Software Maintenance Release Note
Version 281-02
for AR750S, AR750S-DP, AR770S, AR415S, AR450S and AR44xS series routers, and AT-8600 series switches
This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 281-02 for Software Version 2.8.1. Version
details are listed in the following table:
Models
Series
Release File
Date
Size (bytes)
GUI file
AR415S, AR440S, AR441S, AR442S, AR450S
AR400
54281-02.rez
5 September 06
4673896
415s_281-02_en_d.rsc
440s_281-02_en_d.rsc
441s_281-02_en_d.rsc
442s_281-02_en_d.rsc
450s_281-02_en_d.rsc
AR750S, AR750S-DP, AR770S
55281-02.rez
sr281-02.rez
5 September 06
5 September 06
3936164
2251144
750s_281-02_en_d.rsc (AR750S and AR750S-DP)
sr24_281-02_en_d.rsc
AT-8624T/2M, AT-8624PoE, AT-8648T/2SP
AT-8600
Caution: Using a maintenance version on the wrong model may cause unpredictable results, including disruption to the network.
This maintenance release note should be read in conjunction with the following documents:
■
■
the Release Note for Software Version 2.8.1, available from www.alliedtelesyn.co.nz/documentation/relnotes/relnotes.html
your router or switch’s Document Set for Software Release 2.8.1. This document set is available on the CD-ROM that shipped with your router or switch, or
Caution: Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesis Inc. While every
effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesis Inc. can
not accept any type of liability for errors in, or omissions arising from the use of this information.
Features in 281-02
3
Features in 281-02
Software Maintenance Version 281-02 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■
■
■
“Y” in a white column indicates that the resolution is available in Version 281-02 for that product series.
“-” in a white column indicates that the issue did not apply to that product series.
a grey-shaded column indicates that Version 281-02 was not released on that product series.
Level 1
CR
Module
PIM 6
Level
1
Description
For PIM on IPv6, if the interface that was being used as the BSR candidate address
went down, the network occasionally did not re-elect a BSR and the RPs in a
timely manner. This could cause the router or switch to reboot.
Y
-
-
-
-
-
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00006040
This issue has been resolved.
Switch
VLAN
OSPF
1
1
1
If a user created a configuration file that contained port trunk settings before
VLAN port settings, then a loop occurred when the switch rebooted with this
configuration.
Y
Y
Y
CR00007273
CR00013457
CR00013492
This issue has been resolved.
When ports were added to a currently-disabled RSTP domain, the ports could
start to discard packets (because their STP state was set to Discarding).
-
-
This issue has been resolved. When ports are added to a disabled RSTP domain,
they remain in a Forwarding state.
When route filters (made with the command add ip route filter) were used to
filter OSPF routes, it was possible for OSPF to constantly remove and re-create an
AS-External LSA. This could prevent OSPF sessions from establishing.
Y
Y
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-02
4
CR
Module
Core
Level
1
Description
When a BRI or PRI PIC was installed on the router, an issue with internal memory
handling occasionally caused the router to reboot.
Y
-
-
-
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00013736
This issue has been resolved.
Switch
1
If a user created a configuration file that contained LACP settings and VLAN port
settings, then a loop occurred when the switch rebooted with this configuration.
Y
CR00013743
This issue has been resolved.
Level 2
CR
Module
PIM 6
Level
2
Description
For PIM on IPv6, RPSet information did not expire correctly when all RP
candidates had expired.
Y
Y
-
-
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00010452
This issue has been resolved.
IPv6
2
2
The router or switch sometimes forwarded packets to directly connected hosts
whose corresponding IPv6 ND cache entry was still in INCOMPLETE state. This
caused it to send the packets to incorrect MAC addresses and egress ports.
CR00010593
CR00012407
This issue has been resolved.
STAR
When the STAR protocol was used for link-layer encryption, the channel setup
failed continuously on heavy traffic.
Y
-
Y
-
-
-
-
-
-
-
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-02
5
CR
Module
IGMP
Level
2
Description
If IGMP snooping was enabled but IGMP was not enabled, the snooper behaved
as if IGMP snooping fast leave had been enabled even when it had not been. This
meant that as soon as the snooper received a Leave message, the port left the
group.
Y
-
-
Y
-
-
-
-
Y
Y
-
-
-
-
-
-
-
-
CR00012476
This issue has been resolved. Note that fast leave is disabled by default.
STP
2
When STP was operating with a large number of VLANs in the same STP region,
the switch sometimes rebooted while processing topology change notifications
(TCNs).
-
-
CR00012657
This issue has been resolved.
Core, File,
Stack
2
2
The command create config=filename set did not copy the configuration file
to all switches in the stack, but only saved the file onto the current switch.
-
-
-
-
-
-
-
-
-
-
Y
Y
-
-
-
-
-
-
-
-
CR00012741
CR00013081
This issue has been resolved.
Switch, STP
When STP was enabled on ports in a trunk group, the non-master ports did not
have the same state as the master port in the switch’s hardware STG table. This
could, on rare occasions, create a broadcast storm.
This issue has been resolved. All ports in a trunk group follow the master port in
the hardware STG table.
ATM
2
When connected to some types of DSLAMs, the router could reboot due to a
reception error on the SHDSL EOC channel.
Y
-
-
-
-
-
-
-
-
-
CR00013128
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-02
6
CR
Module
OSPF
Level
2
Description
It was possible in unusual circumstances for the OSPF link state retransmission list
to grow to a large number. This caused the router or switch to reboot.
Y
Y
-
-
Y
Y
-
-
-
-
Y
-
-
-
-
-
-
-
-
-
CR00013359
This issue has been resolved.
WAN Load
Balancer
2
It was possible in unusual circumstances for the router to run out of memory after
a WAN load balancer session was added. This could cause the router to reboot
or to stop processing packets.
CR00013390
This issue has been resolved.
Level 3
CR
Module
Core
Level
3
Description
When a user entered the command show file=switch.ini, the switch previously
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00003657
could have displayed invalid content or an error message.
This issue has been resolved.
Firewall
3
When the HTTP proxy URL filter had entries that allowed certain domains and
also had entries that denied certain keywords, the supposedly-allowed domains
were denied if they contained the denied keywords. The proxy allowed the page
/index.html from such domains, but no other pages.
Y
Y
CR00010345
This issue has been resolved. The proxy no longer checks allowed domains
against the keyword list.
Version 281-02
C613-10482-00 REV B
Features in 281-02
7
CR
Module
Core
Level
3
Description
When the router or switch sent a RADIUS accounting STOP packet, the packet’s
Acct-Session-Time was always zero, no matter how long the session had been
active for.
Y
Y
-
-
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00011710
This issue has been resolved.
IPv6
3
Previously, if IPv6 had a dynamic Neighbour Discovery cache entry for a particular
IPv6 address, it prevented users from adding a static entry for the same IPv6
address.
CR00013060
This issue has been resolved. Users can now overwrite dynamic Neighbour
Discovery cache entries with static entries.
IPv6, PIM,
PIMv6
3
3
A router or switch running PIM6 occasionally rebooted in certain network
topologies when links were very busy. The circumstances that caused this crash
are very unusual, but the code has been made more robust to cope with them.
Y
Y
-
-
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00013117
CR00013162
ISAKMP
When heartbeats fail for an ISAKMP SA, the router or switch (correctly) removes
the ISAKMP SA and any IPsec SAs that were created by the ISAKMP SA. It then
sends delete messages to notify the peer, so that the peer can also remove the
relevant IPsec SAs.
However, if heartbeats failed just after a re-negotiation, and only failed for the
new ISAKMP SA, then the router or switch did not send delete messages for any
IPsec SAs that were also removed. This could mean that encrypted traffic sent
from the peer was lost.
This issue has been resolved. If heartbeats fail, the router or switch now correctly
sends the peer device a delete message for any removed IPsec SAs.
ISAKMP
3
Previously, if an ISAKMP policy was configured with set isakmp policy=name
prenegotiate=true and the peer was unresponsive, then at start-up the router
or switch sent fewer ISAKMP message retransmissions than the configured
msgretrylimit value.
Y
-
Y
-
-
-
-
-
-
-
CR00013220
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-02
8
CR
Module
Firewall
Level
3
Description
When an RTSP media stream, using TCP as the transport protocol, was passing
through the firewall, then the session could stall if some packets were
retransmitted with different sequence numbers to the original transmission.
Y
Y
-
-
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00013415
This issue has been resolved.
DVMRP
Stack
3
3
3
Values for some DVMRP settings (including ttlthreshold and metric) were not
saved in the configuration file or output resulting from the commands create
config and show config dynamic. If the router or switch rebooted, the values
were not applied.
CR00013473
CR00013516
This issue has been resolved.
Different versions of the management stacking feature are not compatible with
each other, which means that AT-9924Ts or x900-24XT series switches can only
be stacked with other AT-9924Ts or x900-24XT switches.
-
-
-
-
-
-
-
-
-
-
Y
Y
-
-
-
-
-
-
-
-
CR00013525
CR00013547
This software version includes checks to prevent incompatible software from
being stacked.
VLAN
When DHCP snooping was enabled on the router or switch, performing a walk
of the MIB variables in that router or switch could result in incorrect termination
of the walk. This was because certain SNMP packets were incorrectly interpreted
as DHCP packets.
This issue has been resolved.
ATM
ATM
3
3
At low SHDSL bitrates, the EOC channel exhibited many spurious CRC errors.
This issue has been resolved.
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00013588
CR00013672
An SNMP Walk of the ATM MIB would fail to complete properly, as it would not
advance through the channel list.
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-02
9
CR
Module
SSH
Level
3
Description
The router or switch’s SSH server occasionally disconnected an SSH client because
of a checksum error. This occurred because the server did not decrypt the SSH
session key correctly.
Y
-
-
-
Y
Y
-
-
-
-
Y
-
-
-
-
-
-
-
-
-
CR00013714
This issue has been resolved.
Core
3
For AR750S-DP routers, the values of the fanAndPsPSUPresent MIB fields
displayed incorrectly. They indicated that a PSU was present when one was not
installed, and that it was not present when it was.
CR00013757
This issue has been resolved.
Level 4
CR
Module
Level
4
Description
Eth, Bridge,
Switch, LLDP,
IP Gateway
For all Ethernet-like interfaces, the router or switch now uses an ifType value of
ethernetCsmacd, instead of the deprecated value of iso88023Csmacd.
Y
-
-
-
Y
Y
-
-
-
-
Y
-
-
-
-
-
-
-
-
-
CR00001359
Asyn, Core,
Log, Scripting,
Show
4
The console port’s autobaud mode was determined incorrectly during start-up.
This caused the router to unnecessarily reconfigure the console port for 9600
8N1 before printing any bootup messages.
CR00013174
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-02
10
CR
Module
OSPF
Level
4
Description
After OSPF deleted an AS-External LSA, it sometimes sent an unnecessary LSA
with no changes.
Y
Y
-
-
Y
Y
-
-
-
-
Y
Y
-
-
-
-
-
-
-
-
CR00013569
This issue has been resolved.
File
4
4
Japanese users can now delete the router or switch’s preferred software release
and the current boot configuration file. For routers or switches that are
manufactured for non-Japanese markets, users must first stop the files from
being preferred, by setting new preferred files or by using the commands delete
install=pref or set config=none.
CR00013683
CR00013767
Core
In Japan, AT-8624PoE switches are named 8624PS. Previously, 8624PS switches
displayed AT-8624PoE as their board name in the output of the command show
system.
-
-
-
-
-
Y
-
-
-
-
This issue has been resolved. For Japanese switches only, the board name is now
8624PS.
Version 281-02
C613-10482-00 REV B
Features in 281-02
11
Enhancements
CR
Module
Level
-
Description
ATM
Previously, it was not possible to set the MTU for an ATM interface.
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00013126
This enhancement makes it possible to now do so. The MTU can be set to values
between 256 bytes and 1600 bytes, inclusive.
NAT-T, IPsec
-
This software version supports more versions of IPsec NAT-T. As well as the
existing support for versions 2 and 8 of the NAT-T draft, the router now:
Y
CR00013130
■ supports NAT-T draft version 3, as defined by draft-ietf-ipsec-nat-t-ike-03.txt.
This version has also been implemented by SonicWALL in its EnhancedOS.
■ supports RFC 3947. This RFC has also been implemented in Linux’s Openswan,
for example (www.openswan.org).
■ accepts and sends the IPsec draft version 2 Vendor ID string when the hash
does not include a carrage return. Therefore it accepts and sends a hash of
“draft-ietf-ipsec-nat-t-ike-02” as well as a hash of “draft-ietf-ipsec-nat-t-
ike-02\n”
■ displays some other Vendor IDs in debugging information even though the
router does not support these versions. Such Vendor IDs are followed by the
phrase “info only”.
IP Gateway
-
RIPv2 can now use authentication passwords that contain almost any printable
character, including characters such as $, % and &. The ? character is interpreted
as asking for parameter help, so this is not usable anywhere inside a password.
Also, a password cannot contain double quotes (") as the first character of the
string.
Y
-
Y
-
-
Y
-
-
-
-
CR00013444
The RIP password length is now strictly enforced at 16 characters. The command
handler no longer accepts a password with more characters than this.
Version 281-02
C613-10482-00 REV B
Features in 281-02
12
CR
Module
SHDSL
Level
-
Description
The 4-wire support of SHDSL interfaces has been enhanced to provide support
for a standards-based train-up mode as well as the existing enhanced train-up
mode.
Y
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00013447
This issue has been resolved.
File
PoE
-
-
Previously, a user could rename the current boot configuration file (by using the
command rename). This stopped the router or switch from running that
configuration on boot-up, so if the router or switch restarted after the user had
renamed the current boot configuration file, it started up with no configuration.
Y
Y
CR00013535
CR00013677
This issue has been resolved. Users can no longer rename the current boot
configuration file.
This enhancement added support for the latest version of the PoE firmware
(version 5.0.1), so that AT-8624PoE switches can be shipped from the factory
with this firmware version.
-
-
-
-
-
Y
-
-
-
-
Version 281-02
C613-10482-00 REV B
Features in 281-01
13
Features in 281-01
Software Maintenance Version 281-01 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■
■
“Y” indicates that the resolution is available in Version 281-01 for that product series.
“-” indicates that the issue did not apply to that product series.
Level 1
CR
Module
Switch
Level
1
Description
If an AT-9924SP had a large number of SFPs installed and had a very high level of
traffic passing through the network, sometimes newly inserted SFPs were not
detected.
-
-
-
-
-
-
-
-
Y
Y
-
CR00012654
This issue has been resolved.
DHCP
1
In some configurations in which the DHCP server was enabled, the router or
switch compacted its flash memory frequently. This occurred because the DHCP
server unnecessarily updated record files in flash memory even if the record had
not changed.
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012715
CR00012760
This issue has been resolved, so that DHCP records are only updated when
necessary. Note that if the router or switch has NVS memory, it stores DHCP
records in NVS by preference, instead of in flash memory.
Log
1
Entering the command show debug caused the router or switch to reboot if one
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
or more long messages existed in the log.
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-01
14
CR
Module
Switch
Level
1
Description
When STP is enabled on the switch but is disabled for a trunk (by using the
command disable stp port), the trunk should pass traffic. Previously, some trunk
members sometimes stayed in the “discarding” state instead.
-
-
-
-
-
-
-
Y
Y
-
CR00012933
This issue has been resolved.
DVMRP
1
1
Receiving a DVMRP Graft or Prune message occasionally caused the router or
switch to reboot.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
Y
Y
CR00013025
CR00013413
This issue has been resolved.
IP Gateway,
Load Balancer
If the router or switch was configured with a local interface IP address and the
interface to which this address belonged did not have a logical interface with
index 0, a number of connectivity issues from this router or switch occurred, in
which the router or switch was not able to communicate with UDP, TCP or PING.
Y
Y
This issue has been resolved.
SSL
1
When the router or switch used SSL to process HTTPS traffic, it rebooted.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013666
This issue occurred, for example, when browsing securely to the GUI, or when
the load balancer was configured to support HTTPS traffic.
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-01
15
Level 2
CR
Module
Bridge
Level
2
Description
The Bridge cannot be configured to bridge PPPoE packets from an Ethernet
interface that has also been configured as a PPPoE interface. Previously, such a
Bridge configuration would appear to succeed. However the Bridge would not
bridge PPPoE packets and the router would restart when the command reset
bridge was entered.
Y
Y
Y
-
-
-
-
-
-
-
CR00009212
This issue has been resolved. Note: if you want to bridge PPPoE packets, do not
also configure the router as a PPPoE endpoint (by using the command create
ppp=number over=ethx-any).
MSTP
2
2
2
Because of an MSTP issue, the switch did not always send a BPDU with an
agreement flag to its designated bridge, even if the switch was synchronised with
the latest spanning tree information from the designated bridge. This prevented
the designated port on the designated bridge from making a fast transition to
the forwarding state. The result was that the network could take up to two times
the “forward delay” time to fully converge.
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
Y
-
Y
Y
Y
Y
Y
Y
-
CR00009213
CR00009826
CR00010513
This issue has been resolved.
IP Gateway
When a static ARP is deleted, the router or switch sends out an ARP request to
attempt to create a dynamic ARP for that IP address. Previously, the router or
switch did not process the ARP response correctly and therefore did not add the
ARP to its ARP table.
Y
Y
Y
Y
This issue has been resolved. When a static ARP is deleted, the router or switch
attempts to create a dynamic ARP for that IP address, and will successfully add it
to the ARP table if a device responds.
BGP,
BGP did not update its route table when a blackhole route changed in IP.
This issue has been resolved.
Y
Y
Y
Y
IP Gateway
Version 281-02
C613-10482-00 REV B
Features in 281-01
16
CR
Module
File
Level
2
Description
The router or switch sometimes rebooted when copying a very large file (several
Mbytes). This issue has been resolved by improving the copy process so that it
uses fewer memory buffers.
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
Y
Y
-
Y
CR00011434
Switch
IPv6
2
2
On x900-48 Series switches, when the switch used a DSCP map to remark
packets, it did not mark the packets correctly.
-
CR00011670
CR00012364
This issue has been resolved.
For IPv6, if there were multiple equal cost multipath (ECMP) static routes to a
destination, and one or more links for the routes became inactive, the inactive
route was sometimes still chosen for forwarding. This caused brief data delivery
failure to the destination.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
Y
This issue has been resolved.
IP Gateway
2
If the router or switch received an IP packet that had been sent as an Ethernet
broadcast, the router or switch responded as if the packet had been sent to its IP
address, even when the packet was destined for a different IP address. In
particular, the router or switch processed and responded to ICMP and TCP
packets that were sent as Ethernet broadcasts to different IP addresses. These
caused the router or switch to send ICMP echo responses or TCP reset packets.
Y
Y
Y
CR00012534
This issue has been resolved. Such Ethernet broadcast packets are generally not
valid packets, so the router or switch now discards them.
Version 281-02
C613-10482-00 REV B
Features in 281-01
17
CR
Module
Firewall
Level
2
Description
When the WAN load balancer was used with IP NAT (instead of firewall NAT), and
an FTP session was established to a server on the public network, the router did
not correctly establish a return session. This meant data was unable to flow
correctly back from the server, and the router rebooted.
Y
-
Y
-
-
-
-
-
-
-
CR00012613
This issue has been resolved.
Note that the WAN load balancer is not designed for use with IP NAT, because IP
NATs are not associated with interfaces. Configurations that use an IP NAT cannot
vary the global IP address (the gblip parameter) based on the outgoing interface,
so the WAN load balancer sends all traffic out with the same source address.
Therefore, the return traffic probably comes back via the WAN load balancer
resource that is associated with the global IP. The impact is that the WAN load
balancer balances the outgoing traffic but not the return traffic.
We recommend using firewall NAT instead of IP NAT with the WAN load balancer.
VRRP,
IP Gateway
2
Under certain network conditions in which VRRP entities become temporarily
unsynchronised, the router or switch could receive a gratuitous ARP from a self-
elected VRRP master when the router or switch was still the master. This caused
the existing master to create an ARP entry that incorrectly redirected packets
towards the other VRRP entity even after the other entity had become a slave
again.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012624
This issue has been resolved. The router or switch no longer accepts gratuitous
ARPs from other VRRP entities while it is still the Master.
Switch
2
After the AR770S rebooted, the Port Link/Activity and Duplex/Collision LEDs
sometimes did not blink in response to activity and collisions, respectively.
-
-
Y
-
-
-
-
-
-
-
CR00012683
This issue has been resolved. The router detects the problem and recovers from
it, if possible. If it cannot recover from the problem, it generates a log message
of severity 6, module SWK, type REST, and subtype FAIL. The log message says
“An LED error has been detected, please power-cycle the device. If this message
appears again, contact your technical support representative for help.”
Version 281-02
C613-10482-00 REV B
Features in 281-01
18
CR
Module
Level
2
Description
IPsec, ENCO
Decrypting a large IPsec ESP packet sometimes caused the router or switch to
reboot.
Y
-
Y
-
Y
Y
Y
-
Y
-
-
-
-
-
-
-
-
-
-
-
CR00012697
This issue has been resolved.
Core
2
Soft errors can generate exceptions that would cause the router or switch to
reboot. Soft errors are spontaneous changes in the information stored in a digital
circuit, caused by physical effects. The router or switch’s handling of such errors
has been improved, so that it recovers without rebooting when possible.
CR00012710
Core, File,
Stack
2
2
The command create config=filename set did not copy the configuration file
to all switches in the stack, but only saved the file onto the current switch.
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
CR00012741
CR00012757
This issue has been resolved.
OSPF
The router or switch correctly accepted the command add ospf redistribution
protocol=static followed by the command set ospf asexternal=on or nssa.
However, the command create config did not create a valid configuration file
from these commands. If the router or switch used that configuration after a
reboot, it gave the error “Redistribution for specified routing protocol - already
exists” and did not use the user-defined redistribution definition.
Y
Y
Y
Y
This issue has been resolved. The router or switch now correctly saves and uses
the user-defined redistribution definition.
DHCP
Snooping,
2
2
When the switch had two DHCP snooping classifiers applied across all 48 ports,
and maxleases was set to 10 or more on each port, the switch rebooted.
-
-
-
-
-
-
-
-
-
-
Y
Y
-
-
CR00012820
CR00012821
Switch
This issue has been resolved.
IP Gateway
When adding, deleting or updating subnet routes of a more general route, the
software and hardware IP route tables sometimes became unsynchronised. The
same issue sometimes also occurred when updating ECMP routes. This could
cause the router or switch to forward packets to unexpected next hops.
Y
Y
Y
Y
Y
Y
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-01
19
CR
Module
Level
2
Description
ASYN, Log
The following issues occurred with sending log messages to an asynchronous
port:
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012846
■ The log messages output on an asynchronous port were corrupt.
■ When log messages were output to an asynchronous port, that port was
(correctly) locked. However, the port remained locked after the asynchronous
log output definition was destroyed, and after the log output's destination
was changed from asynchronous to something else.
■ It was possible for a user to change the log output destination to an
asynchronous port while the user was logged into the asynchronous port. This
resulted in the user losing access to the command line interface.
■ It was possible to create a log output definition with an asynchronous port as
the destination even when another user was logged into that asynchronous
port. This resulted in the other user losing access to the command line
interface.
■ If a user changed the log output destination to an asynchronous port and
specified invalid parameters in the command, an error message was displayed
but the new output destination was saved anyway.
■ The set command allowed a user to specify an asynchronous port as the
destination without specifying the asynchronous port number. The number
defaulted to asyn0, which may not have been the desired port.
These issues have been resolved.
Core
2
If the switch was rebooted at a time when there was a high level of packet traffic
between the switch ports and the switch CPU, then during the reboot process it
was possible for RAM test errors to occur.
-
-
-
-
-
-
-
Y
Y
-
CR00012855
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-01
20
CR
Module
ENCO
Level
2
Description
Entering the command create enco key=number ip=? caused the router or
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
CR00012868
switch to reboot.
This issue has been resolved.
IPv6, Switch
2
When an IPv6 accelerator card was installed, IPv6 multicast traffic was flooded to
all ports in a downstream VLAN, whether or not they had joined the multicast
group.
-
CR00012900
This issue has been resolved.
Switch, VLAN,
User
2
2
Under very rare circumstances, memory corruption could occur when packets
were transmitted by the CPU out a switch port.
Y
Y
-
Y
Y
-
-
-
-
-
-
-
-
-
CR00012911
CR00012951
This issue has been resolved.
IPv6
RIPng (for IPv6) sometimes sent sub-optimal routes to its neighbours. When
RIPng was configured in a network with loop topology, this could cause unstable
routing table entries on the neighbours (the metric kept being updated, as a
result of updates from neighbours).
Y
Y
Y
Y
Y
Y
This issue has been resolved. RIPng no longer sends sub-optimal routes.
Bridge
ATM
2
2
If a tagged packet was bridged out of a VLAN interface, the interface always
added a VLAN tag into the packet, even though the packet was already tagged.
Y
Y
Y
-
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00012952
CR00012991
This issue has been resolved.
The maximum allowed value of the vpi parameter in the commands add and set
atm channel has been increased from 8 to 15.
Version 281-02
C613-10482-00 REV B
Features in 281-01
21
CR
Module
Level
2
Description
EPSR, Switch
When EPSR is enabled, it creates a classifier so it can send EPSR packets to the
CPU for processing. Previously, if too many classifiers existed and therefore EPSR
could not create the classifier, EPSR was enabled anyway. However, it did not
work correctly.
-
-
-
-
-
-
-
-
-
Y
Y
Y
Y
-
CR00013003
This issue has been resolved. Now, if EPSR cannot create the classifier, an error
message displays and EPSR is not enabled.
IPv6
2
When an IPv6 address was deleted on the router or switch, and that IPv6 address
had previously been learnt by a remote IPv6 node, then the router or switch
would reboot if it received an ICMPv6 Neighbour Solicitation message from the
remote node. This meant, for example, that if you successfully pinged an address
on the router or switch, then deleted that address, then attempted to ping the
old address again, the router or switch would reboot.
Y
Y
Y
Y
Y
Y
CR00013077
This issue has been resolved.
IP Gateway
UPnP
2
2
2
If the router or switch attempted to email log output, and used a domain name
server that gave a non-standard response to the DNS query, the router or switch
sometimes rebooted.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
CR00013234
CR00013276
CR00013309
This issue has been resolved.
In UPnP, Msearch requests were stored indefinitely, which eventually exhausted
the router’s memory and caused it to reboot.
This issue has been resolved. Msearch requests are now deleted once the router
has finished with them.
L2TP
When an L2TP LAC Client (for example, a Microsoft Windows XP VPN Client)
activated an L2TP tunnel to a router or switch that was operating as an LNS, the
dynamic PPP interface on the LNS left out the PPP authentication phase.
Y
Y
-
-
Y
Y
Y
This also prevented the interface from obtaining an IP address by remote IP
assignment from a User Database entry.
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-01
22
CR
Module
EPSR
Level
2
Description
The switch correctly accepted a changed ring flap time (the commands create or
set epsr ringflaptime). However, if the command create config was used to
save the configuration and the switch used that configuration after a reboot,
EPSR failed.
-
-
-
-
-
-
-
-
-
Y
Y
Y
Y
-
CR00013407
This issue has been resolved.
PIMv6
2
When the router or switch used PIM for multicast routing, and an IPv6 multicast
client joined a group, then left it, then attempted to rejoin it, sometimes the
attempt to rejoin was not successful.
Y
Y
Y
Y
Y
Y
CR00013529
This issue has been resolved.
Level 3
CR
Module
TTY
Level
3
Description
Editing a text file that consisted of a very large number of lines (approaching or
exceeding 30,000 lines) caused the router or switch to reboot.
Y
Y
-
Y
Y
-
-
-
-
Y
Y
Y
Y
-
CR00008766
This issue has been resolved.
Asyn
3
If information was sent to a console (asyn) port that had no cable plugged into
it, excessive CPU usage occurred.
Y
Y
Y
Y
Y
Y
CR00011444
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-01
23
CR
Module
Level
3
Description
WAN load
balancer
WAN load balancer performance has been improved, especially through
improvements to the session hashing mechanism.
Y
Y
-
Y
Y
-
-
-
-
-
-
-
CR00012309
OSPF
3
An OSPF router or switch could show large numbers of entries in its
retransmission lists to certain neighbours under certain conditions (for example,
in a congested Frame Relay network). In some cases, the number of items in the
list was larger than the number of LSAs in the database.
Y
Y
Y
Y
Y
Y
Y
Y
CR00012468
This issue has been resolved.
Also, a new NRL debugging option has been added to OSPF, to show additions
to and deletions from the neighbour retransmission list. To enable NRL
debugging, use the command:
enable ospf debug=nrl
Note that this option may generate large amounts of debugging output on a
large OSPF network. Use it with care.
To disable NRL debugging, use the command:
disable ospf debug=nrl
OSPF
3
3
In an OSPF NSSA, changing the router ID of the OSPF NSSA ASBR sometimes
caused the area border router to behave incorrectly.
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
-
CR00012598
CR00012607
This issue has been resolved.
Switch
IPv6 multicast routing using the IPv6 accelerator card on an AT-9924T or AT-8948
switch sometimes caused very high CPU utilisation, even though multicast data
is switched at wirespeed by the accelerator card.
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-01
24
CR
Module
many
Level
3
Description
The command show debug active displays information about currently-active
debugging for many modules at once. Similarly, the command disable debug
active disables debugging for many modules in a single step.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012708
This Software Version extends the list of modules that these commands act on.
They now apply to all modules with debug support, except for DS3, ACC, Q931,
SA, SYN, TPAD, and X25C.
IP Gateway
3
When a link that had RIP configured on it went down, so that the router or switch
used an alternative route, output from the command show ip route sometimes
displayed incorrect information when the link came back up. When the link first
comes back up, the route's RIP metric is still 16, so the alternative route is still the
“best” route to the target. However, show ip route sometimes displayed a
disabled route over the original link, with a RIP metric of 16, as the best route,
even though the router or switch correctly used the alternative route.
Y
CR00012786
This issue has been resolved.
IP Gateway
3
Previously, the router accepted ARP entries with multicast IP and MAC addresses
when the MAC disparity feature was disabled. The MAC disparity feature is
disabled by default.
Y
Y
Y
-
-
-
-
-
-
-
CR00012895
The issue has been resolved. The router now discards such ARP entries unless the
MAC disparity feature has been enabled by using the command enable ip
macdisparity.
Log
3
3
When a user entered the command show log receive=ipadd mask=mask, the
router or switch displayed an error message that said mask was not a valid
parameter.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
CR00012947
CR00013007
This issue has been resolved. The mask parameter is now valid for this command.
IPsec
With tunnel-mode IPsec, the router or switch decremented the time to live (TTL)
of IP packets twice when it forwarded the packets through the tunnel.
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-01
25
CR
Module
Firewall
Level
3
Description
When IP NAT or firewall NAT was used, the router or switch sometimes generated
ICMP messages that specified the wrong source IP address. This meant that the
response to traceroute could be incorrect.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
-
CR00013048
This issue has been resolved.
IPv6
3
3
The router or switch sometimes rebooted when it processed a large number of
multicast routes that were created as the result of receiving a large amount of
data from more than 500 multicast groups.
-
-
Y
Y
Y
Y
Y
Y
CR00013049
CR00013085
This issue has been resolved.
OSPF
A user can configure a range on an OSPF ABR, so that the ABR aggregates the
network advertisements from one area into another area in the form of summary
LSAs. However, networks advertised into a transit area should not be aggregated
into summary LSAs. Previously, the router or switch advertised aggregated
summary LSAs into transit areas when a range had been configured.
Y
Y
This issue has been resolved. When the router or switch is advertising into a
transit area, it ignores any configured range.
Switch
Core
3
3
When traffic on a port was mirrored and that port had a learn limit set, packets
from the CPU (such as ARP replies and ICMP replies) were not always mirrored.
-
-
-
-
-
-
Y
-
Y
-
Y
Y
Y
-
-
-
-
-
-
-
CR00013093
CR00013190
This issue has been resolved.
If a AT-8624PoE switch had a sticky fan, the fan constantly toggled between
running at full speed and slowing down. This meant that the fan continuously
generated alarms.
This issue has been resolved. If the fan reports an error more than 3 times in an
hour, it now remains at its maximum speed setting.
Core
3
On the AT-8624PoE switch, a fan fault alarm was not generated when the fan
speed dropped to 70% of the expected speed.
-
-
-
-
-
Y
-
-
-
-
CR00013202
This issue has been resolved. When the speed drops to 70% or less, a alarm is
now generated.
Version 281-02
C613-10482-00 REV B
Features in 281-01
26
CR
Module
Core
Level
3
Description
The system LED did not indicate when an internal power supply fault occurred.
-
-
Y
Y
-
-
-
-
-
-
-
-
CR00013243
This issue has been resolved. The system LED now flashes 3 times to indicate a
fault. Also, output of the show system command now reports voltages more
accurately.
OSPF
3
3
When a user changed the OSPF priority of an interface, the router or switch did
not immediately perform the process to elect a Designated Router and Backup
Designated Router (BDR).
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
-
CR00013279
CR00013353
This issue has been resolved.
Switch
Certain BIST and AUTOBURNIN tests reported errors, especially if an IPv6
accelerator was installed. Also, if a user entered the commands disable or
enable switch learning and an IPv6 accelerator was installed, the switch
displayed an error message that said:
“SWI ERROR: (1) swmxMacLearningSet [1] - Unable to set learning”
These issues have been resolved.
BGP
3
3
When a user created a BGP module trigger for the peerstate event, the router
or switch did not allow specification of the script or state parameters.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
Y
Y
CR00013421
CR00013538
This issue has been resolved. All such generic parameters are now available with
module-specific triggers.
IP Gateway
Software Version 2.8.1 introduced a new msgtype parameter for the command
add igmp filter, which enables users to filter on IGMP query, report or leave
messages. This parameter was mistakenly made compulsory. Therefore, if an
existing configuration script contained IGMP filters, and the router or switch
restarted with that configuration, the filters did not work.
Y
Y
This issue has been resolved. The msgtype parameter is now optional, with a
default of report.
Version 281-02
C613-10482-00 REV B
Features in 281-01
27
Level 4
CR
Module
GUI
Level
4
Description
When the web-based GUI is used to add or remove ports from a port-based
VLAN association on an AT-9812T switch, the icons representing alternate ports
faced opposite directions.
-
-
-
-
-
-
-
-
-
-
-
-
-
Y
CR00010159
This issue has been resolved. The port icons now all have the same orientation.
IPsec
4
In output of the commands show ipsec policy and show ipsec policy
sabundle, the value for the number of bytes currently used by each SA bundle
was sometimes truncated.
Y
Y
Y
Y
Y
-
CR00011311
This issue has been resolved, and both commands now display the correct
number. As part of this, output of the command show ipsec policy has been
modified so that the expiry limits in bytes and in seconds display on separate
lines.
Also, if the expirykbytes parameter of the command create or set ipsec
bundlespecification was given a value higher than 4193280, the router or
switch instead used a lower value.
This issue has been resolved. If you specify a value above 4193280, the router or
switch now displays a warning message and sets the expiry limit to 4193280
kbytes.
IP Gateway
4
Previously the switch allowed users to specify the tag parameter when creating
or modifying a blackhole route with the commands add or set ip route.
However, blackhole routes cannot be tagged, so the switch did not apply the tag
setting in its saved configuration.
-
-
-
-
-
-
-
Y
Y
-
CR00011788
This issue has been resolved. If a command contains both the blackhole and tag
parameters, the switch now returns an error message.
Version 281-02
C613-10482-00 REV B
Features in 281-01
28
CR
Module
Level
4
Description
Remote Telnet
The “?” help description for the enable command stated that the parameter
rtelnet would “Disable the use of remote telnet to control an asyn port”.
Y
Y
Y
Y
-
-
-
-
-
-
CR00012270
This issue has been resolved. The query now states that the command enable
rtelnet enables remote telnet.
PPP
GUI
4
4
Output of the command show ppp idletimer did not display the PPP interface
name.
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
-
Y
-
Y
-
Y
-
CR00012581
CR00012655
This issue has been resolved.
The web-based Graphical User Interface (GUI) did not display software QoS
counters.
This issue has been resolved. The counters now display correctly. To access them,
select Diagnostics in the left-hand menu.
Install,
Stacking
4
4
4
If the local command show config dynamic was entered as a host-directed
command, the switch gave an incorrect error message.
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
CR00012755
CR00012774
CR00012824
This issue has been resolved. If you attempt to direct show config dynamic to
a host, the switch now responds with the message “Command is local, do not
use host direction”.
IP Gateway,
TCP
In an unusual network configuration where the IP subnet on one interface was a
subset of that on another interface, it was possible for the results of a trace route
to show erroneous information.
Y
Y
Y
Y
Y
This issue has been resolved. A search for an interface using an address within
the interface's subnet now finds the most specific match for the address.
GUI
Internet Explorer did not display the switch trunking summary page correctly. If
the user selected a trunk group, the radio button displayed a grey image, instead
of displaying a black dot inside a circle. This was only a display issue—the GUI
acted on the selected trunk group correctly.
-
-
-
This issue has been resolved.
Version 281-02
C613-10482-00 REV B
Features in 281-01
29
CR
Module
L2TP
Level
4
Description
When the router or switch was configured as an LNS and received an incoming
L2TP call that was associated with a disabled PPP interface, it produced an
incorrect log message.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
Y
CR00012916
This issue has been resolved.
Log
IPv6
4
4
4
When a user entered the command show log receive=ipadd, information
about all IP addresses was displayed unless the user also entered the mask
parameter.
Y
Y
Y
Y
Y
CR00012946
CR00013086
CR00013115
This issue has been resolved. Specifying an IP address without a mask now limits
the display to information about that IP address.
When the router or switch was running MLD and sent an MLD query packet, it
incremented the OutEchos counter instead of the OutGroupMembQueries
counter.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
This issue has been resolved. To see the OutGroupMembQueries counter, enter
the command show ipv6 counter.
IP Gateway
The “?” help description for the fragment parameter of the add ip interface
Y
Y
command was unclear.
This issue has been resolved. The query now states that the parameter “Decides
if Do Not Fragment is obeyed for IP packet larger than MTU”.
Version 281-02
C613-10482-00 REV B
Features in 281-01
30
Enhancements
CR
Module
Bridge
Level
-
Description
By default, when the router receives a tagged packet on an Eth or VLAN interface
and bridges it, the bridge strips out the packet’s VLAN tag. This enhancement
enables you to set the bridge to instead retain the tag, by using off, no or false
in the new command:
Y
Y
Y
-
-
-
-
-
-
-
CR00012620
set bridge stripvlantag={on|off|yes|no|true|false}
The default is on. To see whether stripping is turned on or off, use the command:
show bridge
and check the new StripVlantag entry.
L2TP
-
The connection between the router or switch, acting as an LNS, and a third party
peer, acting as an LAC, can sometimes fail during PPP link negotiation. Frequent
negotiation failures can indicate a compatibility problem between the third party
peer and Proxy Authentication responses from the router or switch. With this
enhancement, you can now disable Proxy Authentication on the router or switch
for situations where the third party equipment is not compatible. Use
proxyauth=off in the command:
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00012692
add l2tp ip=ipadd[-ipadd] ppptemplate=0..31
[number={off|on|startup}] [pre13={off|on}]
[proxyauth={off|on}]
[tosreflect={off|on|false|true|no|yes}]
The default for proxyauth is on. Proxy Authentication should not be disabled
unless necessary.
To see whether Proxy Authentication is turned on or off, use the command:
show l2tp ip
and check the new Proxy Authentication entry.
Version 281-02
C613-10482-00 REV B
Features in 281-01
31
CR
Module
File
Level
-
Description
Previously, a user could delete the preferred software release and the current
boot configuration file (by using the command delete file), without first setting
a new preferred release or boot configuration file. Therefore, it was possible to
accidentally delete these files, which caused network disruptions if the router or
switch restarted. If the router or switch restarted after the user had deleted the
preferred release, it booted from the fallback software. Similarly, if the router or
switch restarted after the user had deleted the current boot configuration file, it
started up with no configuration.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012850
CR00013109
This enhancement ensures that users can no longer delete the preferred software
release or the current boot configuration file. If you want to delete the files
without specifying new preferred files, first use the commands delete
install=pref or set config=none to stop the files from being preferred.
Core, SNMP,
Stack
-
Stacked devices are now SNMP accessible through a single IP address. The MIB
Object stackSnmpHost (at-stack.mib) is used to determine which stacked device
is currently responding to SNMP Requests. By setting the value of
-
-
-
Y
Y
Y
Y
Y
Y
-
CR00012857
CR00011277
stackSnmpHost, an SNMP manager can chose any one of the stacked switches
to poll. After a new value is set successfully, a new SNMP agent is chosen. On
SNMP V1 and V2c operations, the new agent is immediately ready to talk to the
manager. On SNMP v3 operations, the manager needs to re-run engine discovery
to re-synchronize the agent and manager.
Traps and notifications from stacked devices now include an extra object called
hostID, which gives the value of the switch’s host ID. This identifies which stacked
switch produced the trap or notification.
Switch
Core
-
-
New AT-8600 Series switches are now ROHS compliant (lead free). This
enhancement ensured that the new ROHS compliant 1 gigabit uplink ports are
fully supported on AT-8648T/2SP switches.
-
-
-
-
-
-
-
-
-
-
Y
Y
-
-
-
-
-
-
-
-
CR00013394
CR00013584
On AT-8624PoE switches, a new 7000 rpm fan is now supported.
Version 281-02
C613-10482-00 REV B
|