Allied Telesis AT-WA1104G-10 User's Manual
Contents
1. l x lt wuil e e S a o e sie 2 5 3 8 2 2 3 8 TiS S ale e a eo gi asa CR Module Level Description l g klk kt Al lege k CR00014228 Switch 2 When the router generated packets such as ARP requests and sent them out Y multiple LAN ports it always sent them as untagged packets This issue has been resolved so that LAN traffic will be tagged or untagged as specified in the VLAN port configuration CR00014269 Switch 2 If a user explicitly set the learn limit to zero by entering the command YY set switch port number learn 0 intrusion discard and the learn limit had either not been explicitly set previously or had been explicitly set to a non zero value then the switch would not learn any MAC addresses It treated 0 as meaning learn O addresses instead of meaning no limit This issue has been resolved A learn limit of O means no limit in all circumstances CR00014298 Switch 2 Packet loss sometimes occurred when an IGMP snooping group timed out Y Y l This issue has been resolved CR00014323 Switch 2 When EPSR was used in a network with a 10Mbps multicast or broadcast flow Y IY lI EPSR the EPSR ring frequently alternated between a state of failed and complete This issue has been resolved CR00014340 Bridge Switch 2 Bridging STP did not work if a VLAN was added as a bridge port YI IY VLAN This issue has been resolved CR00014437 Cor2. For more information about the Rapier Series and expansion options see the Hardware Reference The Hardware Reference is available from www alliedtelesis co nz documentation manuals html Version 291 10 C613 10488 00 REV G Backing up the configuration with SNMP CR00016221 96 Backing up the configuration with SNMP CR00016221 With this enhancement you can use SNMP to E set parameters for uploading files from the router or switch and m upload files to a TFIP server SNMP already lets you save the current configuration to a file on the router or switch You can use this with the new options to back up the configuration to a TFTP server To do this perform the following steps 1 Save the configuration To save the current configuration use SNMP SET createConfigFile The following screenshot shows this for a file called tst cfg x s o al Remote SNMP agent 172 20 73 221 7 A DID to Set 1 3 6 1 4 1 207 8 4 4 4 49 5 0 E Value to Set Ss 5 Syntax C Integer32 Timeticks Counter64 C Ulnteger32 IP address Opaque C Counter32 C DID C Nesapaddr C Gauge32 Octets Bits tst cfg v OO wa SNMPv2c Success Version 291 10 C613 10488 00 REV G Backing up the configuration with SNMP CR00016221 2 Set the load parameters To specify the server IP address use SNMP SET loadServer To set the filename use SNMP SET l
3. Version 291 10 C613 10488 00 REV G Features in 291 05 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00016364 DHCPv6 If an IPv6 DHCP client was forced to rebind to a router or switch acting as a DHCP server the server returned incorrect timing parameters to the client Some clients were able to cope with this but others could end up losing their DHCP lease This issue has been resolved lt lt lt lt lt AT 8800 lt lt lt CR00016365 DHCPv6 The following issues occurred with DHCPv6 E The option IDs for DNS name server and domain search list were incorrect This caused interoperability issues with other implementations E The domain names specified in the domain name option were encoded incorrectly This caused interoperability issues with other implementations E f a user entered two DNS servers for a DHCPV6 policy then saved the configuration the command was not saved correctly When the router or switch ran the configuration on start up it added only the second DNS server to the policy These issues have been resolved CR00016379 IGMP Proxy Switch IP Gateway If IGMP proxy was enabled and multicast data was received on a downstream VLAN interface that data would be transmitted to other interfaces Also the VLAN interface that received the data
4. Version 291 10 C613 10488 00 REV G Enhancements Features in 291 05 54 CR Module Level Description AR7x5 AR7x0S Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CRO00014288 GUI An ADSL connection option has been added to the Wizards page of the GUI for AR44xS routers This option links to the xDSL configuration section which lets you configure all basic ADSL or SHDSL settings on one convenient page If your router GUI does not open at the Wizards page click on the Wizards button at the top of the left hand menu to access it lt AR400 CR00014667 PPP This enhancement increases the amount of time that the router or switch waits for a CHAP Success message This enables the router or switch to successfully complete authentication even in particularly slow networks The first authentication attempt still times out after 3 seconds but the second attempt takes 6 seconds to time out and any further attempts take 9 seconds CR00015432 ADSL GUI The GUI for AR440S and AR441S routers now displays statistics for the ADSL port You can now see E a pop up summary box by clicking on the port on the System Status page ADSL port details by selecting the new ADSL Statistics page in the Diagnostics menu m ASDL port counters by selecting the new ADSL Counters page under Layer 1 Counters in the Diagnostics menu CR00016078 Software QoS
5. C613 10488 00 REV G l x lt wi e e S a o e e 2 2 3 8 8 2 2 2 8 TD e o o S CR Module Level Description l g ktl lkt kr Al lege k CR00016727 TCP Telnet 2 The speed of the output from the Telnet server has been increased YIY JY JY JY a a a PY Ly CR00016762 ISDN 2 For AR44xS series routers with system territory set to USA the ISDN Q 931 SPIDs Y failed to initialize to the ISDN exchange ISDN USA profile simulator both manual and auto SPIDs after a reboot This happened because the router did not write spd files to Flash memory so the SPID initialization failed on reboot because the SPIDs did not exist This issue has been resolved The spd files are now correctly written to Flash memory which allows SPIDs to initialise after a reboot CRO00016804 Bridge 2 If an Ethernet packet including its FCS Frame Check Sequence was YY JY J encapsulated in PPP and bridged to a VLAN interface the packet could contain two FCS values This issue has been resolved CR00016855 Frame Relay 2 When the MTU of a Frame Relay logical interface was modified by using the YY JY JY command set interface fr int mtu value incorrect interface and MTU settings were displayed in output of the command show config dyn and were saved in the configuration file produced by the command create config CR00016856 Firewall 2 When the firewall policy for an interface had a NAT type of ENAPT the firewall Y Y
6. Version 291 10 C613 10488 00 REV G Features in 291 05 l x lt CR Module Level Description ce Ee slt ele lel amp CRO00016459 Core This enhancement disables CPU fan monitoring on AT 8948 switches Monitoring Y the fan is unnecessary unless an accelerator card is installed on the switch so disabling monitoring reduces the number of messages that the switch displays and logs To enable monitoring use the command enable coufanmonitoring To disable it again use the command disable coufanmonitoring When monitoring is enabled the command show system displays the CPU fan status in the entry labelled Main fan CR00016523 SNMP This enhancement enables you to specify whether SNMP adds 0x00 padding YY JY FY Y FY LY Y PY LY when the most significant 9 bits of an object s value are all 1 or whether the encoding follows the ASN 01 BER rule which cuts off the most significant byte of Oxff This setting has an impact on all integer type MIB objects including 32 bit and 64 bit counter objects To add the padding use the command set snmp asnberpadding onlyes true For examples see SNMP ASN 01 BER Padding CR00016523 on page 99 Version 291 10 C613 10488 00 REV G Features in 291 05 l x lt u loleoelSlo ol 2 2 2 8 5 8 8 8 2 38 8 TDD ee o o Saa CR Module Leve
7. Level 3 l aleo eal SI Se alo A EE E EE Si Si se S 9 9 o Slaj CR Module Level Description a klk k lkk CR00007000 GUI IGMP 3 The graphical user interface GUI listed an invalid local interface in the Interface Y Y Y Y Y JY Y J Ye ox drop down list on the page for adding a static IGMP association This issue has been resolved CR00009274 Switch 3 If many VLANs simultaneously went from up to down or down to up the switch YY l IP Gateway became unresponsive for a period of time This issue has been improved by reducing the processing overhead for VLAN state changes CR00009302 Switch 3 The number of filters that can be created on an AT 8848 switch is limited bythe I Y number of filter matches available Previously if a user attempted to create a filter and an existing filter already used the same filter match as the new filter the switch counted this as two matches being used This reduced the number of available filters This issue has been resolved CR00009478 BGP 3 When a peer s inroutemap filter assigned an incoming route to a well known OYE NO ONES ONE Jose Pees YR OE ONE BGP community the router or switch did not use the community s restricted advertisement settings such as NoExport or NoAdvertise This issue has been resolved Also output of the command show bgp peer now shows whether a route has been assigned to a community This is indicated by a flag m as shown in bold in the followin
8. in a grey column indicates that the issue did not apply to that product series Y ina grey column indicates that the issue applied to that product series These issues are resolved in the next Version 291 04 Level 1 No level 1 issues 88 Level 2 l ui o e S o olo OO EEA pi SPENEERE CC 9 Teme o S EA CR Module Level Description See 2 amp bee lkr E CR00014960 Switch 2 Creating a large number of IPv6 RIPng interfaces more than 250 sometimes YsY B RIPng caused the switch to reboot This issue has been resolved CRO00015102 IPv6 2 If a large number of IPv6 multicast routes were added more than1000 on a YY B switch with an IPv6 accelerator card the switch could reboot This issue has been resolved CR00015585 ATM 2 AR442S routers sometimes rebooted while using the Test Facility to test the Ye SHDSL interface This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 03 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00015678 IPv6 When a switch was heavily loaded with IPv6 traffic it could reboot because a large quantity of traffic was queued while waiting for a neighbour s MAC address to resolve This issue has been resolved by limiting the number of packets that can be queued while waiting for a neighbour
9. This issue has been resolved The has been removed lt lt CR00014170 Core The show exception command did not display the correct exception type for watchdog exceptions on AR750S AR750S DP or AR770S routers This issue has been resolved The correct exception type is now displayed CR00014250 LLDP In output of the command show Ildp localdata the field IldpLocSysDesc gives information about the router or switch model and software version Previously this information was sometimes split incorrectly across 3 rows This issue has been resolved The information now displays correctly CRO00014318 DDNS If a user made a configuration change to DDNS dynamic DNS when DDNS was not enabled previously the router displayed a message that indicated that the module was not enabled but did not display a message confirming the change However the router did make the change This issue has been resolved DDNS is now consistent with other modules the router displays the following warning and info messages Warning 2142049 The DDNS module is not enabled Info 1142003 Operation successful CR00014367 GUI The GUI included pages for configuring MAC based port authentication However this feature is not available on AT 9800 Series switches This issue has been resolved The GUI pages have been removed CR00014712 Firewall If the router or swit
10. CR Module Level Description Rapier i x900 48 CR00014755 BOOTP IP Gateway It was possible to add a BOOTP relay destination using an interface that was not running IP It was also possible to delete an IP interface even though BOOTP relay destinations were defined for the interface Both of these situations could allow the router or switch to be mis configured This issue has been resolved by adding checks for these situations to the command handlers It is no longer possible to add a BOOTP relay destination using an interface not in use by IP and no longer possible to delete an IP interface if BOOTP relay has destinations defined using that interface lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt AT 8600 lt AT 8700XL lt lt AT 9900 lt AT 9800 CR00014782 PIMv6 The command show pim6 staterefresh sometimes corrupted the terminal display output with random characters To recover it was necessary to reset the terminal session This issue has been resolved CR00014872 GUI The router or switch rebooted if the Opera browser was used to browse to its GUI This issue has been resolved However note that the GUI does not fully support Opera Some functionality may not be available CR00015107 GUI HTTP pipelining did not operate correctly on some web browsers when browsing to the GUI This made some images very slow to load This issu
11. CRO0016221 on page 96 Version 291 10 C613 10488 00 REV G Features in 291 05 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8700XL x900 48 AT 9900 AT 9800 CR00016234 DHCP Snooping This enhancement enables the router or switch to log discarded ARP requests when ARP security is enabled By default discarded ARP requests are not logged To turn logging on use the command enable dhcpsnooping log arpsecurity To turn it off use the command disable dhcpsnooping log arpsecurity To see whether it is enabled use the existing command show dhcpsnooping and check the new Logging enabled entry To view the log entries use the command show log lt lt AT 8800 lt AT 8600 lt lt lt CR00016285 MACFF It is now possible to use MAC forced forwarding on non private VLANs Because MAC forced forwarding is primarily a security feature the switch displays a warning message if you do so This enhancement allows you to use MAC forced forwarding to limit broadcast traffic in a network where private VLANs are not appropriate CR00016361 Switch AT 8948 AT 9900 and x900 48 series switches now support AT SPTX tri speed Cu SFPs CR00016437 MSTP In the command set mstp configname name the switch now accepts the wou character in the name
12. Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CRO00010511 BGP Turning defaultoriginate on or off for a BGP peer by using the command add bgp peer did not cause BGP to generate an update even if automatic updating was enabled enable bgp autosoftupdate This issue has been resolved lt lt lt lt lt lt lt lt CR00012564 L2TP Setting a timeout on L2TP packet debugging caused the router or switch to reboot This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8700XL x900 48 AT 9900 AT 9800 CR00013592 HTTP A badly formed response from a particular HTTP server caused the router or switch to reboot when it attempted to load a non existent file from that server This issue has been resolved lt lt lt lt lt AT 8800 lt AT 8600 lt lt lt lt CR00013700 IP Gateway When an IP packet was queued by the ENCO module or other applications and the IP flow for the packet became invalid while the packet was queued the router or switch sometimes rebooted This issue has been resolved CR00013791 IGMP VLAN Disabling IGMP snooping correctly incre
13. AT 8700XL lt lt AT 9900 lt AT 9800 CR00013543 DHCP If a user attempted to add a policy option to a DHCP policy by using the set command instead of the add command then the resulting error message did not clearly indicate the cause of the error For example entering the command set dhcp policy test arptimeout 234 resulted in the error message Error 3070061 ARPTIMEOUT not found This issue has been resolved The error message now reads Error 3070279 Option ARPTIMEOUT was not found in policy test or was not added using the ADD DHCP POLICY command CR00013635 Ping Traceroute In the set trace command it was possible to specify a minimum TTL value that was higher than the maximum TTL value This issue has been resolved The minttl and maxttl parameter are now checked to ensure that the value of minttl is less than or equal to the value of maxttl CR00013637 Ping Traceroute If the value specified for the minimum time to live parameter minttl of the traceroute command exceeded the value set for the maximum time to live parameter maxttl the router or switch would attempt to execute the trace rather than generate an error message This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i Rapier w AT 8800 AT 860
14. Y Y Y Y did not correctly translate the destination addresses of incoming packets that matched allow rules This issue has been resolved CRO00016911 Classifier 2 When a non default protocol was specified for a classifier in some circumstances Y Y Y Y Y Y Y YY Y that protocol setting was not displayed in output of the command show config dyn or saved in the configuration file produced by the command create config When the router or switch ran the resulting configuration file on start up the protocol setting was lost This issue has been resolved Version 291 10 Features in 291 05 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8800 AT 8700XL x900 48 AT 9900 AT 9800 CR00016940 Core Some versions of the AT G8T GBIC prevented the switch from detecting and setting up the AT A47 expansion board correctly This issue occurred on start up when the GBIC was installed and had a link up This issue has been resolved lt AT 8600 CR00016941 IP Gateway When there were multiple routes to a destination and the best route was deleted from the switch s hardware routing table the switch did not use the alternative route Also the switch only used the best route even if ECMP was supported This issue has been resolved When multiple routes exist and the best route is deleted from the hardware table the switch now adds the next best route to
15. CR00014987 Core Switch If a terminal emulator started up after the router started up the router did not display a login or command prompt This issue occurred with some terminal emulators including Tera Term Pro when connecting to the AR415S router This issue has been resolved lt CR00015032 PKI When adding a certificate to PKI if the length of the public key in the certificate was longer then 2048 bits 256 bytes the router or switch could reboot This issue has been resolved CR00015071 IP Gateway Routing over a PPP interface could fail if the switch had a default route out an Ethernet port The default route switched all packets even those destined for the PPP interface This issue has been resolved The resolution involves adding routes over the PPP interface to the switch hardware tables with an instruction to trap these packets to the CPU Therefore these routes now appear in the hardware tables and can be displayed by using the command show switch table ip CR00015087 Classifier DHCP snooping Switch MACFF When MAC forced forwarding MACFF was running the switch did not filter multicast packets correctly This issue has been resolved CR00015156 Switch On AR750S AR750S DP and AR400 Series routers if a user set a switch port to autonegotiate speed and duplex mode by using the command set switch port number speed auto the link went down This issue has be
16. PPP Ethernet VoIP The router or switch now supports software QoS on PPPoE interfaces Note that this enhancement is not available on AR770S routers Version 291 10 C613 10488 00 REV G Features in 291 05 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00016150 IPsec IPv6 To establish a tunnelled IPsec connection for IPv6 you may need to specify the source IP interface in the IPsec and ISAKMP policies This enhancement enables you to do so To specify the source interface use the srcinterface parameter in the commands create ipsec policy name lt other parameters gt set ipsec policy name lt other parameters gt create isakmp policy name lt other parameters gt set isakmp policy name lt other parameters gt The global address of the source interface if available will be used as the local address of the policy lt lt lt lt lt CR00016221 Load MIBs With this enhancement you can use SNMP to E set parameters for uploading files from the router or switch and E upload files to a TFTP server SNMP already lets you save the current configuration to a file on the router or switch You can use this with the new options to back up the configuration to a THP server For more information see Backing up the configuration with SNMP
17. To display the login prompt it was necessary to remove and re insert the cable This issue applied to all models ASYN ports except ports on the ARO24 PIC This issue has been resolved CRO00015690 DHCP6 3 In the command create dhcp6 range the ip parameter correctly has the syntax Y Y Y Y Y Yop ARA A prefix1 prefix2 However the second prefix was previously not optional This issue has been resolved so that the second prefix of the form ipv6address prefixlength is no longer required If you do not enter a second prefix it is now calculated from the first prefix The second prefix has the same prefix length at the first and has all 1s in the non significant part of the address For example the second prefix for 3ffe 1 2 3 64 would be 3ffe 1 2 3 ffff FFT FTF ffff 64 CRO00015881 SNMP Switch 3 The SNMP objects dot3StatsSQETestErrors and dot3StatsCarrierSenseErrors are Y Y not supported on AR750S AR410 and AR450S routers Previously SNMP GET got a random value for these objects This issue has been resolved SNMP GET now gets 0 for these objects CRO00015969 WAN load 3 After the command reset wanlb resource all was entered WAN load balancer Y Y Y balancer resources would show their state as UP even if the underlying IP interface was down This issue has been resolved CRO00016001 DHCPv6 3 When a DHCPv 6 client was soliciting for servers the selection of the best server Y
18. m indicates that the issue did not apply to that product series Level 1 No level 1 issues Features in 291 10 Level 2 ul 3l eol l l ole S R Siss a S RSSa SS o a a a a a A A CR Module Level Description g l g g ktl wl agl CR00016759 Switching 2 Enabling DHCP snooping correctly adds a hardware filter to all untrusted YY J DHCP ports to block all IP traffic coming from those ports Previously disabling Snooping DHCP snooping did not delete these filters This meant that the switch dropped all IP traffic from the previously untrusted ports until the switch was restarted Also attempting to manually delete the hardware filters did not actually remove them These issues have been resolved The switch now removes the filters if you disable DHCP snooping or manually delete the filters CR00018655 IP Gateway 2 If the user did not specify the destination and dmask parameters when PWA IA E Pe E A NE e Y Ayy entering the set ip filter command the destination and dmask of the CR00018656 filters were reset to any Also it was not possible to delete an IP filter by using the delete ip filter command even when all required parameters were present These issues have been resolved Version 291 10 C613 10488 00 REV G Features in 291 10 aizi liglelSlelele S RISI a gale Fi gs a S
19. newRoot and topologychange traps located at 1 3 6 1 2 1 17 0 were only generated by the bridging module This has been extended to the STP module Please note that this applies only to standard STP not Rapid STP CR00010229 Install SNMP Previously MIB objects instRelMajor instRelMinor and instRellnterim values were only correct for bootrom default builds This issue has been resolved Now the correct values are returned for these objects when the current install matches the temporary or preferred install Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description Rapier i Rapier w x900 48 lt AT 9900 lt AT 9800 CR00010306 Install If a user attempted to enter a filename with an invalid format the resulting error message did not correctly describe the format that should have been used Also the router or switch returned an incorrect error message when a user attempted to delete a non existent release licence file These issues have been resolved lt AR400 lt AR7x5 lt AR7x0S lt lt lt AT 8800 lt AT 8600 lt AT 8700XL lt CR00010315 BGP Previously it was possible to enter bad BGP peer IP addresses such as O x x x 127 x x x and 255 255 255 255 This issue has been resolved CR00010465 Switching The help for the command sh
20. AT 8800 CR00016180 GUI Firewall When configuring the firewall with the GUI the Policy options tab did not update its display when options were changed from the default settings For example if the user cleared a checkbox and clicked the Apply button the router correctly turned off that option but the GUI showed a check in the checkbox This issue has been resolved CR00016200 Core The router or switch s handling of soft errors has been further improved Soft errors are spontaneous changes in the information stored in a digital circuit caused by physical effects CR00016288 SYN The polarity of the CD output of RS 232 DCE and V 35 DCE SYN cables was reversed it was ON when OFF was selected and vice versa This issue affected AR750S AR770S and AR44xS series routers This issue has been resolved CR00016303 Load The upload command did not always work if the server parameter was set with the set load command instead of being specified in the upload command This issue has been resolved CR00016327 IP Gateway If a policy filter was configured ping sometimes failed This happened because the router or switch assigned the ICMP echo replies to an IP flow without checking that the interface for the echo replies matched the interface for the flow Therefore the router or switch could use the wrong flow to forward the replies This issue has been resolved
21. CR Module Level Description AR7x0S Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00008225 Core Some early software versions on some products supported the command show system temperature This command was deprecated after version 2 6 4 If a user entered this command on any product the following message was displayed Info 1034107 SHOW SYSTEM TEMPERATURE is no longer available Please use SHOW SYSTEM ENVIRONMENTAL instead However only the following products use the show system environmental command to display the temperature AR750S and AR770S routers and AT 8600 AT 8800 AT 8948 x900 48 and AT 9900 series switches Other products use show system instead On the other products the above error message was incorrect because it stated that the show system environmental command was available This issue has been resolved On products that do not use show system environmental the following error message is displayed if you enter the show system temperature command Info 1034090 Command unavailable on this product lt AR400 lt AR7x5 lt lt lt CR00009036 File If a user tried to copy a small file less than 32 bytes in Flash when there was not enough free Flash space for the file and its header the router or switch did not generate an error message and the copying could appear to have succeeded This issue has been resolved The error mess
22. Description el al al glg kt ele Slalk CRO00010979 PPP 3 PPP incorrectly ACKed a LCP ConfigureRequest containing the Magic YIY JY Y Y TIY Ya Yee Y Number option with a value of 0 This issue has been resolved CRO00010984 PPP 3 If the router or switch received an incorrectly formatted PAP request packet Y Y Y Y Y Y J Meee ey it used to process the packet This issue has been resolved now it silently discards the packet Also if the router or switch received a PAP request packet with a zero length user ID it used to send the packet to the authentication database This issue has been resolved now it NAKs the packet CRO00011223 Core 3 On AT 8948 and AT 9924SP switches with an empty PSU bay an SNMP Y Y l walk through of the fanAndPsPsuStatusTable would display lines for the non existent PSU with the value of no such instance This issue has been resolved The walk through now only includes installed PSUs CRO00011259 GUI 3 Some of the features supported in the web based GUI did not have a Y eal Gas nef YY JY J Nem OY complete set of online help pages generated for them This issue has been resolved CRO00011315 IP Gateway 3 When the limit for the number of IP interfaces wasreachedandausertried Y Y Y Y Y Y Y JY JY Y Y to add another IP interface over a VLAN the router or switch displayed the following misleading error message Error 3005273 No more VLAN interfaces may be added This i
23. G Features in 291 08 ul 2 ele x elo e S R Sias as a S R zi BiB zlil e ei ie oe CR Module Level Description el al al glg kt ele Slalk CRO00003495 Classifier 2 The following issues existed with classifiers YIY JY Y Y LY Ye ayes E classifiers matching protocol ipv6 and ipprotocol icmp could be created more than once E classifiers matching protocol ipv6 and ipprotocol 1 could be created but were meaningless because 1 represents IPv4 ICMP E classifiers matching protocol ip and ipprotocol 58 could be created but were meaningless because 58 represents IPv6 ICMP These issues have been resolved Also classifiers now default to protocol ip IPv4 if E no value is specified for the protocol parameter or E protocol any and ipprotocol icmp CR00004018 VLAN 2 Removing then re adding ports to a Nested VLAN with rapid STP enabled Y caused the port in the Alternate Discarding state to leak a small number of packets This issue has been resolved CR00005472 BGP 2 When BGP was in the OpenSent state and it received an out of sequence Y Y Y Y Y Y YY Y message such as a KeepAlive message BGP would return to the Idle state This issue has been resolved BGP now sends a notification message to the other BGP peer as expected CR00005812 IP Gateway 2 When the router or switch received an IP packet whose length was greater Y Y Y Y
24. MIB object dot1dSTPRootPort This issue has been resolved CR00015466 Core Install 3 The output of the show cpu command on the AT 8624POE switch showed Y PoE relatively high CPU usage when the device was idle This issue has been resolved CR00016183 File 3 If a user attempted to delete a locked file such as the currently installed YN ONE ONE TAY TeV TNE TON OC ONES Ne pak GUI resource file the router or switch displayed both an operation error message and an operation successful message This issue has been resolved by removing the incorrect operation successful message CR00016429 OSPF 3 Previously OSPF logged the same message for two separate errors These Y Y Y Y Y Y Y FY FY Y Y errors were when OSPF rejected a database description message because E the neighbour was in a state of down or attempt or the MTU received from the neighbour was larger than the receiving system could handle This issue has been resolved Separate error log messages are now generated for these two errors Version 291 10 Features in 291 08 CR Module Level Description AR7x5 AR7x0S Rapier i Rapier w AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00016452 PPP It is valid to use the command create ppp number to create a PPP interface without specifying the underlying layer 1 interface However executing this command or including it in a boot script res
25. Y JY Y Y Y JY LY than the MTU on the outgoing link and the packet contained an IP option that was not designed to be fragmented such as Timestamp then the resulting constituent fragments would have incorrect IP header lengths This could lead to data corruption On routers this issue applied to all routed packets On switches it applied to packets processed by the CPU not to packets switched in hardware This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description Rapier i Rapier w AT 8600 AT 8700XL x900 48 CR00007178 RIPng The following issues occurred with RIPng E RIPng dropped requests from peers with non link local addresses E for a solicited response if the routes did not exist on the device RIPng returned a metric of O for them instead of returning a metric of 16 RIPng performed split horizon checking for solicited responses E RIPng used the link local address to respond to all requests even if the request used a non link local address and therefore the reply should have also used a non link local address These issues have been resolved lt AR400 lt AR7x5 lt AR7x0S lt lt lt AT 8800 lt lt AT 9900 lt AT 9800 CR00008847 Install MIB Previously the MIB objects configFile and createConfigFile would return the current configuration file and the MIB object curren
26. created a duplicate of an already existing interface route If a user then deleted the IPv6 interface that these two routes belonged to the router or switch could reboot This issue has been resolved CR00015971 CR00015937 CR00015864 WAN Load Balancing The following issues occurred with WAN load balancing WANLB when a WANLB resource port became unavailable existing sessions on the unavailable resource did not move to a backup resource E if packets were sent over a WANLB session then that session timed out and then the same packets were sent again a new session did not establish This stopped the packets from being sent the second time m when WANLB was used with Firewall NAT the orphan timeout setting of WANLB sessions was not updated correctly This could mean that WANLB resources appeared to be available when they were not These issues have been resolved CR00016037 User If the router or switch used RADIUS authentication and all the RADIUS servers were unavailable then the device correctly checked its user database for a RADIUS backup user and authenticated that user However if that user then logged out they were unable to log in again until after the RADIUS server Dead Time timer had expired This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 04 67
27. enabled on the other ASYN ports This issue has been resolved CR00017239 VLAN IGMP Snooping When a user configured IGMP static router ports the configuration file produced by the command create config could be invalid When the router or switch ran the resulting configuration file on start up it produced an error instead of configuring the router ports This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 05 CR Module Level Description Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00017257 WAN Load Balancer If two WAN load balancer healthcheck hosts were defined and one was unreachable and the other was reachable WAN load balancer resources were correctly in the UP state because at least one healthcheck host was reachable However removing the reachable host by using the command delete wanlb healthcheck should have changed the WAN load balancer resources to the DOWN state but did not This issue has been resolved If the only healthcheck host available is unreachable and the resource is currently in the UP state the next unreachable healthcheck received from that host now forces the resource to the DOWN state lt AR400 lt AR7x5 lt AR7x0S Version 291 10 C613 10488 00 REV G Level 3 Features in 291 05 49
28. if IPv6 was not enabled It was not possible to upload files using TFTP to an IPv6 server address at all These issues have been resolved CR00016340 DHCP Snooping DHCP Snooping has been enhanced to operate in a customised VLAN ID translation VID translation environment Previously DHCP Snooping was not supported with VID translation This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description Rapier i Rapier w AT 8600 AT 8700XL x900 48 CR00016587 IPv6 The timer that governs the interval between repeated neighbour solicitation messages could only be configured by using the ndretrans parameter of the set ipv6 nd command and not through router advertisements that the router or switch received from other routers This issue has been resolved Instead of using the ndretrans parameter of the command set ipv6 nd use the retrans parameter to configure the timer interval Also routers or switches acting as hosts will now correctly update their timer values to the value specified in any router advertisements that they receive lt AR400 lt AR7x5 lt AR7x0S lt lt lt AT 8800 lt lt AT 9900 lt AT 9800 CR00016592 DHCP6 Previously it was possible to enter the incomplete commands delete dhcp6 policy name or set dhcp6 policy name with
29. igmpproxy upstream was used to try to create a second upstream interface an error message was correctly displayed However the interface was still added using igmpproxy off This issue has been resolved The second interface is no longer added if this error occurs Also if an interface had been set as the upstream interface and was later changed to a downstream interface a different upstream interface could not be specified even though there was no active upstream interface This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description Rapier i x900 48 CR00012585 User When authenticating users via RADIUS the number of times that the router or switch attempts to contact the RADIUS server is determined by the Server Retransmit Count displayed in output of the command show radius Previously this count incorrectly included the initial request For example a Retransmit Count of 3 meant that up to 3 attempts were made to contact the server This issue has been resolved so that the Retransmit Count no longer counts the initial request For example a Retransmit Count of 3 now means that up to 4 attempts are made to contact the server lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt AT 8600 lt AT 8700XL lt lt AT 9900 lt AT 9800 CR00012832 BGP When the router or switch had thousands of sta
30. missing was displayed as an INFO message This issue has been resolved The message now displays as an ERROR message lt lt AT 8800 lt AT 8600 lt lt lt CR00013045 SNMP Core TTY The MIB object hrSystemNumUsers displayed the number of login users since the router or switch started up instead of the number of currently active login users This issue has been resolved CR00013112 IP Gateway The blackhole parameter of the commands add and set ip route had no help description This issue has been resolved CR00013188 LACP Previously when an attempt to add a port to LACP was unsuccessful the switch displayed an appropriate warning message followed incorrectly by an operation successful message This issue has been resolved The switch no longer displays operation successful when port addition fails CR00013221 IP Gateway The output of the command show ip route did not contain any spaces between the route tag value and the metric value when the tag value was long This issue has been resolved by adding the missing spaces The content and relative position of the values have not changed CR00013260 TACPLUS If a user added a TACACS server when TACACS was not enabled previously the router or switch displayed a single info message that indicated that the module was not enabled but did not display a message confirmin
31. not establish a VPN when the remote Y Y Y Y Y Y peer was behind a NAT gateway and the router or switch s remote ID was set to default This issue has been resolved CRO00017634 PPP 2 If a PPPoE AC service had been added but AC mode had not been enabled Y Y Y IY Y Y Yo WANE eX by using the enable ppp ac command PADI frames were processed anyway potentially leading to a reboot This issue has been resolved CR00017659 TTY 2 Previously it was not possible to configure a TTY service on the router by Y Y using commands like create service This issue has been resolved CRO00017662 Core 2 Stopping and restarting two fans on the switch in a particular order could Y put the fan fault detection mechanism into a state in which the system LED would not flash for a fan fault This issue has been resolved CR00017724 IGMP 2 When the switch had a hardware filter configured that would match and Me ig PONG NE Ile discard a received IGMP packet IGMP snooping still processed the packet and added the details to its snooping database This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description Rapier i Rapier w x900 48 CR00017731 IP Gateway DHCP When the DHCP server was enabled on a router or switch that also had a local IP interface defined by using the set ip local comman
32. 0 AT 8700XL x900 48 AT 9900 AT 9800 CRO00013832 EPSR SNMP When a user destroyed an EPSR domain SNMP Requests returned information about the domain even though it no longer existed This issue has been resolved lt lt CR00013920 Ping Traceroute If a user attempted to perform a traceroute without specifying the address to trace either in the trace or set trace commands the router or switch attempted to trace 0 0 0 0 This issue has been resolved The router or switch now displays an error message CRO00014103 VRRP GUI The VRRP priority could not be modified through the GUlI the priority option was there but did nothing This issue has been resolved CRO00014137 PPP A PPPoE Access Concentrator service that had been added by using the acinterface parameter to specify a VLAN or by using the deprecated vlan parameter could be deleted without specifying the acinterface parameter or the deprecated vlan parameter This issue has been resolved CRO00014159 RSTP correctly only uses the top 4 of the available 16 bits for the bridge priority If a user enters a value that is not a multiple of 4096 the switch rounds the value down Previously the switch did not inform users when it rounded the value This issue has been resolved The switch now displays an info message when it rounds the bridge priority Note that this only happens for RSTP STP uses all 16 bits fo
33. 00 REV G Features in 291 08 CR Module Level Description Rapier i Rapier w x900 48 CR00017019 Port Authentication On termination of an 802 1x session an accounting message is sent to the Radius server This enhancement implements the Acct Input Octets Acct Output Octets Acct Input Packets and Acct Output Packets fields in the message Note that this enhancement only applies to ports in single supplicant mode These fields in the accounting message for ports in multi supplicant mode still all have a value of O lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt AT 8600 lt lt AT 8700XL lt lt AT 9900 lt AT 9800 Level 4 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i Rapier w AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CRO00011228 GUI Switch The Diagnostics gt Layer 2 Forwarding Database page of the GUI displayed extra internal SYS or CPU entries This issue has been resolved The GUI and the command show switch fdb now display the same information lt lt lt lt lt CR00013409 Switch Previously if you used the or Tab keys to obtain help for the set switch ageingtimer command the resulting help said that valid entries were from 0 to 4294967295 However the correct range of values is from 16 to 4080 sec
34. 15 DNS A new log message has been added to provide more information about rejected DNS requests The message has a log type of 052 IPDNS and subtype 002 UNRES and reads DNS request for lt domain name gt rejected by server Code lt number gt lt explanation gt The following codes and explanations exist 0 No Error no error occurred Format Error there was a problem with the message construction Server Failure there was a problem with the server itself Name Error the name does not exist in the domain Query Not Implemented the received query was not supported Refused Refused for policy rather than technical reasons 1 2 3 4 5 6 YX Domain the name exists when it should not 7 YX RR Set a resource record exists that should not exist 8 NX RR Set a resource record that should exist does not exist 9 Not Authoritative the receiving server is not authoritative 1 0 Not Within Zone the specified name is not within the zone specified in the message lt lt lt lt lt AT 8800 lt AT 8600 lt lt lt lt CR00014728 DDNS When you activate a Dynamic DNS DDNS update by entering the command activate ddns update the router now warns you of possible negative consequences and prompts you for whether or not to continue Also if you attempt to activate a DDNS update when DDNS is disabled the router displays a warning message
35. 4 Hosts 1 00 00 cd 27 be 5 172 20 Enabled None 1 176 200 176 200 H t Host Topology Timeout Timeout Timeout Timeout Timeout Timeout in in in in in in 256 257 257 258 259 259 secs secs secs secs secs secs Version 291 10 C613 10488 00 REV G Support for the new Rapier 48w switch 95 Support for the new Rapier 48w switch The Rapier 48w is anew model in the Rapier Series of layer 3 gigabit and fast Ethernet switches Its key features are 48 port 1OBASE T 100BASE TX RJ 45 connectors Two 1000BASE SFP ports Two asynchronous serial console ports with DB9 connectors One Network Service Module bay with support for various WAN interface cards Auto negotiating Layer 3 Managed Switch Enhanced switching core Rapier 48w front panel Replaceable air filters and fan only modules FOMs for NEBS applications m PABON oggaucsga vm O oa AL O danonoosd ppgeooogappocogggnonogopgconoguoneecogggaporgg OBADBNON POBEOSJON Bose 2099 2e ego eeu ogge uog gge ogopa Enu DSK eo SMOUONE O O OOUDDUG0Og0 COLOCUCIDoO DON BU 6 NeENoOUodso DINSUeAOg NORSUeAo0m 1a 2i CODON OURYVULE OUBYVULAVO
36. 959 Qos 3 Destroying a traffic class or flow group also destroyed all classifiers that were eee Y Y famine Y Y ie associated with that traffic class or flow group This issue has been resolved User created classifiers are no longer destroyed Automatically created classifiers are still destroyed such as classifiers for DHCP snooping CR00015510 Switch 3 When the switch performed layer 3 routing across a trunk it did not balance TEIGE Y Y RARA G traffic across all ports in the trunk group This issue has been resolved CR00015798 Switch 3 If the switch received a packet on a port and therefore started using MAC based Y Y Y Y Y Y Y Y Y authentication to authenticate the port and then received another packet during CRO00016058 the authentication process then occasionally the switch dropped the second packet This issue has been resolved Level 4 No level 4 issues Version 291 10 C613 10488 00 REV G Features in 291 02 91 Enhancements _l x lt PE RA s 2 Q Viool Oo BS o ao SERERE o P EAR o gt Ea CR Module Level Description Poeeeees EZEZ S k E CR00014222 IGMP IGMP snooping learns which ports have routers attached to them so it can ESER Y Y DAR Y Y i snooping forward relevant IGMP messages out those ports By default snooping identifies Switch router ports by looking for ports that receive specific multicast packets such as VLAN IGMP queries PIM messages OSPF messages and RIP messag
37. GUI file AT 8824 AT 8848 AT 8800 86291 10 rez 24 July 2007 4587048 8824 291 10 en_d rsc 8848 _291 10_en_d rsc AT 8948 AT8948i x900 48FE x900 48FE N x900 48 89291 10 rez 24 July 2007 4884216 x900 48FS AT 9924T AT 9924SP AT 9924T 4SP AT 9900 89291 10 rez 24 July 2007 4884216 9924 291 10 en_d rsc AT 9812T AI 9816GB AT 9800 sb291 10 rez 24 July 2007 3988344 9812_291 10_en_d rsc 9816_291 10_en_d rsc Caution Using a maintenance version on the wrong model may cause unpredictable results including disruption to the network This maintenance release note should be read in conjunction with the following documents m the Release Note for Software Version 2 9 1 available from www alliedtelesis co nz documentation relnotes relnotes html which describes the new features since Version 2 8 1 m your router or switch s Document Set for Software Release 2 9 1 This document set is available on the CD ROM that shipped with your router or switch or from www alliedtelesis co nz documentation documentation html Caution Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesis Inc While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate Allied Telesis Inc can not accept any type of liability for errors in or omissions arising from the use of this information Enabling and
38. IM6 If an IPv6 accelerator was used and the upstream router forwarded IPv6 multicast data just before the prune limit timer expired then the downstream router sometimes did not send the prune until significantly after the timer expired This issue has been resolved lt lt AT 9900 CR00015169 MSTP GUI Using the web based GUI to set the Point to Point Link in the MSTP CIST Port configuration to a non default value would generate an error This issue has been resolved CR00015805 ISAKMP IPv6 During the boot up the router or switch waited 5 seconds before beginning ISAKMP prenegotiation For VPN tunnels over IPsec for IPv6 this was not long enough for the router or switch s interfaces to come up before prenegotiation began Also the router or switch did not obtain the most recent active ISAKMP SA when multiple SAs existed These issues have been resolved The router or switch now waits 6 seconds and obtains the most recent SA and uses that for Phase 2 negotiations CR00015964 Switching If the switch had a large number of routes in its forwarding database FDB and the command show switch fdb was used to display the contents of the FDB and the switch s CPU was busy at the time then the switch sometimes rebooted This issue has been resolved CR00016262 Load When attempting to upload files from the switch using TFTP to an IPv4 server address the router or switch reported an error
39. IP addresses in their PCs The solution is designed to interoperate with a specialised Access Router that is able to deal with the full range of IP addresses that will be in use on the guests PCs The Nomadix Access Gateway from www nomadix com is an example of such a specialised access router Configuration of the new feature is similar to the existing MAC forced forwarding configuration On each edge switch you also need to enter the following new command before enabling DHCP snooping disable dhcpsnooping ipfiltering You also need to turn on ARP security and allow authorised clients to send only unicast packets by entering the following commands enable dhcpsnooping arpsecurity enable dhcpsnooping strictunicast This enhancement also introduces the ability to add MACFF servers with static MAC addresses rather than relying on ARP to determine them based on IP addresses To do this enter the command add macff server mac macadadr Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i Rapier w AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00016662 CR00016891 CR00017335 CR00017937 This software release supports the new x900 48FS switch For an overview of the switch see Support for the new x900 48FS switch CR00016662 on page 92 lt CR00016913 PPP This
40. IPv6 interfaces 32MBytes of fixed flash 256MBytes of Synchronous DRAM expandable to 512MBytes with DIMM CompactFlash slot for hot swappable expansion of flash memory up to 128 MBytes x900 48FS front panel TST SCSTCSCTCSTCSCTCTCSCTCECCECFCTCCECCCECCECSCSCSESCSCSCSECSECSCSECECSCSESECSCSCECSTCSCSESCECCSCSECSESESESE Parnarama av av av ay av av av av roms 48 GD ume acr were rar pomas D scomune Act D wetted Sear For more information about the x900 Series and expansion options see the Hardware Reference The Hardware Reference is available from www alliedtelesis co nz documentation manuals html Version 291 10 C613 10488 00 REV G 92 IGMP snooping fast leave in multiple host mode CRO00017482 93 IGMP snooping fast leave in multiple host mode CR00017482 The IGMP snooping fast leave option has been enhanced to make it available when multiple clients are attached to a single port on the snooping switch Fast leave now has two modes available m multiple host mode the new feature In multiple host mode the snooper tracks which clients are joined to a given IP multicast group on a given port As soon as the last client leaves a group on a port the snooper shuts off the multicast to that port m single host mode the existing functionality In single host mode as soon as the snooper receives a leave message for a group on a port it shuts off the multicast This mode assumes that there are
41. Installing this Release To use this maintenance release you must have a base release license for Software Release 2 9 1 Contact your distributor or reseller for more information about licences To enable this release and install it as the preferred release use the commands enable rel xx291 10 rez num 2 9 1 set install pref rel xx291 10 rez where xx is the prefix to the filename as shown in the table on page 1 For example to install the release on an x900 48FE switch use the commands enable rel 89291 10 rez num 2 9 1 set install pref rel 89291 10 rez Version 291 10 C613 10488 00 REV G Levels 3 Levels Some of the issues addressed in this Maintenance Version include a level number This number reflects the importance of the issue that has been resolved The levels are Level 1 This issue will cause significant interruption to network services and there is no work around Level 2 This issue will cause interruption to network service however there is a work around Level 3 This issue will seldom appear and will cause minor inconvenience Level 4 This issue represents a cosmetic change and does not affect network operation Version 291 10 C613 10488 00 REV G Features in 291 10 Software Maintenance Version 291 10 includes the resolved issues and enhancements in the following tables In the tables for each product series m Y indicates that the resolution is available in Version 291 10 for that product series
42. LY Switch another VLAN made those static ARP entries inactive Also deleting a port from a VLAN would delete all static ARP entries that were defined on that port including entries for other VLANs Note that this deletion issue did not occur on Rapier i AT 8800 AT 8700XL or AT 8600 Series switches Both of these issues have been resolved CRO00014652 PIM6 3 If a user changes the PIMv6 BSR candidate priority to the same value as the Y Ye NE PAE YE o One ye Tiny currently elected BSR s priority then the router or switch should be elected as the BSR if its IPv6 address is higher than the currently elected BSR This did not happen This issue has been resolved CRO00014659 DHCP 3 On the DHCP server a user could create two static DHCP entries for the same YY YE Ne NE OYE YS Too Y 1 client in one range This was only possible if the client had first obtained a dynamic address from the server This issue has been resolved It is now impossible to add the same static client twice even when that client has a pre existing dynamic entry CRO00014724 IGMP 3 When the router or switch received an IGMP Leave message it did not update Yo YO TYE OYE YS PO YR ONE Snooping IGMP Snooping counters correctly in some circumstances This issue has been resolved CR00014746 WANLB 3 It was possible to delete an IP interface that was configured as a WAN load Y Y IP Gateway balancer resource This issue has been resolved Version 291 10 Features in 291 04
43. Level Description AR400 AR7x5 AR7x0S Rapier i x900 48 AT 9800 CR00013629 IGMP When IGMP fast leave was enabled and the switch received a leave message via a trunk port the switch only removed the port from the multicast group if the port was the master trunk port This issue has been resolved When fast leave is enabled non master trunk ports now leave multicast groups as soon as the switch receives a leave message lt lt AT 8800 lt AT 8600 lt AT 8700XL lt lt AT 9900 CR00013694 Switch IP Gateway For layer 3 Jumbo frames this software version improves initial layer 3 flow setup and handling of flows that exceed the layer 3 MTU mid flow CR00014038 IGMP IP Gateway The IGMP Default Timeout Interval is automatically calculated by IGMP in accordance with RFC 2236 but the following command allows you to over ride the calculated value set ip igmp timeout value Previously the router or switch sometimes set the interval to the calculated value instead of using the value entered in the command above This issue has been resolved CR00014047 DHCP Snooping Previously DHCP snooping correctly refused to allocate new DHCP leases once the maxleases value had been exceeded but it did so by discarding the server s acknowledgement message instead of forwarding it to the client Therefore the DHCP server recorded the address as allocated which meant the I
44. N 01 BER Padding field Version 291 10 C613 10488 00 REV G
45. O00015989 TPAD 2 When using the TPAD autodial feature and sending multiple transactions overa Y Y Y Y TCP IP connection the router or switch responded to good APACS packets by sending an ACK This ACK was unnecessary and could cause interoperability issues This issue has been resolved The router or switch no longer sends the ACK in these circumstances CRO00016034 IP Gateway 2 Previously it was not possible to add a static ARP entry for the corresponding YO amli Ne ae Y Firewall partner address of a 31 subnet interface This issue has been resolved The router or switch will now also allow 31 ARP requests to pass through the firewall CRO00016060 IGMP 2 If a port was disabled from being an All Routers group port for IGMP and that Y Mee OMe MET EYE Ye TOYS 1 ral ay port received All Routers group traffic it would incorrectly be added to the All Routers group This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 05 CR Module Level Description Rapier i AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00016128 IPsec IPv6 When the icmptype parameter was changed to none for an IPv6 IPsec policy an incorrect ICMP type value was displayed in output of the command show config dyn and saved in the configuration file produced by the command create config This issue has been resolved lt AR400 lt AR7x5 lt AR7x0S lt lt
46. P address range could be exhausted This issue has been resolved The server no longer records addresses as allocated once the maxleases value is exceeded CRO00014152 Switch On AR415S AR44xS AR750S and AR770S routers when a switch port went down or was reset by using the command reset switch port number this deleted the dynamically learned forwarding entries for all ports This issue has been resolved Now entries are only deleted for the port that went down or was specified in the command Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CRO00014163 Firewall When the firewall was performing NAT on UDP video streams and two streams started up at the same time sometimes one or both streams displayed excessive jitter This issue has been resolved lt lt lt lt lt AT 8800 CR00014178 Core The following issues occurred with environmental monitoring on AR750S and AR770S routers the values reported by the show system command were incorrect for the first few seconds after a cold restart on AR770S routers the router did not indicate power supply problems through log messages or the system LED These issues have been resolved CR00014285 BGP The default setting for BGP capabi
47. S a S al al eo oe wo eg ala CR Module Level Description ggg kt ele Slalk CR00018663 Switching 2 The resolution to CR 444 meant that packets processed by the CPU are now YY JY Y IY l subjected to the same filtering as packets switched in hardware However this filtering did not always return the expected results Sometimes its IP address matching was incorrect and it did not correctly process filters with an action of nodrop These issues have been resolved CRO00018691 OSPF 2 On a router or switch with OSPF redistribution enabled OSPF did not YIY JY JY FY FY LY PTY PY LY LY redistribute the interface route when an interface came up for example after a reboot This issue has been resolved CR00018693 Qos 2 QoS policies traffic classes and flow groups could not have an ID number YIY JY Y FY LY LY LY of O zero This issue has been resolved CR00018778 IP NAT Firewall 2 When using IP NAT the router or switch would reboot when processing Y Y Y TCP SYN packets This issue only occurred with IP NAT which is configured by using the add ip nat command It did not occur with firewall NAT This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 10 Level 3 l ale seis eae S 2 2 53 5 ZI SIR Sa TIS a o a al ale a a oa gi gt a a CR Module Level Description el al al gg kt ele Slalk CRO00018514 Ping 3 Tracero
48. Software Maintenance Release Note Maintenance Version 291 10 for AR415S AR440S AR441S AR442S AR450S AR725 AR745 AR750S AR750S DP and AR770S routers and AT 8600 AT 8700XL Rapier i Rapier w AT 8800 AT 8900 x900 48 AT 9900 and AT 9800 Series switches This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 291 10 for Software Version 2 9 1 Version details are listed in the following table Models Series Release File Date Size bytes GUI file AR415S AR440S AR441S AR442S AR450S AR400 54291 10 rez 24 July 2007 4946220 415s_291 10_en_d rsc 440s_291 10_en_d rsc 441s _291 10_en_d rsc 442s 291 10_en_d rsc 450s_291 10_en_d rsc AR750S AR750S DP AR770S AR7x0S 55291 10 rez 24 July 2007 4074888 750s_291 10_en_d rsc AR750S and AR750S DP AR725 AR745 AR7x5 52291 10 rez 24 July 2007 4114292 _725_291 10_en_d rsc _745_291 10_en_d rsc AT 86241 2M AT 8624PoE AT 8648T 2SP AT 8600 sr291 10 rez 24 July 2007 2468216 8624t_291 10_en_d rsc 8624poe_291 10_en_d rsc 8648t_291 10_en_d rsc AT 8724XL AT 8748XL AT 8700XL 87291 10 rez 24 July 2007 2411128 8724 _291 10_en_d rsc 8748_291 10_en_d rsc Rapier 24i Rapier 48i Rapier 16fi Rapier i 86291 10 rez 24 July 2007 4587048 r24i_291 10_en_d rsc r16i_291 10_en_d rsc r48i_291 10_en_d rsc Rapier 48w Rapier w 86291 10 rez 24 July 2007 4587048 Enabling and Installing this Release Models Series Release File Date Size bytes
49. The device will now reboot CR00013640 NTP Output of the command show ntp displays a Host Address field This is the address of the interface from which the router or switch sends NTP packets Previously if the IP address changed the Host Address field did not change even though NTP used the new address This issue has been resolved CR00014106 Core If the router or switch runs a configuration file on start up that contains the command set summertime before the command enable summertime a log message on start up says that summertime needs to be enabled However summertime is correctly applied to the router or switch Previously if you configured summertime then saved the configuration by using the command create config set summertime came before enable summertime in the resulting configuration file This issue has been resolved When you save the configuration enable summertime now comes before set summertime in the resulting configuration file so the log message is not produced Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CRO00014151 VLAN The following error message Error 3089399 Operation not allowed on a NESTED port contained an extraneous before the word NESTED
50. U of the peer This issue has been resolved lt AR400 lt lt lt lt lt lt lt lt CR00010968 PPP When the established Maximum Receive Unit MRU of the remote PPP peer was greater than the established MRU of the local PPP peer Echo Reply packets did not respect the established MRU of the remote peer This issue has been resolved CR00011231 Core In most circumstances the stack dump for an AR7x5 router was invalid and did not contain complete information about the cause of a reboot This issue has been resolved CR00012218 VPN GUI Enabling VPN IPsec on the GUI caused the GUI VPN page to stop displaying information about some or all of the existing VPN policies This issue has been resolved CR00012727 OSPF Sometimes when a type 7 external LSA was translated to a type 5 external LSA the forwarding address was set to 0 0 0 0 in the translated type 5 LSA This issue has been resolved so that the forwarding address is always copied from the type 7 LSA being translated CR00012751 OSPF When the router or switch is acting as an area border router and one of the areas is an NSSA Not So Stubby Area the router or switch will create a default route for the NSSA and inject this into the NSSA Previously the router or switch was also redistributing this route into other areas as a static route when static route redistribution was turned on Th
51. Y Y Y Y Yay oy did not proceed in the way specified by the RFC This issue has been resolved CR00016177 Switch MIB 3 The default value of the MIB object ifJackType for the GBIC slot on AT 8800 series Yl switches was incorrect if no GBIC card was plugged in This issue has been resolved The default value is now other 1 Version 291 10 C613 10488 00 REV G Features in 291 05 CR Module Level Description Rapier i lt AT 8600 lt AT 8700XL x900 48 lt AT 9900 lt AT 9800 CR00016228 Qos If a QoS policy uses the same classifier more than once the router or switch now displays a warning message You should not use a classifier more than once in a policy because the operation of such policies is unpredictable lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt CR00016463 DHCPv6 For the command create dhcp6 range DHCPv6 now checks that the specified address or prefix range is valid for the specified type of range Valid options are E address1 address2 e g 3ffe 1 2 3 4 5 1 3ffe 1 2 3 4 6 ffff This is a range of addresses for address assignment type normal or type temporary E address prefixLen e g 3ffe 1 2 3 4 5 96 This is a range of addresses for address assignment type normal or type temporary E address prefixLen address prefixLen e g 3ffe 1 2 48 3ffe 1 40 48 This is a range of prefixe
52. age Insufficient space to store file file name is now displayed under those conditions CR00010518 CR00010710 Core The show cpu statistics were unnecessarily inaccurate For example a router or switch that was effectively idle showed a CPU usage of 10 to 12 This issue has been resolved When the router or switch is effectively idle the CPU usage now displays as less than 5 Version 291 10 C613 10488 00 REV G Features in 291 05 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9800 CRO00011629 PIM PIM6 ECMP Previously the switch s count of PIM4 and PIM6 bad Bootstrap Messages BSMs could be high because the switch forwarded BSMs over interfaces that contained an Equal Cost Multipath ECMP route to the receiving interface This issue has been resolved BSMs are no longer forwarded via all interfaces contained in an ECMP group but only via one interface in the group lt lt AT 9900 CR00012495 IGMP When an IGMP filter was destroyed switch ports that used the filter did not have their IGMP filter setting returned to None This issue has been resolved CR00014324 PPP The interface MIB ifInOctets and ifOutOctets counters displayed by the show ppp counter command incorrectly included the lower layer framing octets and were 5 octets per fr
53. age unless an appropriate IP helper configuration existed This issue has been resolved When there is no IP helper configuration the behaviour now depends correctly on the setting of the directedbroadcast parameter for the IP interface If directedbroadcast on the packet is sent out as a MAC broadcast If directedbroadcast off the packet is dropped ICMP unreachable messages are not sent in any case CR00015258 IGMP snooping VLAN The command add igmpsnooping vlan vlan routerport port adds a static IGMP router port for a specific VLAN and port pair Previously it was possible to remove the port from that VLAN without updating the static router port association This issue has been resolved When you remove a static router port from a VLAN the router or switch now removes that port from the static router port list and updates all layer 2 entries CR00015346 Switch The 64 bit counter type objects in the ifXTable of the Interfaces Group MIB RFC 2863 returned non zero values for ports that had never been up This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description Rapier i x900 48 CR00015666 IP Gateway Subnet broadcast packets would not be routed correctly when the interface to which the subnet broadcast was destinated was an interface on the device but its link status was down Eve
54. ame greater than they should have been This issue has been resolved CR00014919 QoS DHCP snooping DHCP snooping accepted a minimum of one new client per QoS flow group instead of a minimum of one new client per port This meant that DHCP snooping sometimes did not respect the lease limit maxlease on a port This issue has been resolved CR00015092 ATM Previously the information output by the help for the ATM channel per parameter was incorrect This issue has been resolved The help now displays required decimal in the range 32 155000 dependant on physical interface If you enter a value larger than the maximum PCR allowed on a specific physical interface the router now displays the following message for ADSL The PCR supplied was too large the maximum is 1024 and the following message for SHDSL The PCR supplied was too large the maximum is 4608 Version 291 10 C613 10488 00 REV G Features in 291 05 l x lt ui e e S a o e 2 2 2 3 8 8 2 2 2 8 E aa a a a a E CR Module Level Description l g ktl lkt kt Al Slee k CR00015558 ASYN 3 Under some circumstances when a PC terminal emulator was opened to DORRA A NE AE IP TONE NE aR Ta communicate with a router or switch after the router or switch had fully booted up the login prompt did not immediately display
55. ased the number of L3 filter matches available However if the configuration was saved and then run after a reboot the switch incorrectly limited the number of L3 filter matches to the number available when IGMP snooping was enabled If the maximum number of matches had been configured this meant that some matches were missing after a reboot This issue has been resolved CR00013823 Switch In very rare circumstances a port could stop transmitting traffic if its speed was modified or it was reset while under heavy traffic load This issue has been resolved CR00013929 ADSL ATM Ethernet When performing RFC1483 encapsulation of Ethernet frames the AR44xS routers did not pad frames out to the 64 byte minimum frame size the RFC does not require such padding to be performed This resulted in an interoperability issue with ATM switches that discarded rather than padded the undersize frames upon decapsulating them The effect of this was that when an AR44xS router was connected to an ATM network that contained such switches the router could fail to connect at the PPP session level This issue has been resolved The router now always pads undersize Ethernet frames to the 64 byte minimum frame size before it performs RFC 1483 encapsulation This avoids the possibility of this interoperability issue Version 291 10 C613 10488 00 REV G Features in 291 04
56. ay This enhancement enables you to force BGP to select the best route on the basis of network prefix alone instead of on the basis of preference then metric then network prefix To do this 1 Give the desired dynamic routing protocol a preference of 0 which is the preference of interface routes by using the command SET IP ROUte PREFerence 0 PROTocol BGP ext BGP int OSPF EXT 1 OSPF EXT2 OSPF INTEr OSPF INTRa OSPF Other RIP ALL 2 Create a route map to give matching routes the same metric as your interface routes To change the metric use the command ADD IP ROUTEMap routemap ENTry 1 4294967295 SET METric 1 3 Add the route map as a filter to the BGP peers by using the command ADD BGP PEer ipadd REMoteas 1 65534 INRoutemap routemap other optional parameters The above process gives matching routes the same preference and metric as interface routes This forces IP routing to compare the network prefixes of the interface route and the other routes IP routing then chooses the most specific route as the best route for that destination instead of automatically choosing the interface route as the best route without considering any other routes which may have more specific network prefixes lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt lt AT 9900 lt AT 9800 Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Desc
57. buffer space restrictions Level 3 No level 3 issues Version 291 10 C613 10488 00 REV G Features in 291 06 37 Level 4 No level 4 issues Enhancements No enhancements Features in 291 06 Software Maintenance Version 291 06 provided support for the new Rapier 48w switch For more information see Support for the new Rapier 48w switch on page 95 Version 291 10 C613 10488 00 REV G Features in 291 05 Software Maintenance Version 291 05 includes the resolved issues and enhancements in the following tables In the tables for each product series m Y indicates that the resolution is available in Version 291 05 for that product series m indicates that the issue did not apply to that product series Level 1 No level 1 issues Level 2 Features in 291 05 38 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i x900 48 AT 9900 AT 9800 CR00007737 IGMP Snooping When a port left a multicast group the router or switch assigned the All Groups port to that multicast group This could be seen in the output of the command show ip igmp the list of ports for the group would include the All Groups port This issue has been resolved lt lt lt lt AT 8800 lt AT 8600 lt AT 8700XL lt lt lt CR00010003 CR00011533 WAN load balancer Firewall The ro
58. ce not an individual logical interface Setting it on one logical interface sets it on all other logical interfaces associated with the same IP interface E the parameter only applies to on demand PPP links IP always sends notifications for other interfaces even if this parameter is set to no To see the parameter setting use the existing command show ip interface lt lt lt lt AT 8800 lt lt lt lt CR00015269 Switch EPSR EPSR uses a classifier based hardware filter to select packets in the control VLAN The hardware filter now only uses 2 of the available 16 bytes to match packets This increases the number of other classifier based features you can use when running EPSR CR00015628 Switch The switch now fully recognises the latest revision of the AT SPTX SPF so all of the features of the SFP can be utilised Version 291 10 C613 10488 00 REV G Features in 291 03 Features in 291 03 Software Maintenance Version 291 03 includes the resolved issues and enhancements in the following tables In the tables for each product series m Y ina white column indicates that the resolution is available in Version 291 03 for that product series m ina white column indicates that the issue did not apply to that product series E agrey shaded column indicates that Version 291 03 has not been released on that product series
59. ce in the same policy lt lt lt lt AT 8600 lt AT 8700XL lt lt CR00017456 IP Gateway The router or switch could reboot when the local interface address had been specified by using the set ip local command and then the underlying interface from which the local interface took its address was either deleted or had its address changed In both these cases the local interface was correctly reset back to an undefined address but a route to this address was not deleted This could cause routing difficulties and a reboot when packets for that address were received This issue has been resolved The route is now correctly deleted CR00017488 Firewall When a VolP call using SIP was initiated from the public side of the firewall occasionally the firewall created two UDP sessions for the call with different UDP source ports This happened if the first packets of the STP voice data stream arrived earlier than the 200 OK message that was supposed to establish the session The result was that the public side caller could not hear the call This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 wit z ee x g2 2 S R3 2 SiG BIS Rna g zlil e e el S ope CR Module Level Description glg g ktk el Solel CR00017518 ISAKMP 2 The router or switch sometimes could
60. ces literature howto aspx Version 291 10 C613 10488 00 REV G Features in 291 07 Software Maintenance Version 291 07 includes the resolved issues and enhancements in the following tables In the tables for each product series m Y indicates that the resolution is available in Version 291 07 for that product series m indicates that the issue did not apply to that product series Level 1 No level 1 issues Level 2 Features in 291 07 36 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i Rapier w AT 8800 AT 8600 AT 8700XL x900 48 CR00017869 IP Gateway If two routes to the same destination were present in a switch and the route of lower preference was deleted in other words the route whose details were present in the hardware routing database then the hardware routing database was not updated with the remaining route as it should have been This could cause serious routing issues This issue has been resolved so that hardware routing database updates are carried out correctly lt AT 9900 lt AT 9800 CR00018039 Switch Running the command show switch tab ip could result in a reboot if a large number of routes 10 000 or more were present on the switch This issue has been resolved so that the command can run no matter how many routes are present on the switch However the output from the command may be truncated due to
61. ch renumbered a firewall rule it displays a message Previously this message had a status of info instead of warning This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8700XL x900 48 AT 9900 AT 9800 CR00014750 DHCP Previously when a user entered the command delete dhcp range range ip ipadd the router or switch would display an Operation successful message even when the client entry in question was unused This issue has been resolved For unused clients this command now results in the following new message Nothing to delete client is unused lt lt lt lt lt AT 8800 lt AT 8600 lt lt lt lt CR00014778 VLAN Bridging It was possible to specify a value of O for the ageingtimer parameter in the command add and set vilan vian bridge even though this value was meaningless This issue has been resolved The lowest valid value for ageingtimer is 1 CR00015080 ATM When an SHDSL or ADSL interface re trained after having been in a link up state spurious error messages could appear on the console This issue has been resolved The messages were not genuine error messages and no longer appear CRO00015130 Switch The following commands have b
62. configuration file and instead displays the following error message Cannot specify configuration file in Compact Flash CR00013976 IGMP The list of parameters output by the help for show ip igmp incorrectly included IGMP This issue has been resolved CR00015543 Bridge In output of the command show bridge spanning the bridge identifier was correctly displayed as a hexadecimal number but it was not obvious that the number was hexadecimal This issue has been resolved The output now has Ox in front of the hexadecimal number to make it clear that it is hexadecimal CRO00016126 QoS Switch When a QoS policy was associated with a port that was set to a speed less than the maximum speed of the port a warning message would be displayed on the console session and in the log when the port state changed to UP This message stated that the QoS policy operation may be affected by the speed setting of the port Having this message displayed on the console was considered unnecessary and potentially confusing This issue has been resolved The message is now only displayed in the log CRO00016451 IP Gateway When a second metric was displayed in the output of the command show ip route because of OSPF for example this metric was truncated to 2 characters This issue has been resolved The output now displays both metrics in a field up to 10 characters long
63. create config This issue has been resolved Version 291 10 C613 10488 00 REV G Level 3 Features in 291 08 21 CR Module Level Description Rapier i Rapier w AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00000503 PKI Some PKI commands including add pki Idap create pki enroll and create pki keyupdate only worked if their parameters were entered in a particular order This issue has been resolved lt AR400 lt AR7x5 lt AR7x0S lt lt lt lt lt lt lt lt CR00001106 The command add fire policy name rule number act allow int int ip ipadd list filename would incorrectly be rejected with an error message stating that list and ip were mutually exclusive This issue has been resolved so that list and ip can be used together in the same firewall rule CR00001438 TACACS If TACACS was used for authentication and the TACACS server went down during an authentication attempt the router or switch added the attempted login names to the TACACS user list as displayed in output of the show tacplus user command However the router or switch correctly did not log users in with those names This issue has been resolved CR00002587 IP Gateway Sometimes an incorrect error message was printed if a user tried to enable IP multicast switching on a device that did not support i
64. d outgoing DHCP server packets would use the set ip local command s IP address as their source address Furthermore if the broadcast flag was set to TRUE in the DHCP Discover message that the server was replying to then the server would send the DHCP Offer packet out the wrong IP interface with the wrong source IP address Microsoft Windows Vista has the broadcast flag set to TRUE These issues have been resolved The DHCP server configuration now ignores any local IP interfaces set by using the set ip local command and the server now sends the Offer message out the interface that it received the Discover on lt AR400 lt AR7x5 lt AR7x0S lt lt lt AT 8800 lt AT 8600 lt AT 8700XL lt lt AT 9900 lt AT 9800 CR00017749 Switching If a multicast route had an odd number of downstream interfaces attached to it and the last downstream interface was deleted the second to last downstream interface could experience a loss of packets This issue has been resolved CR00017816 PIM PIM would sometimes start forwarding duplicate packets from the RP to downstream interfaces if the SPT Bit had been set and had become unset This issue has been resolved CR00017906 VLAN MSTP If ports were removed from a VLAN and MSTP was enabled then the port removal was not included in the configuration displayed by the command show config dynam or saved by the command
65. d the FIN message consecutively the firewall sometimes incorrectly interpreted the first ACK message intended for the data as belonging to the FIN message and prematurely shut the connection down This could prevent the firewall from opening up new connections using the same port numbers This issue has been resolved lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt AT 9800 CR00015592 BGP IP Gateway When BGP learned new best routes for a particular destination it did not always clear any active IP flows that used the previous best route Therefore the router or switch continued to forward traffic sub optimally This issue has been resolved Now when BGP inserts new routes into the IP route table it deletes all active route flows so any active flows change to using the new route The time taken to delete a full table of IP flows has also been greatly reduced CR00015736 Switch Sometimes IP routed traffic would be sent out the correct port but with the destination MAC of another device on the network This issue was most likely to occur in configurations that use multi homed interfaces on multiple VLANs for end devices This issue has been resolved CR00015822 Switch When the command enable ip macdisparity was used and a static ARP entry was configured with an L2 multicast MAC address the switch should have broadcast traffic to that multicast MAC address out all ports in
66. d show conf dyn ip CR00012168 Classifier Output of the show classifier command displayed only the hexadecimal protocol value for IP SNAP instead of also displaying the protocol name This issue has been resolved The output now displays 0000000800 IP SNAP CR00012885 OSPF GUI If there were virtual OSPF interfaces then the OSPF Interfaces GUI page showed all interfaces as belonging to the backbone area 0 0 0 0 This issue has been resolved CR00013352 STP The help displayed by the command set stp port all listed some parameters twice This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description Rapier i Rapier w x900 48 CR00013494 IP Gateway Once a default local IP address had been set it could not be deleted This was because the default interface does not have an interface number but to delete a local interface the user must specify the interface s number This issue has been resolved by adding an option called default to the delete ip local command To delete the default local interface s address use the command delete ip local default Note that this resets the interface including removing its IP address but does not remove the interface itself lt AR400 lt AR7x5 lt AR7x0S lt lt lt AT 8800 lt AT 8600 lt
67. e 2 If a switch s configuration was saved by using the command create l l 1 Y Y JY JY FY IY f Install config filename and then the command set config filename was entered Stacking the configuration file should have been propagated through the stack to other switches that did not have a file of that name This did not happen This issue has been resolved CR00014673 Load 2 Attempts to upload a file to a TFTP server failed if a invalid IP address was AAE Us mn Rf TT Ue a AD GATT specified in previous attempts This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description Rapier i AT 8600 AT 8700XL x900 48 CR00014714 PIM If a PIM interface was set as the BSR candidate interface by using the command add pim bsrcandidate interface interface and that interface went down PIM would select another interface as the BSR candidate interface The router or switch also set the new interface as the BSR candidate interface in the dynamic configuration This issue has been resolved PIM only looks for a new interface to use as the BSR candidate address if the user has not specified an interface lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt lt AT 9900 lt AT 9800 CR00014748 Reverse Telnet Reverse Telnet used to filter out Ctrl D characters making it impossible to perform certain actions on the remote d
68. e has been resolved CR00015126 IP Gateway For IP filters of type routing the first filter entry could not be set to match on the following IP address mask pair source 0 0 0 0 smask 255 255 255 255 This IP address mask pair corresponds to the default route This issue has been resolved You can now match on the default route in the first entry of a filter Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description Rapier i x900 48 CRO00015148 IP Gateway DHCP When a router or switch was configured to use DHCP to assign an address on an interface and then set to have a static address on that interface the DHCP client in the router or switch would continue to negotiate with the DHCP server This tied up a DHCP lease This issue has been resolved Assigning a static address to an interface will stop the DHCP client from requesting an address from a DHCP server lt AR400 lt AR7x5 lt AR7x0S lt AT 8800 lt AT 8600 lt lt AT 8700XL lt lt AT 9900 lt AT 9800 CR00015155 Load File upload via the IPv6 version of TFTP was not operating correctly This issue has been resolved CR00015159 IP Gateway If the router or switch received an IP subnet broadcast packet that was directed to a unicast MAC address it incorrectly responded with an ICMP unreachable mess
69. ecomes a generic destination If the router or switch receives a BOOTP message on an interface for which no specific destination is defined the router or switch relays the message to all generic destinations This is the same as the behaviour prior to this enhancement To remove a destination that is associated with an interface use the command DELete BOOTp RELAy ipadd INTerface interface To see the interfaces that each destination is associated with use the pre existing command SHow BOOTp RELAy lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt AT 8600 lt AT 8700XL lt lt AT 9900 lt AT 9800 CR00014238 DHCP Snooping DHCP snooping records its client database into a file in NVS if possible or Flash memory In previous versions that file was named bindings dsn From this version the file structure has changed and the file is now named bind0002 dsn When you upgrade a switch to this version the switch creates the new client database file 10 seconds after initialising the new version After that you can safely delete the old bindings dns file if desired Note that the functionality of DHCP snooping has not changed only the filename Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description Rapier i AT 8600 AT 8700XL x900 48 CRO00014241 BGP IP Gatew
70. ed with the commands show debug active and disable debug active m The command did not adequately warn users if an invalid module number had been entered into the active parameter This issue has been resolved The router or switch now displays an error unless the value is between 1 and 142 E The CLI help description for the active parameter listed an incorrect number range and also listed modules that cannot be manipulated through this command This issue has been resolved The help description is now correct CR00011695 Qos The help description for switch commands that accept a value in bytes or similar units such as kbytes or bytes s incorrectly indicated that the units were bps The commands this issue applied to depend on the switch model but include commands such as create qos trafficclass va ue maxburst create qos policy va ue dtcmaxburst set qos red value start1 set swi port value bcl set swi dlfl This issue has been resolved The help description now displays the correct units Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8700XL x900 48 AT 9900 AT 9800 CR00012602 MSTP If the command set mstp cist port va ue was entered with no other parameters the resulting error message One or more parameters may be
71. een deprecated in software versions 2 9 1 and later and therefore correctly have no effect on the switch set switch port number thrashlimit value set switch port number thrashrefill va ue Previously if a user entered these commands the switch incorrectly displayed an Operation successful message This issue has been resolved The switch now displays a warning message indicating that the commands are deprecated For information about the commands that replace these commands see the Limiting Rapid MAC Movement section of the Switching chapter of the Software Reference Version 291 10 C613 10488 00 REV G Enhancements Features in 291 04 81 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00003036 Core It is now possible to hotswap NSMs on NEBS compliant Rapier i switches To hotswap the NSM press the Hot Swap button beside the NSM check that the Swap LED turns on and the In Use LED turns off then remove the NSM Place the new NSM in the bay then press the Hot Swap button again to make the NSM available for use lt CR00012881 IP Gateway The IP implementation has been enhanced to accept IP interfaces with a 31 netmask This results in a slightly non standard subnet that has no network address or broadcast address This has become a popular extension t
72. election option on the firewall pages did not work This issue has been resolved Note that if you want to use the GUI to configure a PPP interface over ISDN use the Dial up menu option to do so CR00005187 LACP 3 If a user attempted to enable LACP on AT 9800 series switches which do Y not support LACP the switch incorrectly said that the module had been enabled This issue has been resolved The switch now displays an error message instead CRO00005894 Classifier 3 Previously a classifier with protocol ip matched both IPv4 and IPv6 YY JY Y Y J packets when used with software QoS instead of only matching IPv4 packets This issue has been resolved CR00005940 BGP 3 There were several cases in BGP where an error was discovered in an YO YS X eNO TY ove fee YIY IY incoming packet but the incorrect error subcode was reported in the accompanying NOTIFICATION message Also NOTIFICATION messages did not contain the aberrant data in their data fields as required by the RFC These issues have been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i Rapier w AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00006303 SNMP On AR725 and AR745 routers which have no VLAN support an SNMP Get request for dot1qMaxVlanid or dot1qMaxSupportedVlans incorrectly returned a value This i
73. en resolved CR00015207 Firewall If a VoIP call came in through the SIP ALG from the public side of the firewall and was then transferred by the device on the private side the firewall session was not always updated When this happened the person to whom the call was transferred could not hear the person who had called This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00015348 GUI The GUI could not be used to access the dual power supply AR750S DP router This issue has been resolved The GUI resource file to use is 750s_281 06_en_d rsc lt CRO00015396 IP Gateway If you defined an IP filter without specifying the optional type parameter the default value of type traffic was added to the filter in the dynamic configuration This prevented you from using the configuration file with software version 2 7 6 and older releases This issue has been resolved The type parameter is only added to the dynamic configuration if you enter a value for it CR00015474 Ethernet If an AR020 PRI E1 T1 PIC was installed on an AR415S the router s Ethernet interface stopped receiving unicast or multicast packets correctly it only received broadcasts correctly This issue
74. enhancement enables the PPPoE client to establish a session promptly after a restart or power cycle This is done by sending a PPPoE Active Discovery Terminate PADT frame in response to a frame received with an unknown PPPoE session ID CR00017197 SSH User RADIUS SSH sessions to the router or switch can now be authenticated via RADIUS The router or switch attempts to authenticate an SSH user via RADIUS if the user to be authenticated is not configured in the local user database and the router or switch has RADIUS configured CR00017395 Firewall This enhancement enables the firewall to establish accurate MSS Maximum Segment Size values for TCP sessions without using the MTU discovery process MTU discovery depends on ICMP error packets so does not work in networks that do not forward ICMP error packets To enable this feature use the command enable firewall policy name adjusttcomss The adjusttcpmss parameter enables the firewall to adjust the MSS value stored inside incoming TCP SYN packets to reflect the lower of the two MTU values on the ingress and egress interfaces Normally for example if a TCP SYN packet arrives from an interface with an MTU of 1500 and leaves on an interface with an MTU of 1000 the MSS inside the SYN packet will remain at 1460 When this feature is enabled the MSS will be adjusted to 960 because the firewall knows that the egress interface has a smaller MTU Note that the firewal
75. ersion 291 08 includes the resolved issues and enhancements in the following tables In the tables for each product series m Y indicates that the resolution is available in Version 291 08 for that product series m indicates that the issue did not apply to that product series Level 1 No level 1 issues Features in 291 08 Level 2 sa z lsigs 2 gig S 3 Sla al g S RS SS SAE E P RR E ae ae CR Module Level Description aia l g g ktl wel el Sal aelk CR00000444 Switching 2 If a packet should have matched a hardware filter with a deny action and DAA SNE EYE NE cs IGMP have been discarded but an IP routing entry had not yet been learnt for the IP Gateway packet then the packet was not discarded This issue has been resolved and the packet is now discarded CRO00000484 Switching 2 When a nodrop action was specified on a port as part of an L3 filter it was YY JY JY TY observed that the port was still dropping packets This was observed after the ARP entry for the destination IP expired from the switch s L3 table This issue has been resolved CRO00001231 Firewall 2 The router or switch sometimes recorded more events in its deny event YET NE PN NG ey ON oe Y queue than was specified by the detail parameter of the set firewall policy attack command This issue has been resolved Version 291 10 C613 10488 00 REV
76. es In some network configurations this learning process cannot identify all router ports For such networks this enhancement enables you to statically configure particular ports as multicast router ports To specify the static router ports use the new command add igmpsnooping vilan vian name 1 4094 routerport port list To stop ports from being static router ports use the new command delete igmpsnooping vilan vian name 1 4094 routerport port list To list the static router ports use the existing command show igmpsnooping and check the new Static Router Ports field Features in 291 02 Version 291 02 was not released Features in 291 01 Version 291 01 was not released Version 291 10 C613 10488 00 REV G Support for the new x900 48FS switch CR00016662 Support for the new x900 48FS switch CR00016662 The x900 48FS is a new model in the x900 Series of layer 3 gigabit and fast Ethernet switches Its key features are Multi layer Fast Ethernet switch 48 port 100BASE X SFP sockets 100 Mbps full or half duplex 4 port 1OOOBASE X SFP uplink sockets 1000 Mbps full duplex Support for hot swappable SFP modules Hot swappable load sharing PSUs 1U height rack mountable Non blocking Layer 2 and Layer 3 IP switching IPv6 ready hardware for accelerated unicast and multicast routing 4096 Layer 2 multicast entries 1024 Layer 3 IPv4 multicast entries 4096 logical
77. evice This issue has been resolved CR00014795 RIPv6 When a user disabled RIPv6 or deleted a RIPv6 interface the router or switch correctly set the metric of any affected RIPv6 routes to 16 indicating that the route was unavailable However the router or switch continued to try to use such routes to route packets if no alternative better routes existed This issue has been resolved When a route s metric is 16 it is no longer used to route traffic CR00014834 Switch When STP detected a topology change and therefore the switch flushed its ARP table entries sometimes the switch did not remove entries for non lead trunk ports Therefore ARP entries for these ports contained incorrect routing information These incorrect entries were not replaced until after they timed out This issue has been resolved CR00014925 IP Gateway When the switch had a static route to a destination and a user added a more specific static route to the same destination then the switch should have removed the less specific route from its hardware switching table but did not This stopped the switch from routing packets to that destination This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800
78. g route entry example gt 192 2 2 0 24 192 168 1 2 IGP 100 m SEQ 1 The flag m indicates that this route has at least one community attached to it Version 291 10 C613 10488 00 REV G Features in 291 04 l x lt wui e e S a o e 2 2 8 5 8 8 8 2 38 8 pa e o o Saa CR Module Level Description l g ktl lkt kt Re lege k CR00010136 IP Gateway 3 If an IP interface was added and deleted many times an excessive number of Me o aaa eye NES EYE Wee AYE Ye memory buffers became full Also when an IP interface was deleted the IGMP query timer set ip igmp int interface querytimeout value sometimes continued running and later caused the router or switch to reboot These issues have been resolved CR00012230 IP Gateway 3 When running the boot ROM release it was possible to configure the routeror Y Y Y Y Y Y JY JY Y Y switch as a DHCP client by using the command add ip interface int ip dhcp However the boot ROM release does not include the DHCP client feature so the router or switch did not receive an IP address via DHCP This issue has been resolved It is no longer possible to configure the router or switch as a DHCP client when running the boot ROM release CR00012493 IP Gateway 3 Where IGMP proxy is enabled only one upstream interface may be defined Ye OY OYE PeYE TEE YES un YE os IGMP Proxy Previously when the command add ip interface int ip ipadd
79. g the server addition However the router or switch did add the server This issue has been resolved TACACS is now consistent with other modules the router or switch displays the following warning and info messages Warning 2111049 The TACP module is not enabled Info 1111003 Operation successful Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description Rapier i x900 48 CRO00013463 Ping Previously if you used the or Tab keys to obtain help about the timeout parameter for the ping command the resulting help said that the maximum timeout was 65535 However the correct maximum is 60 seconds This issue has been resolved The help now displays the correct range of values lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt AT 8600 lt AT 8700XL lt lt AT 9900 lt AT 9800 CR00013589 Install When a router or switch was using a trial licence for release software and the trial period elapsed the router or switch rebooted without indicating the reason for the reboot This issue has been resolved The following error messages now explain why the router or switch is rebooting ERROR There are no valid licences available for the current software release The device will now reboot ERROR The trial licence for the current software release has expired
80. h that of the main chassis fan in the output of the show system command If a problem develops with the CPU fan the router notifies you in the following ways E The system LED flashes in a single flash pattern Em An SNMP trap is issued on the fanAndPSMainFanStatus atRouter private MIB object E A log message is generated that says CPU fan status is not good lt CR00014067 File The commands create file add file reset file permanentredirect and show file permanentredirect were not supported on AR725 and AR745 routers These commands enable you to save the output of other router commands in text files on the router For more information about these commands see the Managing the File System chapter of the Software Reference Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description Rapier i x900 48 CR00014172 BOOTP This enhancement enables you to associate a BOOTP relay destination with a given interface To do this use the new optional interface parameter in the command ADD BOOTp RELAy ipadd INTerface interface BOOTP packets received on this interface are relayed to the specified relay destination only You can define the same interface for multiple relay destinations the router or switch relays any BOOTP packets received to each relay destination If you do not specify an interface the destination b
81. has been resolved CR00015638 Switch On AR770S routers when generating multicast or broadcast CPU traffic out a VLAN that had multiple active switch ports in it the traffic would only egress port 1 This issue has been resolved CR00015697 Switch Mirroring the traffic on port 1 of any line card caused the switch to lose packets CR00015925 ADSL The ADSL Annex B firmware has been updated on AR441S routers This improved interoperability with some DSLAMs Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9800 CR00015936 Switch It was not possible to set a tri speed SFP to a fixed speed in the configuration script that the AT 9924SP switch runs when it starts up This issue has been resolved so the SFP can be set to a fixed speed from the configuration script Also it was possible to use the command set swi port number speed on an empty SFP bay The command reported that the operation had been successful but an inserted SFP was instead set to its previous or default setting This issue has been resolved It is no longer possible to set the speed of an empty SFP bay lt AT 9900 CR00015949 IPv6 Sometimes when a router or switch received an IPv6 router advertisement message it incorrectly
82. is was not desirable behaviour This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description AR7x5 AR7x0S Rapier i Rapier w AT 8800 x900 48 AT 9900 AT 9800 CR00012871 TTY Unexpected characters could appear on the terminal emulator display when the column size was set greater than 80 and the user edited a command that spanned more than one line of the display This issue has been resolved lt AR400 lt lt lt lt lt lt AT 8600 lt AT 8700XL lt lt lt CR00013597 DVMRP Frame Relay If a frame relay interface was configured as a DVMRP interface then the DLC value was not correctly generated in output of the command show config dynam or in the configuration script generated by the command create config This issue has been resolved CR00013660 Core SNMP Previously SNMP returned an incorrect product ID number for AR750S DP routers This issue has been resolved The value of the sysObjectID object is now 80 for AR750S DP routers CR00013735 LACP Switching When moving ports from an LACP controlled trunk to a manually configured trunk ports were incorrectly set in an STP blocking state Therefore traffic would not flow over the trunk This issue has been resolved Note When you move ports from an LACP controlled t
83. l Description l g klk kt Se ego k CR00016758 IP NAT This enhancement enables you to turn off TCP state and sequence checkinginIP Y Y Y NAT It also allows all ICMP packets go through IP NAT To do this use the command enable ip nat bypasstcp When bypasstcp is enabled IP NAT performs IP address and port translation for TCP packets and forwards the packets regardless of the TCP sequence number and the current TCP state It also allows ICMP echo reply and other ICMP packets to initiate a session and get forwarded To disable the bypassing use the command disable ip nat bypasstcp Bypassing is disabled by default because it degrades the security of IP NAT However it is useful when you need NAT on VRRP routers Note that this enhancement does not apply to firewall NAT CR00016776 IP Gateway This enhancement allows ARPs to move between ports on the router s VLAN Y l Y interfaces This assists with wireless station roaming To enable this feature use the command enable ip arp silentroam To disable it use the command disable ip arp silentroam CR00016785 Core The default summertime dates have been updated to reflect the changes for Ye AE NE of NS OES TAYE YE Tens North America made by the American Energy Policy Act of 2005 By default summertime now starts on the second Sunday in March and ends on the first Sunday in November CR00016977 Script This enhancement enables you to use aliases in comma
84. l does not change the original MSS value if it is already lower than the values of the ingress and egress interfaces To disable this feature use the command disable firewall policy name adjusttcpmss This feature is disabled by default Version 291 10 C613 10488 00 REV G Features in 291 08 ul 2 ele x viole 2285 5 8 8 8 2128 8 eile l Ee amp amp P Pe Pls a Fo CR Module Level Description Se Sl Sle gl kt kt k Alz k CR00017482 IGMP The IGMP snooping fast leave option has been enhanced to make it Y YY JY FY Y TTY IY FY LY Snooping available when multiple clients are attached to a single port on the snooping switch For configuration information see IGMP snooping fast leave in multiple host mode CRO00017482 on page 93 CR00017532 WAN Load WAN load balancing can now also balance traffic across IP interfaces that Y Y Balancing are configured on VLANs This means it is now available for the following IP interfaces E eth such as eth0 ppp such as ppp0 E vlan such as vilan1 CRO00017701 IGMP IGMP filtering is now available on AT 8600 series switches Y For more information see the P Multicasting chapter of the switch s Software Reference or How To Configure IGMP for Multicasting on Routers and Managed Layer 3 Switches available from www alliedtelesis conm resour
85. leted under similar circumstances This issue has been resolved lt AR400 CR00016989 IPsec AlliedWare IPsec would not interoperate with Microsoft Windows Vista VPN clients This was because Microsoft changed the IPSec behaviour in Vista such that Vista s private local IP address is sent as the local identification instead of an FQDN When an IPSec tunnel between AlliedWare and Vista was brought up the hosts could not communicate This issue has been resolved AlliedWare IPsec can now communicate with peers that send their private local IP address as the local identification CR00017081 Classifier The show classifier command did not allow users to display only the classifiers that had their IP source address and MAC source address parameters set to dhcpsnooping This issue has been resolved For example the command show classifier ipsa dhcpsnooping now displays those classifiers that have their IP source address set to dhcpsnooping Also it is no longer possible to create two identical classifiers with DHCP snooping parameters CR00017093 Firewall When the router was acting as a firewall and performing DNS relay it used the local IP interface private address as the source address for some packets that it sent out the public interface When the router acts as a DNS relay it receives DNS requests from the private interface and sends a new packet on the public interface These new packets we
86. lity matching is now loose instead of strict This matches the requirements of RFC 4271 CRO00014305 Switch On AT 8748XL and Rapier 48i switches mirroring did not work when E only one not both of the uplinks had an expansion module installed and E that uplink port 49 or 50 was the mirror port This issue has been resolved CRO00014313 GUI Log If the user cleared the Queue Output checkbox on the Modify Log Output Definition page of the GUI it displayed an error instead of making the change This issue has been resolved The GUI can now be used to turn off queuing of logging output CR00014327 MSTP GUI When using the GUI to configure the MSTP CIST users had to specify the external and internal port path costs If these were not specified the GUI gave an error instead of configuring the CIST This issue has been resolved By default the GUI now specifies default for the path costs This value of default leaves the current setting unchanged Version 291 10 C613 10488 00 REV G Features in 291 04 C613 10488 00 REV G l x lt wui e e S a o e 2 2 8 5 8 8 8 2 38 8 TIS S ale e a eo a a CR Module Level Description l g ktl lkt kr Ve ge k CR00014328 IP Gateway 3 If a port had static ARP entries defined for a VLAN then adding the port to YJ Y JY JY TY TY JY TY
87. n though an alternate route to the destination existed the device would send the packets incorrectly This issue has been resolved When a subnet broadcast is received it will be correctly forwarded to an alternate route even if the destination interface is down lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt AT 8600 lt AT 8700XL lt lt AT 9900 lt AT 9800 CR00015798 CR00016058 Switch If the switch received a packet on a port and therefore started using MAC based authentication to authenticate the port and then received another packet during the authentication process then occasionally the switch dropped the second packet This issue has been resolved CR00015915 Ethernet The AR415S router processed some IP multicast packets incorrectly on its ethO interface This issue has been resolved Version 291 10 C613 10488 00 REV G Level 4 Features in 291 04 76 CR Module Level Description Rapier i AT 8600 x900 48 CR00004677 Core When the router or switch rebooted its internal clock lost approximately 1 second This issue has been resolved The time loss on reboot has been reduced lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt AT 8700XL lt lt AT 9900 lt AT 9800 CR00009087 Core Utility The following issues occurr
88. nds in script files The Ye NE Le RYE Ra HEN ATV IE Se Ye router or switch expands the aliases when it runs the script except when it runs the script at start up Version 291 10 C613 10488 00 REV G Features in 291 04 Software Maintenance Version 291 04 includes the resolved issues and enhancements in the following tables In the tables for each product series m Y indicates that the resolution is available in Version 291 04 for that product series m indicates that the issue did not apply to that product series Level 1 Features in 291 04 59 CR Module Level Description Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9800 CR00013787 ISAKMP Logging It was possible for invalid log messages to overwrite the log message buffer and cause the router or switch to reboot Such invalid log messages could occur with VPN tunnels for example This issue has been resolved lt AR400 lt AR7x5 lt AR7x0S lt lt lt lt lt lt AT 9900 lt CR00013813 TTY User When a user telnets into the router or switch to login via RADIUS authentication the telnet connection establishes and then user login authentication starts Previously if the remote user closed the telnet connection before RADIUS responded to the authentication request then the router or switch rebooted when it received the RADIUS Reply message This issue has been resol
89. ng this caused the router or switch to reboot This issue has been resolved CRO00014044 IGMP 2 When large numbers of multicast streams were passing through the switch Y and there was no multicast routing protocol running such as PIM or DVMRP the CPU would experience regular periods of extended high utilisation This could result in lost control packets and network instability This issue has been resolved CRO00014146 TTY 2 When a file was redirected for example by a trigger ifthe mail hostname Y Y Y Y Y Y Y JY JY LY Y was not available or not configured the router or switch would reboot This issue has been resolved CR00014230 TTY 2 If the built in editor was used to delete the last line of a file the routeror Y Y Y Y Y Y Y Y Y Y Y switch could reboot This issue has been resolved CRO00014295 IGMP 2 IGMP snooping would process IGMP protocol packets that had incorrect IP Y ME MISE PY EME ONE P a TTL fields i e that had values other than 1 This issue has been resolved CR00014320 OSPF 2 Occasionally when OSPF was started not all the Type 7 LSAs were a R ol Wie mV UTA ean Ue ce ae TOT Ce A A translated into Type 5 LSAs This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i Rapier w AT 8800 AT 8600 AT 8700XL x900 48 AT 9800 CR00014827 P
90. no other clients on the port that are still interested in receiving the multicast so is suitable only when clients are directly attached to the snooper To specify the new multiple mode use the command set igmpsnooping vlan vlan name 1 4094 al To specify single mode use either of the commands set igmpsnooping vlan vlan name 1 4094 al 1 set igmpsnooping vlan vlan name 1 4094 al 1 L fastleave multiple L fastleave single L fastleave on The command show igmpsnooping vlan has also been enhanced The new command syntax is show igmpsnooping vlan vlan name 1 4094 al ll group multicast ip address allgroups detail The group parameter lets you display information for only one group or for only the All Groups port the allgroups option Version 291 10 C613 10488 00 REV G IGMP snooping fast leave in multiple host mode CR00017482 94 The detail parameter displays more detailed information including expiry times for each port and in the case of multiple host fast leave mode the list of hosts ona port The following example shows this IGMP Snooping Status sisanra wr sree dese ea Stade Big Bee 3 Disabled All groups ports Vlan Name vlan id default Fast Leave 60 Multiple Query Solicitation Off Static Router Ports None Group List 2 groups Group 224 0 1 22 Port 24 Hosts 1 00 00 cd 27 be f 5 172 20 Group 239 255 255 250 Port 2
91. o IP because it reduces wastage of IP addresses on point to point links CR00013129 Many This enhancement extended the help for VRRP OSPF SNMP IP routes user database VLANs logging and file management The help for these and several other modules now gives information about all command parameters CR00013449 Firewall The firewall now supports FTP sessions that use the security extensions defined in RFC 2228 Previously the firewall dropped sessions that used those security extensions This enhancement makes more secure FTP available between private side clients and public side servers and between public side clients and private side servers CR00013610 Telnet TTY This enhancement enables you to select whether the system name appears at the login prompt for telnet client sessions By default the system name appears To prevent it from appearing use the command SET TELnet LOGINSYStemname OFF Note that the login prompt appears before you log into the router or switch Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00013992 Core AR770S routers have a CPU fan that the software now monitors in the same manner as the main fan The state of the CPU fan is displayed along wit
92. oadFilename The following screenshot shows setting the filename to tst cfg Set loadFilename 1 Version 291 10 C613 10488 00 REV G 97 Backing up the configuration with SNMP CR00016221 3 Upload the file To upload the file use SNMP SET loadStatus and set it to a value of 8 The following screenshot shows this Set loadStatus 0 actionupload 7 x Version 291 10 C613 10488 00 REV G 98 SNMP ASN 01 BER Padding CR00016523 SNMP ASN 01 BER Padding CR00016523 99 This enhancement enables you to specify whether SNMP adds 0x00 padding when the most significant 9 bits of an object s value are all 1 or whether the encoding follows the ASN 01 BER rule which cuts off the most significant byte of Oxff This setting has an impact on all integer type MIB objects including 32 bit and 64 bit counter objects To add the padding use the command set snmp asnberpadding on yes true To use the ASN 01 BER rule which is the default use the command set snmp asnberpadding off no false The following table lists examples Bits Value decimal Value hex asnberpadding setting Encoding counter32 4289592837 OxFFADFEO5 on 41 05 00 ff ad fe 05 off 41 03 ad fe 05 counter64 18410715280977201498 OxFF800000ff80895A on 46 09 00 ff 80 00 00 ff 80 89 5a off 46 07 80 00 00 ff 80 89 5a To see whether or not padding is added use the command show snmp and check the new AS
93. onds for AR750S routers and from 10 to 630 seconds for AR770S routers This issue has been resolved The help now displays the correct ranges CR00014205 OSPF The command purge ospf did not delete OSPF redistribution definitions This issue has been resolved CR00014302 TTY If the router or switch configuration file contained the command set tty idle the router or switch produced a corrupted log message when it started up This issue has been resolved Version 291 10 C613 10488 00 REV G Enhancements Features in 291 08 33 CR Module Level Description Rapier i Rapier w AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00012822 BGP The BGP counter output display has been significantly improved Also the command show bgp counter all now prints out the RIB UPDATE DB and PROCESS counters lt AR400 lt AR7x5 lt AR7x0S lt lt lt lt lt lt CR00016099 MACFF DHCP Snooping MAC forced forwarding has been enhanced for use in a hospitality situation such as a hotel The enhanced solution allows hotel guests to connect to the network without having to change their IP settings while still ensuring privacy for each guest Typically some guests will obtain their IP address from the hotel s DHCP server and others will have statically configured
94. out specifying any other parameters This issue has been resolved If this is done the router or switch now displays the warning Warning 2117007 One or more parameters may be missing CR00016840 STP Previously when the switch was a Spanning Tree root bridge in a network and a user raised the switch s root bridge priority enough to stop the switch from being the root bridge unnecessary delays in convergence occurred This issue has been resolved CR00016956 IP Gateway The set ip filter command would not accept the protocol parameter This issue has been resolved CR00016964 ISAKMP When the router or switch negotiated an IPsec tunnel with RFC3947 NAT T its NAT OA payload had two bytes of reserved fields after the ID field instead of the three bytes specified by RFC 3947 This could prevent the tunnel from working properly when the tunnel was between an Allied Telesis router or switch and some other vendor This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description AR7x5 AR7x0S Rapier i Rapier w AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00016985 ATM If a PPP instance was destroyed after an attached ATM channel had been modified using the set atm channel command the router rebooted The router could also reboot if an ATM channel was de
95. ow switch sock con inst value showed a maximum value of 4294967295 This issue has been resolved Valid instance values are O and 1 CR00010538 Firewall When firewall events were recorded in the Notify queue displayed in output of the command show firewall event notify the IP address shown would be the address of the very first packet that belonged to that event flow For example if 64 host scan packets were required to trigger a host scan event and the first packet had a target IP of 1 1 1 1 and the 64th had an IP of 1 1 1 64 then the IP address recorded would be 1 1 1 1 even though the event was not actually recorded until the 64th packet arrived Additionally the source and destination ports in this display would always show as 0 These issues have been resolved The IP addresses shown are now those of the particular packet that triggered the event notification and the source and destination ports match the actual ports used by that packet CR00010976 PPP If the router or switch received an Echo Request that did not comply with RFC 1661 it processed and replied to the Echo Request This issue has been resolved Non complying Echo Requests are now ignored Version 291 10 C613 10488 00 REV G Features in 291 08 s ele g gg S 3 Qla ala S RIS amp Bw ee e he Se eR Re ee ie CR Module Level
96. r switch now displays an error unless the prefix length is in the range 48 64 E previously when the router or switch requested a prefix to delegate to its appint interfaces it could only use prefixes of length 48 or 64 This issue has been resolved The requesting router or switch can now use any prefix that has been delegated to it as long as the prefix length is less than or equal to 64 bits E The requesting router or switch would allocate an address to the interface through which it connects to the delegating router or switch This issue has been resolved The router or switch no longer does this lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt lt AT 9900 lt AT 9800 CR00017076 IPsec When entering the command set ipsec policy the value of the respondsetbadspi was incorrectly reset to its default of false unless it was also included in the set command This issue has been resolved CR00017146 IP Gateway When the router or switch s Local address was pinged the router or switch responded from the interface address of the interface through which it received the ping instead of the Local address to which the ping was sent This issue has been resolved CRO00017151 Telnet When Reverse Telnet was enabled the command shell was correctly disabled on all ASYN ports apart from ASYNO However when Reverse Telnet was disabled again the command shell was not re
97. r the bridge priority CR00014203 OSPF When OSPF was disabled and a BGP redistribution definition existed then the obsolete command set ospf bgplimit imit did not update the limit in the BGP redistribution definition This meant that the limit was incorrect when OSPF was enabled again This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 C613 10488 00 REV G s ele g gg S 3 Qla ala S RIS amp Bw ToS EU aao e T S R CR Module Level Description el al al glg kt ele Slalk CR00014304 LLDP 3 The help displayed for the LLDP port parameter in such commands as Y A ame i Ae AU co Vs CUR Ch GU show Ildp port incorrectly indicated that the port parameter is a string 1 to 255 characters long The port parameter is instead an Ethernet switch port number or a range of numbers This issue has been resolved The help is now correct CR00014330 Ping 3 The maximum value for the delay parameter of the ping command was Me PPE TNT EHS MC ENE ec Yet oY too long This issue has been resolved by changing the range for the delay from 0 4294967295 to 0 604800 This new maximum is the number of seconds in one week CR00014879 Switching 3 Previously an incorrect value was returned for the port number when YON LONE NE PONE Poy aye boy RSTP SNMP responding to an SNMP Request for
98. re given the wrong address This issue has been resolved Such packets now have their source address set to the public interface address as required Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description Rapier i Rapier w AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00017226 IPsec If an IPsec tunnel with no encryption NULL was negotiated in AlliedWare over NAT T the ESP packets did not contain an RFC 3948 compliant checksum This means that some vendors may have discarded packets sent by the AlliedWare peer over such a tunnel This issue has been resolved Note the null encryption is useful for debugging the traffic over an IPsec tunnel and should not be used in a working IPsec solution lt AR400 lt AR7x5 lt AR7x0S lt lt lt AT 8800 CR00017227 IPsec An IPSec checksum recalculation error occurred with UDP traffic when the ESP encapsulation was added This issue has been resolved CR00017255 Switching Previously trunk members were given the STP state in hardware of port 1 instead of having the STP state of the lead port in the trunk The software state as displayed with the command show stp port was correct This issue has been resolved CR00017256 Switching When using multi homed IP interfaces on a VLAN it was possible that L3 hardware switching would
99. ress This issue has been resolved The router or switch now refuses to accept this incorrect negotiation and instead resends a configure request for an IP address CR00016576 IPv6 The router or switch sometimes rebooted after receiving an IPv6 router advertisement or after the command set ipv6 interface was entered This issue has been resolved CR00016621 Switch On 48 port switches hardware filters with the eport parameter specified did not always behave correctly This issue has been resolved CR00016698 BGP The following issues occurred when using BGP aggregate specifications created using the command add bgp aggregate m When an aggregate route was originated from routes learnt from external peers and then all of the contributing child routes were withdrawn by the external peers the aggregate route was not removed from the routing table It could still be advertised to external peers m When a network or import entry add bgp network or add bgp import resulted in a route entry that had the same prefix length as the aggregate specification then BGP correctly originated the aggregate route However deleting the network or import definition did not remove the aggregate route from the routing table These issues have been resolved Version 291 10 C613 10488 00 REV G Features in 291 05
100. riod for 802 1x port authentication wassettolessthan Y Y Y Y Y Y Y Y YY 802 1x 20 seconds the router or switch sometimes rebooted This issue has been resolved CR00013527 OSPF 2 When the router or switch produced an OSPF type 7 LSA it sometimes specified Y Y Y Y Y Y Y YY Y a route out of an interface that was down This would stop the router or switch from forwarding traffic to the route s destination This issue has been resolved CRO00014344 GUI 2 Previously some GUI pages did not display correctly in version 7 of Internet Y Explorer This issue has been resolved CRO00014851 SHDSL 2 Very occasionally an AR442S router would reboot if SHDSL interface train up Y took an excessively long time This issue has been resolved CRO00014955 OSPF 2 The router or switch sometimes rebooted when converting OSPF type 7LSAsto Y Y Y Y Y Y JY YY Y type 5 LSAs This issue has been resolved by increasing the robustness of the translation mechanism This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 05 CR Module Level Description Rapier i AT 8600 AT 8700XL x900 48 AT 9900 CR00015569 Firewall When only NAT was enabled on the firewall during some TCP connections in which either end of the connection sends FIN finished messages immediately after sending some data and the other end ACKs acknowledges the data an
101. ription AR400 AR7x5 AR7x0S Rapier i AT 8700XL x900 48 AT 9900 AT 9800 CR00014300 DHCP Snooping MACFF The following enhancements have been made to DHCP snooping to support MAC forced forwarding MAC forced forwarding checks the DHCP snooping database to find out which router has been assigned to each DHCP client DHCP snooping determines this from the router list in DHCP acknowledgement messages However some clients do not request a router DHCP snooping now modifies request messages from such clients to ensure that they request a router This enables MAC forced forwarding to interoperate with such clients E Output from the command show dhcpsnooping database now displays the list of routers that are assigned to each client as shown in bold in the following example Current valid entries MAC Address IP Address Expires s VLAN Port ID Source Router list 00 00 cd 28 06 7b 192 168 99 1 52 1 13 2 Dynamic 192 168 199 254 lt lt AT 8800 lt AT 8600 lt lt lt CR00014354 Ethernet Switch This enhancement enables you to use 100 Mbps fiber SFPs with AR770S routers Support has been added for AT SFPX 15 and AT SFPX 40 SFPs Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8700XL x900 48 AT 9900 AT 9800 CR000147
102. runk to a manually configured trunk you must delete the ports from LACP CR00013763 OSPF If the obsolete command set ospf rip both was entered the router or switch correctly automatically replaced it with the following two commands in the dynamic configuration add ospf redistribute protcol rip set ospf rip export However if the command create config was used to save the configuration after system start up the configuration file did not contain the command add ospf redistribute protocol rip This meant that OSPF stopped redistributing RIP routes after a reboot This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 wit z sig x 2 e g S R3 2 SiG BIS Rna g ee e he Se eR Re ee ie CR Module Level Description glg g we wel el al k CR00013778 IPv6 2 If a user shortened the prefix length of an IPv6 interface address then YY JY Y FY Y YY Y lengthened it it became impossible to change the prefix length again This issue has been resolved CR00013893 MSTP 2 Executing the commands disable mstp port number or enable mstp YO ONE Nee AE TENE EXO AYE t port number would not disable or enable the port on all MSTIs This issue has been resolved CR00013982 L2TP 2 An L2TP call could be deleted when still attached to the PPP interface YIY JY TY FY Doi
103. s MAC address to resolve lt lt lt lt lt AT 8800 lt lt lt Level 3 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8800 AT 8600 AT 8700XL x900 48 AT 9800 CRO00013270 Qos By default queue lengths were set to the maximum possible values for each port type This could make low priority queues inappropriately starve higher priority queues of buffer resource This issue has been resolved The default queue length has been reduced to 128 frames for all port types If required you can change them by using the existing command SET QOS POrt port list ALL EGRessqueue queue list Length 16 3648 other optional parameters lt lt AT 9900 CR00014306 LLDP Switch The switch included a permanent L3 filter to stop CDP Cisco Discovery Protocol packets from being forwarded This made one less L3 filter match available to users This issue has been resolved CDP still requires an L3 filter but the filter is automatically created when CDP is enabled and destroyed when CDP is disabled Version 291 10 C613 10488 00 REV G Features in 291 03 pe x lt wuil e e S a ea 0 2 2 3 2 8 8 2 8 8 SER ERTE OP PEVAR S T Ea CR Module Level Description Silalea c lelel ei 2l k E CR00014
104. s for prefix assignment type pd CR00016799 Core For revision M1 of AR770S routers the low end threshold for monitoring the 1 2 volt rail was too high This caused power supply monitoring false alarms To check the router revision use the command show system and check the Rev entry underneath the time and date This issue has been resolved the threshold is now correct CR00017008 Core Revisions M3 1and later of the AR745 router do not support Redundant Power Supplies Therefore for these routers RPS monitoring information has been removed from output of the command show system and it is no longer possible to use the command set sys rpsmonitor Version 291 10 C613 10488 00 REV G Level 4 Features in 291 05 53 CR Module Level Description Rapier i x900 48 CR00000396 IGMP If a static IGMP port went link down it was not shown in the Static Ports list in the output of the show ip igmp command This was only a display issue This issue has been resolved lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt AT 8600 lt AT 8700XL lt lt AT 9900 lt AT 9800 CR00011560 Install It is no longer possible to specify a compact flash file as the boot configuration file If the command set config cf filename cfg is entered the router or switch does not change the current boot
105. ssue has been resolved lt CR00006613 Bridge Predefined bridge protocols XEROX PUP and PUP Addr Trans with the encapsulation of Ethll and protocol type 0x0200 and 0x0201 are invalid and obsolete since they are less than the minimum ETHII protocol type of 1500 decimal Bridging with these protocols could cause the router to reboot This issue has been resolved by replacing the predefined protocol types with the more modern equivalents 0x0a00 and 0x0a01 Also if you enter a protocol type less than the minimum the router now displays an error message CR00007394 GUI When a user used the GUI to attempt to delete a local interface that was in use by another protocol the operation correctly failed but the GUI did not display an error message to explain the failure This issue has been resolved CR00007404 MSTP If a network running MSTP was connected to a network running RSTP and MSTP message debugging was enabled on a switch the debug output could loop for a very long time with invalid data This issue has been resolved CR00007926 Switching IP Gateway The x900 series switches did not send an ICMP Redirect packet when they received a packet and the route to the packet s destination was back to the packet s sender The switches routed the packet back to the source but did not send an ICMP Redirect message This issue has been resolved The x900 series switches now send an ICMP Redirec
106. ssue has been resolved The error message is now Error 3005273 No more IP interfaces over VLANs may be added Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description Rapier i Rapier w x900 48 CRO00011438 Ping When the router or switch pinged a host whose hostname consisted only of the digits 0 9 and the letters A F it treated the given hostname as a hexadecimal IPX address even if the hostname was in the host list This issue has been resolved Now when the router or switch pings a host using a hostname it checks the hostname in the host list first If it does not find the host in the host list then it treats the hostname as an IPX address lt AR400 lt AR7x5 lt AR7x0S lt lt lt AT 8800 lt AT 8600 lt AT 8700XL lt lt AT 9900 lt AT 9800 CR00011824 Firewall When a firewall UDP session starts up the session timeout should be 5 minutes for the first 5 packets of the session then change to the configured UDP session timeout value Previously the timeout changed after the 6th UDP packet belonging to that session instead of after the 5th packet This issue has been resolved CR00012066 IP Gateway The command show ip cassi command is obsolete but was still available This issue has been resolved The command has been removed from the command line To obtain the same information use the comman
107. stop for all multi homed interfaces on that VLAN if one of the multi homed interfaces was removed or went into an administratively down state This issue has been resolved CR00017337 Switching It was possible to set up a classifier that matched MPLS frames at layer 2 but the switch would not correctly match these MPLS frames against the classifier This issue has been resolved The switch now correctly matches MPLS frames against such a classifier Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i Rapier w AT 8800 x900 48 AT 9900 AT 9800 CRO00017368 QoS DHCP Snooping Some small memory access violations existed in DHCP snooping These violations have been resolved Also a new console error message is displayed if a user tries to add a duplicate classifier to a QoS policy For example if traffic class 101 belongs to policy 2 and a user tries to add a flow group to traffic class 101 when the flow group s classifier is number 54 and already belongs to policy 2 the following message is displayed Error 3099297 Duplicate classifier 54 on policy 2 A similar new log message has also been added which says Duplicate classifier lt number gt found on lt string gt lt number gt Note that a classifier can exist in two separate policies but cannot exist twi
108. t This issue has been resolved CR00003354 Firewall The firewall message Port scan from lt source gt is underway was repeated more times than messages about other attack events This could cause confusion This issue has been resolved The message is now displayed with the same frequency as other firewall attack event messages CR00003356 Firewall The firewall sometimes did not report that an attack had finished until several minutes after it actually finished This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 wit z sig x 2 e g S R3 Sla as BIS Rna g TS E a a2 P P Pi S R CR Module Level Description glg el ktk el al ael k CRO00004004 File 3 The show file command did not check whether the specified file system We YO NE PIXOS NE PONG a TONES TONE bane A was valid If an invalid file system type was entered such as show file abc the router or switch reported that no files found instead of reporting that the file system abc did not exist This issue has been resolved CR00005048 GUI 3 The following issues occurred with the GUI Y Y E the menu item and related page title for configuring PPPoE and PPPoA interfaces was incorrectly named PPP This issue has been resolved by changing the names to PPPoE PPPoA m the UPnP s
109. t message Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description AR7x5 AR7x0S Rapier i Rapier w AT 8800 x900 48 AT 9900 AT 9800 CR00008122 TTY When prompted to enter a file name while using the command line file editing utility no more than 23 characters could be typed even if the existing characters were deleted using the backspace key This issue has been resolved lt AR400 lt lt lt lt lt lt AT 8600 lt AT 8700XL lt lt lt CR00008378 Firewall The command enable firewall notify port port asyn number was not available on switches only on routers If a user created a configuration on a router and used this option the configuration had to be modified if transferred to a switch This issue has been resolved The notify port option and the port parameter are now available on switches However these port parameters have been deprecated in favour of the asyn parameters so warning messages are printed to indicate this if the commands are used CR00009086 Switching When the commands enable switch port number automdi and disable switch port number automdi were executed from a telnet session some INFO messages were output to the asynO console session instead of the telnet session This issue has been resolved CR00010144 STP SNMP Previously
110. tConfigFile would return no such object This issue has been resolved The objects configFile and createConfigFile now return the boot configuration file The object currentConfigFile now returns the current configuration file CR00009473 Classifier The output of the show classifier number command did not show the protocol number This issue has been resolved CR00010654 Firewall When adding a firewall application rule it was possible to specify FTP as the application but not specify the command parameter This meant that the rule would allow all FTP commands through even if action deny had been specified This issue has been resolved by making the command parameter mandatory when the application is specified as FTP CR00010951 PPP If the router or switch received an LCP packet with an unrecognised code it responded with a CodeReject packet of incorrect length that did not respect the established MRU of the peer This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 08 CR Module Level Description AR7x5 AR7x0S Rapier i Rapier w AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00010967 PPP If the router or switch received an LCP packet with an unrecognised protocol it responded with a ProtocolReject packet of incorrect length that did not respect the established MR
111. that indicates that DDNS is disabled Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00014845 IP Gateway OSPF When OSPF is running over an on demand PPP link and the link goes down IP notifies OSPF that the link is down and OSPF stops sending Hello packets over the link In a network in which routes over the PPP link are all dynamically learnt through OSPF the PPP link will not come back up because without OSPF there are no routes to direct traffic at that link This enhancement enables you to stop IP from notifying OSPF that the PPP link is down OSPF keeps sending Hello messages which bring the link back up again To enable this feature set the new optional notifyospfdown parameter to no in one of the commands ADD IP INTerface int NOTIfyospfdown NO YES other parameters SET IP INTerface int NOTIfyospfdown NO YES other parameters The default value for this parameter is yes which means that IP notifies OSPF when the interface goes down and OSPF sets the interface state to Down OSPF does not send Hello messages to the interface and OSPF is inactive on the interface until it receives an Up notification This is the behaviour prior to this enhancement Also note the following points E the parameter applies to the entire IP interfa
112. the hardware table correctly If the switch supports ECMP all routes are now added to hardware not just the best route CR00017006 Switch Previously the link to the AT G8T GBIC would not come up automatically when its auto negotiation slide switch was set to on This was because the switch configured the GBIC in a fixed speed mode by default This issue has been resolved The link now comes up automatically when the auto negotiation slide switch is set to on To bring the link up when auto negotiation is set to off use the command set swi port port list soeed 1000mf CR00017031 IGMP Snooping If a port on the router or switch joined and left many IP multicast groups the router or switch sometimes did not transmit all multicast packets to all receivers This issue has been resolved CR00017036 Switch In some trunk configurations the STP state of trunks was incorrectly applied to non trunk ports This could result in incorrect traffic flows in the network This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 05 CR Module Level Description Rapier i AT 8600 AT 8700XL x900 48 CR00017074 DHCPv6 DHCPv6 prefix delegation contained the followed issues E previously the command create dhcp6 range accepted ranges with an invalid prefix length This issue has been resolved The router o
113. the VLAN This was not happening This issue has been resolved CR00015861 VRRP After manually disabling the master VRRP router sometimes a backup router that should assume master status would not do so and VRRP would cease to function properly This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 05 l x lt wuil e e S a o e g 2 8 5 8 8 8 2 3 s TD e o o S CR Module Level Description l g ktl lkt kt Se lege k CR00015938 DHCPv6 2 For DHCPv6 the router or switch now supports Prefix Delegation according to naa eos comes ea a Ga Un YY VY RFC 3633 The previous implementation was according to an Internet draft and did not interoperate with other DHCPv6 implementations This issue has been resolved CR00015974 DHCPv6 2 The DHCPv6 client regularly wrote the file client6 dhc which over time caused Mee JOY Ne WN AX as YY Y unnecessary Flash compactions This issue has been resolved The DHCPVv6 client now only writes the file when the contents are different from the previous time that the file was written This greatly reduces the number of Flash compactions caused CR00015984 DHCPv6 2 DHCPv6 authentication did not work correctly YY JY JY TY J Ye ealia This issue has been resolved You can now configure the router or switch to authenticate DHCPv6 exchanges CR
114. tic routes and BGP static import was periodically turned on and off BGP used an excessive number of memory buffers Excessive buffer use could also occur with BGP in other rare circumstances This issue has been resolved CR00012858 DHCP Previously it was not possible to have multiple static DHCP entries with the same client ID MAC address even if the static entries were for different DHCP ranges This issue has been resolved You can now add static DHCP entries for a given MAC address to multiple ranges Note that you cannot have multiple entries for a given MAC address on the same range CR00013150 File If a boot configuration script included a command to delete a file followed by a command to create a file of the same name a fatal exception occurred when the router or switch ran that script on reboot This issue has been resolved so that the fatal exception no longer occurs However you should avoid putting such file operations into boot configuration scripts To enhance multi tasking the file handler performs file operations in the background This is not possible when executing a boot configuration script so the file operations may be queued until after boot up In this case this means that the file deletion will not be finished before the file creation command tries to execute Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module
115. ulted in an error This issue has been resolved lt AR400 lt lt lt lt lt lt lt lt CR00016578 IPv6 If IPv6 was disabled and a user entered any of the following commands add ipv6 interface add ipv6 6to4 add ipv6 tunnel create ipv6 interface enable ipv6 advertising then the router or switch correctly displayed a warning message to indicate that IPv6 was disabled and also correctly performed the specified configuration However it did not display an Operation successful message to indicate that the configuration had changed This issue has been resolved The router or switch now displays the Operation successful message as well as the warning message CR00016735 ATM Sometimes the router displayed the following error message Internal Error speed mismatch causing transmit internal rate underrun error This was due to a mismatch in the synchronisation between the internal rate of the ATM controller in the CPU and the speed of the ATM PHY connector This synchronisation mismatch had a small impact on ATM performance This issue has been resolved CR00016925 TTY If a user was accessing the router or switch via telnet and sent a P break character followed by the character d or D then the router or switch displayed an unwanted diagnostic message This issue has been resolved Version 291 10 C613 10488
116. ute the trace command did not work It returned the error The You V e e Y TON OYE TONE PAYEE LW Te destination is either unspecified or invalid even if the destination was reachable This issue has been resolved Level 4 No level 4 issues Enhancements No enhancements Version 291 10 C613 10488 00 REV G Features in 291 09 Features in 291 09 Software Maintenance Version 291 09 includes the enhancement in the following table which is available for x900 48FE and x900 48FE N switches Level 1 4 No level 1 4 issues Enhancements CR Module Level Description AR400 AR7x5 AR7x0S Rapier i Rapier w AT 8800 AT 8600 AT 8700XL x900 48 AT 9900 AT 9800 CR00018530 Core CPU fan monitoring is now disabled by default on x900 48FE and x900 48FE N switches Monitoring the fan is unnecessary unless an accelerator card is installed on the switch so disabling monitoring reduces the number of messages that the switch displays and logs To enable monitoring use the command enable cpufanmonitoring To disable it again use the command disable cpufanmonitoring When monitoring is enabled the command show system displays the CPU fan status in the entry labelled Main fan Note that this behaviour is already available on AT 8948 switches lt Version 291 10 C613 10488 00 REV G Features in 291 08 Software Maintenance V
117. uter rebooted if a user cleared all active WAN load balancer sessions on a router that had more than approximately 15000 active sessions This issue has been resolved Also the maximum session limit for the WAN load balancer should be 2 the firewall session limit On AR415S and AR442S routers users can increase the firewall session limit by adding special feature licenses Previously if the firewall session limit changed it was necessary to reboot the router to update the WAN load balancer session limit This issue has been resolved The WAN load balancer limit now updates when you enable the firewall session license Version 291 10 C613 10488 00 REV G Features in 291 05 l x lt wui e e S a o e e 2 2 3 8 2 2 2 28 8 TIS S ale oe eo a a CR Module Level Description l g ktl lkt kt Se ge k CR00012980 VLAN 2 Previously it was possible to destroy a VLAN when it was configured as an IP Y NPY OYE ENE SS ie fae e interface This issue has been resolved Now you can only destroy a VLAN if it has no IP configuration CRO00013041 IPsec 2 The router or switch would establish IPsec Security Associations SAs if ISAKMP Y Y IY Y Y l was enabled but IPsec was disabled This issue has been resolved The router or switch only sets up SAs if IPsec is enabled CR00013500 User 2 If the reauthentication pe
118. ved The router or switch now does not reboot if the telnet connection is closed before the RADIUS Reply message arrives CR00013963 Switch Under heavy broadcast traffic it was possible for the switch forwarding database FDB to lock up This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 04 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i x900 48 AT 9800 CRO00014145 Core DHCP Snooping DHCP Snooping determines when a client lease will expire by taking the current time and adding the client s assigned lease period to it Previously DHCP Snooping did not update this expiry time if the switch s clock time changed which can happen because of NTP summertime or a user manually re setting the time Therefore if the switch s clock time changed DHCP clients could expire and lose connectivity This issue has been resolved If the switch s clock changes DHCP Snooping now updates its client expiry times lt lt AT 8800 lt AT 8600 lt AT 8700XL lt lt AT 9900 CR00016314 Core AR442S routers did not run the user specified configuration script at start up Also they incorrectly displayed the message INFO Initialising Flash File System twice during start up These issues have been resolved Level 2 CR
119. would forward two copies of the packet to other ports on that VLAN These issues have been resolved CR00016394 IP Gateway ARP did not work correctly on logical 31 interfaces which prevented regular IPv4 communications from working over these logical 31 interfaces This issue has been resolved CR00016418 STP If the switch received IGMP packets on the non lead port of a trunk group which was participating in a Spanning Tree in some circumstances the switch would forward the packets out of an STP blocked port in the trunk This issue has been resolved Version 291 10 C613 10488 00 REV G Features in 291 05 CR Module Level Description Rapier i AT 8600 AT 8700XL x900 48 CR00016489 BGP When BGP capability matching was changed to strict that setting was not displayed in output of the command show config dyn or saved in the configuration file produced by the command create config When the router or switch ran the configuration file on start up the capability matching setting reverted to the default of loose This issue has been resolved lt AR400 lt AR7x5 lt AR7x0S lt lt AT 8800 lt lt AT 9900 lt AT 9800 CR00016526 PPP An interoperability issue with a malfunctioning PPP peer meant that the peer could ACK an IP address of 0 0 0 0 when it was required to offer a valid public IP add
Download Pdf Manuals
Related Search