Software Maintenance Release Note
Maintenance Version 291-10
for AR415S, AR440S, AR441S, AR442S, AR450S, AR725, AR745, AR750S, AR750S-DP, and AR770S routers and
AT-8600, AT-8700XL, Rapier i, Rapier w, AT-8800, AT-8900, x900-48, AT-9900, and AT-9800 Series switches
This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 291-10 for Software Version 2.9.1. Version
details are listed in the following table:
Models
Series
Release File
Date
Size (bytes)
GUI file
AR415S, AR440S, AR441S, AR442S, AR450S
AR400
54291-10.rez
24 July 2007
4946220
415s_291-10_en_d.rsc
440s_291-10_en_d.rsc
441s_291-10_en_d.rsc
442s_291-10_en_d.rsc
450s_291-10_en_d.rsc
AR750S, AR750S-DP, AR770S
AR725, AR745
AR7x0S
AR7x5
55291-10.rez
52291-10.rez
24 July 2007
24 July 2007
4074888
4114292
750s_291-10_en_d.rsc (AR750S and AR750S-DP)
_725_291-10_en_d.rsc
_745_291-10_en_d.rsc
AT-8624T/2M, AT-8624PoE, AT-8648T/2SP
AT-8600
sr291-10.rez
24 July 2007
2468216
8624t_291-10_en_d.rsc
8624poe_291-10_en_d.rsc
8648t_291-10_en_d.rsc
AT-8724XL, AT-8748XL
AT-8700XL
Rapier i
87291-10.rez
86291-10.rez
24 July 2007
24 July 2007
2411128
4587048
8724_291-10_en_d.rsc
8748_291-10_en_d.rsc
Rapier 24i, Rapier 48i, Rapier 16fi
r24i_291-10_en_d.rsc
r16i_291-10_en_d.rsc
r48i_291-10_en_d.rsc
Rapier 48w
Rapier w
86291-10.rez
24 July 2007
4587048
-
Download from Www.Somanuals.com. All Manuals Search And Download.
Levels
3
Levels
Some of the issues addressed in this Maintenance Version include a level number. This number reflects the importance of the issue that has been resolved. The
levels are:
Level 1
Level 2
Level 3
Level 4
This issue will cause significant interruption to network services, and there is no work-around.
This issue will cause interruption to network service, however there is a work-around.
This issue will seldom appear, and will cause minor inconvenience.
This issue represents a cosmetic change and does not affect network operation.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-10
4
Features in 291-10
Software Maintenance Version 291-10 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■
■
“Y” indicates that the resolution is available in Version 291-10 for that product series.
“–” indicates that the issue did not apply to that product series.
Level 1
No level 1 issues
Level 2
CR
Module
Level
2
Description
Switching,
DHCP
Snooping
Enabling DHCP snooping (correctly) adds a hardware filter to all untrusted
ports, to block all IP traffic coming from those ports. Previously, disabling
DHCP snooping did not delete these filters. This meant that the switch
dropped all IP traffic from the previously-untrusted ports until the switch
was restarted.
-
-
-
-
-
-
-
-
Y
Y
-
CR00016759
Also, attempting to manually delete the hardware filters did not actually
remove them.
These issues have been resolved. The switch now removes the filters if you
disable DHCP snooping or manually delete the filters.
IP Gateway
2
If the user did not specify the destination and dmask parameters when
entering the set ip filter command, the destination and dmask of the
filters were reset to any.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00018655
CR00018656
Also, it was not possible to delete an IP filter by using the delete ip filter
command, even when all required parameters were present.
These issues have been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-10
5
CR
Module
Level
2
Description
Switching
The resolution to CR 444 meant that packets processed by the CPU are now
subjected to the same filtering as packets switched in hardware. However,
this filtering did not always return the expected results. Sometimes its IP
address matching was incorrect, and it did not correctly process filters with
an action of nodrop.
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
CR00018663
These issues have been resolved.
OSPF
2
On a router or switch with OSPF redistribution enabled, OSPF did not
redistribute the interface route when an interface came up (for example,
after a reboot).
Y
Y
Y
Y
Y
Y
CR00018691
This issue has been resolved.
QoS
2
2
QoS policies, traffic classes, and flow groups could not have an ID number
of 0 (zero).
-
-
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
CR00018693
CR00018778
This issue has been resolved.
IP NAT, Firewall
When using IP NAT, the router or switch would reboot when processing
TCP SYN packets.
Y
Y
Y
This issue only occurred with IP NAT, which is configured by using the add
ip nat command. It did not occur with firewall NAT.
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-10
6
Level 3
CR
Module
Ping
Level
3
Description
Traceroute (the trace command) did not work. It returned the error “The
destination is either unspecified or invalid” even if the destination was
reachable.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00018514
This issue has been resolved.
Level 4
No level 4 issues
Enhancements
No enhancements
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-09
7
Features in 291-09
Software Maintenance Version 291-09 includes the enhancement in the following table, which is available for x900-48FE and x900-48FE-N switches.
Level 1-4
No level 1-4 issues
Enhancements
CR
Module
Core
Level
-
Description
CPU fan monitoring is now disabled by default on x900-48FE and
x900-48FE-N switches. Monitoring the fan is unnecessary unless an
accelerator card is installed on the switch, so disabling monitoring reduces
the number of messages that the switch displays and logs.
-
-
-
-
-
-
-
-
Y
-
-
CR00018530
To enable monitoring, use the command:
enable cpufanmonitoring
To disable it again, use the command:
disable cpufanmonitoring
When monitoring is enabled, the command show system displays the
CPU fan status in the entry labelled “Main fan”.
Note that this behaviour is already available on AT-8948 switches.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
8
Features in 291-08
Software Maintenance Version 291-08 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■
■
“Y” indicates that the resolution is available in Version 291-08 for that product series.
“–” indicates that the issue did not apply to that product series.
Level 1
No level 1 issues
Level 2
CR
Module
Level
2
Description
Switching,
IGMP,
IP Gateway
If a packet should have matched a hardware filter with a deny action and
have been discarded, but an IP routing entry had not yet been learnt for the
packet, then the packet was not discarded.
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
Y
-
-
-
-
-
-
-
-
CR00000444
This issue has been resolved and the packet is now discarded.
Switching
Firewall
2
2
When a nodrop action was specified on a port as part of an L3 filter, it was
observed that the port was still dropping packets. This was observed after
the ARP entry for the destination IP expired from the switch’s L3 table.
-
-
-
-
CR00000484
CR00001231
This issue has been resolved.
The router or switch sometimes recorded more events in its deny event
queue than was specified by the detail parameter of the set firewall
policy attack command.
Y
Y
Y
Y
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
9
CR
Module
Level
2
Description
Classifier
The following issues existed with classifiers:
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00003495
■ classifiers matching protocol=ipv6 and ipprotocol=icmp could be
created more than once
■ classifiers matching protocol=ipv6 and ipprotocol=1 could be created
but were meaningless because 1 represents IPv4 ICMP
■ classifiers matching protocol=ip and ipprotocol=58 could be created
but were meaningless because 58 represents IPv6 ICMP.
These issues have been resolved.
Also, classifiers now default to protocol=ip (IPv4) if:
■ no value is specified for the protocol parameter, or
■ protocol=any and ipprotocol=icmp.
VLAN
BGP
2
2
2
Removing then re-adding ports to a Nested VLAN, with rapid STP enabled,
caused the port in the Alternate Discarding state to leak a small number of
packets.
-
-
-
-
-
-
-
-
-
Y
Y
Y
-
CR00004018
CR00005472
CR00005812
This issue has been resolved.
When BGP was in the OpenSent state and it received an out-of-sequence
message (such as a KeepAlive message), BGP would return to the Idle state.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
This issue has been resolved. BGP now sends a notification message to the
other BGP peer, as expected.
IP Gateway
When the router or switch received an IP packet whose length was greater
than the MTU on the outgoing link, and the packet contained an IP option
that was not designed to be fragmented (such as Timestamp), then the
resulting constituent fragments would have incorrect IP header lengths.
This could lead to data corruption.
Y
Y
On routers, this issue applied to all routed packets. On switches, it applied
to packets processed by the CPU, not to packets switched in hardware.
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
10
CR
Module
RIPng
Level
2
Description
The following issues occurred with RIPng:
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00007178
■ RIPng dropped requests from peers with non link-local addresses.
■ for a solicited response, if the routes did not exist on the device, RIPng
returned a metric of 0 for them instead of returning a metric of 16
■ RIPng performed split-horizon checking for solicited responses
■ RIPng used the link-local address to respond to all requests, even if the
request used a non link-local address and therefore the reply should
have also used a non link-local address
These issues have been resolved.
Install, MIB
2
Previously, the MIB objects configFile and createConfigFile would return the
current configuration file, and the MIB object currentConfigFile would
return 'no such object'.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00008847
This issue has been resolved. The objects configFile and createConfigFile
now return the boot configuration file. The object currentConfigFile now
returns the current configuration file.
Classifier
Firewall
2
2
The output of the show classifier=number command did not show the
protocol number.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
Y
CR00009473
CR00010654
This issue has been resolved.
When adding a firewall application rule, it was possible to specify FTP as the
application but not specify the command parameter. This meant that the
rule would allow all FTP commands through, even if action=deny had
been specified.
This issue has been resolved by making the command parameter
mandatory when the application is specified as FTP.
PPP
2
If the router or switch received an LCP packet with an unrecognised code,
it responded with a CodeReject packet of incorrect length that did not
respect the established MRU of the peer.
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00010951
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
11
CR
Module
PPP
Level
2
Description
If the router or switch received an LCP packet with an unrecognised
protocol, it responded with a ProtocolReject packet of incorrect length that
did not respect the established MRU of the peer.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
Y
Y
Y
CR00010967
This issue has been resolved.
PPP
2
When the established Maximum Receive Unit (MRU) of the remote PPP peer
was greater than the established MRU of the local PPP peer, Echo Reply
packets did not respect the established MRU of the remote peer.
Y
CR00010968
This issue has been resolved.
Core
VPN, GUI
OSPF
2
2
2
In most circumstances the stack dump for an AR7x5 router was invalid and
did not contain complete information about the cause of a reboot.
-
Y
-
-
-
-
-
-
-
-
-
-
CR00011231
CR00012218
CR00012727
This issue has been resolved.
Enabling VPN (IPsec) on the GUI caused the GUI VPN page to stop
displaying information about some or all of the existing VPN policies.
Y
Y
Y
Y
-
-
-
-
-
-
-
-
This issue has been resolved.
Sometimes when a type 7 external LSA was translated to a type 5 external
LSA the forwarding address was set to 0.0.0.0 in the translated type 5 LSA.
Y
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved, so that the forwarding address is always
copied from the type 7 LSA being translated.
OSPF
2
When the router or switch is acting as an area border router and one of the
areas is an NSSA (Not So Stubby Area), the router or switch will create a
default route for the NSSA and inject this into the NSSA. Previously, the
router or switch was also redistributing this route into other areas as a static
route when static route redistribution was turned on. This was not desirable
behaviour.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012751
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
12
CR
Module
TTY
Level
2
Description
Unexpected characters could appear on the terminal emulator display
when the column size was set greater than 80 and the user edited a
command that spanned more than one line of the display.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
CR00012871
This issue has been resolved.
DVMRP,
2
If a frame relay interface was configured as a DVMRP interface, then the
DLC value was not correctly generated in output of the command show
config dynam or in the configuration script generated by the command
create config.
-
CR00013597
Frame Relay
This issue has been resolved.
Core, SNMP
2
2
Previously, SNMP returned an incorrect product ID number for AR750S-DP
routers.
-
-
-
-
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00013660
CR00013735
This issue has been resolved. The value of the sysObjectID object is now 80
for AR750S-DP routers.
LACP,
Switching
When moving ports from an LACP-controlled trunk to a manually-
configured trunk, ports were incorrectly set in an STP blocking state.
Therefore, traffic would not flow over the trunk.
Y
Y
This issue has been resolved.
Note: When you move ports from an LACP-controlled trunk to a manually-
configured trunk, you must delete the ports from LACP.
OSPF
2
If the obsolete command set ospf rip=both was entered, the router or
switch correctly automatically replaced it with the following two
commands in the dynamic configuration:
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013763
add ospf redistribute protcol=rip
set ospf rip=export
However, if the command create config was used to save the
configuration, after system start-up the configuration file did not contain
the command add ospf redistribute protocol=rip. This meant that OSPF
stopped redistributing RIP routes after a reboot.
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
13
CR
Module
IPv6
Level
2
Description
If a user shortened the prefix length of an IPv6 interface address, then
lengthened it, it became impossible to change the prefix length again.
Y
-
Y
-
Y
-
Y
Y
Y
-
Y
Y
Y
-
Y
Y
-
-
-
Y
Y
-
Y
Y
-
Y
CR00013778
This issue has been resolved.
MSTP
L2TP
2
2
2
Executing the commands disable mstp port=number or enable mstp
port=number would not disable or enable the port on all MSTIs.
Y
-
Y
-
-
CR00013893
CR00013982
CR00014044
This issue has been resolved.
An L2TP call could be deleted when still attached to the PPP interface.
Doing this caused the router or switch to reboot.
Y
-
Y
-
Y
-
-
This issue has been resolved.
IGMP
When large numbers of multicast streams were passing through the switch
and there was no multicast routing protocol running (such as PIM or
DVMRP), the CPU would experience regular periods of extended high
utilisation. This could result in lost control packets and network instability.
-
-
-
-
-
Y
This issue has been resolved.
TTY
TTY
2
2
2
2
When a file was redirected (for example, by a trigger), if the mail hostname
was not available or not configured, the router or switch would reboot.
Y
Y
Y
Y
Y
Y
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014146
CR00014230
CR00014295
CR00014320
This issue has been resolved.
If the built-in editor was used to delete the last line of a file, the router or
switch could reboot.
This issue has been resolved.
IGMP
OSPF
IGMP snooping would process IGMP protocol packets that had incorrect IP
TTL fields (i.e. that had values other than 1).
This issue has been resolved.
Occasionally, when OSPF was started, not all the Type-7 LSAs were
translated into Type-5 LSAs.
Y
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
14
CR
Module
PIM6
Level
2
Description
If an IPv6 accelerator was used, and the upstream router forwarded IPv6
multicast data just before the prune limit timer expired, then the
downstream router sometimes did not send the prune until significantly
after the timer expired.
-
-
-
-
-
-
-
-
Y
Y
-
CR00014827
This issue has been resolved.
MSTP, GUI
2
2
Using the web-based GUI to set the Point-to-Point Link in the MSTP CIST
Port configuration to a non-default value would generate an error.
-
-
-
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
-
-
CR00015169
CR00015805
This issue has been resolved.
ISAKMP, IPv6
During the boot up, the router or switch waited 5 seconds before
beginning ISAKMP prenegotiation. For VPN tunnels over IPsec for IPv6, this
was not long enough for the router or switch’s interfaces to come up before
prenegotiation began.
Y
Y
Y
Also, the router or switch did not obtain the most recent active ISAKMP SA
when multiple SAs existed.
These issues have been resolved. The router or switch now waits 6 seconds,
and obtains the most recent SA and uses that for Phase 2 negotiations.
Switching
2
2
2
If the switch had a large number of routes in its forwarding database (FDB),
and the command show switch fdb was used to display the contents of
the FDB, and the switch’s CPU was busy at the time, then the switch
sometimes rebooted.
-
-
-
-
-
-
-
-
Y
Y
Y
Y
Y
Y
-
CR00015964
CR00016262
CR00016340
This issue has been resolved.
Load
When attempting to upload files from the switch using TFTP to an IPv4
server address, the router or switch reported an error if IPv6 was not
enabled. It was not possible to upload files using TFTP to an IPv6 server
address at all.
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
These issues have been resolved.
DHCP
Snooping
DHCP Snooping has been enhanced to operate in a customised VLAN ID
translation (VID translation) environment. Previously, DHCP Snooping was
not supported with VID translation.
-
-
-
Y
Y
-
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
15
CR
Module
IPv6
Level
2
Description
The timer that governs the interval between repeated neighbour
solicitation messages could only be configured by using the ndretrans
parameter of the set ipv6 nd command, and not through router
advertisements that the router or switch received from other routers.
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00016587
This issue has been resolved. Instead of using the ndretrans parameter of
the command set ipv6 nd, use the retrans parameter to configure the
timer interval. Also,routers or switches acting as hosts will now correctly
update their timer values to the value specified in any router advertisements
that they receive.
DHCP6
2
2
Previously, it was possible to enter the incomplete commands delete
dhcp6 policy=name or set dhcp6 policy=name without specifying any
other parameters.
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
Y
Y
CR00016592
CR00016840
This issue has been resolved. If this is done, the router or switch now
displays the warning:
Warning (2117007): One or more parameters may be missing.
STP
Previously, when the switch was a Spanning Tree root bridge in a network
and a user raised the switch’s root bridge priority enough to stop the switch
from being the root bridge, unnecessary delays in convergence occurred.
-
-
-
Y
Y
This issue has been resolved.
IP Gateway
ISAKMP
2
2
The set ip filter command would not accept the protocol parameter.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
CR00016956
CR00016964
This issue has been resolved.
When the router or switch negotiated an IPsec tunnel with RFC3947 NAT-
T, its NAT-OA payload had two bytes of reserved fields after the ID field
instead of the three bytes specified by RFC 3947. This could prevent the
tunnel from working properly when the tunnel was between an Allied
Telesis router or switch and some other vendor.
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
16
CR
Module
ATM
Level
2
Description
If a PPP instance was destroyed after an attached ATM channel had been
modified using the set atm channel command, the router rebooted. The
router could also reboot if an ATM channel was deleted under similar
circumstances.
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00016985
This issue has been resolved.
IPsec
2
AlliedWare IPsec would not interoperate with Microsoft Windows Vista
VPN clients. This was because Microsoft changed the IPSec behaviour in
Vista such that Vista's private local IP address is sent as the local
identification instead of an FQDN. When an IPSec tunnel between
AlliedWare and Vista was brought up, the hosts could not communicate.
Y
Y
Y
Y
Y
CR00016989
CR00017081
This issue has been resolved. AlliedWare IPsec can now communicate with
peers that send their private local IP address as the local identification.
Classifier
2
The show classifier command did not allow users to display only the
classifiers that had their IP source address and MAC source address
parameters set to dhcpsnooping.
-
-
-
-
-
-
-
-
Y
Y
-
This issue has been resolved. For example, the command show classifier
ipsa=dhcpsnooping now displays those classifiers that have their IP
source address set to dhcpsnooping.
Also, it is no longer possible to create two identical classifiers with DHCP
snooping parameters.
Firewall
2
When the router was acting as a firewall and performing DNS relay, it used
the local IP interface private address as the source address for some packets
that it sent out the public interface. When the router acts as a DNS relay, it
receives DNS requests from the private interface and sends a new packet
on the public interface. These new packets were given the wrong address.
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
CR00017093
This issue has been resolved. Such packets now have their source address
set to the public interface address as required.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
17
CR
Module
IPsec
Level
2
Description
If an IPsec tunnel with no encryption (NULL) was negotiated in AlliedWare
over NAT-T, the ESP packets did not contain an RFC 3948 compliant
checksum. This means that some vendors may have discarded packets sent
by the AlliedWare peer over such a tunnel.
Y
Y
Y
Y
Y
Y
-
-
-
-
-
CR00017226
This issue has been resolved.
Note the null encryption is useful for debugging the traffic over an IPsec
tunnel and should not be used in a working IPsec solution.
IPsec
2
2
An IPSec checksum recalculation error occurred with UDP traffic when the
ESP encapsulation was added.
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
-
-
-
-
-
-
-
-
CR00017227
CR00017255
This issue has been resolved.
Switching
Previously, trunk members were given the STP state in hardware of port 1,
instead of having the STP state of the lead port in the trunk. The software
state (as displayed with the command show stp port) was correct.
Y
Y
This issue has been resolved.
Switching
Switching
2
2
When using multi-homed IP interfaces on a VLAN, it was possible that L3
hardware switching would stop for all multi-homed interfaces on that
VLAN, if one of the multi-homed interfaces was removed or went into an
administratively down state.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Y
Y
Y
Y
-
-
CR00017256
CR00017337
This issue has been resolved.
It was possible to set up a classifier that matched MPLS frames at layer 2,
but the switch would not correctly match these MPLS frames against the
classifier.
This issue has been resolved. The switch now correctly matches MPLS
frames against such a classifier.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
18
CR
Module
QoS,
Level
2
Description
Some small memory access violations existed in DHCP snooping.
These violations have been resolved.
-
-
-
Y
Y
Y
Y
Y
Y
Y
-
CR00017368
DHCP
Snooping
Also, a new console error message is displayed if a user tries to add a
duplicate classifier to a QoS policy. For example, if traffic class 101 belongs
to policy 2 and a user tries to add a flow group to traffic class 101 when
the flow group’s classifier is number 54 and already belongs to policy 2, the
following message is displayed:
Error (3099297): Duplicate classifier (54) on policy 2.
A similar new log message has also been added, which says:
Duplicate classifier (<number>) found on <string> <number>
Note that a classifier can exist in two separate policies but cannot exist
twice in the same policy.
IP Gateway
2
The router or switch could reboot when the local interface address had
been specified by using the set ip local command, and then the underlying
interface from which the local interface took its address was either deleted
or had its address changed. In both these cases, the local interface was
correctly reset back to an undefined address, but a route to this address was
not deleted. This could cause routing difficulties and a reboot when packets
for that address were received.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00017456
This issue has been resolved. The route is now correctly deleted.
Firewall
2
When a VoIP call using SIP was initiated from the public side of the firewall,
occasionally the firewall created two UDP sessions for the call with different
UDP source ports. This happened if the first packets of the STP (voice data)
stream arrived earlier than the 200 OK message that was supposed to
establish the session. The result was that the public side caller could not
hear the call.
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
CR00017488
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
19
CR
Module
ISAKMP
Level
2
Description
The router or switch sometimes could not establish a VPN when the remote
peer was behind a NAT gateway and the router or switch’s remote ID was
set to default.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
-
-
-
CR00017518
This issue has been resolved.
PPP
2
If a PPPoE AC service had been added, but AC mode had not been enabled
by using the enable ppp ac command, PADI frames were processed
anyway, potentially leading to a reboot.
Y
Y
Y
CR00017634
This issue has been resolved.
TTY
2
2
Previously, it was not possible to configure a TTY service on the router (by
using commands like create service).
Y
-
-
-
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00017659
CR00017662
This issue has been resolved.
Core
Stopping and restarting two fans on the switch in a particular order could
put the fan fault detection mechanism into a state in which the system LED
would not flash for a fan fault.
Y
This issue has been resolved.
IGMP
2
When the switch had a hardware filter configured that would match and
discard a received IGMP packet, IGMP snooping still processed the packet
and added the details to its snooping database.
-
-
-
Y
Y
Y
Y
Y
-
-
-
CR00017724
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
20
CR
Module
Level
2
Description
IP Gateway,
DHCP
When the DHCP server was enabled on a router or switch that also had a
local IP interface defined by using the set ip local command, outgoing
DHCP server packets would use the set ip local command's IP address as
their source address. Furthermore, if the broadcast flag was set to TRUE in
the DHCP Discover message that the server was replying to, then the server
would send the DHCP Offer packet out the wrong IP interface with the
wrong source IP address. Microsoft Windows Vista has the broadcast flag
set to TRUE.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00017731
These issues have been resolved. The DHCP server configuration now
ignores any local IP interfaces set by using the set ip local command, and
the server now sends the Offer message out the interface that it received
the Discover on.
Switching
2
If a multicast route had an odd number of downstream interfaces attached
to it, and the last downstream interface was deleted, the second to last
downstream interface could experience a loss of packets.
-
-
-
-
-
-
-
-
Y
Y
-
CR00017749
This issue has been resolved.
PIM
2
2
PIM would sometimes start forwarding duplicate packets from the RP to
downstream interfaces if the SPT Bit had been set and had become unset.
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
Y
Y
Y
Y
-
CR00017816
CR00017906
This issue has been resolved.
VLAN, MSTP
If ports were removed from a VLAN and MSTP was enabled, then the port
removal was not included in the configuration displayed by the command
show config dynam or saved by the command create config.
Y
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
21
Level 3
CR
Module
PKI
Level
3
Description
Some PKI commands (including add pki ldap, create pki enroll, and
create pki keyupdate) only worked if their parameters were entered in a
particular order.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
CR00000503
This issue has been resolved.
3
3
The command add fire policy=name rule=number act=allow int=int
ip=ipadd list=filename would incorrectly be rejected, with an error
message stating that list and ip were mutually exclusive.
Y
Y
CR00001106
CR00001438
This issue has been resolved, so that list and ip can be used together in the
same firewall rule.
TACACS+
If TACACS+ was used for authentication and the TACACS+ server went
down during an authentication attempt, the router or switch added the
attempted login names to the TACACS+ user list (as displayed in output of
the show tacplus user command). However, the router or switch correctly
did not log users in with those names.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved.
IP Gateway
Firewall
3
3
Sometimes an incorrect error message was printed if a user tried to enable
IP multicast switching on a device that did not support it.
-
-
-
Y
Y
Y
Y
Y
Y
Y
-
Y
-
-
-
-
-
-
CR00002587
CR00003354
This issue has been resolved.
The firewall message “Port scan from <source> is underway” was repeated
more times than messages about other attack events. This could cause
confusion.
Y
Y
Y
Y
This issue has been resolved. The message is now displayed with the same
frequency as other firewall attack event messages.
Firewall
3
The firewall sometimes did not report that an attack had finished until
several minutes after it actually finished.
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
CR00003356
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
22
CR
Module
File
Level
3
Description
The show file command did not check whether the specified file system
was valid. If an invalid file system type was entered (such as show
file=abc:*.*), the router or switch reported that no files found instead of
reporting that the file system abc did not exist.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00004004
This issue has been resolved.
GUI
3
The following issues occurred with the GUI:
-
-
-
-
-
-
-
-
-
CR00005048
■ the menu item and related page title for configuring PPPoE and PPPoA
interfaces was incorrectly named “PPP”. This issue has been resolved by
changing the names to “PPPoE / PPPoA”.
■ the UPnP selection option on the firewall pages did not work. This issue
has been resolved.
Note that if you want to use the GUI to configure a PPP interface over ISDN,
use the Dial-up menu option to do so.
LACP
3
If a user attempted to enable LACP on AT-9800 series switches—which do
not support LACP—the switch incorrectly said that the module had been
enabled.
-
-
-
-
-
-
-
-
-
-
Y
CR00005187
This issue has been resolved. The switch now displays an error message
instead.
Classifier
BGP
3
3
Previously, a classifier with protocol=ip matched both IPv4 and IPv6
packets when used with software QoS, instead of only matching IPv4
packets.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
-
-
-
-
CR00005894
CR00005940
This issue has been resolved.
There were several cases in BGP where an error was discovered in an
incoming packet, but the incorrect error subcode was reported in the
accompanying NOTIFICATION message. Also, NOTIFICATION messages did
not contain the aberrant data in their data fields, as required by the RFC.
Y
Y
Y
Y
These issues have been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
23
CR
Module
SNMP
Level
3
Description
On AR725 and AR745 routers, which have no VLAN support, an SNMP Get
request for dot1qMaxVlanId or dot1qMaxSupportedVlans incorrectly
returned a value.
-
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00006303
This issue has been resolved.
Bridge
3
Predefined bridge protocols XEROX PUP and PUP Addr Trans with the
encapsulation of EthII and protocol type 0x0200 and 0x0201 are invalid
and obsolete, since they are less than the minimum ETHII protocol type of
1500 (decimal). Bridging with these protocols could cause the router to
reboot.
Y
Y
CR00006613
This issue has been resolved by replacing the predefined protocol types with
the more modern equivalents 0x0a00 and 0x0a01. Also, if you enter a
protocol type less than the minimum, the router now displays an error
message.
GUI
3
3
3
When a user used the GUI to attempt to delete a local interface that was in
use by another protocol, the operation (correctly) failed, but the GUI did not
display an error message to explain the failure.
Y
-
Y
-
Y
-
Y
Y
-
-
Y
Y
-
Y
Y
-
Y
Y
-
-
Y
Y
-
Y
-
CR00007394
CR00007404
CR00007926
This issue has been resolved.
MSTP
If a network running MSTP was connected to a network running RSTP and
MSTP message debugging was enabled on a switch, the debug output
could loop for a very long time with invalid data.
Y
-
Y
Y
This issue has been resolved.
Switching,
IP Gateway
The x900 series switches did not send an ICMP Redirect packet when they
received a packet and the route to the packet’s destination was back to the
packet’s sender. The switches routed the packet back to the source but did
not send an ICMP Redirect message.
-
-
-
-
This issue has been resolved. The x900 series switches now send an ICMP
Redirect message.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
24
CR
Module
TTY
Level
3
Description
When prompted to enter a file name while using the command line file
editing utility, no more than 23 characters could be typed, even if the
existing characters were deleted using the backspace key.
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
CR00008122
This issue has been resolved.
Firewall
3
The command enable firewall notify=port port=asyn-number was not
available on switches, only on routers. If a user created a configuration on
a router and used this option, the configuration had to be modified if
transferred to a switch.
Y
CR00008378
This issue has been resolved. The notify=port option and the port
parameter are now available on switches. However, these port parameters
have been deprecated in favour of the asyn parameters, so warning
messages are printed to indicate this if the commands are used.
Switching
3
When the commands enable switch port=number automdi and
disable switch port=number automdi were executed from a telnet
session, some INFO messages were output to the asyn0 console session
instead of the telnet session.
-
-
-
-
-
-
-
-
Y
Y
-
CR00009086
This issue has been resolved.
STP, SNMP
3
3
Previously, newRoot and topologychange traps (located at
1.3.6.1.2.1.17.0) were only generated by the bridging module.
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00010144
CR00010229
This has been extended to the STP module. Please note that this applies
only to standard STP, not Rapid STP.
Install, SNMP
Previously, MIB objects instRelMajor, instRelMinor and instRelInterim values
were only correct for bootrom (default) builds.
Y
Y
Y
This issue has been resolved. Now the correct values are returned for these
objects when the current install matches the temporary or preferred install.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
25
CR
Module
Install
Level
3
Description
If a user attempted to enter a filename with an invalid format, the resulting
error message did not correctly describe the format that should have been
used. Also, the router or switch returned an incorrect error message when
a user attempted to delete a non-existent release licence file.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00010306
These issues have been resolved.
BGP
3
3
3
Previously, it was possible to enter bad BGP peer IP addresses, such as
0.x.x.x, 127.x.x.x and 255.255.255.255.
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
-
Y
-
Y
-
CR00010315
CR00010465
CR00010538
This issue has been resolved.
Switching
Firewall
The “?” help for the command show switch sock=con inst=value
showed a maximum value of 4294967295.
Y
-
This issue has been resolved. Valid instance values are 0 and 1.
When firewall events were recorded in the Notify queue (displayed in
output of the command show firewall event=notify), the IP address
shown would be the address of the very first packet that belonged to that
event flow. For example, if 64 host scan packets were required to trigger a
host scan event and the first packet had a target IP of 1.1.1.1 and the 64th
had an IP of 1.1.1.64, then the IP address recorded would be 1.1.1.1, even
though the event was not actually recorded until the 64th packet arrived.
Additionally, the source and destination ports in this display would always
show as 0.
Y
Y
Y
-
-
Y
These issues have been resolved.The IP addresses shown are now those of
the particular packet that triggered the event notification, and the source
and destination ports match the actual ports used by that packet.
PPP
3
If the router or switch received an Echo-Request that did not comply with
RFC 1661, it processed and replied to the Echo-Request.
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00010976
This issue has been resolved. Non-complying Echo-Requests are now
ignored.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
26
CR
Module
PPP
Level
3
Description
PPP incorrectly ACKed a LCP ConfigureRequest containing the Magic-
Number option with a value of 0.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
Y
Y
Y
CR00010979
This issue has been resolved.
PPP
3
3
If the router or switch received an incorrectly formatted PAP request packet,
it used to process the packet. This issue has been resolved—now it silently
discards the packet.
Y
CR00010984
CR00011223
Also, if the router or switch received a PAP request packet with a zero
length user ID, it used to send the packet to the authentication database.
This issue has been resolved—now it NAKs the packet.
Core
On AT-8948 and AT-9924SP switches with an empty PSU bay, an SNMP
walk through of the fanAndPsPsuStatusTable would display lines for the
non-existent PSU, with the value of “no such instance”.
-
-
-
-
-
-
-
-
Y
Y
-
This issue has been resolved. The walk through now only includes installed
PSUs.
GUI
3
3
Some of the features supported in the web-based GUI did not have a
complete set of online help pages generated for them.
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
Y
Y
Y
Y
Y
-
Y
Y
Y
Y
CR00011259
CR00011315
This issue has been resolved.
IP Gateway
When the limit for the number of IP interfaces was reached and a user tried
to add another IP interface over a VLAN, the router or switch displayed the
following misleading error message:
Y
Y
Error (3005273): No more VLAN interfaces may be added.
This issue has been resolved. The error message is now:
Error (3005273): No more IP interfaces over VLANs may be added.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
27
CR
Module
Ping
Level
3
Description
When the router or switch pinged a host whose hostname consisted only
of the digits 0-9 and the letters A-F, it treated the given hostname as a
hexadecimal IPX address even if the hostname was in the host list.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00011438
This issue has been resolved. Now, when the router or switch pings a host
using a hostname, it checks the hostname in the host list first. If it does not
find the host in the host list, then it treats the hostname as an IPX address.
Firewall
3
When a firewall UDP session starts up, the session timeout should be 5
minutes for the first 5 packets of the session, then change to the configured
UDP session timeout value. Previously, the timeout changed after the 6th
UDP packet belonging to that session, instead of after the 5th packet.
-
-
-
-
Y
CR00011824
This issue has been resolved.
IP Gateway
Classifier
3
3
The command show ip cassi command is obsolete but was still available.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012066
CR00012168
This issue has been resolved. The command has been removed from the
command line. To obtain the same information, use the command show
conf dyn=ip.
Output of the show classifier command displayed only the hexadecimal
protocol value for IP SNAP, instead of also displaying the protocol name.
This issue has been resolved. The output now displays:
0000000800 (IP SNAP)
OSPF, GUI
STP
3
3
If there were virtual OSPF interfaces, then the OSPF Interfaces GUI page
showed all interfaces as belonging to the backbone area (0.0.0.0).
Y
-
Y
-
Y
-
Y
Y
-
Y
Y
Y
Y
Y
Y
-
Y
Y
Y
Y
CR00012885
CR00013352
This issue has been resolved.
The help displayed by the command set stp port=all ? listed some
Y
Y
parameters twice.
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
28
CR
Module
Level
3
Description
IP Gateway
Once a default local IP address had been set, it could not be deleted. This
was because the default interface does not have an interface number, but
to delete a local interface, the user must specify the interface’s number.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013494
This issue has been resolved, by adding an option called default to the
delete ip local command. To delete the default local interface’s address,
use the command:
delete ip local=default
Note that this resets the interface, including removing its IP address, but
does not remove the interface itself.
DHCP
3
If a user attempted to add a policy option to a DHCP policy by using the set
command instead of the add command, then the resulting error message
did not clearly indicate the cause of the error.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013543
For example, entering the command:
set dhcp policy=test arptimeout=234
resulted in the error message:
Error (3070061): ARPTIMEOUT not found.
This issue has been resolved. The error message now reads:
Error (3070279): Option ARPTIMEOUT was not found in policy test or
was not added using the ADD DHCP POLICY command.
Ping,
Traceroute
3
3
In the set trace command, it was possible to specify a minimum TTL value
that was higher than the maximum TTL value.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013635
CR00013637
This issue has been resolved. The minttl and maxttl parameter are now
checked to ensure that the value of minttl is less than or equal to the value
of maxttl.
Ping,
Traceroute
If the value specified for the minimum time-to-live parameter (minttl) of
the traceroute command exceeded the value set for the maximum time-
to-live parameter (maxttl), the router or switch would attempt to execute
the trace rather than generate an error message.
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
29
CR
Module
Level
3
Description
EPSR, SNMP
When a user destroyed an EPSR domain, SNMP Requests returned
information about the domain even though it no longer existed.
-
-
-
-
-
-
-
-
Y
Y
Y
Y
-
CR00013832
This issue has been resolved.
Ping,
Traceroute
3
If a user attempted to perform a traceroute without specifying the address
to trace (either in the trace or set trace commands), the router or switch
attempted to trace 0.0.0.0.
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013920
This issue has been resolved. The router or switch now displays an error
message.
VRRP, GUI
PPP
3
3
The VRRP priority could not be modified through the GUI—the priority
option was there but did nothing.
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
Y
Y
-
Y
-
-
Y
Y
Y
Y
CR00014103
CR00014137
This issue has been resolved.
A PPPoE Access Concentrator service that had been added by using the
acinterface parameter to specify a VLAN (or by using the deprecated vlan
parameter) could be deleted without specifying the acinterface parameter
(or the deprecated vlan parameter).
Y
Y
This issue has been resolved.
3
RSTP (correctly) only uses the top 4 of the available 16 bits for the bridge
priority. If a user enters a value that is not a multiple of 4096, the switch
rounds the value down. Previously, the switch did not inform users when it
rounded the value.
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
CR00014159
This issue has been resolved. The switch now displays an info message
when it rounds the bridge priority.
Note that this only happens for RSTP. STP uses all 16 bits for the bridge
priority.
OSPF
3
When OSPF was disabled and a BGP redistribution definition existed, then
the obsolete command set ospf bgplimit=limit did not update the limit
in the BGP redistribution definition. This meant that the limit was incorrect
when OSPF was enabled again.
Y
Y
Y
Y
Y
Y
–
–
Y
Y
Y
CR00014203
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
30
CR
Module
LLDP
Level
3
Description
The help displayed for the LLDP port parameter (in such commands as
show lldp port=?) incorrectly indicated that the port parameter is a
“string 1 to 255 characters long”. The port parameter is instead an
Ethernet switch port number or a range of numbers.
Y
Y
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014304
This issue has been resolved. The help is now correct.
Ping
3
The maximum value for the delay parameter of the ping command was
Y
Y
CR00014330
too long.
This issue has been resolved by changing the range for the delay from
0-4294967295 to 0-604800. This new maximum is the number of seconds
in one week.
Switching,
RSTP, SNMP
3
3
3
Previously, an incorrect value was returned for the port number when
responding to an SNMP Request for MIB object dot1dSTPRootPort.
-
-
-
Y
-
Y
-
Y
-
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
CR00014879
CR00015466
CR00016183
This issue has been resolved.
Core, Install,
PoE
The output of the show cpu command on the AT-8624POE switch showed
relatively high CPU usage when the device was idle.
-
-
-
This issue has been resolved.
File
If a user attempted to delete a locked file, such as the currently-installed
GUI resource file, the router or switch displayed both an operation error
message and an operation successful message.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved by removing the incorrect operation successful
message.
OSPF
3
Previously, OSPF logged the same message for two separate errors. These
errors were when OSPF rejected a database description message because:
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016429
■ the neighbour was in a state of “down” or “attempt”, or
■ the MTU received from the neighbour was larger than the receiving
system could handle.
This issue has been resolved. Separate error log messages are now
generated for these two errors.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
31
CR
Module
PPP
Level
3
Description
It is valid to use the command create ppp=number to create a PPP
interface without specifying the underlying layer 1 interface. However,
executing this command, or including it in a boot script, resulted in an error.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
Y
Y
Y
CR00016452
This issue has been resolved.
IPv6
3
If IPv6 was disabled and a user entered any of the following commands:
Y
CR00016578
add ipv6 interface
add ipv6 6to4
add ipv6 tunnel
create ipv6 interface
enable ipv6 advertising
then the router or switch correctly displayed a warning message to indicate
that IPv6 was disabled and also correctly performed the specified
configuration. However, it did not display an “Operation successful”
message to indicate that the configuration had changed.
This issue has been resolved. The router or switch now displays the
“Operation successful” message as well as the warning message.
ATM
3
Sometimes, the router displayed the following error message:
Y
-
-
-
-
-
-
-
-
-
-
CR00016735
Internal Error: speed mismatch causing transmit internal rate underrun
error.
This was due to a mismatch in the synchronisation between the internal
rate of the ATM controller in the CPU and the speed of the ATM PHY
connector. This synchronisation mismatch had a small impact on ATM
performance.
This issue has been resolved.
TTY
3
If a user was accessing the router or switch via telnet, and sent a ^P (break)
character followed by the character d or D, then the router or switch
displayed an unwanted diagnostic message.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016925
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
32
CR
Module
Level
3
Description
Port
Authentication
On termination of an 802.1x session, an accounting message is sent to the
Radius server. This enhancement implements the Acct-Input-Octets,
Acct-Output-Octets, Acct-Input-Packets, and Acct-Output-Packets fields in
the message.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00017019
Note that this enhancement only applies to ports in single-supplicant mode.
These fields in the accounting message for ports in multi-supplicant mode
still all have a value of 0.
Level 4
CR
Module
Level
4
Description
GUI, Switch
The Diagnostics > Layer 2 Forwarding Database page of the GUI displayed
extra internal (SYS or CPU) entries.
–
–
–
–
–
Y
–
Y
–
Y
–
Y
–
Y
–
–
–
–
–
–
–
CR00011228
This issue has been resolved. The GUI and the command show switch fdb
now display the same information.
Switch
4
Previously, if you used the ? or Tab keys to obtain help for the set switch
ageingtimer command, the resulting help said that valid entries were from
0 to 4294967295. However, the correct range of values is from 16 to
4080 seconds for AR750S routers and from 10 to 630 seconds for AR770S
routers.
Y
CR00013409
This issue has been resolved. The “?” help now displays the correct ranges.
OSPF
TTY
4
4
The command purge ospf did not delete OSPF redistribution definitions.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014205
CR00014302
This issue has been resolved.
If the router or switch configuration file contained the command set tty
idle, the router or switch produced a corrupted log message when it
started up.
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
33
Enhancements
CR
Module
Level
-
Description
BGP
The BGP counter output display has been significantly improved. Also, the
command show bgp counter=all now prints out the RIB, UPDATE, DB and
PROCESS counters.
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
-
-
Y
-
Y
-
Y
CR00012822
MACFF,
-
MAC-forced forwarding has been enhanced for use in a hospitality
situation, such as a hotel. The enhanced solution allows hotel guests to
connect to the network without having to change their IP settings, while
still ensuring privacy for each guest. Typically some guests will obtain their
IP address from the hotel's DHCP server and others will have statically
configured IP addresses in their PCs.
Y
Y
-
CR00016099
DHCP
Snooping
The solution is designed to interoperate with a specialised Access Router
that is able to deal with the full range of IP addresses that will be in use on
the guests' PCs. The Nomadix Access Gateway (from www.nomadix.com)
is an example of such a specialised access router.
Configuration of the new feature is similar to the existing MAC-forced
forwarding configuration. On each edge switch, you also need to enter the
following new command before enabling DHCP snooping:
disable dhcpsnooping ipfiltering
You also need to turn on ARP security and allow authorised clients to send
only unicast packets, by entering the following commands:
enable dhcpsnooping arpsecurity
enable dhcpsnooping strictunicast
This enhancement also introduces the ability to add MACFF servers with
static MAC addresses, rather than relying on ARP to determine them based
on IP addresses. To do this, enter the command:
add macff server mac=macaddr
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
34
CR
Module
Level
-
Description
This software release supports the new x900-48FS switch. For an overview
of the switch, see “Support for the new x900-48FS switch—CR00016662”
on page 92.
-
-
-
-
-
-
-
-
Y
Y
Y
-
-
-
CR00016662
CR00016891
CR00017335
CR00017937
PPP
-
-
-
This enhancement enables the PPPoE client to establish a session promptly
after a restart or power cycle. This is done by sending a PPPoE Active
Discovery Terminate (PADT) frame in response to a frame received with an
unknown PPPoE session ID.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
-
Y
Y
Y
CR00016913
CR00017197
CR00017395
SSH, User,
RADIUS
SSH sessions to the router or switch can now be authenticated via RADIUS.
The router or switch attempts to authenticate an SSH user via RADIUS if the
user to be authenticated is not configured in the local user database and
the router or switch has RADIUS configured.
Y
-
Y
-
Firewall
This enhancement enables the firewall to establish accurate MSS
(Maximum Segment Size) values for TCP sessions without using the MTU
discovery process. MTU discovery depends on ICMP error packets, so does
not work in networks that do not forward ICMP error packets.
To enable this feature, use the command:
enable firewall policy=name adjusttcpmss
The adjusttcpmss parameter enables the firewall to adjust the MSS value
stored inside incoming TCP SYN packets, to reflect the lower of the two
MTU values on the ingress and egress interfaces. Normally, for example, if
a TCP SYN packet arrives from an interface with an MTU of 1500 and leaves
on an interface with an MTU of 1000, the MSS inside the SYN packet will
remain at 1460. When this feature is enabled, the MSS will be adjusted to
960 because the firewall knows that the egress interface has a smaller
MTU. Note that the firewall does not change the original MSS value if it is
already lower than the values of the ingress and egress interfaces.
To disable this feature, use the command:
disable firewall policy=name adjusttcpmss
This feature is disabled by default.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-08
35
CR
Module
Level
-
Description
IGMP
Snooping
The IGMP snooping fast leave option has been enhanced, to make it
available when multiple clients are attached to a single port on the
snooping switch. For configuration information, see “IGMP snooping fast
leave in multiple host mode—CR00017482” on page 93.
Y
Y
-
-
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
CR00017482
WAN Load
Balancing
-
-
WAN load balancing can now also balance traffic across IP interfaces that
are configured on VLANs. This means it is now available for the following
IP interfaces:
-
-
CR00017532
CR00017701
■ eth (such as eth0)
■ ppp (such as ppp0)
■ vlan (such as vlan1)
IGMP
IGMP filtering is now available on AT-8600 series switches.
-
-
-
-
-
-
Y
-
-
-
Software Reference, or How To Configure IGMP for Multicasting on Routers
resources/literature/howto.aspx.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-07
36
Features in 291-07
Software Maintenance Version 291-07 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■
■
“Y” indicates that the resolution is available in Version 291-07 for that product series.
“–” indicates that the issue did not apply to that product series.
Level 1
No level 1 issues
Level 2
CR
Module
Level
2
Description
IP Gateway
If two routes to the same destination were present in a switch, and the
route of lower preference was deleted (in other words, the route whose
details were present in the hardware routing database), then the hardware
routing database was not updated with the remaining route as it should
have been. This could cause serious routing issues.
-
-
-
-
-
-
-
-
-
Y
Y
CR00017869
This issue has been resolved so that hardware routing database updates are
carried out correctly.
Switch
2
Running the command show switch tab=ip could result in a reboot if a
-
-
-
-
-
-
-
-
-
Y
Y
CR00018039
large number of routes (10,000 or more) were present on the switch.
This issue has been resolved so that the command can run no matter how
many routes are present on the switch. However, the output from the
command may be truncated due to buffer space restrictions.
Level 3
No level 3 issues
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-06
37
Level 4
No level 4 issues
Enhancements
No enhancements
Features in 291-06
Software Maintenance Version 291-06 provided support for the new Rapier 48w switch. For more information, see “Support for the new Rapier 48w switch” on
page 95.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
38
Features in 291-05
Software Maintenance Version 291-05 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■
■
“Y” indicates that the resolution is available in Version 291-05 for that product series.
“–” indicates that the issue did not apply to that product series.
Level 1
No level 1 issues
Level 2
CR
Module
Level
2
Description
IGMP
Snooping
When a port left a multicast group, the router or switch assigned the All Groups
port to that multicast group. This could be seen in the output of the command
show ip igmp—the list of ports for the group would include the All Groups port.
Y
Y
-
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
CR00007737
This issue has been resolved.
WAN load
balancer,
Firewall
2
The router rebooted if a user cleared all active WAN load balancer sessions on a
router that had more than approximately 15000 active sessions.
Y
-
CR00010003
CR00011533
This issue has been resolved
Also, the maximum session limit for the WAN load balancer should be 2 * the
firewall session limit. On AR415S and AR442S routers, users can increase the
firewall session limit by adding special feature licenses. Previously, if the firewall
session limit changed, it was necessary to reboot the router to update the WAN
load balancer session limit.
This issue has been resolved. The WAN load balancer limit now updates when
you enable the firewall session license.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
39
CR
Module
VLAN
Level
2
Description
Previously, it was possible to destroy a VLAN when it was configured as an IP
interface.
Y
Y
-
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
CR00012980
This issue has been resolved. Now, you can only destroy a VLAN if it has no IP
configuration.
IPsec
2
The router or switch would establish IPsec Security Associations (SAs) if ISAKMP
was enabled but IPsec was disabled.
Y
-
CR00013041
This issue has been resolved. The router or switch only sets up SAs if IPsec is
enabled.
User,
802.1x
2
2
If the reauthentication period for 802.1x port authentication was set to less than
20 seconds, the router or switch sometimes rebooted.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013500
CR00013527
This issue has been resolved.
OSPF
When the router or switch produced an OSPF type 7 LSA, it sometimes specified
a route out of an interface that was down. This would stop the router or switch
from forwarding traffic to the route’s destination.
This issue has been resolved.
GUI
SHDSL
OSPF
2
2
2
Previously, some GUI pages did not display correctly in version 7 of Internet
Explorer.
-
-
-
-
-
Y
-
-
-
-
-
CR00014344
CR00014851
CR00014955
This issue has been resolved.
Very occasionally, an AR442S router would reboot if SHDSL interface train-up
took an excessively long time.
Y
Y
-
-
-
-
-
-
-
-
This issue has been resolved.
The router or switch sometimes rebooted when converting OSPF type 7 LSAs to
type 5 LSAs. This issue has been resolved by increasing the robustness of the
translation mechanism.
Y
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
40
CR
Module
Firewall
Level
2
Description
When only NAT was enabled on the firewall, during some TCP connections in
which either end of the connection sends FIN (finished) messages immediately
after sending some data and the other end ACKs (acknowledges) the data and
the FIN message consecutively, the firewall sometimes incorrectly interpreted the
first ACK message (intended for the data) as belonging to the FIN message and
prematurely shut the connection down. This could prevent the firewall from
opening up new connections using the same port numbers.
Y
Y
Y
Y
Y
-
-
-
-
Y
CR00015569
This issue has been resolved.
BGP,
2
When BGP learned new best routes for a particular destination, it did not always
clear any active IP flows that used the previous best route. Therefore, the router
or switch continued to forward traffic sub-optimally.
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00015592
IP Gateway
This issue has been resolved. Now, when BGP inserts new routes into the IP route
table, it deletes all active route flows, so any active flows change to using the new
route. The time taken to delete a full table of IP flows has also been greatly
reduced.
Switch
Switch
VRRP
2
2
2
Sometimes IP routed traffic would be sent out the correct port, but with the
destination MAC of another device on the network. This issue was most likely to
occur in configurations that use multi-homed interfaces on multiple VLANs for
end devices.
-
-
-
-
-
-
-
Y
Y
Y
Y
Y
Y
-
CR00015736
CR00015822
CR00015861
This issue has been resolved.
When the command enable ip macdisparity was used, and a static ARP entry
was configured with an L2 multicast MAC address, the switch should have
broadcast traffic to that multicast MAC address out all ports in the VLAN. This
was not happening.
-
-
-
-
-
-
-
-
This issue has been resolved.
After manually disabling the master VRRP router, sometimes a backup router that
should assume master status would not do so, and VRRP would cease to function
properly.
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
41
CR
Module
DHCPv6
Level
2
Description
For DHCPv6, the router or switch now supports Prefix Delegation according to
RFC 3633. The previous implementation was according to an Internet draft and
did not interoperate with other DHCPv6 implementations.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
Y
Y
Y
CR00015938
This issue has been resolved.
DHCPv6
2
The DHCPv6 client regularly wrote the file client6.dhc, which over time caused
unnecessary Flash compactions.
Y
CR00015974
This issue has been resolved. The DHCPv6 client now only writes the file when
the contents are different from the previous time that the file was written. This
greatly reduces the number of Flash compactions caused.
DHCPv6
TPAD
2
2
DHCPv6 authentication did not work correctly.
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
-
Y
-
Y
-
Y
-
CR00015984
CR00015989
This issue has been resolved. You can now configure the router or switch to
authenticate DHCPv6 exchanges.
When using the TPAD autodial feature and sending multiple transactions over a
TCP/IP connection, the router or switch responded to good APACS packets by
sending an ACK. This ACK was unnecessary and could cause interoperability
issues.
This issue has been resolved. The router or switch no longer sends the ACK in
these circumstances.
IP Gateway,
Firewall
2
2
Previously it was not possible to add a static ARP entry for the corresponding
partner address of a /31 subnet interface.
Y
Y
Y
-
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
CR00016034
CR00016060
This issue has been resolved. The router or switch will now also allow /31 ARP
requests to pass through the firewall.
IGMP
If a port was disabled from being an All Routers group port for IGMP, and that
port received All Routers group traffic, it would incorrectly be added to the All
Routers group.
Y
Y
Y
Y
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
42
CR
Module
Level
2
Description
IPsec, IPv6
When the icmptype parameter was changed to none for an IPv6 IPsec policy, an
incorrect ICMP type value was displayed in output of the command show config
dyn and saved in the configuration file produced by the command create
config.
Y
Y
Y
Y
Y
Y
-
-
-
-
-
-
-
-
-
-
CR00016128
This issue has been resolved.
GUI, Firewall
2
When configuring the firewall with the GUI, the Policy options tab did not
update its display when options were changed from the default settings. For
example, if the user cleared a checkbox and clicked the Apply button, the router
correctly turned off that option, but the GUI showed a check in the checkbox.
-
-
-
-
CR00016180
This issue has been resolved.
Core
SYN
2
2
The router or switch’s handling of soft errors has been further improved. Soft
errors are spontaneous changes in the information stored in a digital circuit,
caused by physical effects.
Y
Y
Y
-
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
CR00016200
CR00016288
The polarity of the CD output of RS-232 DCE and V.35 DCE SYN cables was
reversed—it was ON when OFF was selected and vice-versa.
This issue affected AR750S, AR770S, and AR44xS series routers.
This issue has been resolved.
Load
2
2
The upload command did not always work if the server parameter was set with
the set load command instead of being specified in the upload command.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016303
CR00016327
This issue has been resolved.
IP Gateway
If a policy filter was configured, ping sometimes failed. This happened because
the router or switch assigned the ICMP echo replies to an IP flow without
checking that the interface for the echo replies matched the interface for the
flow. Therefore, the router or switch could use the wrong flow to forward the
replies.
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
43
CR
Module
DHCPv6
Level
2
Description
If an IPv6 DHCP client was forced to rebind to a router or switch acting as a DHCP
server, the server returned incorrect timing parameters to the client. Some clients
were able to cope with this, but others could end up losing their DHCP lease.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
Y
Y
Y
CR00016364
This issue has been resolved.
DHCPv6
2
The following issues occurred with DHCPv6:
Y
CR00016365
■ The option IDs for DNS name server and domain search list were incorrect. This
caused interoperability issues with other implementations.
■ The domain names specified in the domain name option were encoded
incorrectly. This caused interoperability issues with other implementations.
■ If a user entered two DNS servers for a DHCPv6 policy, then saved the
configuration, the command was not saved correctly. When the router or
switch ran the configuration on start-up, it added only the second DNS server
to the policy.
These issues have been resolved.
IGMP Proxy,
Switch,
IP Gateway
2
If IGMP proxy was enabled and multicast data was received on a downstream
VLAN interface, that data would be transmitted to other interfaces. Also, the
VLAN interface that received the data would forward two copies of the packet
to other ports on that VLAN.
Y
-
Y
Y
Y
Y
Y
Y
Y
-
CR00016379
These issues have been resolved.
IP Gateway
STP
2
2
ARP did not work correctly on logical /31 interfaces, which prevented regular IPv4
communications from working over these logical /31 interfaces.
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016394
CR00016418
This issue has been resolved.
If the switch received IGMP packets on the non-lead port of a trunk group which
was participating in a Spanning Tree, in some circumstances the switch would
forward the packets out of an STP-blocked port in the trunk.
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
44
CR
Module
BGP
Level
2
Description
When BGP capability matching was changed to strict, that setting was not
displayed in output of the command show config dyn or saved in the
configuration file produced by the command create config. When the router or
switch ran the configuration file on start-up, the capability matching setting
reverted to the default of loose.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
Y
Y
Y
Y
Y
CR00016489
This issue has been resolved.
PPP
2
An interoperability issue with a malfunctioning PPP peer meant that the peer
could ACK an IP address of 0.0.0.0 when it was required to offer a valid public IP
address.
Y
CR00016526
This issue has been resolved. The router or switch now refuses to accept this
incorrect negotiation and instead resends a configure request for an IP address.
IPv6
Switch
BGP
2
2
2
The router or switch sometimes rebooted after receiving an IPv6 router
advertisement, or after the command set ipv6 interface was entered.
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
Y
-
-
Y
-
Y
-
Y
-
CR00016576
CR00016621
CR00016698
This issue has been resolved.
On 48-port switches, hardware filters with the eport parameter specified did not
always behave correctly.
Y
-
Y
-
This issue has been resolved.
The following issues occurred when using BGP aggregate specifications (created
Y
Y
Y
Y
Y
Y
using the command add bgp aggregate):
■ When an aggregate route was originated from routes learnt from external
peers, and then all of the contributing child routes were withdrawn by the
external peers, the aggregate route was not removed from the routing table.
It could still be advertised to external peers.
■ When a network or import entry (add bgp network or add bgp import)
resulted in a route entry that had the same prefix length as the aggregate
specification, then BGP (correctly) originated the aggregate route. However,
deleting the network or import definition did not remove the aggregate route
from the routing table.
These issues have been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
45
CR
Module
TCP, Telnet
ISDN
Level
Description
2
2
The speed of the output from the Telnet server has been increased.
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
CR00016727
CR00016762
For AR44xS series routers with system territory set to USA, the ISDN Q.931 SPIDs
failed to initialize to the ISDN exchange/ISDN USA profile simulator (both manual
and auto SPIDs) after a reboot.
-
This happened because the router did not write *.spd files to Flash memory, so
the SPID initialization failed on reboot because the SPIDs did not exist.
This issue has been resolved. The *.spd files are now correctly written to Flash
memory, which allows SPIDs to initialise after a reboot.
Bridge
2
If an Ethernet packet, including its FCS (Frame Check Sequence), was
encapsulated in PPP and bridged to a VLAN interface, the packet could contain
two FCS values.
Y
Y
Y
-
-
-
-
-
-
-
CR00016804
This issue has been resolved.
Frame Relay
Firewall
2
2
When the MTU of a Frame Relay logical interface was modified (by using the
command set interface=fr-int mtu=value), incorrect interface and MTU
settings were displayed in output of the command show config dyn and were
saved in the configuration file produced by the command create config.
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
-
-
-
-
-
-
CR00016855
CR00016856
When the firewall policy for an interface had a NAT type of ENAPT, the firewall
did not correctly translate the destination addresses of incoming packets that
matched “allow” rules.
Y
Y
This issue has been resolved.
Classifier
2
When a non-default protocol was specified for a classifier, in some circumstances
that protocol setting was not displayed in output of the command show config
dyn or saved in the configuration file produced by the command create config.
When the router or switch ran the resulting configuration file on start-up, the
protocol setting was lost.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016911
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
46
CR
Module
Core
Level
2
Description
Some versions of the AT-G8T GBIC prevented the switch from detecting and
setting up the AT-A47 expansion board correctly. This issue occurred on start-up
when the GBIC was installed and had a link up.
-
-
-
-
-
-
-
-
Y
Y
-
-
-
-
CR00016940
This issue has been resolved.
IP Gateway
2
When there were multiple routes to a destination and the best route was deleted
from the switch’s hardware routing table, the switch did not use the alternative
route. Also, the switch only used the best route, even if ECMP was supported.
Y
Y
Y
Y
Y
Y
CR00016941
CR00017006
This issue has been resolved. When multiple routes exist and the best route is
deleted from the hardware table, the switch now adds the next best route to the
hardware table correctly. If the switch supports ECMP, all routes are now added
to hardware, not just the best route.
Switch
2
Previously, the link to the AT-G8T GBIC would not come up automatically when
its auto-negotiation slide switch was set to “on”. This was because the switch
configured the GBIC in a fixed speed mode by default.
-
-
-
-
-
-
-
-
-
Y
This issue has been resolved. The link now comes up automatically when the
auto-negotiation slide switch is set to “on”. To bring the link up when auto-
negotiation is set to “off”, use the command:
set swi port=port-list speed=1000mf
IGMP
Snooping
2
2
If a port on the router or switch joined and left many IP multicast groups, the
router or switch sometimes did not transmit all multicast packets to all receivers.
Y
-
-
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
-
CR00017031
CR00017036
This issue has been resolved.
Switch
In some trunk configurations, the STP state of trunks was incorrectly applied to
non-trunk ports. This could result in incorrect traffic flows in the network. This
issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
47
CR
Module
DHCPv6
Level
2
Description
DHCPv6 prefix delegation contained the followed issues:
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00017074
■ previously, the command create dhcp6 range accepted ranges with an
invalid prefix length.
This issue has been resolved. The router or switch now displays an error unless
the prefix length is in the range 48-64.
■ previously, when the router or switch requested a prefix to delegate to its
appint interfaces, it could only use prefixes of length 48 or 64.
This issue has been resolved. The requesting router or switch can now use any
prefix that has been delegated to it, as long as the prefix length is less than or
equal to 64 bits.
■ The requesting router or switch would allocate an address to the interface
through which it connects to the delegating router or switch.
This issue has been resolved. The router or switch no longer does this.
IPsec
2
When entering the command set ipsec policy, the value of the
respondsetbadspi was incorrectly reset to its default of false, unless it was also
included in the set command.
Y
Y
Y
Y
Y
-
-
-
-
-
CR00017076
This issue has been resolved.
IP Gateway
Telnet
2
2
When the router or switch’s Local address was pinged, the router or switch
responded from the interface address of the interface through which it received
the ping, instead of the Local address to which the ping was sent. This issue has
been resolved.
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
CR00017146
CR00017151
When Reverse Telnet was enabled the command shell was (correctly) disabled on
all ASYN ports apart from ASYN0. However when Reverse Telnet was disabled
again, the command shell was not re-enabled on the other ASYN ports.
This issue has been resolved.
VLAN, IGMP
Snooping
2
When a user configured IGMP static router ports, the configuration file produced
by the command create config could be invalid. When the router or switch ran
the resulting configuration file on start-up, it produced an error instead of
configuring the router ports.
Y
-
Y
Y
Y
Y
Y
Y
Y
Y
CR00017239
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
48
CR
Module
Level
2
Description
WAN Load
Balancer
If two WAN load balancer healthcheck hosts were defined, and one was
unreachable and the other was reachable, WAN load balancer resources were
(correctly) in the UP state because at least one healthcheck host was reachable.
However, removing the reachable host (by using the command delete wanlb
healthcheck) should have changed the WAN load balancer resources to the
DOWN state, but did not.
Y
Y
Y
-
-
-
-
-
-
-
CR00017257
This issue has been resolved. If the only healthcheck host available is unreachable
and the resource is currently in the UP state, the next unreachable healthcheck
received from that host now forces the resource to the DOWN state.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
49
Level 3
CR
Module
Core
Level
3
Description
Some early software versions, on some products, supported the command show
system temperature. This command was deprecated after version 2.6.4. If a
user entered this command on any product, the following message was
displayed:
Y
Y
-
Y
-
-
Y
-
-
Y
CR00008225
Info (1034107): SHOW SYSTEM TEMPERATURE is no longer available. Please
use SHOW SYSTEM ENVIRONMENTAL instead.
However, only the following products use the show system environmental
command to display the temperature: AR750S and AR770S routers, and
AT-8600, AT-8800, AT-8948, x900-48, and AT-9900 series switches.
Other products use show system instead. On the other products, the above
error message was incorrect because it stated that the show system
environmental command was available.
This issue has been resolved. On products that do not use show system
environmental, the following error message is displayed if you enter the show
system temperature command:
Info (1034090): Command unavailable on this product.
File
3
3
If a user tried to copy a small file (less than 32 bytes) in Flash when there was not
enough free Flash space for the file and its header, the router or switch did not
generate an error message, and the copying could appear to have succeeded.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00009036
This issue has been resolved. The error message:
Insufficient space to store file [file name]
is now displayed under those conditions.
Core
The show cpu statistics were unnecessarily inaccurate. For example, a router or
switch that was effectively idle showed a CPU usage of 10% to 12%.
-
-
-
-
-
-
-
-
CR00010518
CR00010710
This issue has been resolved. When the router or switch is effectively idle, the CPU
usage now displays as less than 5%.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
50
CR
Module
Level
3
Description
PIM, PIM6,
ECMP
Previously, the switch’s count of PIM4 and PIM6 bad Bootstrap Messages (BSMs)
could be high, because the switch forwarded BSMs over interfaces that
contained an Equal Cost Multipath (ECMP) route to the receiving interface.
-
-
-
-
-
-
-
Y
Y
-
CR00011629
This issue has been resolved. BSMs are no longer forwarded via all interfaces
contained in an ECMP group, but only via one interface in the group.
IGMP
PPP
3
3
When an IGMP filter was destroyed, switch ports that used the filter did not have
their IGMP filter setting returned to “None”.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
Y
Y
Y
Y
Y
CR00012495
CR00014324
This issue has been resolved.
The interface MIB ifInOctets and ifOutOctets counters displayed by the show
ppp counter command incorrectly included the lower layer framing octets and
were 5 octets per frame greater than they should have been.
This issue has been resolved.
QoS,
DHCP
snooping
3
3
DHCP snooping accepted a minimum of one new client per QoS flow group,
instead of a minimum of one new client per port. This meant that DHCP
snooping sometimes did not respect the lease limit (maxlease) on a port.
-
-
-
-
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
-
-
CR00014919
CR00015092
This issue has been resolved.
ATM
Previously, the information output by the “?” help for the ATM channel pcr
Y
parameter was incorrect.
This issue has been resolved. The “?” help now displays:
required - decimal in the range 32-155000 (dependant on physical interface)
If you enter a value larger than the maximum PCR allowed on a specific physical
interface, the router now displays the following message for ADSL:
The PCR supplied was too large, the maximum is 1024
and the following message for SHDSL:
The PCR supplied was too large, the maximum is 4608
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
51
CR
Module
ASYN
Level
3
Description
Under some circumstances, when a PC terminal emulator was opened to
communicate with a router or switch after the router or switch had fully booted
up, the login prompt did not immediately display. To display the login prompt, it
was necessary to remove and re-insert the cable. This issue applied to all models’
ASYN ports except ports on the AR024 PIC.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015558
This issue has been resolved.
DHCP6
3
In the command create dhcp6 range, the ip parameter correctly has the syntax
prefix1[-prefix2]. However, the second prefix was previously not optional.
-
-
Y
CR00015690
This issue has been resolved, so that the second prefix (of the form ipv6address/
prefixlength) is no longer required. If you do not enter a second prefix, it is now
calculated from the first prefix. The second prefix has the same prefix length at
the first and has all 1s in the non-significant part of the address. For example, the
second prefix for 3ffe:1:2:3::/64 would be 3ffe:1:2:3:ffff:ffff:ffff:ffff/64.
SNMP, Switch
3
3
The SNMP objects dot3StatsSQETestErrors and dot3StatsCarrierSenseErrors are
not supported on AR750S, AR410, and AR450S routers. Previously SNMP GET
got a random value for these objects.
Y
Y
-
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00015881
CR00015969
This issue has been resolved. SNMP GET now gets 0 for these objects.
WAN load
balancer
After the command reset wanlb resource=all was entered, WAN load balancer
resources would show their state as “UP” even if the underlying IP interface was
down.
Y
This issue has been resolved.
DHCPv6
3
3
When a DHCPv6 client was soliciting for servers, the selection of the best server
did not proceed in the way specified by the RFC.
Y
-
Y
-
Y
-
Y
-
Y
Y
-
-
-
-
Y
-
Y
-
Y
-
CR00016001
CR00016177
This issue has been resolved.
Switch, MIB
The default value of the MIB object ifJackType for the GBIC slot on AT-8800 series
switches was incorrect if no GBIC card was plugged in.
This issue has been resolved. The default value is now “other(1)”.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
52
CR
Module
QoS
Level
3
Description
If a QoS policy uses the same classifier more than once, the router or switch now
displays a warning message. You should not use a classifier more than once in a
policy because the operation of such policies is unpredictable.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
Y
Y
Y
Y
CR00016228
DHCPv6
3
For the command create dhcp6 range, DHCPv6 now checks that the specified
Y
CR00016463
address or prefix range is valid for the specified type of range.
Valid options are:
■
■
■
address1-address2 (e.g. 3ffe:1:2:3:4:5::1-3ffe:1:2:3:4:6::ffff)
This is a range of addresses for address assignment (type=normal or
type=temporary).
address/prefixLen (e.g. 3ffe:1:2:3:4:5::/96)
This is a range of addresses for address assignment (type=normal or
type=temporary).
address/prefixLen-address/prefixLen (e.g. 3ffe:1:2::/48-3ffe:1:40::/48)
This is a range of prefixes for prefix assignment (type=pd).
Core
Core
3
3
For revision M1 of AR770S routers, the low-end threshold for monitoring the 1.2
volt rail was too high. This caused power supply monitoring false alarms.
-
-
-
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00016799
CR00017008
To check the router revision, use the command show system and check the
“Rev” entry underneath the time and date.
This issue has been resolved—the threshold is now correct.
Revisions M3-1and later of the AR745 router do not support Redundant Power
Supplies. Therefore, for these routers, RPS monitoring information has been
removed from output of the command show system, and it is no longer
possible to use the command set sys rpsmonitor.
Y
-
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
53
Level 4
CR
Module
IGMP
Level
4
Description
If a static IGMP port went link down, it was not shown in the “Static Ports” list
Y
-
Y
-
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
CR00000396
in the output of the show ip igmp command. This was only a display issue.
This issue has been resolved.
Install
4
It is no longer possible to specify a compact flash file as the boot configuration
file. If the command set config=cf:filename.cfg is entered, the router or switch
does not change the current boot configuration file and instead displays the
following error message:
Y
CR00011560
Cannot specify configuration file in Compact Flash
IGMP
4
4
The list of parameters output by the “?” help for show ip igmp ? incorrectly
included “IGMP”.
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
CR00013976
CR00015543
This issue has been resolved.
Bridge
In output of the command show bridge spanning, the bridge identifier was
correctly displayed as a hexadecimal number, but it was not obvious that the
number was hexadecimal.
This issue has been resolved. The output now has 0x in front of the hexadecimal
number, to make it clear that it is hexadecimal.
QoS, Switch
4
When a QoS policy was associated with a port that was set to a speed less than
the maximum speed of the port, a warning message would be displayed on the
console session and in the log when the port state changed to UP. This message
stated that the QoS policy operation may be affected by the speed setting of the
port. Having this message displayed on the console was considered unnecessary
and potentially confusing.
-
-
-
Y
Y
Y
Y
Y
Y
Y
CR00016126
CR00016451
This issue has been resolved.The message is now only displayed in the log.
IP Gateway
4
When a second metric was displayed in the output of the command show ip
route (because of OSPF, for example) this metric was truncated to 2 characters.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved. The output now displays both metrics in a field up
to 10 characters long.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
54
Enhancements
CR
Module
Level
-
Description
GUI
An ADSL connection option has been added to the Wizards page of the GUI for
AR44xS routers. This option links to the xDSL configuration section, which lets
you configure all basic ADSL or SHDSL settings on one convenient page.
Y
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00014288
If your router GUI does not open at the Wizards page, click on the Wizards
button at the top of the left-hand menu to access it.
PPP
-
-
This enhancement increases the amount of time that the router or switch waits
for a CHAP Success message. This enables the router or switch to successfully
complete authentication, even in particularly slow networks.
Y
Y
Y
Y
Y
Y
Y
CR00014667
CR00015432
The first authentication attempt still times out after 3 seconds, but the second
attempt takes 6 seconds to time out, and any further attempts take 9 seconds.
ADSL, GUI
The GUI for AR440S and AR441S routers now displays statistics for the ADSL
port. You can now see:
-
-
-
-
-
-
-
■ a pop-up summary box, by clicking on the port on the System Status page
■ ADSL port details, by selecting the new ADSL Statistics page in the Diagnostics
menu
■ ASDL port counters, by selecting the new ADSL Counters page under Layer 1
Counters in the Diagnostics menu
Software QoS,
PPP, Ethernet,
VoIP
-
The router or switch now supports software QoS on PPPoE interfaces.
Note that this enhancement is not available on AR770S routers.
Y
Y
Y
Y
-
-
-
-
-
-
CR00016078
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
55
CR
Module
Level
-
Description
IPsec, IPv6
To establish a tunnelled IPsec connection for IPv6, you may need to specify the
you to do so.
Y
Y
Y
Y
Y
-
-
-
-
-
CR00016150
To specify the source interface, use the srcinterface parameter in the
commands:
create ipsec policy=name <other parameters>
set ipsec policy=name <other parameters>
create isakmp policy=name <other parameters>
set isakmp policy=name <other parameters>
The global address of the source interface (if available) will be used as the local
address of the policy.
Load, MIBs
-
With this enhancement, you can use SNMP to:
■ set parameters for uploading files from the router or switch, and
■ upload files to a TFTP server
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016221
SNMP already lets you save the current configuration to a file on the router or
switch. You can use this with the new options to back up the configuration to a
TFTP server.
For more information, see “Backing up the configuration with SNMP—
CR00016221” on page 96.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
56
CR
Module
Level
-
Description
DHCP
Snooping
This enhancement enables the router or switch to log discarded ARP requests
when ARP security is enabled. By default, discarded ARP requests are not logged.
To turn logging on, use the command:
-
-
-
Y
Y
Y
Y
Y
Y
-
CR00016234
enable dhcpsnooping log=arpsecurity
To turn it off, use the command:
disable dhcpsnooping log=arpsecurity
To see whether it is enabled, use the existing command:
show dhcpsnooping
and check the new “Logging enabled” entry.
To view the log entries, use the command:
show log
MACFF
-
It is now possible to use MAC-forced forwarding on non-private VLANs. Because
MAC-forced forwarding is primarily a security feature, the switch displays a
warning message if you do so.
-
-
-
Y
Y
Y
Y
Y
Y
-
CR00016285
This enhancement allows you to use MAC-forced forwarding to limit broadcast
traffic in a network where private VLANs are not appropriate.
Switch
MSTP
-
-
AT-8948, AT-9900 and x900-48 series switches now support AT-SPTX tri-speed
Cu SFPs.
-
-
-
-
-
-
-
-
-
-
Y
Y
Y
Y
-
-
CR00016361
CR00016437
In the command set mstp configname=name, the switch now accepts the
character “.” in the name.
Y
Y
Y
Y
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
57
CR
Module
Core
Level
-
Description
This enhancement disables CPU fan monitoring on AT-8948 switches. Monitoring
the fan is unnecessary unless an accelerator card is installed on the switch, so
disabling monitoring reduces the number of messages that the switch displays
and logs.
-
-
-
-
-
-
-
Y
-
-
CR00016459
To enable monitoring, use the command:
enable cpufanmonitoring
To disable it again, use the command:
disable cpufanmonitoring
When monitoring is enabled, the command show system displays the CPU fan
status in the entry labelled “Main fan”.
SNMP
-
This enhancement enables you to specify whether SNMP adds 0x00 padding
when the most significant 9 bits of an object’s value are all 1, or whether the
encoding follows the ASN.01 BER rule, which cuts off the most significant byte
of 0xff. This setting has an impact on all integer type MIB objects, including 32
bit and 64 bit counter objects.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016523
To add the padding, use the command:
set snmp asnberpadding={on|yes|true}
For examples, see “SNMP ASN.01 BER Padding—CR00016523” on page 99.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-05
58
CR
Module
IP NAT
Level
-
Description
This enhancement enables you to turn off TCP state and sequence checking in IP
NAT. It also allows all ICMP packets go through IP NAT.
Y
Y
Y
-
-
-
-
-
-
-
CR00016758
To do this, use the command:
enable ip nat bypasstcp
When bypasstcp is enabled, IP NAT performs IP address and port translation for
TCP packets and forwards the packets, regardless of the TCP sequence number
and the current TCP state. It also allows ICMP echo reply and other ICMP packets
to initiate a session and get forwarded.
To disable the bypassing, use the command:
disable ip nat bypasstcp
Bypassing is disabled by default because it degrades the security of IP NAT.
However, it is useful when you need NAT on VRRP routers.
Note that this enhancement does not apply to firewall NAT.
IP Gateway
-
This enhancement allows ARPs to move between ports on the router’s VLAN
interfaces.This assists with wireless station roaming.
Y
-
Y
-
-
-
-
-
-
-
CR00016776
To enable this feature, use the command:
enable ip arp silentroam
To disable it, use the command:
disable ip arp silentroam
Core
-
-
The default summertime dates have been updated to reflect the changes for
North America made by the American Energy Policy Act of 2005.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016785
CR00016977
By default, summertime now starts on the second Sunday in March and ends on
the first Sunday in November.
Script
This enhancement enables you to use aliases in commands in script files. The
router or switch expands the aliases when it runs the script (except when it runs
the script at start-up).
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
59
Features in 291-04
Software Maintenance Version 291-04 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■
■
“Y” indicates that the resolution is available in Version 291-04 for that product series.
“–” indicates that the issue did not apply to that product series.
Level 1
CR
Module
Level
1
Description
ISAKMP,
Logging
It was possible for invalid log messages to overwrite the log message buffer and
cause the router or switch to reboot. Such invalid log messages could occur with
VPN tunnels, for example.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013787
This issue has been resolved.
TTY, User
1
When a user telnets into the router or switch, to login via RADIUS authentication,
the telnet connection establishes and then user login authentication starts.
Previously, if the remote user closed the telnet connection before RADIUS
responded to the authentication request, then the router or switch rebooted
when it received the RADIUS Reply message.
Y
CR00013813
CR00013963
This issue has been resolved. The router or switch now does not reboot if the
telnet connection is closed before the RADIUS Reply message arrives.
Switch
1
Under heavy broadcast traffic, it was possible for the switch forwarding database
(FDB) to lock up.
–
–
–
–
–
–
–
Y
Y
–
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
60
CR
Module
Core
Level
1
Description
DHCP Snooping determines when a client lease will expire by taking the current
time and adding the client's assigned lease period to it. Previously, DHCP
Snooping did not update this expiry time if the switch's clock time changed,
which can happen because of NTP, summertime, or a user manually re-setting the
time. Therefore, if the switch's clock time changed, DHCP clients could expire
and lose connectivity.
–
–
–
Y
Y
Y
Y
Y
Y
–
CR00014145
DHCP
Snooping
This issue has been resolved. If the switch's clock changes, DHCP Snooping now
updates its client expiry times.
Core
1
AR442S routers did not run the user-specified configuration script at start up.
Y
–
–
–
–
–
–
–
–
–
CR00016314
Also, they incorrectly displayed the message “INFO: Initialising Flash File System”
twice during start up.
These issues have been resolved.
Level 2
CR
Module
BGP
Level
2
Description
Turning defaultoriginate on or off for a BGP peer (by using the command add
bgp peer) did not cause BGP to generate an update, even if automatic updating
was enabled (enable bgp autosoftupdate).
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
–
–
–
–
Y
Y
Y
Y
Y
Y
CR00010511
This issue has been resolved.
L2TP
2
Setting a timeout on L2TP packet debugging caused the router or switch to
reboot.
CR00012564
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
61
CR
Module
HTTP
Level
2
Description
A badly formed response from a particular HTTP server caused the router or
switch to reboot when it attempted to load a non-existent file from that server.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013592
This issue has been resolved.
IP Gateway
IGMP, VLAN
2
2
When an IP packet was queued by the ENCO module or other applications, and
the IP flow for the packet became invalid while the packet was queued, the
router or switch sometimes rebooted.
Y
–
CR00013700
CR00013791
This issue has been resolved.
Disabling IGMP snooping correctly increased the number of L3 filter matches
available. However, if the configuration was saved and then run after a reboot,
the switch incorrectly limited the number of L3 filter matches to the number
available when IGMP snooping was enabled. If the maximum number of matches
had been configured, this meant that some matches were missing after a reboot.
–
–
–
Y
Y
Y
Y
–
–
This issue has been resolved.
Switch
2
2
In very rare circumstances, a port could stop transmitting traffic if its speed was
modified or it was reset while under heavy traffic load.
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Y
–
CR00013823
CR00013929
This issue has been resolved.
ADSL
ATM
When performing RFC1483 encapsulation of Ethernet frames, the AR44xS
routers did not pad frames out to the 64-byte minimum frame size (the RFC does
not require such padding to be performed). This resulted in an interoperability
issue with ATM switches that discarded (rather than padded) the undersize
frames upon decapsulating them.
Y
Ethernet
The effect of this was that when an AR44xS router was connected to an ATM
network that contained such switches, the router could fail to connect at the PPP
session level.
This issue has been resolved. The router now always pads undersize Ethernet
frames to the 64-byte minimum frame size before it performs RFC1483
encapsulation. This avoids the possibility of this interoperability issue.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
62
CR
Module
Switch
Level
2
Description
When the router generated packets (such as ARP requests) and sent them out
multiple LAN ports, it always sent them as untagged packets.
–
–
–
–
Y
–
–
–
–
–
–
–
–
–
–
–
–
CR00014228
This issue has been resolved, so that LAN traffic will be tagged or untagged as
specified in the VLAN port configuration.
Switch
2
If a user explicitly set the learn limit to zero by entering the command:
Y
Y
–
CR00014269
set switch port=number learn=0 intrusion=discard
and the learn limit had either not been explicitly set previously or had been
explicitly set to a non-zero value, then the switch would not learn any MAC
addresses. It treated 0 as meaning “learn 0 addresses” instead of meaning “no
limit”.
This issue has been resolved. A learn limit of 0 means “no limit” in all
circumstances.
Switch
2
2
Packet loss sometimes occurred when an IGMP snooping group timed out.
This issue has been resolved.
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Y
Y
Y
Y
–
–
CR00014298
CR00014323
Switch
EPSR
When EPSR was used in a network with a 10Mbps multicast or broadcast flow,
the EPSR ring frequently alternated between a state of failed and complete.
This issue has been resolved.
Bridge, Switch,
VLAN
2
2
Bridging STP did not work if a VLAN was added as a bridge port.
This issue has been resolved.
Y
–
–
–
Y
–
–
–
–
–
–
–
–
–
CR00014340
CR00014437
Core
Install
If a switch’s configuration was saved (by using the command create
config=filename), and then the command set config=filename was entered,
the configuration file should have been propagated through the stack to other
switches that did not have a file of that name. This did not happen.
Y
Y
Y
Y
Y
Y
Stacking
This issue has been resolved.
Load
2
Attempts to upload a file to a TFTP server failed if a invalid IP address was
specified in previous attempts.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014673
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
63
CR
Module
PIM
Level
2
Description
If a PIM interface was set as the BSR candidate interface (by using the command
add pim bsrcandidate interface=interface) and that interface went down,
PIM would select another interface as the BSR candidate interface. The router or
switch also set the new interface as the BSR candidate interface in the dynamic
configuration.
Y
Y
Y
Y
Y
–
–
Y
Y
Y
CR00014714
This issue has been resolved. PIM only looks for a new interface to use as the BSR
candidate address if the user has not specified an interface.
Reverse Telnet
RIPv6
2
2
Reverse Telnet used to filter out Ctrl-D characters, making it impossible to
perform certain actions on the remote device.
Y
Y
Y
Y
Y
Y
Y
Y
–
–
–
–
–
–
–
–
CR00014748
CR00014795
This issue has been resolved.
When a user disabled RIPv6 or deleted a RIPv6 interface, the router or switch
correctly set the metric of any affected RIPv6 routes to 16, indicating that the
route was unavailable. However, the router or switch continued to try to use such
routes to route packets if no alternative better routes existed.
Y
Y
Y
Y
This issue has been resolved. When a route’s metric is 16, it is no longer used to
route traffic.
Switch
2
2
When STP detected a topology change and therefore the switch flushed its ARP
table entries, sometimes the switch did not remove entries for non-lead trunk
ports. Therefore, ARP entries for these ports contained incorrect routing
information. These incorrect entries were not replaced until after they timed out.
–
–
–
–
–
–
Y
Y
Y
Y
Y
Y
Y
Y
Y
–
Y
–
Y
–
CR00014834
CR00014925
This issue has been resolved.
IP Gateway
When the switch had a static route to a destination, and a user added a more
specific static route to the same destination, then the switch should have
removed the less specific route from its hardware switching table, but did not.
This stopped the switch from routing packets to that destination.
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
64
CR
Module
Level
2
Description
Core
If a terminal emulator started up after the router started up, the router did not
display a login or command prompt. This issue occurred with some terminal
emulators (including Tera Term Pro) when connecting to the AR415S router.
Y
–
–
–
–
–
–
–
–
–
CR00014987
Switch
This issue has been resolved.
PKI
2
2
When adding a certificate to PKI, if the length of the public key in the certificate
was longer then 2048 bits (256 bytes) the router or switch could reboot.
Y
–
Y
–
Y
–
Y
–
Y
–
Y
–
Y
–
Y
Y
Y
Y
Y
Y
CR00015032
CR00015071
This issue has been resolved.
IP Gateway
Routing over a PPP interface could fail if the switch had a default route out an
Ethernet port. The default route switched all packets, even those destined for the
PPP interface.
This issue has been resolved. The resolution involves adding routes over the PPP
interface to the switch hardware tables with an instruction to trap these packets
to the CPU. Therefore these routes now appear in the hardware tables, and can
be displayed by using the command show switch table=ip.
Classifier,
DHCP
snooping,
2
2
When MAC-forced forwarding (MACFF) was running, the switch did not filter
multicast packets correctly.
–
–
–
–
Y
–
Y
–
Y
–
Y
–
–
–
–
–
–
–
CR00015087
CR00015156
This issue has been resolved.
Switch, MACFF
Switch
On AR750S, AR750S-DP, and AR400 Series routers, if a user set a switch port to
autonegotiate speed and duplex mode (by using the command set switch
port=number speed=auto), the link went down.
Y
Y
This issue has been resolved.
Firewall
2
If a VoIP call came in through the SIP ALG from the public side of the firewall and
was then transferred by the device on the private side, the firewall session was
not always updated. When this happened, the person to whom the call was
transferred could not hear the person who had called.
Y
Y
Y
Y
Y
–
–
–
–
Y
CR00015207
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
65
CR
Module
GUI
Level
2
Description
The GUI could not be used to access the dual power supply AR750S-DP router.
–
–
Y
Y
–
–
–
–
–
–
–
CR00015348
This issue has been resolved. The GUI resource file to use is
750s_281-06_en_d.rsc.
IP Gateway
2
If you defined an IP filter without specifying the optional type parameter, the
default value of type=traffic was added to the filter in the dynamic
configuration. This prevented you from using the configuration file with software
version 2.7.6 and older releases.
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015396
This issue has been resolved. The type parameter is only added to the dynamic
configuration if you enter a value for it.
Ethernet
Switch
2
2
If an AR020 PRI E1/T1 PIC was installed on an AR415S, the router’s Ethernet
interface stopped receiving unicast or multicast packets correctly—it only
received broadcasts correctly.
Y
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
CR00015474
CR00015638
This issue has been resolved.
On AR770S routers, when generating multicast or broadcast CPU traffic out a
VLAN that had multiple active switch ports in it, the traffic would only egress
port 1.
Y
This issue has been resolved.
Switch
ADSL
2
2
Mirroring the traffic on port 1 of any line card caused the switch to lose packets.
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
CR00015697
CR00015925
The ADSL Annex B firmware has been updated on AR441S routers. This improved
interoperability with some DSLAMs.
Y
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
66
CR
Module
Switch
Level
2
Description
It was not possible to set a tri-speed SFP to a fixed speed in the configuration
script that the AT-9924SP switch runs when it starts up.
–
–
–
–
–
–
–
–
Y
–
CR00015936
This issue has been resolved, so the SFP can be set to a fixed speed from the
configuration script
Also, it was possible to use the command set swi port=number speed on an
empty SFP bay. The command reported that the operation had been successful,
but an inserted SFP was instead set to its previous or default setting.
This issue has been resolved. It is no longer possible to set the speed of an empty
SFP bay.
IPv6
2
2
Sometimes, when a router or switch received an IPv6 router advertisement
message, it incorrectly created a duplicate of an already-existing interface route.
If a user then deleted the IPv6 interface that these two routes belonged to, the
router or switch could reboot.
Y
Y
Y
Y
Y
Y
Y
–
Y
–
–
–
–
–
Y
–
Y
–
Y
–
CR00015949
This issue has been resolved.
WAN Load
Balancing
The following issues occurred with WAN load balancing (WANLB):
CR00015971
CR00015937
CR00015864
■ when a WANLB resource port became unavailable, existing sessions on the
unavailable resource did not move to a backup resource
■ if packets were sent over a WANLB session, then that session timed out, and
then the same packets were sent again, a new session did not establish. This
stopped the packets from being sent the second time.
■ when WANLB was used with Firewall NAT, the orphan timeout setting of
WANLB sessions was not updated correctly. This could mean that WANLB
resources appeared to be available when they were not.
These issues have been resolved.
User
2
If the router or switch used RADIUS authentication and all the RADIUS servers
were unavailable, then the device correctly checked its user database for a
RADIUS backup user and authenticated that user. However, if that user then
logged out, they were unable to log in again until after the RADIUS server Dead
Time timer had expired.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00016037
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
67
Level 3
CR
Module
Level
3
Description
GUI, IGMP
The graphical user interface (GUI) listed an invalid local interface in the Interface
drop-down list on the page for adding a static IGMP association.
Y
–
Y
–
Y
–
Y
–
Y
–
Y
–
Y
–
–
Y
Y
Y
CR00007000
This issue has been resolved.
Switch
3
3
If many VLANs simultaneously went from up to down, or down to up, the switch
became unresponsive for a period of time.
Y
–
–
CR00009274
CR00009302
IP Gateway
This issue has been improved by reducing the processing overhead for VLAN state
changes.
Switch
The number of filters that can be created on an AT-8848 switch is limited by the
number of filter matches available. Previously, if a user attempted to create a
filter, and an existing filter already used the same filter match as the new filter,
the switch counted this as two matches being used. This reduced the number of
available filters.
–
–
–
–
Y
Y
–
–
–
–
–
–
This issue has been resolved.
BGP
3
When a peer’s inroutemap filter assigned an incoming route to a well-known
BGP community, the router or switch did not use the community’s restricted
advertisement settings, such as NoExport or NoAdvertise.
Y
Y
Y
Y
Y
Y
Y
CR00009478
This issue has been resolved.
Also, output of the command show bgp peer now shows whether a route has
been assigned to a community. This is indicated by a flag “m”, as shown in bold
in the following route entry example:
> 192.2.2.0/24
192.168.1.2
IGP
-
100
m SEQ 1;
The flag “m” indicates that this route has at least one community attached to it.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
68
CR
Module
Level
3
Description
IP Gateway
If an IP interface was added and deleted many times, an excessive number of
memory buffers became full.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00010136
Also, when an IP interface was deleted, the IGMP query timer (set ip igmp
int=interface querytimeout=value) sometimes continued running and later
caused the router or switch to reboot.
These issues have been resolved.
IP Gateway
3
3
When running the boot ROM release, it was possible to configure the router or
switch as a DHCP client by using the command add ip interface=int ip=dhcp.
However, the boot ROM release does not include the DHCP client feature, so the
router or switch did not receive an IP address via DHCP.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
–
CR00012230
CR00012493
This issue has been resolved. It is no longer possible to configure the router or
switch as a DHCP client when running the boot ROM release.
IP Gateway,
IGMP Proxy
Where IGMP proxy is enabled, only one upstream interface may be defined.
Previously, when the command add ip interface=int ip=ipadd
igmpproxy=upstream was used to try to create a second upstream interface,
an error message was correctly displayed. However, the interface was still added,
using igmpproxy=off.
This issue has been resolved. The second interface is no longer added if this error
occurs.
Also, if an interface had been set as the upstream interface and was later
changed to a downstream interface, a different upstream interface could not be
specified, even though there was no active upstream interface.
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
69
CR
Module
User
Level
3
Description
When authenticating users via RADIUS, the number of times that the router or
switch attempts to contact the RADIUS server is determined by the Server
Retransmit Count (displayed in output of the command show radius).
Previously, this count incorrectly included the initial request. For example, a
Retransmit Count of 3 meant that up to 3 attempts were made to contact the
server.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012585
This issue has been resolved, so that the Retransmit Count no longer counts the
initial request. For example, a Retransmit Count of 3 now means that up to 4
attempts are made to contact the server.
BGP
DHCP
File
3
3
3
When the router or switch had thousands of static routes and BGP static import
was periodically turned on and off, BGP used an excessive number of memory
buffers. Excessive buffer use could also occur with BGP in other rare
circumstances.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
–
–
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012832
CR00012858
CR00013150
This issue has been resolved.
Previously, it was not possible to have multiple static DHCP entries with the same
client ID (MAC address), even if the static entries were for different DHCP ranges.
Y
Y
Y
Y
This issue has been resolved. You can now add static DHCP entries for a given
MAC address to multiple ranges. Note that you cannot have multiple entries for
a given MAC address on the same range.
If a boot configuration script included a command to delete a file followed by a
command to create a file of the same name, a fatal exception occurred when the
router or switch ran that script on reboot.
This issue has been resolved so that the fatal exception no longer occurs.
However, you should avoid putting such file operations into boot configuration
scripts. To enhance multi-tasking, the file handler performs file operations in the
background. This is not possible when executing a boot configuration script, so
the file operations may be queued until after boot-up. In this case, this means
that the file deletion will not be finished before the file creation command tries
to execute.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
70
CR
Module
IGMP
Level
3
Description
When IGMP fast leave was enabled and the switch received a leave message via
a trunk port, the switch only removed the port from the multicast group if the
port was the master trunk port.
–
–
–
Y
Y
Y
Y
Y
Y
–
CR00013629
This issue has been resolved. When fast leave is enabled, non-master trunk ports
now leave multicast groups as soon as the switch receives a leave message.
Switch,
IP Gateway
3
3
For layer 3 Jumbo frames, this software version improves initial layer 3 flow setup
and handling of flows that exceed the layer 3 MTU mid-flow.
–
–
–
–
–
–
–
–
Y
Y
–
CR00013694
CR00014038
IGMP
The IGMP Default Timeout Interval is automatically calculated by IGMP in
accordance with RFC 2236, but the following command allows you to over-ride
the calculated value:
Y
Y
Y
Y
Y
Y
Y
Y
Y
IP Gateway
set ip igmp timeout=value
Previously, the router or switch sometimes set the interval to the calculated value
instead of using the value entered in the command above.
This issue has been resolved.
DHCP
Snooping
3
Previously, DHCP snooping correctly refused to allocate new DHCP leases once
the maxleases value had been exceeded, but it did so by discarding the server’s
acknowledgement message instead of forwarding it to the client. Therefore, the
DHCP server recorded the address as allocated, which meant the IP address range
could be exhausted.
–
–
–
Y
Y
Y
Y
Y
Y
–
CR00014047
CR00014152
This issue has been resolved. The server no longer records addresses as allocated
once the maxleases value is exceeded.
Switch
3
On AR415S, AR44xS, AR750S and AR770S routers, when a switch port went
down or was reset by using the command reset switch port=number, this
deleted the dynamically-learned forwarding entries for all ports.
Y
–
Y
–
–
–
–
–
–
–
This issue has been resolved. Now entries are only deleted for the port that went
down or was specified in the command.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
71
CR
Module
Firewall
Level
3
Description
When the firewall was performing NAT on UDP video streams and two streams
started up at the same time, sometimes one or both streams displayed excessive
jitter.
Y
–
Y
–
Y
Y
Y
–
Y
–
–
–
–
–
–
–
–
–
–
CR00014163
This issue has been resolved.
Core
3
The following issues occurred with environmental monitoring:
–
CR00014178
■ on AR750S and AR770S routers, the values reported by the show system
command were incorrect for the first few seconds after a cold restart
■ on AR770S routers, the router did not indicate power supply problems
through log messages or the system LED
These issues have been resolved.
BGP
3
3
The default setting for BGP capability matching is now loose instead of strict.
This matches the requirements of RFC 4271.
Y
–
Y
–
Y
–
Y
Y
Y
–
Y
–
Y
–
Y
–
CR00014285
CR00014305
Switch
On AT-8748XL and Rapier 48i switches, mirroring did not work when:
■ only one (not both) of the uplinks had an expansion module installed and
■ that uplink (port 49 or 50) was the mirror port
–
Y
This issue has been resolved.
GUI, Log
3
3
If the user cleared the Queue Output checkbox on the Modify Log Output
Definition page of the GUI, it displayed an error instead of making the change.
Y
–
Y
–
Y
–
Y
Y
Y
Y
Y
Y
Y
Y
–
Y
Y
Y
–
CR00014313
CR00014327
This issue has been resolved. The GUI can now be used to turn off queuing of
logging output.
MSTP, GUI
When using the GUI to configure the MSTP CIST, users had to specify the external
and internal port path costs. If these were not specified, the GUI gave an error
instead of configuring the CIST.
Y
This issue has been resolved. By default, the GUI now specifies “default” for the
path costs. This value of “default” leaves the current setting unchanged.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
72
CR
Module
Level
3
Description
IP Gateway,
Switch
If a port had static ARP entries defined for a VLAN, then adding the port to
another VLAN made those static ARP entries inactive.
Y
–
Y
Y
Y
Y
Y
Y
Y
Y
CR00014328
Also, deleting a port from a VLAN would delete all static ARP entries that were
defined on that port, including entries for other VLANs. Note that this deletion
issue did not occur on Rapier i, AT-8800, AT-8700XL, or AT-8600 Series switches.
Both of these issues have been resolved.
PIM6
3
3
If a user changes the PIMv6 BSR candidate priority to the same value as the
currently-elected BSR’s priority, then the router or switch should be elected as the
BSR if its IPv6 address is higher than the currently-elected BSR. This did not
happen.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
–
–
Y
Y
Y
Y
Y
Y
CR00014652
CR00014659
This issue has been resolved.
DHCP
On the DHCP server, a user could create two static DHCP entries for the same
client in one range. This was only possible if the client had first obtained a
dynamic address from the server.
Y
Y
This issue has been resolved. It is now impossible to add the same static client
twice, even when that client has a pre-existing dynamic entry.
IGMP
Snooping
3
3
When the router or switch received an IGMP Leave message, it did not update
IGMP Snooping counters correctly in some circumstances.
Y
Y
–
Y
–
Y
–
Y
–
Y
–
Y
–
Y
–
Y
–
Y
–
CR00014724
CR00014746
This issue has been resolved.
WANLB,
IP Gateway
It was possible to delete an IP interface that was configured as a WAN load
balancer resource.
Y
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
73
CR
Module
Level
3
Description
BOOTP
It was possible to add a BOOTP relay destination using an interface that was not
running IP. It was also possible to delete an IP interface even though BOOTP relay
destinations were defined for the interface. Both of these situations could allow
the router or switch to be mis-configured.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014755
IP Gateway
This issue has been resolved by adding checks for these situations to the
command handlers. It is no longer possible to add a BOOTP relay destination
using an interface not in use by IP, and no longer possible to delete an IP interface
if BOOTP relay has destinations defined using that interface.
PIMv6
GUI
3
3
The command show pim6 staterefresh sometimes corrupted the terminal
display output with random characters. To recover, it was necessary to reset the
terminal session.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
–
–
Y
Y
Y
Y
Y
Y
CR00014782
CR00014872
This issue has been resolved.
The router or switch rebooted if the Opera browser was used to browse to its
GUI.
Y
Y
This issue has been resolved. However, note that the GUI does not fully support
Opera. Some functionality may not be available.
GUI
3
3
HTTP pipelining did not operate correctly on some web browsers when browsing
to the GUI. This made some images very slow to load.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
–
Y
Y
Y
Y
CR00015107
CR00015126
This issue has been resolved.
IP Gateway
For IP filters of type=routing, the first filter entry could not be set to match on
Y
the following IP address/mask pair:
source=0.0.0.0 smask=255.255.255.255
This IP address/mask pair corresponds to the default route.
This issue has been resolved. You can now match on the default route in the first
entry of a filter.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
74
CR
Module
Level
3
Description
IP Gateway
DHCP
When a router or switch was configured to use DHCP to assign an address on an
interface, and then set to have a static address on that interface, the DHCP client
in the router or switch would continue to negotiate with the DHCP server. This
tied up a DHCP lease.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015148
This issue has been resolved. Assigning a static address to an interface will stop
the DHCP client from requesting an address from a DHCP server.
Load
3
3
File upload via the IPv6 version of TFTP was not operating correctly.
This issue has been resolved.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
–
–
Y
Y
Y
Y
Y
Y
CR00015155
CR00015159
IP Gateway
If the router or switch received an IP subnet broadcast packet that was directed
to a unicast MAC address, it incorrectly responded with an ICMP unreachable
message, unless an appropriate IP helper configuration existed.
Y
Y
This issue has been resolved. When there is no IP helper configuration, the
behaviour now depends correctly on the setting of the directedbroadcast
parameter for the IP interface. If directedbroadcast=on, the packet is sent out
as a MAC broadcast. If directedbroadcast=off, the packet is dropped. ICMP
unreachable messages are not sent in any case.
IGMP snooping
VLAN
3
The command add igmpsnooping vlan=vlan routerport=port adds a static
IGMP router port, for a specific VLAN and port pair. Previously, it was possible to
remove the port from that VLAN without updating the static router port
association.
Y
–
Y
Y
Y
Y
Y
Y
Y
Y
CR00015258
CR00015346
This issue has been resolved. When you remove a static router port from a VLAN,
the router or switch now removes that port from the static router port list and
updates all layer 2 entries.
Switch
3
The 64-bit counter type objects in the ifXTable of the Interfaces Group MIB (RFC
2863) returned non-zero values for ports that had never been up.
Y
–
Y
–
–
–
–
–
–
–
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
75
CR
Module
Level
3
Description
IP Gateway
Subnet broadcast packets would not be routed correctly when the interface to
which the subnet broadcast was destinated was an interface on the device, but
its link status was down. Even though an alternate route to the destination
existed, the device would send the packets incorrectly.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00015666
This issue has been resolved. When a subnet broadcast is received, it will be
correctly forwarded to an alternate route even if the destination interface is
down.
Switch
3
3
If the switch received a packet on a port and therefore started using MAC-based
authentication to authenticate the port, and then received another packet during
the authentication process, then occasionally the switch dropped the second
packet.
Y
Y
Y
–
Y
–
Y
–
Y
–
Y
–
Y
–
Y
–
Y
–
–
–
CR00015798
CR00016058
This issue has been resolved.
Ethernet
The AR415S router processed some IP multicast packets incorrectly on its eth0
interface.
CR00015915
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
76
Level 4
CR
Module
Core
Level
4
Description
When the router or switch rebooted, its internal clock lost approximately
1 second.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
–
Y
Y
Y
Y
Y
Y
Y
CR00004677
This issue has been resolved. The time loss on reboot has been reduced.
Core, Utility
4
The following issues occurred with the commands show debug active and
disable debug active:
Y
Y
CR00009087
■ The command did not adequately warn users if an invalid module number had
been entered into the active parameter.
This issue has been resolved. The router or switch now displays an error unless
the value is between 1 and 142.
■ The CLI “?” help description for the active parameter listed an incorrect
number range and also listed modules that cannot be manipulated through
this command.
This issue has been resolved. The “?” help description is now correct.
QoS
4
The “?” help description for switch commands that accept a value in bytes (or
similar units such as kbytes or bytes/s) incorrectly indicated that the units were
bps. The commands this issue applied to depend on the switch model, but
include commands such as:
–
–
–
Y
Y
Y
Y
Y
Y
Y
CR00011695
create qos trafficclass=value maxburst=?
create qos policy=value dtcmaxburst=?
set qos red=value start1=?
set swi port=value bcl=?
set swi dlfl=?
This issue has been resolved. The “?” help description now displays the correct
units.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
77
CR
Module
MSTP
Level
4
Description
If the command set mstp cist port=value was entered with no other
parameters, the resulting error message (“One or more parameters may be
missing”) was displayed as an INFO message.
–
–
–
Y
Y
Y
Y
Y
Y
–
CR00012602
This issue has been resolved. The message now displays as an ERROR message.
SNMP, Core,
TTY
4
4
4
The MIB object hrSystemNumUsers displayed the number of login users since the
router or switch started up, instead of the number of currently-active login users.
Y
–
–
Y
–
–
Y
–
–
Y
–
Y
–
Y
–
Y
–
Y
Y
Y
Y
Y
Y
Y
–
–
CR00013045
CR00013112
CR00013188
This issue has been resolved.
IP Gateway
LACP
The blackhole parameter of the commands add and set ip route had no “?”
help description.
This issue has been resolved.
Previously, when an attempt to add a port to LACP was unsuccessful, the switch
displayed an appropriate warning message followed incorrectly by an “operation
successful” message.
Y
Y
Y
Y
This issue has been resolved. The switch no longer displays “operation
successful” when port addition fails.
IP Gateway
TACPLUS
4
4
The output of the command show ip route did not contain any spaces between
the route tag value and the metric value when the tag value was long.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013221
CR00013260
This issue has been resolved by adding the missing spaces. The content and
relative position of the values have not changed.
If a user added a TACACS+ server when TACACS+ was not enabled, previously
the router or switch displayed a single “info” message that indicated that the
module was not enabled, but did not display a message confirming the server
addition. However, the router or switch did add the server.
This issue has been resolved. TACACS+ is now consistent with other modules—
the router or switch displays the following “warning” and “info” messages:
Warning (2111049): The TACP module is not enabled.
Info (1111003): Operation successful.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
78
CR
Module
Ping
Level
4
Description
Previously, if you used the ? or Tab keys to obtain help about the timeout
parameter for the ping command, the resulting help said that the maximum
timeout was 65535. However, the correct maximum is 60 seconds.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013463
This issue has been resolved. The “?” help now displays the correct range of
values.
Install
4
When a router or switch was using a trial licence for release software and the trial
period elapsed, the router or switch rebooted without indicating the reason for
the reboot.
Y
CR00013589
This issue has been resolved. The following error messages now explain why the
router or switch is rebooting:
ERROR: There are no valid licences available for the current software release.
The device will now reboot.
ERROR: The trial licence for the current software release has expired.
The device will now reboot.
NTP
4
4
Output of the command show ntp displays a “Host Address” field. This is the
address of the interface from which the router or switch sends NTP packets.
Previously, if the IP address changed, the “Host Address” field did not change,
even though NTP used the new address.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013640
CR00014106
This issue has been resolved.
Core
If the router or switch runs a configuration file on start-up that contains the
command set summertime before the command enable summertime, a log
message on start-up says that summertime needs to be enabled. However,
summertime is correctly applied to the router or switch.
Previously, if you configured summertime then saved the configuration by using
the command create config, set summertime came before enable
summertime in the resulting configuration file.
This issue has been resolved. When you save the configuration, enable
summertime now comes before set summertime in the resulting configuration
file, so the log message is not produced.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
79
CR
Module
VLAN
Level
4
Description
The following error message:
–
–
–
–
–
–
–
Y
Y
–
CR00014151
“Error (3089399): Operation not allowed on a .NESTED port.”
contained an extraneous “.” before the word “NESTED”.
This issue has been resolved. The “.” has been removed.
Core
LLDP
4
4
The show exception command did not display the correct exception type for
watchdog exceptions on AR750S, AR750S-DP, or AR770S routers.
–
–
Y
Y
–
–
–
–
–
–
–
CR00014170
CR00014250
This issue has been resolved. The correct exception type is now displayed.
In output of the command show lldp localdata, the field lldpLocSysDesc gives
information about the router or switch model and software version. Previously,
this information was sometimes split incorrectly across 3 rows.
Y
Y
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved. The information now displays correctly.
DDNS
4
If a user made a configuration change to DDNS (dynamic DNS) when DDNS was
not enabled, previously the router displayed a message that indicated that the
module was not enabled, but did not display a message confirming the change.
However, the router did make the change.
Y
–
Y
–
–
–
–
–
–
–
CR00014318
This issue has been resolved. DDNS is now consistent with other modules—the
router displays the following “warning” and “info” messages:
Warning (2142049): The DDNS module is not enabled.
Info (1142003): Operation successful.
GUI
4
4
The GUI included pages for configuring MAC-based port authentication.
However, this feature is not available on AT-9800 Series switches.
–
–
–
–
–
–
–
–
–
–
–
–
–
Y
Y
CR00014367
CR00014712
This issue has been resolved. The GUI pages have been removed.
Firewall
If the router or switch renumbered a firewall rule, it displays a message.
Previously, this message had a status of “info” instead of “warning”.
Y
Y
Y
Y
Y
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
80
CR
Module
DHCP
Level
4
Description
Previously, when a user entered the command delete dhcp range=range
ip=ipadd, the router or switch would display an “Operation successful”
message, even when the client entry in question was unused.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014750
This issue has been resolved. For unused clients, this command now results in the
following new message:
“Nothing to delete, client is unused.”
VLAN, Bridging
4
4
4
It was possible to specify a value of 0 for the ageingtimer parameter in the
command add and set vlan=vlan bridge, even though this value was
meaningless.
Y
Y
–
–
–
–
Y
–
–
Y
–
–
–
–
–
–
–
–
–
–
–
–
–
Y
–
–
Y
–
–
–
CR00014778
CR00015080
CR00015130
This issue has been resolved. The lowest valid value for ageingtimer is 1.
ATM
When an SHDSL or ADSL interface re-trained after having been in a “link up”
state, spurious error messages could appear on the console.
This issue has been resolved. The messages were not genuine error messages and
no longer appear.
Switch
The following commands have been deprecated in software versions 2.9.1 and
later, and therefore (correctly) have no effect on the switch:
set switch port=number thrashlimit=value
set switch port=number thrashrefill=value
Previously, if a user entered these commands, the switch incorrectly displayed an
“Operation successful” message.
This issue has been resolved. The switch now displays a warning message
indicating that the commands are deprecated.
For information about the commands that replace these commands, see the
“Limiting Rapid MAC Movement” section of the Switching chapter of the
Software Reference.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
81
Enhancements
CR
Module
Level
-
Description
Core
It is now possible to hotswap NSMs on NEBS-compliant Rapier i switches.
–
–
–
Y
Y
–
–
–
–
–
–
CR00003036
To hotswap the NSM, press the Hot Swap button beside the NSM, check that the
Swap LED turns on and the In Use LED turns off, then remove the NSM. Place the
new NSM in the bay, then press the Hot Swap button again to make the NSM
available for use.
IP Gateway
-
The IP implementation has been enhanced to accept IP interfaces with a /31
netmask. This results in a slightly non-standard subnet that has no network
address or broadcast address. This has become a popular extension to IP, because
it reduces wastage of IP addresses on point-to-point links.
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012881
Many
-
-
This enhancement extended the “?” help for VRRP, OSPF, SNMP, IP routes, user
database, VLANs, logging, and file management. The “?” help for these (and
several other) modules now gives information about all command parameters.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
–
Y
–
Y
–
Y
–
Y
Y
CR00013129
CR00013449
Firewall
The firewall now supports FTP sessions that use the security extensions defined in
RFC 2228. Previously, the firewall dropped sessions that used those security
extensions.
This enhancement makes more-secure FTP available between private-side clients
and public-side servers, and between public-side clients and private-side servers.
Telnet
TTY
-
This enhancement enables you to select whether the system name appears at the
login prompt for telnet client sessions. By default, the system name appears. To
prevent it from appearing, use the command:
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013610
SET TELnet LOGINSYStemname=OFF
Note that the login prompt appears before you log into the router or switch.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
82
CR
Module
Core
Level
-
Description
AR770S routers have a CPU fan that the software now monitors in the same
manner as the main fan. The state of the CPU fan is displayed along with that of
the main (chassis) fan in the output of the show system command.
–
–
Y
–
–
–
–
–
–
–
CR00013992
If a problem develops with the CPU fan, the router notifies you in the following
ways:
■ The system LED flashes in a single flash pattern
■ An SNMP trap is issued on the fanAndPSMainFanStatus atRouter private MIB
object
■ A log message is generated that says “CPU fan status is not good”.
File
-
The commands create file, add file, reset file permanentredirect, and show
file permanentredirect were not supported on AR725 and AR745 routers.
These commands enable you to save the output of other router commands in
text files on the router.
–
Y
–
–
–
–
–
–
–
–
CR00014067
For more information about these commands, see the “Managing the File
System” chapter of the Software Reference.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
83
CR
Module
BOOTP
Level
-
Description
This enhancement enables you to associate a BOOTP relay destination with a
given interface. To do this, use the new optional interface parameter in the
command:
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014172
ADD BOOTp RELAy=ipadd INTerface=interface
BOOTP packets received on this interface are relayed to the specified relay
destination only. You can define the same interface for multiple relay
destinations; the router or switch relays any BOOTP packets received to each relay
destination.
If you do not specify an interface, the destination becomes a “generic”
destination. If the router or switch receives a BOOTP message on an interface for
which no specific destination is defined, the router or switch relays the message
to all generic destinations. This is the same as the behaviour prior to this
enhancement.
To remove a destination that is associated with an interface, use the command:
DELete BOOTp RELAy=ipadd INTerface=interface
To see the interfaces that each destination is associated with, use the pre-existing
command:
SHow BOOTp RELAy
DHCP
Snooping
-
DHCP snooping records its client database into a file in NVS (if possible) or Flash
memory. In previous versions, that file was named bindings.dsn. From this
version, the file structure has changed and the file is now named bind0002.dsn.
–
–
–
Y
Y
Y
Y
Y
Y
–
CR00014238
When you upgrade a switch to this version, the switch creates the new client
database file 10 seconds after initialising the new version. After that, you can
safely delete the old bindings.dns file, if desired.
Note that the functionality of DHCP snooping has not changed, only the
filename.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
84
CR
Module
Level
-
Description
BGP
This enhancement enables you to force BGP to select the best route on the basis
of network prefix alone, instead of on the basis of preference, then metric, then
network prefix.
Y
Y
Y
Y
Y
–
–
Y
Y
Y
CR00014241
IP Gateway
To do this:
1. Give the desired dynamic routing protocol a preference of 0, which is the
preference of interface routes, by using the command:
SET IP ROUte PREFerence=0 PROTocol={BGP-ext|BGP-int|OSPF-EXT1|
OSPF-EXT2|OSPF-INTEr|OSPF-INTRa|OSPF-Other|RIP|ALL}
2. Create a route map to give matching routes the same metric as your interface
routes. To change the metric, use the command:
ADD IP ROUTEMap=routemap ENTry=1..4294967295 SET METric=1
3. Add the route map as a filter to the BGP peers by using the command:
ADD BGP PEer=ipadd REMoteas=1..65534 INRoutemap=routemap [other
optional parameters]
The above process gives matching routes the same preference and metric as
interface routes. This forces IP routing to compare the network prefixes of the
interface route and the other routes. IP routing then chooses the most specific
route as the best route for that destination, instead of automatically choosing the
interface route as the best route without considering any other routes which may
have more specific network prefixes.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
85
CR
Module
Level
-
Description
DHCP
Snooping,
MACFF
The following enhancements have been made to DHCP snooping, to support
MAC-forced forwarding:
–
–
–
Y
Y
Y
Y
Y
Y
–
CR00014300
■ MAC-forced forwarding checks the DHCP snooping database to find out
which router has been assigned to each DHCP client. DHCP snooping
determines this from the router list in DHCP acknowledgement messages.
However, some clients do not request a router. DHCP snooping now modifies
request messages from such clients, to ensure that they request a router. This
enables MAC-forced forwarding to interoperate with such clients.
■ Output from the command show dhcpsnooping database now displays the
list of routers that are assigned to each client, as shown in bold in the
following example:
Current valid entries
MAC Address
IP Address
Expires(s) VLAN Port ID Source
Router list
---------------------------------------------------------------------
00-00-cd-28-06-7b
192.168.99.1 52
1
13
2
Dynamic
192.168.199.254
Ethernet
Switch
-
This enhancement enables you to use 100 Mbps fiber SFPs with AR770S routers.
Support has been added for AT-SFPX/15 and AT-SFPX/40 SFPs.
–
–
Y
–
–
–
–
–
–
–
CR00014354
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
86
CR
Module
DNS
Level
-
Description
A new log message has been added to provide more information about rejected
DNS requests. The message has a log type of 052 / IPDNS and subtype 002 /
UNRES, and reads:
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00014715
DNS request for <domain-name> rejected by server. Code <number>,
<explanation>.
The following codes and explanations exist:
0: No Error—no error occurred
1: Format Error—there was a problem with the message construction
2: Server Failure—there was a problem with the server itself
3: Name Error—the name does not exist in the domain
4: Query Not Implemented—the received query was not supported
5: Refused—Refused for policy, rather than technical, reasons
6: YX Domain—the name exists when it should not
7: YX RR Set— a resource record exists that should not exist
8: NX RR Set— a resource record that should exist does not exist
9: Not Authoritative—the receiving server is not authoritative
10: Not Within Zone—the specified name is not within the zone specified in the
message
DDNS
-
When you activate a Dynamic DNS (DDNS) update (by entering the command
activate ddns update), the router now warns you of possible negative
consequences and prompts you for whether or not to continue.
Y
–
Y
–
–
–
–
–
–
–
CR00014728
Also, if you attempt to activate a DDNS update when DDNS is disabled, the router
displays a warning message that indicates that DDNS is disabled.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-04
87
CR
Module
Level
-
Description
IP Gateway
OSPF
When OSPF is running over an on-demand PPP link and the link goes down, IP
notifies OSPF that the link is down and OSPF stops sending Hello packets over the
link. In a network in which routes over the PPP link are all dynamically learnt
through OSPF, the PPP link will not come back up because without OSPF there
are no routes to direct traffic at that link.
Y
Y
Y
Y
Y
–
–
Y
Y
Y
CR00014845
This enhancement enables you to stop IP from notifying OSPF that the PPP link is
down. OSPF keeps sending Hello messages, which bring the link back up again.
To enable this feature, set the new optional notifyospfdown parameter to no
in one of the commands:
ADD IP INTerface=int NOTIfyospfdown={NO|YES} [other parameters]
SET IP INTerface=int NOTIfyospfdown={NO|YES} [other parameters]
The default value for this parameter is yes, which means that IP notifies OSPF
when the interface goes down and OSPF sets the interface state to Down. OSPF
does not send Hello messages to the interface, and OSPF is inactive on the
interface until it receives an Up notification. This is the behaviour prior to this
enhancement. Also note the following points:
■ the parameter applies to the entire IP interface, not an individual logical
interface. Setting it on one logical interface sets it on all other logical
interfaces associated with the same IP interface.
■ the parameter only applies to on-demand PPP links. IP always sends
notifications for other interfaces, even if this parameter is set to no.
To see the parameter setting, use the existing command show ip interface.
Switch, EPSR
Switch
-
-
EPSR uses a classifier-based hardware filter to select packets in the control VLAN.
The hardware filter now only uses 2 of the available 16 bytes to match packets.
This increases the number of other classifier-based features you can use when
running EPSR.
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Y
–
Y
Y
–
–
CR00015269
CR00015628
The switch now fully recognises the latest revision of the AT-SPTX SPF, so all of
the features of the SFP can be utilised.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-03
88
Features in 291-03
Software Maintenance Version 291-03 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■
■
■
“Y” in a white column indicates that the resolution is available in Version 291-03 for that product series.
“-” in a white column indicates that the issue did not apply to that product series.
a grey-shaded column indicates that Version 291-03 has not been released on that product series.
“-” in a grey column indicates that the issue did not apply to that product series.
“Y” in a grey column indicates that the issue applied to that product series. These issues are resolved in the next Version (291-04).
Level 1
No level 1 issues
Level 2
CR
Module
Level
2
Description
Switch
RIPng
Creating a large number of IPv6 RIPng interfaces (more than 250) sometimes
caused the switch to reboot.
–
–
Y
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Y
Y
–
Y
Y
–
–
CR00014960
This issue has been resolved.
IPv6
2
2
If a large number of IPv6 multicast routes were added (more than1000) on a
switch with an IPv6 accelerator card, the switch could reboot.
–
–
CR00015102
CR00015585
This issue has been resolved.
ATM
AR442S routers sometimes rebooted while using the Test Facility to test the
SHDSL interface.
This issue has been resolved.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-03
89
CR
Module
IPv6
Level
2
Description
When a switch was heavily loaded with IPv6 traffic, it could reboot because a
large quantity of traffic was queued while waiting for a neighbour's MAC
address to resolve.
Y
Y
Y
Y
Y
–
–
Y
Y
Y
CR00015678
This issue has been resolved by limiting the number of packets that can be
queued while waiting for a neighbour's MAC address to resolve.
Level 3
CR
Module
QoS
Level
3
Description
By default, queue lengths were set to the maximum possible values for each port
type. This could make low-priority queues inappropriately starve higher-priority
queues of buffer resource.
–
–
–
–
–
–
–
Y
Y
–
CR00013270
This issue has been resolved. The default queue length has been reduced to 128
frames for all port types. If required, you can change them by using the existing
command:
SET QOS POrt={port-list|ALL} EGRessqueue[=queue-list] [Length=16..3648]
[other optional parameters]
LLDP
3
The switch included a permanent L3 filter to stop CDP (Cisco Discovery Protocol)
packets from being forwarded. This made one less L3 filter match available to
users.
–
–
–
Y
Y
Y
Y
–
–
–
CR00014306
Switch
This issue has been resolved. CDP still requires an L3 filter, but the filter is
automatically created when CDP is enabled and destroyed when CDP is disabled.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-03
90
CR
Module
QoS
Level
3
Description
Destroying a traffic class or flow group also destroyed all classifiers that were
associated with that traffic class or flow group.
–
–
–
Y
Y
Y
Y
Y
Y
–
CR00014959
This issue has been resolved. User-created classifiers are no longer destroyed.
Automatically-created classifiers are still destroyed, such as classifiers for DHCP
snooping.
Switch
Switch
3
3
When the switch performed layer 3 routing across a trunk, it did not balance
traffic across all ports in the trunk group.
–
–
–
Y
Y
Y
Y
Y
Y
Y
Y
–
–
–
–
CR00015510
This issue has been resolved.
If the switch received a packet on a port and therefore started using MAC-based
authentication to authenticate the port, and then received another packet during
the authentication process, then occasionally the switch dropped the second
packet.
Y
Y
Y
Y
Y
CR00015798
CR00016058
This issue has been resolved.
Level 4
No level 4 issues
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Features in 291-02
91
Enhancements
CR
Module
Level
-
Description
IGMP
snooping,
IGMP snooping learns which ports have routers attached to them, so it can
forward relevant IGMP messages out those ports. By default, snooping identifies
router ports by looking for ports that receive specific multicast packets (such as
IGMP queries, PIM messages, OSPF messages, and RIP messages).
Y
–
Y
Y
Y
Y
Y
Y
Y
Y
CR00014222
Switch,
VLAN
In some network configurations, this learning process cannot identify all router
ports. For such networks, this enhancement enables you to statically configure
particular ports as multicast router ports.
To specify the static router ports, use the new command:
add igmpsnooping vlan={vlan-name|1..4094} routerport=port-list
To stop ports from being static router ports, use the new command:
delete igmpsnooping vlan={vlan-name|1..4094} routerport=port-list
To list the static router ports, use the existing command:
show igmpsnooping
and check the new “Static Router Ports” field.
Features in 291-02
Version 291-02 was not released.
Features in 291-01
Version 291-01 was not released.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Support for the new x900-48FS switch—CR00016662
92
Support for the new x900-48FS switch—CR00016662
The x900-48FS is a new model in the x900 Series of layer 3 gigabit and fast Ethernet switches. Its key features are:
■
■
■
■
■
■
■
■
■
■
■
■
■
■
Multi-layer Fast Ethernet switch
48-port 100BASE-X SFP sockets, 100 Mbps, full or half duplex
4-port 1000BASE-X SFP uplink sockets, 1000 Mbps, full duplex
Support for hot-swappable SFP modules
Hot-swappable, load sharing PSUs
1U height, rack-mountable
Non-blocking Layer 2 and Layer 3 IP switching
IPv6-ready hardware for accelerated unicast and multicast routing
4096 Layer 2 multicast entries
1024 Layer 3 IPv4 multicast entries
4096 logical IPv6 interfaces
32MBytes of fixed flash
256MBytes of Synchronous DRAM, expandable to 512MBytes with DIMM
CompactFlash slot for hot-swappable expansion of flash memory up to 128MBytes
x900-48FS front panel
ASYN0/CONS
For more information about the x900 Series and expansion options, see the Hardware Reference. The Hardware Reference is available from
www.alliedtelesis.co.nz/documentation/manuals.html.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
IGMP snooping fast leave in multiple host mode—CR00017482
93
IGMP snooping fast leave in multiple host mode—CR00017482
The IGMP snooping fast leave option has been enhanced, to make it available when multiple clients are attached to a single port on the snooping switch. Fast
leave now has two modes available:
■
multiple host mode—the new feature. In multiple host mode, the snooper tracks which clients are joined to a given IP multicast group on a given port. As
soon as the last client leaves a group on a port, the snooper shuts off the multicast to that port.
■
single host mode—the existing functionality. In single host mode, as soon as the snooper receives a leave message for a group on a port, it shuts off the
multicast. This mode assumes that there are no other clients on the port that are still interested in receiving the multicast, so is suitable only when clients are
directly attached to the snooper.
To specify the new multiple mode, use the command:
set igmpsnooping vlan={vlan-name|1..4094|all} fastleave=multiple
To specify single mode, use either of the commands:
set igmpsnooping vlan={vlan-name|1..4094|all} fastleave=single
set igmpsnooping vlan={vlan-name|1..4094|all} fastleave=on
The command show igmpsnooping vlan has also been enhanced. The new command syntax is:
show igmpsnooping vlan={vlan-name|1..4094|all} [group={multicast-ip-address|allgroups}] [detail]
The group parameter lets you display information for only one group or for only the All Groups port (the allgroups option).
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
IGMP snooping fast leave in multiple host mode—CR00017482
94
The detail parameter displays more detailed information, including expiry times for each port, and in the case of multiple host fast leave mode, the list of hosts
on a port. The following example shows this.
IGMP Snooping
--------------------------------------------------------------------------
Status ........................... Enabled
Disabled All-groups ports ........ None
Vlan Name (vlan id) ..... default (1)
Fast Leave .............. Multiple Host Topology
Query Solicitation ...... Off
Static Router Ports ..... None
Group List .............. 2 groups
Group 224.0.1.22
Port 24
Timeout in 256 secs
Timeout in 257 secs
Hosts: 1
00-00-cd-27-be-f5 (172.20.176.200)
Timeout in 257 secs
Group 239.255.255.250
Port 24
Timeout in 258 secs
Timeout in 259 secs
Hosts: 1
00-00-cd-27-be-f5 (172.20.176.200)
Timeout in 259 secs
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Support for the new Rapier 48w switch
95
Support for the new Rapier 48w switch
The Rapier 48w is a new model in the Rapier Series of layer 3 gigabit and fast Ethernet switches. Its key features are:
■
■
■
■
■
■
■
48-port 10BASE-T/100BASE-TX (RJ-45 connectors)
Two 1000BASE SFP ports
Two asynchronous serial console ports with DB9 connectors
One Network Service Module bay, with support for various WAN interface cards
Auto-negotiating Layer 3 Managed Switch
Enhanced switching core
Replaceable air filters and fan-only modules (FOMs) for NEBS applications
Rapier 48w front panel
Rapier 48w L3 Fast Ethernet Switch
FAN
1
FAN
2
NSM
PORTS 49-50
L/A
1000M LINK
ACT
SFP
INSTALLED
FAULT
PORTS 1-48
ACT
CLASS
1
LASER PRODUCT
DO NOT STARE
L/A
D/C
LINK 100M
ACT
LINK 10M
FULL DUP
HALF DUP
COL
INTO BEAM
STATUS
FAULT
ASYN0
ASYN1
POWER
SWAP
IN
USE
HOT
RESET
SWAP
1
2
3
4
5
6
7
8
9
10 11
12 13
14 15
16
17
18 19
20 21
22 23
24 25
26 27
28 29
30 31
32
33
34 35
36 37
38 39
40 41
42 43
44 45
46 47
48
49
50
NSM
Rapier 48w rear panel
WARNING
This unit might have more
than one power input. To
reduce the risk of electric
shock, disconnect all power
inputs before servicing unit.
FOR CENTRALIZED DC
POWER CONNECTION,
INSTALL ONLY IN
A
40-60VDC
4.5A MAX
RESTRICTED AREA.
DUAL INPUTS
For more information about the Rapier Series and expansion options, see the Hardware Reference. The Hardware Reference is available from
www.alliedtelesis.co.nz/documentation/manuals.html.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Backing up the configuration with SNMP—CR00016221
96
Backing up the configuration with SNMP—CR00016221
With this enhancement, you can use SNMP to:
■
■
set parameters for uploading files from the router or switch, and
upload files to a TFTP server
SNMP already lets you save the current configuration to a file on the router or switch. You can use this with the new options to back up the configuration to a
TFTP server. To do this, perform the following steps.
1. Save the configuration
To save the current configuration, use SNMP SET createConfigFile. The following screenshot shows this for a file called tst.cfg.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Backing up the configuration with SNMP—CR00016221
97
2. Set the load parameters
To specify the server IP address, use SNMP SET loadServer. To set the filename, use SNMP SET loadFilename. The following screenshot shows setting the
filename to tst.cfg.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
Backing up the configuration with SNMP—CR00016221
98
3. Upload the file
To upload the file, use SNMP SET loadStatus and set it to a value of 8. The following screenshot shows this.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
SNMP ASN.01 BER Padding—CR00016523
99
SNMP ASN.01 BER Padding—CR00016523
This enhancement enables you to specify whether SNMP adds 0x00 padding when the most significant 9 bits of an object’s value are all 1, or whether the
encoding follows the ASN.01 BER rule, which cuts off the most significant byte of 0xff. This setting has an impact on all integer type MIB objects, including 32
bit and 64 bit counter objects.
To add the padding, use the command:
set snmp asnberpadding={on|yes|true}
To use the ASN.01 BER rule, which is the default, use the command:
set snmp asnberpadding={off|no|false}
The following table lists examples.
Bits
Value (decimal)
Value (hex)
asnberpadding setting
Encoding
counter32
4289592837
0xFFADFE05
on
off
on
off
41 05 00 ff ad fe 05
41 03 ad fe 05
counter64
18410715280977201498
0xFF800000ff80895A
46 09 00 ff 80 00 00 ff 80 89 5a
46 07 80 00 00 ff 80 89 5a
To see whether or not padding is added, use the command:
show snmp
and check the new “ASN.01 BER Padding” field.
Version 291-10
C613-10488-00 REV G
Download from Www.Somanuals.com. All Manuals Search And Download.
|