Software Maintenance Release Note Maintenance Version 291-19 for AR415S, AR440S, AR441S, AR442S, AR450S, AR725, AR745, AR750S, AR750S-DP, and AR770S routers and AT-8600, AT-8700XL, Rapier i, Rapier w, AT-8800, AT-8900, x900-48, AT-9900, and AT-9800 Series switches This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 291-19 for Software Version 2.9.1.
Models Series Release File Date Size (bytes) GUI file Rapier 48w Rapier w 86291-19.rez 19 February 2009 4625608 - AT-8824, AT-8848 AT-8800 86291-19.rez 19 February 2009 4625608 8824_291-19_en_d.rsc 8848_291-19_en_d.rsc AT-8948, AT8948i, x900-48FE, x900-48FE-N, x900-48FS x900-48 89291-19.rez 19 February 2009 4918932 - AT-9924T, AT-9924SP, AT-9924T/4SP AT-9900 89291-19.rez 19 February 2009 4918932 9924_291-19_en_d.rsc AT-9812T, AT-9816GB AT-9800 sb291-19.
Enabling and installing this version 3 Enabling and installing this version To use this maintenance version you must have a base release license for Software Release 2.9.1. Contact your distributor or reseller for more information about licences. To enable this version and install it as the preferred version, use the commands: enable rel=xx291-19.rez num=2.9.1 set install=pref rel=xx291-19.rez where xx is the prefix to the filename, as shown in the table on page 1.
Features in 291-19 4 Features in 291-19 Software Maintenance Version 291-19 includes the resolved issues in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-19 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues. AT-8948 / x900-48 AT-9900 AT-9800 STP forwarding did not operate correctly between switches connected with an aggregated link.
CR Module Level Description AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 5 AR44x / AR450 Features in 291-19 CR00024044 Test 2 The router or switch could become unresponsive, or reboot, during a full interface test on all interfaces that lasted for a period of over 40 minutes. This only occurred when ethernet crossover cables were used as loop back cables for the interface tests. This issue has been resolved.
CR Module Level AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 6 AR44x / AR450 Features in 291-19 CR00025177 OSPF 2 Previously, when multihomed links were used between OSPF neighbours and all were active (that is, the secondary links were not added with passive=on), then it was possible that the show opsf neighbour command would not display some neighbours. This issue has been resolved.
Features in 291-19 7 Level 3 No level 3 issues. This issue has been resolved. After an LSA times out for a removed neighbour, the entry is no longer shown, unless specifically requested by using the full parameter in the show ospf neighbour command. Enhancements No enhancements.
Features in 291-18 8 Features in 291-18 Software Maintenance Version 291-18 includes the resolved issues and enhancements in the following table. In the tables, for each product series: ■ “Y” in a white column indicates that the resolution is available in Version 291-18 for that product series. ■ “-” in a white column indicates that the issue did not apply to that product series. ■ a grey-shaded column indicates that Version 291-18 was not released on that product series.
AT-8948 / x900-48 AT-9900 AT-9800 Previously on AT-8948 and AT-9900 series switches, the switch could stop learning new MAC addresses during broadcast storm conditions that occurred for a long period of time. AT-8700XL 2 AT-8600 Switching AT-8800 CR00024760 Rapier w Description Rapier i Level AR750S / AR770S Module AR7x5 CR 9 AR44x / AR450 Features in 291-18 – – – – – – – – Y Y – Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
Features in 291-17 10 Features in 291-17 Software Maintenance Version 291-17 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-17 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues. As well, the router or switch will now ensure that X.25 calls are cleared when installed in a X.
AT-8948 / x900-48 AT-9900 AT-9800 Previously, PPP could unneccessarily reduce the memory available on the device for other services when configured as a PPPoE access concentrator. This occurred when a client repeatedly attempted to connect and failed (for example because of authentication failure). When the session was terminated, buffers were left allocated to the session, causing the amount of memory available to steadily reduce.
AT-8948 / x900-48 AT-9900 AT-9800 In normal PIM operation, assert messages are used between PIM neighbours to determine which neighbour has the better route between a multicast client and source. Once the exchange has occurred, the losing neighbour informs the winning neighbour to remove its route from the neighbour’s PIM routing table. The winning neighbour forwards the multicast traffic and starts an assert timer that, when it expires, causes a new assert exchange.
AT-8948 / x900-48 AT-9900 AT-9800 Previously, when you created a DHCP user-defined option, a null byte was attached to the end of any defined string.
CR Module Level Description AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 14 AR44x / AR450 Features in 291-17 CR00023554 PRI 2 Previously, a PRI interface could lock up in the presence of line noise. This has now been fixed. Y Y Y Y Y – – – – – – CR00023842 DHCP 2 Previously, on a router or switch using multihoming, the DHCP server on the router or switch could sometimes assign multiple IP address to the same client.
AT-8948 / x900-48 AT-9900 AT-9800 The router or switch would silently discard echo-requests from a PPP peer after the peer had negotiated with it not to use the LCP magic number option. This was because the router or switch would discard echo-requests with a magic number set to 0 regardless of whether the magic number was required for the link. The magic number option is used to check that the link is not in loopback mode.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 When using IP NAT, TCP connections would have the sequence and/or acknowledgement numbers incorrectly altered by the router, which prevented the TCP connections from being properly set up.
AT-8948 / x900-48 AT-9900 AT-9800 If the router or switch was acting as a PPPoE Access Concentrator, and it was power-cycled or restarted, then re-establishing any existing PPPoE sessions could take longer than necessary. This was because the router or switch would send the incorrect PADT in response to PPPoE session packets sent from the existing PPPoE session (EtherType of 0x8664, the PPPoE Session Protocol).
Features in 291-17 18 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 When a DNS query was sent to the VRRP-adopted virtual IP address on a router or switch, the relayed-response would have a source IP address of the interface it was sent from, instead of the virtual IP address. AT-8600 4 AT-8800 VRRP Rapier w CR00023042 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR44x / AR450 Level 4 Y Y Y Y Y Y Y Y Y Y Y This issue has been fixed.
AT-8948 / x900-48 AT-9900 AT-9800 The AlliedWareTM Operating System now includes a Denial of Service Attack Protection feature for AT-8600 Series switches.
AT-8948 / x900-48 AT-9900 AT-9800 With this software version, AR441S routers with a hardware revision of M1-2 (or later) will support ADSL2 and ADSL2+ connections. You can see the hardware revision of a router by entering the command show system and checking the “Rev” column for the “Base” board.
create ppp template=ppp-template [ipfilter=NONE|0..999] [ipfragment=ON|OFf|True|False|Yes|No] set ppp template=ppp-template [ipfilter=NONE|0..999] [ipfragment=ON|OFf|True|False|Yes|No] These parameters are useful when a dynamic IP interface is created over the dynamic PPP interface. The shortest valid strings are ipfi for ipfilter and ipfr for ipfragment. The ipfilter parameter specifies the traffic filter to apply to IP packets transmitted or received over the dynamic IP interface.
Features in 291-16 22 Features in 291-16 Software Maintenance Version 291-16 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-16 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Under some configurations, the switch could reboot when: AT-8600 2 AT-8800 QoS Rapier w CR00020937 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 23 AR44x / AR450 Features in 291-16 – – – Y Y Y Y Y Y Y Y – – – – – – – – Y Y – – – – – – – – – Y Y – Y Y Y Y Y Y – – Y Y Y ■ applying a QoS policy to the same port twice (by using the command set qos port=x policy=x).
AT-8948 / x900-48 AT-9900 AT-9800 Previously, on a router or switch using multihoming, the DHCP server on the router or switch could sometimes assign multiple IP address to the same client. This occurred when a client's DHCP Discover message was received through more than one logical interface on the router or switch.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Previously on an AR-770s, the command: AT-8600 2 AT-8800 Port Authentication Rapier w CR00022596 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 25 AR44x / AR450 Features in 291-16 – – Y – – – – – – – – enable portauth=8021x port=portid type=authenticator guestvlan=vlanid would not add the specified port to the specified guest VLAN if executed from the device boot configuration script. This issue has been resolved.
■ a request to establish a secure channel from a source that does not match an IPsec policy, or ■ a L2TP call disconnection notification (CDN) or a Stop Connection (StopCCN) with values outside of those specified by the L2TP RFC. This issue has been resolved. Version 291-19 C613-10488-00 REV R AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Previously, the router or switch could reboot while a L2TP tunnel was being established over an IPsec connection.
Features in 291-16 27 AT-8948 / x900-48 AT-9900 AT-9800 Previously the set mstp cist port command parameters intpathcost and extpathcost could not have the value default set. AT-8700XL 3 AT-8600 STP AT-8800 CR00021620 Rapier w Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR44x / AR450 Level 3 – – – Y Y Y Y Y Y Y – Y Y Y Y Y Y – – – – – Y – – – – – – – – – – Y Y Y Y Y Y – – – – Y This issue has been resolved.
Features in 291-16 28 AT-8948 / x900-48 AT-9900 AT-9800 A new parameter ipborrow has been added to the create and set ppp interface commands. You can set the ipborrow parameter to the values: yes|on|true|no|off|false.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 This enhancement has improved router or switch performance when: AT-8600 - AT-8800 IPsec Rapier w CR00021262 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 29 AR44x / AR450 Features in 291-16 Y Y Y Y – Y – – – – – Y Y Y Y Y Y Y Y Y Y Y – – – – – – – – Y Y – ■ multiple IPsec policies exist. In particular, having two policies causes much less of a reduction in performance.
CR Module Level AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 30 AR44x / AR450 Features in 291-16 CR00022331 SHDSL - Previously on AR442S routers, SHDSL train up times were variable and frequently longer than one minute. This enhancement reduces this variability and minimises the train up time required.
Features in 291-15 31 Features in 291-15 Software Maintenance Version 291-15 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-15 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues.
CR Module Level Description AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 32 AR44x / AR450 Features in 291-15 CR00021342 BGP 2 A small memory leak was occurring when receiving BGP update messages. This issue has been resolved.
CR Module Level Description AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 33 AR44x / AR450 Features in 291-15 CR00021006 Switching 2 When ingress filtering was enabled on a port and a packet arrived on that port with a VLAN identifier that the port was not a member of, the source MAC address would be incorrectly learnt. This issue has been resolved and in this situation the MAC address is no longer added to the forwarding database.
Features in 291-15 34 CR Module Level Description AR44x / AR450 AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Level 3 CR00020551 DHCP 3 Previously, when an AT-8600 series switch was acting as a DHCP server with a range defined, frequent Flash memory compactions would occur. This issue has been resolved.
AT-8948 / x900-48 AT-9900 AT-9800 If the router received a CDP packet, and CDP was disabled (the default state), and bridging was configured, then the packet would not be bridged. AT-8700XL 3 AT-8600 Bridging AT-8800 CR00021267 Rapier w Description Rapier i Level AR750S / AR770S Module AR7x5 CR 35 AR44x / AR450 Features in 291-15 Y Y Y – – – – – – – – Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
Features in 291-15 36 CR Module Level Description AR44x / AR450 AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Enhancements CR00018895 SSH - Secure Shell (SSH) no longer requires a feature licence. SSH server and client functionality now works when no feature licence is present. Y Y Y Y Y Y Y Y Y Y Y CR00020566 CR00021186 EPSR - This software version includes support for EPSR+ with enhanced multiple link recovery.
----------- ------------------------------------------------ 311 AT-RP24i-B Rapier 24i NEBS 312 AT-RP24i-B Rapier 24i DC NEBS 302 AT-RP48w-B-15 Rapier 48w-AC 300 AT-RP48w-B-85 Rapier 48w AT-9800 Name (as displayed by show system) AT-9900 Board ID AT-8948 / x900-48 This software version includes support for new variants of the Rapier 24i and Rapier 48w switches, which have new NSM bay connectors.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Changes have been made to reduce the risk of packet loss over a VPN under very high traffic levels and corresponding high-to-overload CPU conditions.
VLAN activation is useful for VLANs that are reached through L2TP tunnels instead of through switch ports. To turn virtual activation on or off, use the command: SET VLAN={vlan-name|1..4094|ALL} VIRTActivation ={Yes|No} The default is no. To see whether the VLAN has been activated virtually, use the command show vlan and check the new “Admin Active” field. This enhancement was previously only available on Rapier, AT-8800, AT-8600 and AT-8700XL switches. Now it is available on all devices that support VLANs.
Features in 291-14 40 Features in 291-14 Software Maintenance Version 291-14 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” in a white column indicates that the resolution is available in Version 291-14 for that product series. ■ “-” in a white column indicates that the issue did not apply to that product series. ■ a grey-shaded column indicates that Version 291-14 was not released on that product series.
AT-8948 / x900-48 AT-9900 AT-9800 If a network event caused the switch to flush its layer 2 forwarding database (FDB) for a port, in some circumstances the switch also flushed hardware ARP entries that hardware layer 3 routes were still using. Possible triggers included an STP topology change somewhere else in the network, or a link flap on a port. Depending on the network configuration and/or network traffic, this issue could result in incorrectly layer 3 switched traffic.
Features in 291-14 42 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 When the L2TP speed was changed, output of the command show ppp util still showed the old speed. AT-8600 3 AT-8800 L2TP Rapier w CR00015046 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR44x / AR450 Level 3 Y Y Y Y Y Y – – Y Y Y – – – – – – – – Y – – Y Y Y Y Y Y – – Y Y Y This issue has been resolved.
Features in 291-13 43 Features in 291-13 Software Maintenance Version 291-13 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-13 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 If multicast traffic was being forwarded to a PPP interface and that PPP interface went down, the router or switch would restart. AT-8600 2 AT-8800 IP gateway Rapier w CR00020253 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 44 AR44x / AR450 Features in 291-13 Y Y Y Y Y Y – – Y Y Y – – – Y Y Y Y Y – – – – – – Y Y Y Y Y – – – This issue has been resolved.
Features in 291-13 45 AT-8948 / x900-48 AT-9900 AT-9800 When firewall events were recorded in the Notify queue (displayed in output of the command show firewall event=notify), the IP address shown would be the address of the very first packet that belonged to that event flow. For example, if 64 host scan packets were required to trigger a host scan event and the first packet had a target IP of 1.1.1.1 and the 64th had an IP of 1.1.1.64, then the IP address recorded would be 1.1.1.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 In some configurations using PPPoE and IPsec, inappropriate ICMP redirect messages would be generated. AT-8600 3 AT-8800 IPsec, IP gateway Rapier w Description Rapier i Level AR750S / AR770S CR00020320 Module AR7x5 CR 46 AR44x / AR450 Features in 291-13 Y Y Y Y – Y – – – – – – – – – – Y – – – – – Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
Features in 291-13 47 CR Module Level AR44x / AR450 AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Enhancements CR00017819 MACFF - MAC-forced forwarding static server entries and debugging has been improved. For details, see “MAC-forced forwarding enhancements (CR00017819)” on page 161. – – – Y Y Y Y Y Y Y – CR00019547 VLAN - This enhancement enables administrative (virtual) activation of VLANs.
AT-8948 / x900-48 AT-9900 AT-9800 This release adds support for the V3 hardware revision of the AT-AR021 BRI-S/T Port Interface Card (PIC). The AT-AR021 V3 hardware revision is a plug-in replacement for the V2 hardware revision, which is no longer available. The AR021v3 has the same feature set and command set as the AR021v2, except that it does not support NT mode operation. Existing configurations for normal TE mode operation will run unchanged on the AR021v3.
Features in 291-12 49 Features in 291-12 Software Maintenance Version 291-12 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-12 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues.
Features in 291-12 50 AT-8948 / x900-48 AT-9900 AT-9800 When a PSU or FOM was hotswapped and replaced with a new unit of the same type, the switch did not update the serial number of the hotswapped unit. Output of the commands show system and show log displayed the serial number of the previous unit.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 The firewall’s TCP Setup Proxy did not always calculate the MSS value correctly. Instead, it would sometimes set the MSS value to 536 bytes, regardless of the MSS value in the incoming SYN packet.
Features in 291-12 52 CR Module Level Description AR44x / AR450 AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Enhancements CR00018418 IGMP, MIB - AlliedWare now includes an IGMP Group MIB. This MIB is available in the file at-igmp.mib. It has the object identifier prefix igmp ({ modules 139 }), and contains a collection of objects and traps for monitoring IGMP group membership.
AT-8948 / x900-48 AT-9900 AT-9800 A new command has been added to modify the operation of the switch when a packet uses the default hardware multicast route. This usually happens when the switch receives new unregistered multicast traffic.
26 11:37:18 6 ETH PINT DOWN ETH3: interface is DOWN 26 11:37:28 6 ETH PINT UP ETH3: interface is UP Note that AR022 PICs (ETH PICs) do not enter a log message after a restart if the link is up during that restart, but do enter a log message for each subsequent link transition. Version 291-19 C613-10488-00 REV R AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Log entries are now generated when Ethernet port links are taken up or down.
Features in 291-11 55 Features in 291-11 Software Maintenance Version 291-11 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version Version 291-19 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues x900-48 AT-9900 AT-9800 Previously when a SYN link failed and the link indication signal (e.g.
x900-48 AT-9900 AT-9800 PIM Null-Register packets were being generated with incorrectly formatted dummy multicast data.
x900-48 AT-9900 AT-9800 On AT-8948 and AT-9900 series switches, if a classifier matched on VLAN ID or interface, the switch did not correctly classify traffic.
x900-48 AT-9900 AT-9800 Previously, multicast limiting did not limit the number of destination lookup failure packets or multicast packets destined to reserved IP multicast addresses. In a correctly-functioning network, rates of these packets are very low, but in a network with a loop, rates can be very high.
x900-48 AT-9900 AT-9800 The firewall sometimes rebooted when using ENAPT, especially if FTP was being run though the firewall.
x900-48 AT-9900 AT-9800 If two or more ECMP routes from Type-5 LSAs were learned by the router or switch, only the route from the LSA with the highest Router ID would be inserted into the IP route table. AT-8700XL 2 AT-8600 OSPF AT-8800 CR00019713 Rapier w Description Rapier i Level AR7x0S Module AR7x5 CR 60 AR400 Features in 291-11 Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved. All routes will now be inserted.
AT-8700XL x900-48 AT-9900 AT-9800 Previously, if a VRRP virtual router was enabled but not connected to anything (for example, no ports in the VRRP VLAN were connected), and the VR was disabled by using the command disable vrrp=n, the error message “Error (3088271): VR n is already disabled” was displayed.
x900-48 AT-9900 AT-9800 If the command create classifier=x innervlanid=y was entered, then the configuration from show config dynam or create config displayed the command as create classifier=x innervlanid=y innertpid=8100, even though the entered command had not specified the innertpid value.
x900-48 AT-9900 AT-9800 When a private LAN interface was brought down then up again, the firewall did not apply NAT to locally generated packets, such as pings. This meant ping replies could not be returned.
x900-48 AT-9900 AT-9800 Previously, when using subnet-based VLANs, only IP traffic matching the source IP network was classified into the subnet-based VLAN. This did not include ARPs.
x900-48 AT-9900 AT-9800 When a DHCP client was communicating with a DHCP server through a BootP relay, when the client attempted to re-new its address allocation by using unicast DHCP renew messages, the DHCP server would drop the messages and not reply. This forced the client to resort to using a broadcast DHCP discover message.
x900-48 AT-9900 AT-9800 Previously, the PKI certificate timestamp was only verified at router or switch initialisation. This caused problems when the time changed, for example because of NTP or if the router or switch had no battery backup (so the time defaulted to 01-Jan-1999 after a reboot). In either situation, the timestamp updates were not communicated to the PKI certificate code so the certificates remained valid or invalid depending upon the initial timestamp check.
x900-48 AT-9900 AT-9800 When the router or switch was acting as an LNS, it was possible for it to get into a state where it has an active and an inactive L2TP tunnel both tied to one PPP connection. Previously, when the inactive tunnel timed out, the router or switch closed the PPP connection. This situation with two L2TP tunnels arose when the LAC removed the tunnel in a way that made it unable to notify the LNS (for example, if there was a brief network outage between the LNS and the LAC).
x900-48 AT-9900 AT-9800 If MSTP was enabled and a port was set as the mirror port, it was possible for the switch to send BPDUs out of this port. Note these BPDUs were originated by the switch, not mirrored from another port.
Features in 291-11 69 x900-48 AT-9900 AT-9800 Support for ICMP Router Discovery, as described in RFC 1256, has been added to routers, and to AT-8948, x900-48, and AT-9900 series switches.
AT-8700XL x900-48 AT-9900 AT-9800 STP and MSTP debugging has been enhanced to: AT-8600 - AT-8800 STP, MSTP, Switch Rapier w CR00016978 Description Rapier i Level AR7x0S Module AR7x5 CR 70 AR400 Features in 291-11 – – – Y Y Y Y Y Y Y Y – – – – – – – – Y Y – Y Y Y Y Y Y – – Y Y Y ■ make it easier to see state information, and ■ only display information about Topology Change messages.
The nestedoverride parameter allows you to add the port to a non-nested VLAN as a tagged port even if the port has already been configured as a customer port in a nested VLAN. The vlan parameter specifies the nonnested VLAN to which you want to add the port. You must also specify frame=tagged.
AR7x5 AR7x0S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL x900-48 AT-9900 AT-9800 Y Y Y Y Y – – – – – – The number of ports supported by Bridging has been increased from 32 to 512. Y Y Y Y Y – – – – – – - Previously, the length of the L2TP call name was limited to 15 characters. This limit has been increased to 19 characters.
Features in 291-10 73 Features in 291-10 Software Maintenance Version 291-10 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-10 for that product series. ■ “–” indicates that the issue did not apply to that product series.
x900-48 AT-9900 AT-9800 The resolution to CR 444 meant that packets processed by the CPU are now subjected to the same filtering as packets switched in hardware. However, this filtering did not always return the expected results. Sometimes its IP address matching was incorrect, and it did not correctly process filters with an action of nodrop.
Features in 291-10 75 This issue has been resolved. Level 4 No level 4 issues Enhancements No enhancements Version 291-19 C613-10488-00 REV R x900-48 AT-9900 AT-9800 Traceroute (the trace command) did not work. It returned the error “The destination is either unspecified or invalid” even if the destination was reachable.
Features in 291-09 76 Features in 291-09 Software Maintenance Version 291-09 includes the enhancement in the following table, which is available for x900-48FE and x900-48FE-N switches. Level 1-4 No level 1-4 issues To enable monitoring, use the command: enable cpufanmonitoring To disable it again, use the command: disable cpufanmonitoring When monitoring is enabled, the command show system displays the CPU fan status in the entry labelled “Main fan”.
Features in 291-08 77 Features in 291-08 Software Maintenance Version 291-08 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-08 for that product series. ■ “–” indicates that the issue did not apply to that product series.
AT-8700XL x900-48 AT-9900 AT-9800 The following issues existed with classifiers: AT-8600 2 AT-8800 Classifier Rapier w CR00003495 Description Rapier i Level AR7x0S Module AR7x5 CR 78 AR400 Features in 291-08 Y Y Y Y Y Y - - Y Y Y - - - - - - - - - Y - Y Y Y Y Y Y - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y ■ classifiers matching protocol=ipv6 and ipprotocol=icmp could be created more than once ■ classifiers matching protocol=ipv6 and ipprotocol=1 could b
AT-8700XL x900-48 AT-9900 AT-9800 The following issues occurred with RIPng: AT-8600 2 AT-8800 RIPng Rapier w CR00007178 Description Rapier i Level AR7x0S Module AR7x5 CR 79 AR400 Features in 291-08 Y Y Y Y Y Y - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y - - - - Y Y Y Y Y Y Y - - Y Y Y ■ RIPng dropped requests from peers with non link-local addresses.
x900-48 AT-9900 AT-9800 If the router or switch received an LCP packet with an unrecognised protocol, it responded with a ProtocolReject packet of incorrect length that did not respect the established MRU of the peer.
AT-8700XL x900-48 AT-9900 AT-9800 Unexpected characters could appear on the terminal emulator display when the column size was set greater than 80 and the user edited a command that spanned more than one line of the display.
AT-8700XL x900-48 AT-9900 AT-9800 If a user shortened the prefix length of an IPv6 interface address, then lengthened it, it became impossible to change the prefix length again.
AT-8700XL x900-48 AT-9900 AT-9800 If an IPv6 accelerator was used, and the upstream router forwarded IPv6 multicast data just before the prune limit timer expired, then the downstream router sometimes did not send the prune until significantly after the timer expired.
x900-48 AT-9900 AT-9800 DHCP Snooping has been enhanced to operate in a customised VLAN ID translation (VID translation) environment. Previously, DHCP Snooping was not supported with VID translation.
x900-48 AT-9900 AT-9800 When the router or switch negotiated an IPsec tunnel with RFC3947 NATT, its NAT-OA payload had two bytes of reserved fields after the ID field instead of the three bytes specified by RFC 3947. This could prevent the tunnel from working properly when the tunnel was between an Allied Telesis router or switch and some other vendor.
x900-48 AT-9900 AT-9800 When the router was acting as a firewall and performing DNS relay, it used the local IP interface private address as the source address for some packets that it sent out the public interface. When the router acts as a DNS relay, it receives DNS requests from the private interface and sends a new packet on the public interface. These new packets were given the wrong address.
x900-48 AT-9900 AT-9800 It was possible to set up a classifier that matched MPLS frames at layer 2, but the switch would not correctly match these MPLS frames against the classifier. AT-8700XL 2 AT-8600 Switching AT-8800 CR00017337 Rapier w Description Rapier i Level AR7x0S Module AR7x5 CR 87 AR400 Features in 291-08 - - - - - - - - Y Y - - - - Y Y Y Y Y Y Y - Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
x900-48 AT-9900 AT-9800 When a VoIP call using SIP was initiated from the public side of the firewall, occasionally the firewall created two UDP sessions for the call with different UDP source ports. This happened if the first packets of the STP (voice data) stream arrived earlier than the 200 OK message that was supposed to establish the session. The result was that the public side caller could not hear the call.
x900-48 AT-9900 AT-9800 When the DHCP server was enabled on a router or switch that also had a local IP interface defined by using the set ip local command, outgoing DHCP server packets would use the set ip local command's IP address as their source address. Furthermore, if the broadcast flag was set to TRUE in the DHCP Discover message that the server was replying to, then the server would send the DHCP Offer packet out the wrong IP interface with the wrong source IP address.
Features in 291-08 90 x900-48 AT-9900 AT-9800 Some PKI commands (including add pki ldap, create pki enroll, and create pki keyupdate) only worked if their parameters were entered in a particular order.
x900-48 AT-9900 AT-9800 The show file command did not check whether the specified file system was valid. If an invalid file system type was entered (such as show file=abc:*.*), the router or switch reported that no files found instead of reporting that the file system abc did not exist.
x900-48 AT-9900 AT-9800 On AR725 and AR745 routers, which have no VLAN support, an SNMP Get request for dot1qMaxVlanId or dot1qMaxSupportedVlans incorrectly returned a value.
AT-8700XL x900-48 AT-9900 AT-9800 When prompted to enter a file name while using the command line file editing utility, no more than 23 characters could be typed, even if the existing characters were deleted using the backspace key.
x900-48 AT-9900 AT-9800 If a user attempted to enter a filename with an invalid format, the resulting error message did not correctly describe the format that should have been used. Also, the router or switch returned an incorrect error message when a user attempted to delete a non-existent release licence file.
AT-8700XL x900-48 AT-9900 AT-9800 PPP incorrectly ACKed a LCP ConfigureRequest containing the MagicNumber option with a value of 0. AT-8600 3 AT-8800 PPP Rapier w CR00010979 Description Rapier i Level AR7x0S Module AR7x5 CR 95 AR400 Features in 291-08 Y Y Y Y Y Y - - Y Y Y Y Y Y Y Y Y - - Y Y Y - - - - - - - - Y Y - Y Y Y Y - Y Y Y - Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
x900-48 AT-9900 AT-9800 When a firewall UDP session starts up, the session timeout should be 5 minutes for the first 5 packets of the session, then change to the configured UDP session timeout value. Previously, the timeout changed after the 6th UDP packet belonging to that session, instead of after the 5th packet.
x900-48 AT-9900 AT-9800 If a user attempted to add a policy option to a DHCP policy by using the set command instead of the add command, then the resulting error message did not clearly indicate the cause of the error.
AT-8700XL x900-48 AT-9900 AT-9800 The VRRP priority could not be modified through the GUI—the priority option was there but did nothing. AT-8600 3 AT-8800 VRRP, GUI Rapier w CR00014103 Description Rapier i Level AR7x0S Module AR7x5 CR 98 AR400 Features in 291-08 Y Y Y Y - Y Y Y - Y Y Y Y Y Y Y Y - - Y Y Y - - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y – – Y Y Y Y - Y Y Y Y Y Y Y Y Y This issue has been resolved.
AT-8700XL x900-48 AT-9900 AT-9800 The maximum value for the delay parameter of the ping command was too long.
AT-8700XL x900-48 AT-9900 AT-9800 If IPv6 was disabled and a user entered any of the following commands: AT-8600 3 AT-8800 IPv6 Rapier w CR00016578 Description Rapier i Level AR7x0S Module AR7x5 CR 100 AR400 Features in 291-08 Y Y Y Y Y Y - - Y Y Y Y - - - - - - - - - - add ipv6 interface add ipv6 6to4 add ipv6 tunnel create ipv6 interface enable ipv6 advertising then the router or switch correctly displayed a warning message to indicate that IPv6 was disabled and
Features in 291-08 101 x900-48 AT-9900 AT-9800 The Diagnostics > Layer 2 Forwarding Database page of the GUI displayed extra internal (SYS or CPU) entries. AT-8700XL 4 AT-8600 GUI, Switch AT-8800 CR00011228 Rapier w Description Rapier i Level AR7x0S Module AR7x5 CR AR400 Level 4 – – – Y Y Y Y Y – – – – – Y – – – – – – – – Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
Features in 291-08 102 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL x900-48 AT-9900 AT-9800 Enhancements CR00012822 BGP - The BGP counter output display has been significantly improved. Also, the command show bgp counter=all now prints out the RIB, UPDATE, DB and PROCESS counters. Y Y Y Y Y Y - - Y Y Y CR00016099 MACFF, - MAC-forced forwarding has been enhanced for use in a hospitality situation, such as a hotel.
Description Rapier i Rapier w AT-8800 AT-8600 AT-8700XL x900-48 AT-9900 AT-9800 CR00016662 CR00016891 CR00017335 CR00017937 Level AR7x0S Module AR7x5 CR 103 AR400 Features in 291-08 - This software release supports the new x900-48FS switch. For an overview of the switch, see “Support for the new x900-48FS switch (CR00016662)” on page 172.
CR Module Level Description AR7x5 AR7x0S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL x900-48 AT-9900 AT-9800 104 AR400 Features in 291-08 CR00017482 IGMP Snooping - The IGMP snooping fast leave option has been enhanced, to make it available when multiple clients are attached to a single port on the snooping switch. For configuration information, see “IGMP snooping fast leave in multiple host mode (CR00017482)” on page 173.
Features in 291-07 105 Features in 291-07 Software Maintenance Version 291-07 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-07 for that product series. ■ “–” indicates that the issue did not apply to that product series.
Features in 291-06 106 Level 4 No level 4 issues Enhancements No enhancements Features in 291-06 Software Maintenance Version 291-06 provided support for the new Rapier 48w switch. For more information, see “Support for the new Rapier 48w switch” on page 175.
Features in 291-05 107 Features in 291-05 Software Maintenance Version 291-05 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-05 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues AT-9900 AT-9800 When a port left a multicast group, the router or switch assigned the All Groups port to that multicast group.
x900-48 AT-9900 AT-9800 Previously, it was possible to destroy a VLAN when it was configured as an IP interface. AT-8700XL 2 AT-8600 VLAN AT-8800 CR00012980 Description Rapier i Level AR7x0S Module AR7x5 CR 108 AR400 Features in 291-05 Y - Y Y Y Y Y Y Y Y Y Y Y Y Y - - - - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y - - - - - Y - - - - Y - - - - - - - - - Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
AT-9900 AT-9800 When only NAT was enabled on the firewall, during some TCP connections in which either end of the connection sends FIN (finished) messages immediately after sending some data and the other end ACKs (acknowledges) the data and the FIN message consecutively, the firewall sometimes incorrectly interpreted the first ACK message (intended for the data) as belonging to the FIN message and prematurely shut the connection down.
AT-9900 AT-9800 For DHCPv6, the router or switch now supports Prefix Delegation according to RFC 3633. The previous implementation was according to an Internet draft and did not interoperate with other DHCPv6 implementations.
AT-9900 AT-9800 When the icmptype parameter was changed to none for an IPv6 IPsec policy, an incorrect ICMP type value was displayed in output of the command show config dyn and saved in the configuration file produced by the command create config. x900-48 2 AT-8700XL IPsec, IPv6 AT-8600 CR00016128 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 111 AR400 Features in 291-05 Y Y Y Y Y - - - - - Y - - - - - - - - - This issue has been resolved.
AT-9900 AT-9800 If an IPv6 DHCP client was forced to rebind to a router or switch acting as a DHCP server, the server returned incorrect timing parameters to the client. Some clients were able to cope with this, but others could end up losing their DHCP lease.
AT-9900 AT-9800 When BGP capability matching was changed to strict, that setting was not displayed in output of the command show config dyn or saved in the configuration file produced by the command create config. When the router or switch ran the configuration file on start-up, the capability matching setting reverted to the default of loose.
AT-9900 AT-9800 For AR44xS series routers with system territory set to USA, the ISDN Q.931 SPIDs failed to initialize to the ISDN exchange/ISDN USA profile simulator (both manual and auto SPIDs) after a reboot. x900-48 2 AT-8700XL ISDN AT-8600 CR00016762 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 114 AR400 Features in 291-05 Y - - - - - - - - - Y Y Y - - - - - - - This happened because the router did not write *.
AT-9900 AT-9800 When there were multiple routes to a destination and the best route was deleted from the switch’s hardware routing table, the switch did not use the alternative route. Also, the switch only used the best route, even if ECMP was supported.
x900-48 AT-9900 AT-9800 DHCPv6 prefix delegation contained the followed issues: AT-8700XL 2 AT-8600 DHCPv6 AT-8800 CR00017074 Description Rapier i Level AR7x0S Module AR7x5 CR 116 AR400 Features in 291-05 Y Y Y Y Y - - Y Y Y Y Y Y Y Y - - - - - ■ previously, the command create dhcp6 range accepted ranges with an invalid prefix length. This issue has been resolved. The router or switch now displays an error unless the prefix length is in the range 48-64.
This issue has been resolved. If the only healthcheck host available is unreachable and the resource is currently in the UP state, the next unreachable healthcheck received from that host now forces the resource to the DOWN state. Version 291-19 C613-10488-00 REV R AT-9900 AT-9800 If two WAN load balancer healthcheck hosts were defined, and one was unreachable and the other was reachable, WAN load balancer resources were (correctly) in the UP state because at least one healthcheck host was reachable.
Features in 291-05 118 AT-9900 AT-9800 Some early software versions, on some products, supported the command show system temperature. This command was deprecated after version 2.6.4.
AT-9900 AT-9800 Previously, the switch’s count of PIM4 and PIM6 bad Bootstrap Messages (BSMs) could be high, because the switch forwarded BSMs over interfaces that contained an Equal Cost Multipath (ECMP) route to the receiving interface.
AT-9900 AT-9800 Under some circumstances, when a PC terminal emulator was opened to communicate with a router or switch after the router or switch had fully booted up, the login prompt did not immediately display. To display the login prompt, it was necessary to remove and re-insert the cable. This issue applied to all models’ ASYN ports except ports on the AR024 PIC.
CR Module Level Description AR7x5 AR7x0S Rapier i AT-8800 AT-8600 AT-8700XL x900-48 AT-9900 AT-9800 121 AR400 Features in 291-05 CR00016228 QoS 3 If a QoS policy uses the same classifier more than once, the router or switch now displays a warning message. You should not use a classifier more than once in a policy because the operation of such policies is unpredictable.
Features in 291-05 122 AT-9900 AT-9800 If a static IGMP port went link down, it was not shown in the “Static Ports” list in the output of the show ip igmp command. This was only a display issue.
Features in 291-05 123 AT-9900 AT-9800 An ADSL connection option has been added to the Wizards page of the GUI for AR44xS routers. This option links to the xDSL configuration section, which lets you configure all basic ADSL or SHDSL settings on one convenient page.
AT-9900 AT-9800 To establish a tunnelled IPsec connection for IPv6, you may need to specify the source IP interface in the IPsec and ISAKMP policies. This enhancement enables you to do so.
AT-9900 AT-9800 This enhancement enables the router or switch to log discarded ARP requests when ARP security is enabled. By default, discarded ARP requests are not logged.
AT-9900 AT-9800 This enhancement disables CPU fan monitoring on AT-8948 switches. Monitoring the fan is unnecessary unless an accelerator card is installed on the switch, so disabling monitoring reduces the number of messages that the switch displays and logs.
AT-9900 AT-9800 This enhancement enables you to turn off TCP state and sequence checking in IP NAT. It also allows all ICMP packets go through IP NAT.
Features in 291-04 128 Features in 291-04 Software Maintenance Version 291-04 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-04 for that product series. ■ “–” indicates that the issue did not apply to that product series. AT-9900 AT-9800 It was possible for invalid log messages to overwrite the log message buffer and cause the router or switch to reboot.
AT-9800 DHCP Snooping AT-9900 DHCP Snooping determines when a client lease will expire by taking the current time and adding the client's assigned lease period to it. Previously, DHCP Snooping did not update this expiry time if the switch's clock time changed, which can happen because of NTP, summertime, or a user manually re-setting the time. Therefore, if the switch's clock time changed, DHCP clients could expire and lose connectivity.
AT-9900 AT-9800 A badly formed response from a particular HTTP server caused the router or switch to reboot when it attempted to load a non-existent file from that server. x900-48 2 AT-8700XL HTTP AT-8600 CR00013592 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 130 AR400 Features in 291-04 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y – – – Y Y Y Y – – – – – – – – – – – – Y Y – – – – – – – – – This issue has been resolved.
x900-48 AT-9900 AT-9800 When the router generated packets (such as ARP requests) and sent them out multiple LAN ports, it always sent them as untagged packets.
AT-9900 AT-9800 If a PIM interface was set as the BSR candidate interface (by using the command add pim bsrcandidate interface=interface) and that interface went down, PIM would select another interface as the BSR candidate interface. The router or switch also set the new interface as the BSR candidate interface in the dynamic configuration.
AT-9800 Switch AT-9900 If a terminal emulator started up after the router started up, the router did not display a login or command prompt. This issue occurred with some terminal emulators (including Tera Term Pro) when connecting to the AR415S router.
AT-9900 AT-9800 The GUI could not be used to access the dual power supply AR750S-DP router. x900-48 2 AT-8700XL GUI AT-8600 CR00015348 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 134 AR400 Features in 291-04 – – Y – – – – – – – Y Y Y Y Y Y Y Y Y Y Y – – – – – – – – – – – Y – – – – – – – This issue has been resolved. The GUI resource file to use is 750s_281-06_en_d.rsc.
x900-48 AT-9900 AT-9800 It was not possible to set a tri-speed SFP to a fixed speed in the configuration script that the AT-9924SP switch runs when it starts up.
Features in 291-04 136 AT-9900 AT-9800 The graphical user interface (GUI) listed an invalid local interface in the Interface drop-down list on the page for adding a static IGMP association. x900-48 3 AT-8700XL GUI, IGMP AT-8600 CR00007000 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR AR400 Level 3 Y Y Y Y Y Y Y – Y Y – – – – – – – Y Y – – – – – Y – – – – – Y Y Y Y Y – – Y Y Y This issue has been resolved.
x900-48 AT-9900 AT-9800 If an IP interface was added and deleted many times, an excessive number of memory buffers became full.
AT-9900 AT-9800 When authenticating users via RADIUS, the number of times that the router or switch attempts to contact the RADIUS server is determined by the Server Retransmit Count (displayed in output of the command show radius). Previously, this count incorrectly included the initial request. For example, a Retransmit Count of 3 meant that up to 3 attempts were made to contact the server.
AT-9900 AT-9800 When IGMP fast leave was enabled and the switch received a leave message via a trunk port, the switch only removed the port from the multicast group if the port was the master trunk port. x900-48 3 AT-8700XL IGMP AT-8600 CR00013629 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 139 AR400 Features in 291-04 – – – Y Y Y Y Y Y – This issue has been resolved.
AT-9900 AT-9800 When the firewall was performing NAT on UDP video streams and two streams started up at the same time, sometimes one or both streams displayed excessive jitter. x900-48 3 AT-8700XL Firewall AT-8600 CR00014163 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 140 AR400 Features in 291-04 Y Y Y Y Y – – – – – – – Y – – – – – – – Y Y Y This issue has been resolved.
x900-48 AT-9900 AT-9800 Switch If a port had static ARP entries defined for a VLAN, then adding the port to another VLAN made those static ARP entries inactive.
AT-9800 IP Gateway AT-9900 It was possible to add a BOOTP relay destination using an interface that was not running IP. It was also possible to delete an IP interface even though BOOTP relay destinations were defined for the interface. Both of these situations could allow the router or switch to be mis-configured.
AT-9800 DHCP AT-9900 When a router or switch was configured to use DHCP to assign an address on an interface, and then set to have a static address on that interface, the DHCP client in the router or switch would continue to negotiate with the DHCP server. This tied up a DHCP lease.
AT-9900 AT-9800 Subnet broadcast packets would not be routed correctly when the interface to which the subnet broadcast was destinated was an interface on the device, but its link status was down. Even though an alternate route to the destination existed, the device would send the packets incorrectly.
x900-48 AT-9900 AT-9800 The following issues occurred with the commands show debug active and disable debug active: AT-8700XL 4 AT-8600 Core, Utility AT-8800 CR00009087 Description Rapier i Level AR7x0S Module AR7x5 CR 145 AR400 Features in 291-04 Y Y Y Y Y Y Y Y Y Y – – – Y Y Y Y Y Y Y – – – Y Y Y Y Y Y – Y Y Y Y Y Y Y Y Y Y ■ The command did not adequately warn users if an invalid module number had been entered into the active parameter.
AT-9900 AT-9800 The blackhole parameter of the commands add and set ip route had no “?” help description. x900-48 4 AT-8700XL IP Gateway AT-8600 CR00013112 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 146 AR400 Features in 291-04 – – – – – – – Y Y – – – – Y Y Y Y Y Y – Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
AT-9900 AT-9800 When a router or switch was using a trial licence for release software and the trial period elapsed, the router or switch rebooted without indicating the reason for the reboot. x900-48 4 AT-8700XL Install AT-8600 CR00013589 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 147 AR400 Features in 291-04 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y – – – – – – – Y Y – This issue has been resolved.
x900-48 AT-9900 AT-9800 The show exception command did not display the correct exception type for watchdog exceptions on AR750S, AR750S-DP, or AR770S routers. AT-8700XL 4 AT-8600 Core AT-8800 CR00014170 Description Rapier i Level AR7x0S Module AR7x5 CR 148 AR400 Features in 291-04 – – Y – – – – – – – Y Y Y Y Y Y Y Y Y Y Y – Y – – – – – – – – – – – – – – – – Y Y Y Y Y Y – – – – Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
x900-48 AT-9900 AT-9800 It was possible to specify a value of 0 for the ageingtimer parameter in the command add and set vlan=vlan bridge, even though this value was meaningless. AT-8700XL 4 AT-8600 VLAN, Bridging AT-8800 CR00014778 Description Rapier i Level AR7x0S Module AR7x5 CR 149 AR400 Features in 291-04 Y – Y Y – – – – – – Y – – – – – – – – – – – – – – – – Y Y – This issue has been resolved. The lowest valid value for ageingtimer is 1.
Features in 291-04 150 x900-48 AT-9900 AT-9800 It is now possible to hotswap NSMs on NEBS-compliant Rapier i switches. AT-8700XL - AT-8600 Core AT-8800 CR00003036 Description Rapier i Level AR7x0S Module AR7x5 CR AR400 Enhancements – – – Y – – – – – – To hotswap the NSM, press the Hot Swap button beside the NSM, check that the Swap LED turns on and the In Use LED turns off, then remove the NSM.
AT-9900 AT-9800 AR770S routers have a CPU fan that the software now monitors in the same manner as the main fan. The state of the CPU fan is displayed along with that of the main (chassis) fan in the output of the show system command.
x900-48 AT-9900 AT-9800 This enhancement enables you to associate a BOOTP relay destination with a given interface.
IP Gateway To do this: 1. Give the desired dynamic routing protocol a preference of 0, which is the preference of interface routes, by using the command: SET IP ROUte PREFerence=0 PROTocol={BGP-ext|BGP-int|OSPF-EXT1| OSPF-EXT2|OSPF-INTEr|OSPF-INTRa|OSPF-Other|RIP|ALL} 2. Create a route map to give matching routes the same metric as your interface routes. To change the metric, use the command: ADD IP ROUTEMap=routemap ENTry=1..4294967295 SET METric=1 3.
x900-48 AT-9900 AT-9800 The following enhancements have been made to DHCP snooping, to support MAC-forced forwarding: AT-8700XL - AT-8600 DHCP Snooping, MACFF AT-8800 CR00014300 Description Rapier i Level AR7x0S Module AR7x5 CR 154 AR400 Features in 291-04 – – – Y Y Y Y Y Y – – – Y – – – – – – – ■ MAC-forced forwarding checks the DHCP snooping database to find out which router has been assigned to each DHCP client.
AT-9900 AT-9800 A new log message has been added to provide more information about rejected DNS requests. The message has a log type of 052 / IPDNS and subtype 002 / UNRES, and reads: x900-48 - AT-8700XL DNS AT-8600 CR00014715 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 155 AR400 Features in 291-04 Y Y Y Y Y Y Y Y Y Y Y – Y – – – – – – – DNS request for rejected by server. Code , .
OSPF AT-9900 AT-9800 When OSPF is running over an on-demand PPP link and the link goes down, IP notifies OSPF that the link is down and OSPF stops sending Hello packets over the link. In a network in which routes over the PPP link are all dynamically learnt through OSPF, the PPP link will not come back up because without OSPF there are no routes to direct traffic at that link.
Features in 291-03 157 Features in 291-03 Software Maintenance Version 291-03 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” in a white column indicates that the resolution is available in Version 291-03 for that product series. ■ “-” in a white column indicates that the issue did not apply to that product series. ■ a grey-shaded column indicates that Version 291-03 has not been released on that product series.
x900-48 AT-9900 AT-9800 When a switch was heavily loaded with IPv6 traffic, it could reboot because a large quantity of traffic was queued while waiting for a neighbour's MAC address to resolve. AT-8700XL 2 AT-8600 IPv6 AT-8800 CR00015678 Description Rapier i Level AR7x0S Module AR7x5 CR 158 AR400 Features in 291-03 Y Y Y Y Y – – Y Y Y This issue has been resolved by limiting the number of packets that can be queued while waiting for a neighbour's MAC address to resolve.
x900-48 AT-9900 AT-9800 Destroying a traffic class or flow group also destroyed all classifiers that were associated with that traffic class or flow group. AT-8700XL 3 AT-8600 QoS AT-8800 CR00014959 Description Rapier i Level AR7x0S Module AR7x5 CR 159 AR400 Features in 291-03 – – – Y Y Y Y Y Y – – – – Y Y Y Y – – – This issue has been resolved. User-created classifiers are no longer destroyed.
Features in 291-02 160 Switch, VLAN In some network configurations, this learning process cannot identify all router ports. For such networks, this enhancement enables you to statically configure particular ports as multicast router ports. To specify the static router ports, use the new command: add igmpsnooping vlan={vlan-name|1..4094} routerport=port-list To stop ports from being static router ports, use the new command: delete igmpsnooping vlan={vlan-name|1..
MAC-forced forwarding enhancements (CR00017819) 161 MAC-forced forwarding enhancements (CR00017819) This enhancement improved MAC-forced forwarding in the following ways: ■ The commands add and set macff server both now allow you to optionally specify a MAC and/or IP address for the static entry.
IGMP Group MIB (CR00018418) 162 IGMP Group MIB (CR00018418) AlliedWare now includes an IGMP Group MIB. This MIB is available in the file at-igmp.mib. The IGMP Group has the object identifier prefix igmp ({ modules 139 }), and contains a collection of objects and traps for monitoring IGMP group membership.
ICMP Router Discovery Advertisements (CR00010614) 163 ICMP Router Discovery Advertisements (CR00010614) Router discovery The router or switch supports all RFC 1256, ICMP Router Discovery Messages as it applies to routers. If this feature is configured, the router or switch sends router advertisements periodically and in response to router solicitations. It does not support the Host Specification section of this RFC.
ICMP Router Discovery Advertisements (CR00010614) When... (Continued) Then... (Continued) the host waits for the next unsolicited router a host does not receive a router advertisement after sending a small number advertisement of router solicitations a host needs a default router address the host uses the IP address of the router or L3 switch with the highest preference level.
ICMP Router Discovery Advertisements (CR00010614) 165 Advertisement interval The router advertisement interval is the time between router advertisements. For the first few advertisements sent from an interface (up to 3), the router or switch sends the router advertisements at intervals of at most 16 seconds.
ICMP Router Discovery Advertisements (CR00010614) 2. 166 Stop advertising on other logical interfaces. By default, logical interfaces are set to advertise if their physical interface is set to advertise.
STP and MSTP debugging enhancements (CR00016978) 167 STP and MSTP debugging enhancements (CR00016978) Debugging command and output enhancements STP and MSTP debugging have been enhanced in the following ways: ■ A new STP and MSTP debugging option turns on real-time switch port state debugging. This option displays a message every time STP/MSTP asks for the state of a port to be changed.
STP and MSTP debugging enhancements (CR00016978) New show commands The following new commands display the current port states (in hardware) of all ports that are taking part in STP or MSTP: show switch stp show switch mstp The following example shows the output of the show switch stp command. Switch STP Port State Information at 12:09:52: ST Port State --------0 2 Fo 0 3 Fo 0 5 Bl 0 6 Li The following example shows the output of the show switch mstp command.
STP and MSTP debugging enhancements (CR00016978) The following table lists the fields in this output. Parameter Meaning ST The ID number of the Spanning Tree that the port belongs to. Port The switch port whose state is displayed. State The STP state of the port.
Acting on traffic destined for a particular DHCP client (CR00017018) 170 Acting on traffic destined for a particular DHCP client (CR00017018) This enhancement enables you to act on traffic that is received on an uplink port and is destined for a particular DHCP client. It expands the classifier functionality so that the switch can use DHCP snooping records to determine which traffic is destined for each client.
Acting on traffic destined for a particular DHCP client (CR00017018) Example For example, consider the following figure. In this example, the QoS policy on the uplink port includes the following classifier: create classifier=1 ip=dhcpsnooping snoopport=x snoopvlan=y When the client receives a DHCP lease, all traffic that comes in through the uplink port and is destined for the client will match classifier 1.
Support for the new x900-48FS switch (CR00016662) Support for the new x900-48FS switch (CR00016662) The x900-48FS is a new model in the x900 Series of layer 3 gigabit and fast Ethernet switches.
IGMP snooping fast leave in multiple host mode (CR00017482) 173 IGMP snooping fast leave in multiple host mode (CR00017482) The IGMP snooping fast leave option has been enhanced, to make it available when multiple clients are attached to a single port on the snooping switch. Fast leave now has two modes available: ■ multiple host mode—the new feature. In multiple host mode, the snooper tracks which clients are joined to a given IP multicast group on a given port.
IGMP snooping fast leave in multiple host mode (CR00017482) 174 The detail parameter displays more detailed information, including expiry times for each port, and in the case of multiple host fast leave mode, the list of hosts on a port. The following example shows this. IGMP Snooping -------------------------------------------------------------------------Status ........................... Enabled Disabled All-groups ports ........ None Vlan Name (vlan id) ..... Fast Leave ..............
Support for the new Rapier 48w switch Support for the new Rapier 48w switch The Rapier 48w is a new model in the Rapier Series of layer 3 gigabit and fast Ethernet switches.
Backing up the configuration with SNMP (CR00016221) 176 Backing up the configuration with SNMP (CR00016221) With this enhancement, you can use SNMP to: ■ set parameters for uploading files from the router or switch, and ■ upload files to a TFTP server SNMP already lets you save the current configuration to a file on the router or switch. You can use this with the new options to back up the configuration to a TFTP server. To do this, perform the following steps. 1.
Backing up the configuration with SNMP (CR00016221) 2. Set the load parameters To specify the server IP address, use SNMP SET loadServer. To set the filename, use SNMP SET loadFilename. The following screenshot shows setting the filename to tst.cfg.
Backing up the configuration with SNMP (CR00016221) 3. Upload the file To upload the file, use SNMP SET loadStatus and set it to a value of 8. The following screenshot shows this.
SNMP ASN.01 BER Padding (CR00016523) 179 SNMP ASN.01 BER Padding (CR00016523) This enhancement enables you to specify whether SNMP adds 0x00 padding when the most significant 9 bits of an object’s value are all 1, or whether the encoding follows the ASN.01 BER rule, which cuts off the most significant byte of 0xff. This setting has an impact on all integer type MIB objects, including 32 bit and 64 bit counter objects.
