  
set switch port=number thrashrefill=value  
Previously, if a user entered these commands, the switch incorrectly displayed an  
“Operation successful” message.  
This issue has been resolved. The switch now displays a warning message  
indicating that the commands are deprecated.  
For information about the commands that replace these commands, see the  
“Limiting Rapid MAC Movement” section of the Switching chapter of the  
Software Reference.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
81  
Enhancements  
CR  
Module  
Level  
-
Description  
Core  
It is now possible to hotswap NSMs on NEBS-compliant Rapier i switches.  
Y
Y
CR00003036  
To hotswap the NSM, press the Hot Swap button beside the NSM, check that the  
Swap LED turns on and the In Use LED turns off, then remove the NSM. Place the  
new NSM in the bay, then press the Hot Swap button again to make the NSM  
available for use.  
IP Gateway  
-
The IP implementation has been enhanced to accept IP interfaces with a /31  
netmask. This results in a slightly non-standard subnet that has no network  
address or broadcast address. This has become a popular extension to IP, because  
it reduces wastage of IP addresses on point-to-point links.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012881  
Many  
-
-
This enhancement extended the “?” help for VRRP, OSPF, SNMP, IP routes, user  
database, VLANs, logging, and file management. The “?” help for these (and  
several other) modules now gives information about all command parameters.  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013129  
CR00013449  
Firewall  
The firewall now supports FTP sessions that use the security extensions defined in  
RFC 2228. Previously, the firewall dropped sessions that used those security  
extensions.  
This enhancement makes more-secure FTP available between private-side clients  
and public-side servers, and between public-side clients and private-side servers.  
Telnet  
TTY  
-
This enhancement enables you to select whether the system name appears at the  
login prompt for telnet client sessions. By default, the system name appears. To  
prevent it from appearing, use the command:  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013610  
SET TELnet LOGINSYStemname=OFF  
Note that the login prompt appears before you log into the router or switch.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
82  
CR  
Module  
Core  
Level  
-
Description  
AR770S routers have a CPU fan that the software now monitors in the same  
manner as the main fan. The state of the CPU fan is displayed along with that of  
the main (chassis) fan in the output of the show system command.  
Y
CR00013992  
If a problem develops with the CPU fan, the router notifies you in the following  
ways:  
The system LED flashes in a single flash pattern  
An SNMP trap is issued on the fanAndPSMainFanStatus atRouter private MIB  
object  
A log message is generated that says “CPU fan status is not good”.  
File  
-
The commands create file, add file, reset file permanentredirect, and show  
file permanentredirect were not supported on AR725 and AR745 routers.  
These commands enable you to save the output of other router commands in  
text files on the router.  
Y
CR00014067  
For more information about these commands, see the “Managing the File  
System” chapter of the Software Reference.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
83  
CR  
Module  
BOOTP  
Level  
-
Description  
This enhancement enables you to associate a BOOTP relay destination with a  
given interface. To do this, use the new optional interface parameter in the  
command:  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014172  
ADD BOOTp RELAy=ipadd INTerface=interface  
BOOTP packets received on this interface are relayed to the specified relay  
destination only. You can define the same interface for multiple relay  
destinations; the router or switch relays any BOOTP packets received to each relay  
destination.  
If you do not specify an interface, the destination becomes a “generic”  
destination. If the router or switch receives a BOOTP message on an interface for  
which no specific destination is defined, the router or switch relays the message  
to all generic destinations. This is the same as the behaviour prior to this  
enhancement.  
To remove a destination that is associated with an interface, use the command:  
DELete BOOTp RELAy=ipadd INTerface=interface  
To see the interfaces that each destination is associated with, use the pre-existing  
command:  
SHow BOOTp RELAy  
DHCP  
Snooping  
-
DHCP snooping records its client database into a file in NVS (if possible) or Flash  
memory. In previous versions, that file was named bindings.dsn. From this  
version, the file structure has changed and the file is now named bind0002.dsn.  
Y
Y
Y
Y
Y
Y
CR00014238  
When you upgrade a switch to this version, the switch creates the new client  
database file 10 seconds after initialising the new version. After that, you can  
safely delete the old bindings.dns file, if desired.  
Note that the functionality of DHCP snooping has not changed, only the  
filename.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
84  
CR  
Module  
Level  
-
Description  
BGP  
This enhancement enables you to force BGP to select the best route on the basis  
of network prefix alone, instead of on the basis of preference, then metric, then  
network prefix.  
Y
Y
Y
Y
Y
Y
Y
Y
CR00014241  
IP Gateway  
To do this:  
1. Give the desired dynamic routing protocol a preference of 0, which is the  
preference of interface routes, by using the command:  
SET IP ROUte PREFerence=0 PROTocol={BGP-ext|BGP-int|OSPF-EXT1|  
OSPF-EXT2|OSPF-INTEr|OSPF-INTRa|OSPF-Other|RIP|ALL}  
2. Create a route map to give matching routes the same metric as your interface  
routes. To change the metric, use the command:  
ADD IP ROUTEMap=routemap ENTry=1..4294967295 SET METric=1  
3. Add the route map as a filter to the BGP peers by using the command:  
ADD BGP PEer=ipadd REMoteas=1..65534 INRoutemap=routemap [other  
optional parameters]  
The above process gives matching routes the same preference and metric as  
interface routes. This forces IP routing to compare the network prefixes of the  
interface route and the other routes. IP routing then chooses the most specific  
route as the best route for that destination, instead of automatically choosing the  
interface route as the best route without considering any other routes which may  
have more specific network prefixes.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
85  
CR  
Module  
Level  
-
Description  
DHCP  
Snooping,  
MACFF  
The following enhancements have been made to DHCP snooping, to support  
MAC-forced forwarding:  
Y
Y
Y
Y
Y
Y
CR00014300  
MAC-forced forwarding checks the DHCP snooping database to find out  
which router has been assigned to each DHCP client. DHCP snooping  
determines this from the router list in DHCP acknowledgement messages.  
However, some clients do not request a router. DHCP snooping now modifies  
request messages from such clients, to ensure that they request a router. This  
enables MAC-forced forwarding to interoperate with such clients.  
Output from the command show dhcpsnooping database now displays the  
list of routers that are assigned to each client, as shown in bold in the  
following example:  
Current valid entries  
MAC Address  
IP Address  
Expires(s) VLAN Port ID Source  
Router list  
---------------------------------------------------------------------  
00-00-cd-28-06-7b  
192.168.99.1 52  
1
13  
2
Dynamic  
192.168.199.254  
Ethernet  
Switch  
-
This enhancement enables you to use 100 Mbps fiber SFPs with AR770S routers.  
Support has been added for AT-SFPX/15 and AT-SFPX/40 SFPs.  
Y
CR00014354  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
86  
CR  
Module  
DNS  
Level  
-
Description  
A new log message has been added to provide more information about rejected  
DNS requests. The message has a log type of 052 / IPDNS and subtype 002 /  
UNRES, and reads:  
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014715  
DNS request for <domain-name> rejected by server. Code <number>,  
<explanation>.  
The following codes and explanations exist:  
0: No Error—no error occurred  
1: Format Error—there was a problem with the message construction  
2: Server Failure—there was a problem with the server itself  
3: Name Error—the name does not exist in the domain  
4: Query Not Implemented—the received query was not supported  
5: Refused—Refused for policy, rather than technical, reasons  
6: YX Domain—the name exists when it should not  
7: YX RR Set— a resource record exists that should not exist  
8: NX RR Set— a resource record that should exist does not exist  
9: Not Authoritative—the receiving server is not authoritative  
10: Not Within Zone—the specified name is not within the zone specified in the  
message  
DDNS  
-
When you activate a Dynamic DNS (DDNS) update (by entering the command  
activate ddns update), the router now warns you of possible negative  
consequences and prompts you for whether or not to continue.  
Y
Y
CR00014728  
Also, if you attempt to activate a DDNS update when DDNS is disabled, the router  
displays a warning message that indicates that DDNS is disabled.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-04  
87  
CR  
Module  
Level  
-
Description  
IP Gateway  
OSPF  
When OSPF is running over an on-demand PPP link and the link goes down, IP  
notifies OSPF that the link is down and OSPF stops sending Hello packets over the  
link. In a network in which routes over the PPP link are all dynamically learnt  
through OSPF, the PPP link will not come back up because without OSPF there  
are no routes to direct traffic at that link.  
Y
Y
Y
Y
Y
Y
Y
Y
CR00014845  
This enhancement enables you to stop IP from notifying OSPF that the PPP link is  
down. OSPF keeps sending Hello messages, which bring the link back up again.  
To enable this feature, set the new optional notifyospfdown parameter to no  
in one of the commands:  
ADD IP INTerface=int NOTIfyospfdown={NO|YES} [other parameters]  
SET IP INTerface=int NOTIfyospfdown={NO|YES} [other parameters]  
The default value for this parameter is yes, which means that IP notifies OSPF  
when the interface goes down and OSPF sets the interface state to Down. OSPF  
does not send Hello messages to the interface, and OSPF is inactive on the  
interface until it receives an Up notification. This is the behaviour prior to this  
enhancement. Also note the following points:  
the parameter applies to the entire IP interface, not an individual logical  
interface. Setting it on one logical interface sets it on all other logical  
interfaces associated with the same IP interface.  
the parameter only applies to on-demand PPP links. IP always sends  
notifications for other interfaces, even if this parameter is set to no.  
To see the parameter setting, use the existing command show ip interface.  
Switch, EPSR  
Switch  
-
-
EPSR uses a classifier-based hardware filter to select packets in the control VLAN.  
The hardware filter now only uses 2 of the available 16 bytes to match packets.  
This increases the number of other classifier-based features you can use when  
running EPSR.  
Y
Y
Y
CR00015269  
CR00015628  
The switch now fully recognises the latest revision of the AT-SPTX SPF, so all of  
the features of the SFP can be utilised.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-03  
88  
Features in 291-03  
Software Maintenance Version 291-03 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:  
“Y” in a white column indicates that the resolution is available in Version 291-03 for that product series.  
“-” in a white column indicates that the issue did not apply to that product series.  
a grey-shaded column indicates that Version 291-03 has not been released on that product series.  
“-” in a grey column indicates that the issue did not apply to that product series.  
“Y” in a grey column indicates that the issue applied to that product series. These issues are resolved in the next Version (291-04).  
Level 1  
No level 1 issues  
Level 2  
CR  
Module  
Level  
2
Description  
Switch  
RIPng  
Creating a large number of IPv6 RIPng interfaces (more than 250) sometimes  
caused the switch to reboot.  
Y
Y
Y
Y
Y
CR00014960  
This issue has been resolved.  
IPv6  
2
2
If a large number of IPv6 multicast routes were added (more than1000) on a  
switch with an IPv6 accelerator card, the switch could reboot.  
CR00015102  
CR00015585  
This issue has been resolved.  
ATM  
AR442S routers sometimes rebooted while using the Test Facility to test the  
SHDSL interface.  
This issue has been resolved.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-03  
89  
CR  
Module  
IPv6  
Level  
2
Description  
When a switch was heavily loaded with IPv6 traffic, it could reboot because a  
large quantity of traffic was queued while waiting for a neighbour's MAC  
address to resolve.  
Y
Y
Y
Y
Y
Y
Y
Y
CR00015678  
This issue has been resolved by limiting the number of packets that can be  
queued while waiting for a neighbour's MAC address to resolve.  
Level 3  
CR  
Module  
QoS  
Level  
3
Description  
By default, queue lengths were set to the maximum possible values for each port  
type. This could make low-priority queues inappropriately starve higher-priority  
queues of buffer resource.  
Y
Y
CR00013270  
This issue has been resolved. The default queue length has been reduced to 128  
frames for all port types. If required, you can change them by using the existing  
command:  
SET QOS POrt={port-list|ALL} EGRessqueue[=queue-list] [Length=16..3648]  
[other optional parameters]  
LLDP  
3
The switch included a permanent L3 filter to stop CDP (Cisco Discovery Protocol)  
packets from being forwarded. This made one less L3 filter match available to  
users.  
Y
Y
Y
Y
CR00014306  
Switch  
This issue has been resolved. CDP still requires an L3 filter, but the filter is  
automatically created when CDP is enabled and destroyed when CDP is disabled.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-03  
90  
CR  
Module  
QoS  
Level  
3
Description  
Destroying a traffic class or flow group also destroyed all classifiers that were  
associated with that traffic class or flow group.  
Y
Y
Y
Y
Y
Y
CR00014959  
This issue has been resolved. User-created classifiers are no longer destroyed.  
Automatically-created classifiers are still destroyed, such as classifiers for DHCP  
snooping.  
Switch  
Switch  
3
3
When the switch performed layer 3 routing across a trunk, it did not balance  
traffic across all ports in the trunk group.  
Y
Y
Y
Y
Y
Y
Y
Y
CR00015510  
This issue has been resolved.  
If the switch received a packet on a port and therefore started using MAC-based  
authentication to authenticate the port, and then received another packet during  
the authentication process, then occasionally the switch dropped the second  
packet.  
Y
Y
Y
Y
Y
CR00015798  
CR00016058  
This issue has been resolved.  
Level 4  
No level 4 issues  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Features in 291-02  
91  
Enhancements  
CR  
Module  
Level  
-
Description  
IGMP  
snooping,  
IGMP snooping learns which ports have routers attached to them, so it can  
forward relevant IGMP messages out those ports. By default, snooping identifies  
router ports by looking for ports that receive specific multicast packets (such as  
IGMP queries, PIM messages, OSPF messages, and RIP messages).  
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014222  
Switch,  
VLAN  
In some network configurations, this learning process cannot identify all router  
ports. For such networks, this enhancement enables you to statically configure  
particular ports as multicast router ports.  
To specify the static router ports, use the new command:  
add igmpsnooping vlan={vlan-name|1..4094} routerport=port-list  
To stop ports from being static router ports, use the new command:  
delete igmpsnooping vlan={vlan-name|1..4094} routerport=port-list  
To list the static router ports, use the existing command:  
show igmpsnooping  
and check the new “Static Router Ports” field.  
Features in 291-02  
Version 291-02 was not released.  
Features in 291-01  
Version 291-01 was not released.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Support for the new x900-48FS switch—CR00016662  
92  
Support for the new x900-48FS switch—CR00016662  
The x900-48FS is a new model in the x900 Series of layer 3 gigabit and fast Ethernet switches. Its key features are:  
Multi-layer Fast Ethernet switch  
48-port 100BASE-X SFP sockets, 100 Mbps, full or half duplex  
4-port 1000BASE-X SFP uplink sockets, 1000 Mbps, full duplex  
Support for hot-swappable SFP modules  
Hot-swappable, load sharing PSUs  
1U height, rack-mountable  
Non-blocking Layer 2 and Layer 3 IP switching  
IPv6-ready hardware for accelerated unicast and multicast routing  
4096 Layer 2 multicast entries  
1024 Layer 3 IPv4 multicast entries  
4096 logical IPv6 interfaces  
32MBytes of fixed flash  
256MBytes of Synchronous DRAM, expandable to 512MBytes with DIMM  
CompactFlash slot for hot-swappable expansion of flash memory up to 128MBytes  
x900-48FS front panel  
ASYN0/CONS  
For more information about the x900 Series and expansion options, see the Hardware Reference. The Hardware Reference is available from  
www.alliedtelesis.co.nz/documentation/manuals.html.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
 
IGMP snooping fast leave in multiple host mode—CR00017482  
93  
IGMP snooping fast leave in multiple host mode—CR00017482  
The IGMP snooping fast leave option has been enhanced, to make it available when multiple clients are attached to a single port on the snooping switch. Fast  
leave now has two modes available:  
multiple host mode—the new feature. In multiple host mode, the snooper tracks which clients are joined to a given IP multicast group on a given port. As  
soon as the last client leaves a group on a port, the snooper shuts off the multicast to that port.  
single host mode—the existing functionality. In single host mode, as soon as the snooper receives a leave message for a group on a port, it shuts off the  
multicast. This mode assumes that there are no other clients on the port that are still interested in receiving the multicast, so is suitable only when clients are  
directly attached to the snooper.  
To specify the new multiple mode, use the command:  
set igmpsnooping vlan={vlan-name|1..4094|all} fastleave=multiple  
To specify single mode, use either of the commands:  
set igmpsnooping vlan={vlan-name|1..4094|all} fastleave=single  
set igmpsnooping vlan={vlan-name|1..4094|all} fastleave=on  
The command show igmpsnooping vlan has also been enhanced. The new command syntax is:  
show igmpsnooping vlan={vlan-name|1..4094|all} [group={multicast-ip-address|allgroups}] [detail]  
The group parameter lets you display information for only one group or for only the All Groups port (the allgroups option).  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
 
IGMP snooping fast leave in multiple host mode—CR00017482  
94  
The detail parameter displays more detailed information, including expiry times for each port, and in the case of multiple host fast leave mode, the list of hosts  
on a port. The following example shows this.  
IGMP Snooping  
--------------------------------------------------------------------------  
Status ........................... Enabled  
Disabled All-groups ports ........ None  
Vlan Name (vlan id) ..... default (1)  
Fast Leave .............. Multiple Host Topology  
Query Solicitation ...... Off  
Static Router Ports ..... None  
Group List .............. 2 groups  
Group 224.0.1.22  
Port 24  
Timeout in 256 secs  
Timeout in 257 secs  
Hosts: 1  
00-00-cd-27-be-f5 (172.20.176.200)  
Timeout in 257 secs  
Group 239.255.255.250  
Port 24  
Timeout in 258 secs  
Timeout in 259 secs  
Hosts: 1  
00-00-cd-27-be-f5 (172.20.176.200)  
Timeout in 259 secs  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Support for the new Rapier 48w switch  
95  
Support for the new Rapier 48w switch  
The Rapier 48w is a new model in the Rapier Series of layer 3 gigabit and fast Ethernet switches. Its key features are:  
48-port 10BASE-T/100BASE-TX (RJ-45 connectors)  
Two 1000BASE SFP ports  
Two asynchronous serial console ports with DB9 connectors  
One Network Service Module bay, with support for various WAN interface cards  
Auto-negotiating Layer 3 Managed Switch  
Enhanced switching core  
Replaceable air filters and fan-only modules (FOMs) for NEBS applications  
Rapier 48w front panel  
Rapier 48w L3 Fast Ethernet Switch  
FAN  
1
FAN  
2
NSM  
PORTS 49-50  
L/A  
1000M LINK  
ACT  
SFP  
INSTALLED  
FAULT  
PORTS 1-48  
ACT  
CLASS  
1
LASER PRODUCT  
DO NOT STARE  
L/A  
D/C  
LINK 100M  
ACT  
LINK 10M  
FULL DUP  
HALF DUP  
COL  
INTO BEAM  
STATUS  
FAULT  
ASYN0  
ASYN1  
POWER  
SWAP  
IN  
USE  
HOT  
RESET  
SWAP  
1
2
3
4
5
6
7
8
9
10 11  
12 13  
14 15  
16  
17  
18 19  
20 21  
22 23  
24 25  
26 27  
28 29  
30 31  
32  
33  
34 35  
36 37  
38 39  
40 41  
42 43  
44 45  
46 47  
48  
49  
50  
NSM  
Rapier 48w rear panel  
WARNING  
This unit might have more  
than one power input. To  
reduce the risk of electric  
shock, disconnect all power  
inputs before servicing unit.  
FOR CENTRALIZED DC  
POWER CONNECTION,  
INSTALL ONLY IN  
A
40-60VDC  
4.5A MAX  
RESTRICTED AREA.  
DUAL INPUTS  
For more information about the Rapier Series and expansion options, see the Hardware Reference. The Hardware Reference is available from  
www.alliedtelesis.co.nz/documentation/manuals.html.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
 
Backing up the configuration with SNMP—CR00016221  
96  
Backing up the configuration with SNMP—CR00016221  
With this enhancement, you can use SNMP to:  
set parameters for uploading files from the router or switch, and  
upload files to a TFTP server  
SNMP already lets you save the current configuration to a file on the router or switch. You can use this with the new options to back up the configuration to a  
TFTP server. To do this, perform the following steps.  
1. Save the configuration  
To save the current configuration, use SNMP SET createConfigFile. The following screenshot shows this for a file called tst.cfg.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
 
Backing up the configuration with SNMP—CR00016221  
97  
2. Set the load parameters  
To specify the server IP address, use SNMP SET loadServer. To set the filename, use SNMP SET loadFilename. The following screenshot shows setting the  
filename to tst.cfg.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Backing up the configuration with SNMP—CR00016221  
98  
3. Upload the file  
To upload the file, use SNMP SET loadStatus and set it to a value of 8. The following screenshot shows this.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
SNMP ASN.01 BER Padding—CR00016523  
99  
SNMP ASN.01 BER Padding—CR00016523  
This enhancement enables you to specify whether SNMP adds 0x00 padding when the most significant 9 bits of an object’s value are all 1, or whether the  
encoding follows the ASN.01 BER rule, which cuts off the most significant byte of 0xff. This setting has an impact on all integer type MIB objects, including 32  
bit and 64 bit counter objects.  
To add the padding, use the command:  
set snmp asnberpadding={on|yes|true}  
To use the ASN.01 BER rule, which is the default, use the command:  
set snmp asnberpadding={off|no|false}  
The following table lists examples.  
Bits  
Value (decimal)  
Value (hex)  
asnberpadding setting  
Encoding  
counter32  
4289592837  
0xFFADFE05  
on  
off  
on  
off  
41 05 00 ff ad fe 05  
41 03 ad fe 05  
counter64  
18410715280977201498  
0xFF800000ff80895A  
46 09 00 ff 80 00 00 ff 80 89 5a  
46 07 80 00 00 ff 80 89 5a  
To see whether or not padding is added, use the command:  
show snmp  
and check the new “ASN.01 BER Padding” field.  
Version 291-10  
C613-10488-00 REV G  
Download from Www.Somanuals.com. All Manuals Search And Download.  
 

3M Wheelchair FR330 User Manual
Aastra Telecom Laptop REV 06 User Manual
Actiontec electronic Network Router GT701D User Manual
ADC Network Card SignalOn Series User Manual
AeroGarden Greenhouse Kit 300291 User Manual
Agilent Technologies Network Card 82350B User Manual
Airlink101 Network Router AR675W User Manual
Alliance Laundry Systems Washer Dryer CHM166C User Manual
Atmel Stereo Amplifier ATR7040 User Manual
Beckett Water Gardening Plumbing Product G325AG20 User Manual