Software Maintenance Release Note Maintenance Version 291-18 for x900-48 and AT-9900 Series switches This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 291-18 for Software Version 2.9.1. Version details are listed in the following table: Models Series Release File Date Size (bytes) GUI file AT-8948, AT8948i, x900-48FE, x900-48FE-N, x900-48FS x900-48 89291-18.
Enabling and installing this version 2 Enabling and installing this version To use this maintenance version you must have a base release license for Software Release 2.9.1. Contact your distributor or reseller for more information about licences. To enable this version and install it as the preferred version, use the commands: enable rel=xx291-18.rez num=2.9.1 set install=pref rel=xx291-18.rez where xx is the prefix to the filename, as shown in the table on page 1.
Features in 291-18 3 Features in 291-18 Software Maintenance Version 291-18 includes the resolved issues and enhancements in the following table. In the tables, for each product series: ■ “Y” in a white column indicates that the resolution is available in Version 291-18 for that product series. ■ “-” in a white column indicates that the issue did not apply to that product series. ■ a grey-shaded column indicates that Version 291-18 was not released on that product series.
AT-8948 / x900-48 AT-9900 AT-9800 Previously on AT-8948 and AT-9900 series switches, the switch could stop learning new MAC addresses during broadcast storm conditions that occurred for a long period of time. AT-8700XL 2 AT-8600 Switching AT-8800 CR00024760 Rapier w Description Rapier i Level AR750S / AR770S Module AR7x5 CR 4 AR44x / AR450 Features in 291-18 – – – – – – – – Y Y – – – – – – – – – Y Y – This issue has been resolved.
Features in 291-17 5 Features in 291-17 Software Maintenance Version 291-17 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-17 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues. As well, the router or switch will now ensure that X.25 calls are cleared when installed in a X.
AT-8948 / x900-48 AT-9900 AT-9800 Previously, PPP could unneccessarily reduce the memory available on the device for other services when configured as a PPPoE access concentrator. This occurred when a client repeatedly attempted to connect and failed (for example because of authentication failure). When the session was terminated, buffers were left allocated to the session, causing the amount of memory available to steadily reduce.
AT-8948 / x900-48 AT-9900 AT-9800 In normal PIM operation, assert messages are used between PIM neighbours to determine which neighbour has the better route between a multicast client and source. Once the exchange has occurred, the losing neighbour informs the winning neighbour to remove its route from the neighbour’s PIM routing table. The winning neighbour forwards the multicast traffic and starts an assert timer that, when it expires, causes a new assert exchange.
AT-8948 / x900-48 AT-9900 AT-9800 Previously, when you created a DHCP user-defined option, a null byte was attached to the end of any defined string.
CR Module Level Description AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 9 AR44x / AR450 Features in 291-17 CR00023554 PRI 2 Previously, a PRI interface could lock up in the presence of line noise. This has now been fixed. Y Y Y Y Y – – – – – – CR00023842 DHCP 2 Previously, on a router or switch using multihoming, the DHCP server on the router or switch could sometimes assign multiple IP address to the same client.
This issue has been resolved. Echo-Requests with a magic number of 0 are now replied to if the PPP peers have negotiated not to use the LCP magic number option. Version 291-18 C613-10488-00 REV Q AT-8948 / x900-48 AT-9900 AT-9800 The router or switch would silently discard echo-requests from a PPP peer after the peer had negotiated with it not to use the LCP magic number option.
Features in 291-17 11 AT-8948 / x900-48 AT-9900 AT-9800 ASN.01 BER padding is now enabled by default. This means that SNMP adds 0x00 padding when the most significant 9 bits of an object’s value are all 1. Padding enables legacy SNMP NMS systems to correctly decode this value, and provide correct readings.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 When configuring LAN to WAN Firewall rules via the GUI, the “Action” drop-down box was missing the “No NAT" option. AT-8600 3 AT-8800 GUI, Firewall Rapier w CR00023040 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 12 AR44x / AR450 Features in 291-17 Y Y Y Y – Y – – – – Y Y Y Y Y Y Y – – – – – Y Y Y Y Y Y – – Y Y Y This issue has been resolved.
For PTP networks, incoming OSPF hello packets are used to update neighbour information. On an PTP interface, existing neighbours are matched by the router ID in the hello packet, whereas on other types of interfaces the neighbours are matched by source address. In the case of a PTP network, however, there are only ever 2 ends to the network and so there should only be one existing neighbour for the interface. This issue has been resolved.
Features in 291-17 14 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 When a DNS query was sent to the VRRP-adopted virtual IP address on a router or switch, the relayed-response would have a source IP address of the interface it was sent from, instead of the virtual IP address. AT-8600 4 AT-8800 VRRP Rapier w CR00023042 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR44x / AR450 Level 4 Y Y Y Y Y Y Y Y Y Y Y This issue has been fixed.
AT-8948 / x900-48 AT-9900 AT-9800 The AlliedWareTM Operating System now includes a Denial of Service Attack Protection feature for AT-8600 Series switches.
AT-8948 / x900-48 AT-9900 AT-9800 With this software version, AR441S routers with a hardware revision of M1-2 (or later) will support ADSL2 and ADSL2+ connections. You can see the hardware revision of a router by entering the command show system and checking the “Rev” column for the “Base” board.
create ppp template=ppp-template [ipfilter=NONE|0..999] [ipfragment=ON|OFf|True|False|Yes|No] set ppp template=ppp-template [ipfilter=NONE|0..999] [ipfragment=ON|OFf|True|False|Yes|No] These parameters are useful when a dynamic IP interface is created over the dynamic PPP interface. The shortest valid strings are ipfi for ipfilter and ipfr for ipfragment. The ipfilter parameter specifies the traffic filter to apply to IP packets transmitted or received over the dynamic IP interface.
Features in 291-16 18 Features in 291-16 Software Maintenance Version 291-16 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-16 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Under some configurations, the switch could reboot when: AT-8600 2 AT-8800 QoS Rapier w CR00020937 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 19 AR44x / AR450 Features in 291-16 – – – Y Y Y Y Y Y Y Y – – – – – – – – Y Y – – – – – – – – – Y Y – ■ applying a QoS policy to the same port twice (by using the command set qos port=x policy=x).
AT-8948 / x900-48 AT-9900 AT-9800 On some occasions, inserting an Allied Telesis AT-G8T copper GBIC stopped the GBIC ports from operating correctly. The GBIC LEDs would also display the wrong state (lit when the GBIC was removed or off when the GBIC was inserted). AT-8700XL 2 AT-8600 Switching AT-8800 CR00022292 Rapier w Description Rapier i Level AR750S / AR770S Module AR7x5 CR 20 AR44x / AR450 Features in 291-16 – – – – – Y – – – – Y This issue has been resolved.
CR Module Level Description AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 21 AR44x / AR450 Features in 291-16 CR00022985 L2TP 2 Previously, under some heavy load traffic conditions, L2TP tunnels would experience a periodic latency or sometimes no longer function. This issue has been resolved.
Features in 291-16 22 AT-8948 / x900-48 AT-9900 AT-9800 Previously the set mstp cist port command parameters intpathcost and extpathcost could not have the value default set. AT-8700XL 3 AT-8600 STP AT-8800 CR00021620 Rapier w Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR44x / AR450 Level 3 – – – Y Y Y Y Y Y Y – Y Y Y Y Y Y – – – – – Y – – – – – – – – – – Y Y Y Y Y Y – – – – Y This issue has been resolved.
Features in 291-16 23 AT-8948 / x900-48 AT-9900 AT-9800 A new parameter ipborrow has been added to the create and set ppp interface commands. You can set the ipborrow parameter to the values: yes|on|true|no|off|false.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 This enhancement has improved router or switch performance when: AT-8600 - AT-8800 IPsec Rapier w CR00021262 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 24 AR44x / AR450 Features in 291-16 Y Y Y Y – Y – – – – – Y Y Y Y Y Y Y Y Y Y Y – – – – – – – – Y Y – ■ multiple IPsec policies exist. In particular, having two policies causes much less of a reduction in performance.
CR Module Level AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 25 AR44x / AR450 Features in 291-16 CR00022331 SHDSL - Previously on AR442S routers, SHDSL train up times were variable and frequently longer than one minute. This enhancement reduces this variability and minimises the train up time required.
Features in 291-15 26 Features in 291-15 Software Maintenance Version 291-15 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-15 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues.
CR Module Level Description AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 27 AR44x / AR450 Features in 291-15 CR00021342 BGP 2 A small memory leak was occurring when receiving BGP update messages. This issue has been resolved.
CR Module Level Description AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 28 AR44x / AR450 Features in 291-15 CR00021006 Switching 2 When ingress filtering was enabled on a port and a packet arrived on that port with a VLAN identifier that the port was not a member of, the source MAC address would be incorrectly learnt. This issue has been resolved and in this situation the MAC address is no longer added to the forwarding database.
Features in 291-15 29 CR Module Level Description AR44x / AR450 AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Level 3 CR00020551 DHCP 3 Previously, when an AT-8600 series switch was acting as a DHCP server with a range defined, frequent Flash memory compactions would occur. This issue has been resolved.
AT-8948 / x900-48 AT-9900 AT-9800 If the router received a CDP packet, and CDP was disabled (the default state), and bridging was configured, then the packet would not be bridged. AT-8700XL 3 AT-8600 Bridging AT-8800 CR00021267 Rapier w Description Rapier i Level AR750S / AR770S Module AR7x5 CR 30 AR44x / AR450 Features in 291-15 Y Y Y – – – – – – – – Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
Features in 291-15 31 CR Module Level Description AR44x / AR450 AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Enhancements CR00018895 SSH - Secure Shell (SSH) no longer requires a feature licence. SSH server and client functionality now works when no feature licence is present. Y Y Y Y Y Y Y Y Y Y Y CR00020566 CR00021186 EPSR - This software version includes support for EPSR+ with enhanced multiple link recovery.
----------- ------------------------------------------------ 311 AT-RP24i-B Rapier 24i NEBS 312 AT-RP24i-B Rapier 24i DC NEBS 302 AT-RP48w-B-15 Rapier 48w-AC 300 AT-RP48w-B-85 Rapier 48w AT-9800 Name (as displayed by show system) AT-9900 Board ID AT-8948 / x900-48 This software version includes support for new variants of the Rapier 24i and Rapier 48w switches, which have new NSM bay connectors.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Changes have been made to reduce the risk of packet loss over a VPN under very high traffic levels and corresponding high-to-overload CPU conditions.
VLAN activation is useful for VLANs that are reached through L2TP tunnels instead of through switch ports. To turn virtual activation on or off, use the command: SET VLAN={vlan-name|1..4094|ALL} VIRTActivation ={Yes|No} The default is no. To see whether the VLAN has been activated virtually, use the command show vlan and check the new “Admin Active” field. This enhancement was previously only available on Rapier, AT-8800, AT-8600 and AT-8700XL switches. Now it is available on all devices that support VLANs.
Features in 291-14 35 Features in 291-14 Software Maintenance Version 291-14 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” in a white column indicates that the resolution is available in Version 291-14 for that product series. ■ “-” in a white column indicates that the issue did not apply to that product series. ■ a grey-shaded column indicates that Version 291-14 was not released on that product series.
AT-8948 / x900-48 AT-9900 AT-9800 If a network event caused the switch to flush its layer 2 forwarding database (FDB) for a port, in some circumstances the switch also flushed hardware ARP entries that hardware layer 3 routes were still using. Possible triggers included an STP topology change somewhere else in the network, or a link flap on a port. Depending on the network configuration and/or network traffic, this issue could result in incorrectly layer 3 switched traffic.
Features in 291-14 37 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 When the L2TP speed was changed, output of the command show ppp util still showed the old speed. AT-8600 3 AT-8800 L2TP Rapier w CR00015046 Description Rapier i Level AR750S / AR770S Module AR7x5 CR AR44x / AR450 Level 3 Y Y Y Y Y Y – – Y Y Y – – – – – – – – Y – – Y Y Y Y Y Y – – Y Y Y This issue has been resolved.
Features in 291-13 38 Features in 291-13 Software Maintenance Version 291-13 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-13 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 If multicast traffic was being forwarded to a PPP interface and that PPP interface went down, the router or switch would restart. AT-8600 2 AT-8800 IP gateway Rapier w CR00020253 Description Rapier i Level AR750S / AR770S Module AR7x5 CR 39 AR44x / AR450 Features in 291-13 Y Y Y Y Y Y – – Y Y Y – – – Y Y Y Y Y – – – – – – Y Y Y Y Y – – – This issue has been resolved.
Features in 291-13 40 AT-8948 / x900-48 AT-9900 AT-9800 When firewall events were recorded in the Notify queue (displayed in output of the command show firewall event=notify), the IP address shown would be the address of the very first packet that belonged to that event flow. For example, if 64 host scan packets were required to trigger a host scan event and the first packet had a target IP of 1.1.1.1 and the 64th had an IP of 1.1.1.64, then the IP address recorded would be 1.1.1.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Previously, the router or switch would respond to SNMP requests destined for broadcast addresses. AT-8600 3 AT-8800 SNMP, IP gateway Rapier w Description Rapier i Level AR750S / AR770S CR00020243 Module AR7x5 CR 41 AR44x / AR450 Features in 291-13 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y – Y – – – – – – – – – – Y – – – – – Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
Features in 291-13 42 CR Module Level AR44x / AR450 AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Enhancements CR00017819 MACFF - MAC-forced forwarding static server entries and debugging has been improved. For details, see “MAC-forced forwarding enhancements (CR00017819)” on page 156. – – – Y Y Y Y Y Y Y – CR00019547 VLAN - This enhancement enables administrative (virtual) activation of VLANs.
AT-8948 / x900-48 AT-9900 AT-9800 This release adds support for the V3 hardware revision of the AT-AR021 BRI-S/T Port Interface Card (PIC). The AT-AR021 V3 hardware revision is a plug-in replacement for the V2 hardware revision, which is no longer available. The AR021v3 has the same feature set and command set as the AR021v2, except that it does not support NT mode operation. Existing configurations for normal TE mode operation will run unchanged on the AR021v3.
Features in 291-12 44 Features in 291-12 Software Maintenance Version 291-12 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-12 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues.
Features in 291-12 45 AT-8948 / x900-48 AT-9900 AT-9800 When a PSU or FOM was hotswapped and replaced with a new unit of the same type, the switch did not update the serial number of the hotswapped unit. Output of the commands show system and show log displayed the serial number of the previous unit.
AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 The firewall’s TCP Setup Proxy did not always calculate the MSS value correctly. Instead, it would sometimes set the MSS value to 536 bytes, regardless of the MSS value in the incoming SYN packet.
Features in 291-12 47 CR Module Level Description AR44x / AR450 AR7x5 AR750S / AR770S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Enhancements CR00018418 IGMP, MIB - AlliedWare now includes an IGMP Group MIB. This MIB is available in the file at-igmp.mib. It has the object identifier prefix igmp ({ modules 139 }), and contains a collection of objects and traps for monitoring IGMP group membership.
AT-8948 / x900-48 AT-9900 AT-9800 A new command has been added to modify the operation of the switch when a packet uses the default hardware multicast route. This usually happens when the switch receives new unregistered multicast traffic.
26 11:37:18 6 ETH PINT DOWN ETH3: interface is DOWN 26 11:37:28 6 ETH PINT UP ETH3: interface is UP Note that AR022 PICs (ETH PICs) do not enter a log message after a restart if the link is up during that restart, but do enter a log message for each subsequent link transition. Version 291-18 C613-10488-00 REV Q AT-8700XL AT-8948 / x900-48 AT-9900 AT-9800 Log entries are now generated when Ethernet port links are taken up or down.
Features in 291-11 50 Features in 291-11 Software Maintenance Version 291-11 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version Version 291-18 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues x900-48 AT-9900 AT-9800 Previously when a SYN link failed and the link indication signal (e.g.
x900-48 AT-9900 AT-9800 If a link-up SYN interface was disabled and then enabled again, or if the PPP link over that interface was reset, then the ifOperStatus would change to down and would not come back up again.
x900-48 AT-9900 AT-9800 When an IP interface went down, and the switch received traffic on another interface that was destined for the down interface’s IP address, the switch no longer processed that traffic locally. Instead, it sent the traffic out its default route. For example, if vlan1 had an IP address of 192.168.1.1 and the switch received a ping on vlan2 for 192.168.1.
x900-48 AT-9900 AT-9800 CPU utilisation could become very high under circumstances in which the switch needed to learn a large number of entries. For example, this could occur during a reboot when large numbers of MAC entries require learning.
x900-48 AT-9900 AT-9800 When deleting an IP RIP interface or disabling an IP interface with RIP running on it, the router or switch would stop responding and reboot after 5 minutes.
Features in 291-11 55 AT-8700XL x900-48 AT-9900 AT-9800 The following issues occurred with testing PRI interfaces: AT-8600 3 AT-8800 PRI Rapier w CR00007089 Description Rapier i Level AR7x0S Module AR7x5 CR AR400 Level 3 Y Y Y Y Y – – – – – – Y Y Y Y Y Y Y Y Y Y Y ■ When the commands enable pri=x test=y and disable pri=x test=y were entered, the router or switch did not display an “Operation Successful” message. This issue has been resolved.
AT-8700XL x900-48 AT-9900 AT-9800 The following issues occurred with ICMP Router Advertisement: AT-8600 3 AT-8800 IP Gateway Rapier w CR00007870 Description Rapier i Level AR7x0S Module AR7x5 CR 56 AR400 Features in 291-11 – – – Y Y Y Y Y – – Y Y Y Y Y Y – – – – – – Y Y Y Y Y Y – – – – Y – – – – – – – – Y Y – ■ When the feature was enabled, four initial advertisements were sent instead of three, as defined in RFC 1256.
AT-8700XL x900-48 AT-9900 AT-9800 Previously, a topology change could result in a mismatch between the switch’s software and hardware forwarding database.
x900-48 AT-9900 AT-9800 It was possible to enter the same firewall rule multiple times. The duplicate entries would cause the firewall to renumber the rules, leaving multiple copies of the same rule in the configuration.
x900-48 AT-9900 AT-9800 Previously, when using subnet-based VLANs, only IP traffic matching the source IP network was classified into the subnet-based VLAN. This did not include ARPs.
x900-48 AT-9900 AT-9800 When a DHCP client was communicating with a DHCP server through a BootP relay, when the client attempted to re-new its address allocation by using unicast DHCP renew messages, the DHCP server would drop the messages and not reply. This forced the client to resort to using a broadcast DHCP discover message.
x900-48 AT-9900 AT-9800 Previously, the PKI certificate timestamp was only verified at router or switch initialisation. This caused problems when the time changed, for example because of NTP or if the router or switch had no battery backup (so the time defaulted to 01-Jan-1999 after a reboot). In either situation, the timestamp updates were not communicated to the PKI certificate code so the certificates remained valid or invalid depending upon the initial timestamp check.
x900-48 AT-9900 AT-9800 When the router or switch was acting as an LNS, it was possible for it to get into a state where it has an active and an inactive L2TP tunnel both tied to one PPP connection. Previously, when the inactive tunnel timed out, the router or switch closed the PPP connection. This situation with two L2TP tunnels arose when the LAC removed the tunnel in a way that made it unable to notify the LNS (for example, if there was a brief network outage between the LNS and the LAC).
x900-48 AT-9900 AT-9800 If MSTP was enabled and a port was set as the mirror port, it was possible for the switch to send BPDUs out of this port. Note these BPDUs were originated by the switch, not mirrored from another port.
Features in 291-11 64 x900-48 AT-9900 AT-9800 Support for ICMP Router Discovery, as described in RFC 1256, has been added to routers, and to AT-8948, x900-48, and AT-9900 series switches.
AT-8700XL x900-48 AT-9900 AT-9800 STP and MSTP debugging has been enhanced to: AT-8600 - AT-8800 STP, MSTP, Switch Rapier w CR00016978 Description Rapier i Level AR7x0S Module AR7x5 CR 65 AR400 Features in 291-11 – – – Y Y Y Y Y Y Y Y – – – – – – – – Y Y – Y Y Y Y Y Y – – Y Y Y ■ make it easier to see state information, and ■ only display information about Topology Change messages.
The nestedoverride parameter allows you to add the port to a non-nested VLAN as a tagged port even if the port has already been configured as a customer port in a nested VLAN. The vlan parameter specifies the nonnested VLAN to which you want to add the port. You must also specify frame=tagged.
AR7x5 AR7x0S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL x900-48 AT-9900 AT-9800 Y Y Y Y Y – – – – – – The number of ports supported by Bridging has been increased from 32 to 512. Y Y Y Y Y – – – – – – - Previously, the length of the L2TP call name was limited to 15 characters. This limit has been increased to 19 characters.
Features in 291-10 68 Features in 291-10 Software Maintenance Version 291-10 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-10 for that product series. ■ “–” indicates that the issue did not apply to that product series.
x900-48 AT-9900 AT-9800 The resolution to CR 444 meant that packets processed by the CPU are now subjected to the same filtering as packets switched in hardware. However, this filtering did not always return the expected results. Sometimes its IP address matching was incorrect, and it did not correctly process filters with an action of nodrop.
Features in 291-10 70 This issue has been resolved. Level 4 No level 4 issues Enhancements No enhancements Version 291-18 C613-10488-00 REV Q x900-48 AT-9900 AT-9800 Traceroute (the trace command) did not work. It returned the error “The destination is either unspecified or invalid” even if the destination was reachable.
Features in 291-09 71 Features in 291-09 Software Maintenance Version 291-09 includes the enhancement in the following table, which is available for x900-48FE and x900-48FE-N switches. Level 1-4 No level 1-4 issues To enable monitoring, use the command: enable cpufanmonitoring To disable it again, use the command: disable cpufanmonitoring When monitoring is enabled, the command show system displays the CPU fan status in the entry labelled “Main fan”.
Features in 291-08 72 Features in 291-08 Software Maintenance Version 291-08 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-08 for that product series. ■ “–” indicates that the issue did not apply to that product series.
AT-8700XL x900-48 AT-9900 AT-9800 The following issues existed with classifiers: AT-8600 2 AT-8800 Classifier Rapier w CR00003495 Description Rapier i Level AR7x0S Module AR7x5 CR 73 AR400 Features in 291-08 Y Y Y Y Y Y - - Y Y Y - - - - - - - - - Y - Y Y Y Y Y Y - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y ■ classifiers matching protocol=ipv6 and ipprotocol=icmp could be created more than once ■ classifiers matching protocol=ipv6 and ipprotocol=1 could b
AT-8700XL x900-48 AT-9900 AT-9800 The following issues occurred with RIPng: AT-8600 2 AT-8800 RIPng Rapier w CR00007178 Description Rapier i Level AR7x0S Module AR7x5 CR 74 AR400 Features in 291-08 Y Y Y Y Y Y - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y - - - - Y Y Y Y Y Y Y - - Y Y Y ■ RIPng dropped requests from peers with non link-local addresses.
x900-48 AT-9900 AT-9800 If the router or switch received an LCP packet with an unrecognised protocol, it responded with a ProtocolReject packet of incorrect length that did not respect the established MRU of the peer.
AT-8700XL x900-48 AT-9900 AT-9800 Frame Relay If a frame relay interface was configured as a DVMRP interface, then the DLC value was not correctly generated in output of the command show config dynam or in the configuration script generated by the command create config.
AT-8700XL x900-48 AT-9900 AT-9800 Executing the commands disable mstp port=number or enable mstp port=number would not disable or enable the port on all MSTIs.
AT-8700XL x900-48 AT-9900 AT-9800 If an IPv6 accelerator was used, and the upstream router forwarded IPv6 multicast data just before the prune limit timer expired, then the downstream router sometimes did not send the prune until significantly after the timer expired.
x900-48 AT-9900 AT-9800 DHCP Snooping has been enhanced to operate in a customised VLAN ID translation (VID translation) environment. Previously, DHCP Snooping was not supported with VID translation.
x900-48 AT-9900 AT-9800 When the router or switch negotiated an IPsec tunnel with RFC3947 NATT, its NAT-OA payload had two bytes of reserved fields after the ID field instead of the three bytes specified by RFC 3947. This could prevent the tunnel from working properly when the tunnel was between an Allied Telesis router or switch and some other vendor.
x900-48 AT-9900 AT-9800 When the router was acting as a firewall and performing DNS relay, it used the local IP interface private address as the source address for some packets that it sent out the public interface. When the router acts as a DNS relay, it receives DNS requests from the private interface and sends a new packet on the public interface. These new packets were given the wrong address.
x900-48 AT-9900 AT-9800 It was possible to set up a classifier that matched MPLS frames at layer 2, but the switch would not correctly match these MPLS frames against the classifier. AT-8700XL 2 AT-8600 Switching AT-8800 CR00017337 Rapier w Description Rapier i Level AR7x0S Module AR7x5 CR 82 AR400 Features in 291-08 - - - - - - - - Y Y - - - - Y Y Y Y Y Y Y - Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
x900-48 AT-9900 AT-9800 When a VoIP call using SIP was initiated from the public side of the firewall, occasionally the firewall created two UDP sessions for the call with different UDP source ports. This happened if the first packets of the STP (voice data) stream arrived earlier than the 200 OK message that was supposed to establish the session. The result was that the public side caller could not hear the call.
x900-48 AT-9900 AT-9800 When the DHCP server was enabled on a router or switch that also had a local IP interface defined by using the set ip local command, outgoing DHCP server packets would use the set ip local command's IP address as their source address. Furthermore, if the broadcast flag was set to TRUE in the DHCP Discover message that the server was replying to, then the server would send the DHCP Offer packet out the wrong IP interface with the wrong source IP address.
Features in 291-08 85 x900-48 AT-9900 AT-9800 Some PKI commands (including add pki ldap, create pki enroll, and create pki keyupdate) only worked if their parameters were entered in a particular order.
x900-48 AT-9900 AT-9800 The show file command did not check whether the specified file system was valid. If an invalid file system type was entered (such as show file=abc:*.*), the router or switch reported that no files found instead of reporting that the file system abc did not exist.
x900-48 AT-9900 AT-9800 On AR725 and AR745 routers, which have no VLAN support, an SNMP Get request for dot1qMaxVlanId or dot1qMaxSupportedVlans incorrectly returned a value.
AT-8700XL x900-48 AT-9900 AT-9800 When prompted to enter a file name while using the command line file editing utility, no more than 23 characters could be typed, even if the existing characters were deleted using the backspace key.
x900-48 AT-9900 AT-9800 If a user attempted to enter a filename with an invalid format, the resulting error message did not correctly describe the format that should have been used. Also, the router or switch returned an incorrect error message when a user attempted to delete a non-existent release licence file.
x900-48 AT-9900 AT-9800 If the router or switch received an incorrectly formatted PAP request packet, it used to process the packet. This issue has been resolved—now it silently discards the packet.
x900-48 AT-9900 AT-9800 When a firewall UDP session starts up, the session timeout should be 5 minutes for the first 5 packets of the session, then change to the configured UDP session timeout value. Previously, the timeout changed after the 6th UDP packet belonging to that session, instead of after the 5th packet.
x900-48 AT-9900 AT-9800 If a user attempted to add a policy option to a DHCP policy by using the set command instead of the add command, then the resulting error message did not clearly indicate the cause of the error.
AT-8700XL x900-48 AT-9900 AT-9800 The VRRP priority could not be modified through the GUI—the priority option was there but did nothing. AT-8600 3 AT-8800 VRRP, GUI Rapier w CR00014103 Description Rapier i Level AR7x0S Module AR7x5 CR 93 AR400 Features in 291-08 Y Y Y Y - Y Y Y - Y Y Y Y Y Y Y Y - - Y Y Y - - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y – – Y Y Y Y - Y Y Y Y Y Y Y Y Y This issue has been resolved.
AT-8700XL x900-48 AT-9900 AT-9800 The maximum value for the delay parameter of the ping command was too long.
AT-8700XL x900-48 AT-9900 AT-9800 If IPv6 was disabled and a user entered any of the following commands: AT-8600 3 AT-8800 IPv6 Rapier w CR00016578 Description Rapier i Level AR7x0S Module AR7x5 CR 95 AR400 Features in 291-08 Y Y Y Y Y Y - - Y Y Y Y - - - - - - - - - - add ipv6 interface add ipv6 6to4 add ipv6 tunnel create ipv6 interface enable ipv6 advertising then the router or switch correctly displayed a warning message to indicate that IPv6 was disabled and a
Features in 291-08 96 x900-48 AT-9900 AT-9800 The Diagnostics > Layer 2 Forwarding Database page of the GUI displayed extra internal (SYS or CPU) entries. AT-8700XL 4 AT-8600 GUI, Switch AT-8800 CR00011228 Rapier w Description Rapier i Level AR7x0S Module AR7x5 CR AR400 Level 4 – – – Y Y Y Y Y – – – – – Y – – – – – – – – Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
Features in 291-08 97 CR Module Level Description AR400 AR7x5 AR7x0S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL x900-48 AT-9900 AT-9800 Enhancements CR00012822 BGP - The BGP counter output display has been significantly improved. Also, the command show bgp counter=all now prints out the RIB, UPDATE, DB and PROCESS counters. Y Y Y Y Y Y - - Y Y Y CR00016099 MACFF, - MAC-forced forwarding has been enhanced for use in a hospitality situation, such as a hotel.
Description Rapier i Rapier w AT-8800 AT-8600 AT-8700XL x900-48 AT-9900 AT-9800 CR00016662 CR00016891 CR00017335 CR00017937 Level AR7x0S Module AR7x5 CR 98 AR400 Features in 291-08 - This software release supports the new x900-48FS switch. For an overview of the switch, see “Support for the new x900-48FS switch (CR00016662)” on page 167.
CR Module Level Description AR7x5 AR7x0S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL x900-48 AT-9900 AT-9800 99 AR400 Features in 291-08 CR00017482 IGMP Snooping - The IGMP snooping fast leave option has been enhanced, to make it available when multiple clients are attached to a single port on the snooping switch. For configuration information, see “IGMP snooping fast leave in multiple host mode (CR00017482)” on page 168.
Features in 291-07 100 Features in 291-07 Software Maintenance Version 291-07 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-07 for that product series. ■ “–” indicates that the issue did not apply to that product series.
Features in 291-06 101 Level 4 No level 4 issues Enhancements No enhancements Features in 291-06 Software Maintenance Version 291-06 provided support for the new Rapier 48w switch. For more information, see “Support for the new Rapier 48w switch” on page 170.
Features in 291-05 102 Features in 291-05 Software Maintenance Version 291-05 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-05 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues AT-9900 AT-9800 When a port left a multicast group, the router or switch assigned the All Groups port to that multicast group.
x900-48 AT-9900 AT-9800 Previously, it was possible to destroy a VLAN when it was configured as an IP interface. AT-8700XL 2 AT-8600 VLAN AT-8800 CR00012980 Description Rapier i Level AR7x0S Module AR7x5 CR 103 AR400 Features in 291-05 Y - Y Y Y Y Y Y Y Y Y Y Y Y Y - - - - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y - - - - - Y - - - - Y - - - - - - - - - Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
AT-9900 AT-9800 When only NAT was enabled on the firewall, during some TCP connections in which either end of the connection sends FIN (finished) messages immediately after sending some data and the other end ACKs (acknowledges) the data and the FIN message consecutively, the firewall sometimes incorrectly interpreted the first ACK message (intended for the data) as belonging to the FIN message and prematurely shut the connection down.
AT-9900 AT-9800 For DHCPv6, the router or switch now supports Prefix Delegation according to RFC 3633. The previous implementation was according to an Internet draft and did not interoperate with other DHCPv6 implementations.
AT-9900 AT-9800 When the icmptype parameter was changed to none for an IPv6 IPsec policy, an incorrect ICMP type value was displayed in output of the command show config dyn and saved in the configuration file produced by the command create config. x900-48 2 AT-8700XL IPsec, IPv6 AT-8600 CR00016128 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 106 AR400 Features in 291-05 Y Y Y Y Y - - - - - Y - - - - - - - - - This issue has been resolved.
AT-9900 AT-9800 If an IPv6 DHCP client was forced to rebind to a router or switch acting as a DHCP server, the server returned incorrect timing parameters to the client. Some clients were able to cope with this, but others could end up losing their DHCP lease.
AT-9900 AT-9800 When BGP capability matching was changed to strict, that setting was not displayed in output of the command show config dyn or saved in the configuration file produced by the command create config. When the router or switch ran the configuration file on start-up, the capability matching setting reverted to the default of loose.
CR Module Level AR7x5 AR7x0S Rapier i AT-8800 AT-8600 AT-8700XL x900-48 AT-9900 AT-9800 109 AR400 Features in 291-05 CR00016727 TCP, Telnet 2 The speed of the output from the Telnet server has been increased. Y Y Y Y Y Y Y Y Y Y CR00016762 ISDN 2 For AR44xS series routers with system territory set to USA, the ISDN Q.931 SPIDs failed to initialize to the ISDN exchange/ISDN USA profile simulator (both manual and auto SPIDs) after a reboot.
AT-9900 AT-9800 Some versions of the AT-G8T GBIC prevented the switch from detecting and setting up the AT-A47 expansion board correctly. This issue occurred on start-up when the GBIC was installed and had a link up.
x900-48 AT-9900 AT-9800 DHCPv6 prefix delegation contained the followed issues: AT-8700XL 2 AT-8600 DHCPv6 AT-8800 CR00017074 Description Rapier i Level AR7x0S Module AR7x5 CR 111 AR400 Features in 291-05 Y Y Y Y Y - - Y Y Y Y Y Y Y Y - - - - - ■ previously, the command create dhcp6 range accepted ranges with an invalid prefix length. This issue has been resolved. The router or switch now displays an error unless the prefix length is in the range 48-64.
This issue has been resolved. If the only healthcheck host available is unreachable and the resource is currently in the UP state, the next unreachable healthcheck received from that host now forces the resource to the DOWN state. Version 291-18 C613-10488-00 REV Q AT-9900 AT-9800 If two WAN load balancer healthcheck hosts were defined, and one was unreachable and the other was reachable, WAN load balancer resources were (correctly) in the UP state because at least one healthcheck host was reachable.
Features in 291-05 113 AT-9900 AT-9800 Some early software versions, on some products, supported the command show system temperature. This command was deprecated after version 2.6.4.
AT-9900 AT-9800 Previously, the switch’s count of PIM4 and PIM6 bad Bootstrap Messages (BSMs) could be high, because the switch forwarded BSMs over interfaces that contained an Equal Cost Multipath (ECMP) route to the receiving interface.
AT-9900 AT-9800 Under some circumstances, when a PC terminal emulator was opened to communicate with a router or switch after the router or switch had fully booted up, the login prompt did not immediately display. To display the login prompt, it was necessary to remove and re-insert the cable. This issue applied to all models’ ASYN ports except ports on the AR024 PIC.
CR Module Level Description AR7x5 AR7x0S Rapier i AT-8800 AT-8600 AT-8700XL x900-48 AT-9900 AT-9800 116 AR400 Features in 291-05 CR00016228 QoS 3 If a QoS policy uses the same classifier more than once, the router or switch now displays a warning message. You should not use a classifier more than once in a policy because the operation of such policies is unpredictable.
Features in 291-05 117 AT-9900 AT-9800 If a static IGMP port went link down, it was not shown in the “Static Ports” list in the output of the show ip igmp command. This was only a display issue.
Features in 291-05 118 AT-9900 AT-9800 An ADSL connection option has been added to the Wizards page of the GUI for AR44xS routers. This option links to the xDSL configuration section, which lets you configure all basic ADSL or SHDSL settings on one convenient page.
AT-9900 AT-9800 To establish a tunnelled IPsec connection for IPv6, you may need to specify the source IP interface in the IPsec and ISAKMP policies. This enhancement enables you to do so.
AT-9900 AT-9800 This enhancement enables the router or switch to log discarded ARP requests when ARP security is enabled. By default, discarded ARP requests are not logged.
AT-9900 AT-9800 This enhancement disables CPU fan monitoring on AT-8948 switches. Monitoring the fan is unnecessary unless an accelerator card is installed on the switch, so disabling monitoring reduces the number of messages that the switch displays and logs.
AT-9900 AT-9800 This enhancement enables you to turn off TCP state and sequence checking in IP NAT. It also allows all ICMP packets go through IP NAT.
Features in 291-04 123 Features in 291-04 Software Maintenance Version 291-04 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-04 for that product series. ■ “–” indicates that the issue did not apply to that product series. AT-9900 AT-9800 It was possible for invalid log messages to overwrite the log message buffer and cause the router or switch to reboot.
AT-9800 DHCP Snooping AT-9900 DHCP Snooping determines when a client lease will expire by taking the current time and adding the client's assigned lease period to it. Previously, DHCP Snooping did not update this expiry time if the switch's clock time changed, which can happen because of NTP, summertime, or a user manually re-setting the time. Therefore, if the switch's clock time changed, DHCP clients could expire and lose connectivity.
AT-9900 AT-9800 A badly formed response from a particular HTTP server caused the router or switch to reboot when it attempted to load a non-existent file from that server. x900-48 2 AT-8700XL HTTP AT-8600 CR00013592 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 125 AR400 Features in 291-04 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y – – – Y Y Y Y – – – – – – – – – – – – Y Y – – – – – – – – – This issue has been resolved.
x900-48 AT-9900 AT-9800 When the router generated packets (such as ARP requests) and sent them out multiple LAN ports, it always sent them as untagged packets.
AT-9900 AT-9800 If a PIM interface was set as the BSR candidate interface (by using the command add pim bsrcandidate interface=interface) and that interface went down, PIM would select another interface as the BSR candidate interface. The router or switch also set the new interface as the BSR candidate interface in the dynamic configuration.
AT-9800 Switch AT-9900 If a terminal emulator started up after the router started up, the router did not display a login or command prompt. This issue occurred with some terminal emulators (including Tera Term Pro) when connecting to the AR415S router.
AT-9900 AT-9800 The GUI could not be used to access the dual power supply AR750S-DP router. x900-48 2 AT-8700XL GUI AT-8600 CR00015348 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 129 AR400 Features in 291-04 – – Y – – – – – – – Y Y Y Y Y Y Y Y Y Y Y – – – – – – – – – – – Y – – – – – – – This issue has been resolved. The GUI resource file to use is 750s_281-06_en_d.rsc.
x900-48 AT-9900 AT-9800 It was not possible to set a tri-speed SFP to a fixed speed in the configuration script that the AT-9924SP switch runs when it starts up.
Features in 291-04 131 AT-9900 AT-9800 The graphical user interface (GUI) listed an invalid local interface in the Interface drop-down list on the page for adding a static IGMP association. x900-48 3 AT-8700XL GUI, IGMP AT-8600 CR00007000 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR AR400 Level 3 Y Y Y Y Y Y Y – Y Y – – – – – – – Y Y – – – – – Y – – – – – Y Y Y Y Y – – Y Y Y This issue has been resolved.
x900-48 AT-9900 AT-9800 If an IP interface was added and deleted many times, an excessive number of memory buffers became full.
AT-9900 AT-9800 When authenticating users via RADIUS, the number of times that the router or switch attempts to contact the RADIUS server is determined by the Server Retransmit Count (displayed in output of the command show radius). Previously, this count incorrectly included the initial request. For example, a Retransmit Count of 3 meant that up to 3 attempts were made to contact the server.
AT-9900 AT-9800 When IGMP fast leave was enabled and the switch received a leave message via a trunk port, the switch only removed the port from the multicast group if the port was the master trunk port. x900-48 3 AT-8700XL IGMP AT-8600 CR00013629 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 134 AR400 Features in 291-04 – – – Y Y Y Y Y Y – This issue has been resolved.
AT-9900 AT-9800 When the firewall was performing NAT on UDP video streams and two streams started up at the same time, sometimes one or both streams displayed excessive jitter. x900-48 3 AT-8700XL Firewall AT-8600 CR00014163 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 135 AR400 Features in 291-04 Y Y Y Y Y – – – – – – – Y – – – – – – – Y Y Y This issue has been resolved.
x900-48 AT-9900 AT-9800 Switch If a port had static ARP entries defined for a VLAN, then adding the port to another VLAN made those static ARP entries inactive.
AT-9800 IP Gateway AT-9900 It was possible to add a BOOTP relay destination using an interface that was not running IP. It was also possible to delete an IP interface even though BOOTP relay destinations were defined for the interface. Both of these situations could allow the router or switch to be mis-configured.
AT-9800 DHCP AT-9900 When a router or switch was configured to use DHCP to assign an address on an interface, and then set to have a static address on that interface, the DHCP client in the router or switch would continue to negotiate with the DHCP server. This tied up a DHCP lease.
AT-9900 AT-9800 Subnet broadcast packets would not be routed correctly when the interface to which the subnet broadcast was destinated was an interface on the device, but its link status was down. Even though an alternate route to the destination existed, the device would send the packets incorrectly.
x900-48 AT-9900 AT-9800 The following issues occurred with the commands show debug active and disable debug active: AT-8700XL 4 AT-8600 Core, Utility AT-8800 CR00009087 Description Rapier i Level AR7x0S Module AR7x5 CR 140 AR400 Features in 291-04 Y Y Y Y Y Y Y Y Y Y – – – Y Y Y Y Y Y Y – – – Y Y Y Y Y Y – Y Y Y Y Y Y Y Y Y Y ■ The command did not adequately warn users if an invalid module number had been entered into the active parameter.
AT-9900 AT-9800 The blackhole parameter of the commands add and set ip route had no “?” help description. x900-48 4 AT-8700XL IP Gateway AT-8600 CR00013112 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 141 AR400 Features in 291-04 – – – – – – – Y Y – – – – Y Y Y Y Y Y – Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
AT-9900 AT-9800 When a router or switch was using a trial licence for release software and the trial period elapsed, the router or switch rebooted without indicating the reason for the reboot. x900-48 4 AT-8700XL Install AT-8600 CR00013589 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 142 AR400 Features in 291-04 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y – – – – – – – Y Y – This issue has been resolved.
x900-48 AT-9900 AT-9800 The show exception command did not display the correct exception type for watchdog exceptions on AR750S, AR750S-DP, or AR770S routers. AT-8700XL 4 AT-8600 Core AT-8800 CR00014170 Description Rapier i Level AR7x0S Module AR7x5 CR 143 AR400 Features in 291-04 – – Y – – – – – – – Y Y Y Y Y Y Y Y Y Y Y – Y – – – – – – – – – – – – – – – – Y Y Y Y Y Y – – – – Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
x900-48 AT-9900 AT-9800 It was possible to specify a value of 0 for the ageingtimer parameter in the command add and set vlan=vlan bridge, even though this value was meaningless. AT-8700XL 4 AT-8600 VLAN, Bridging AT-8800 CR00014778 Description Rapier i Level AR7x0S Module AR7x5 CR 144 AR400 Features in 291-04 Y – Y Y – – – – – – Y – – – – – – – – – – – – – – – – Y Y – This issue has been resolved. The lowest valid value for ageingtimer is 1.
Features in 291-04 145 x900-48 AT-9900 AT-9800 It is now possible to hotswap NSMs on NEBS-compliant Rapier i switches. AT-8700XL - AT-8600 Core AT-8800 CR00003036 Description Rapier i Level AR7x0S Module AR7x5 CR AR400 Enhancements – – – Y – – – – – – To hotswap the NSM, press the Hot Swap button beside the NSM, check that the Swap LED turns on and the In Use LED turns off, then remove the NSM.
AT-9900 AT-9800 AR770S routers have a CPU fan that the software now monitors in the same manner as the main fan. The state of the CPU fan is displayed along with that of the main (chassis) fan in the output of the show system command.
x900-48 AT-9900 AT-9800 This enhancement enables you to associate a BOOTP relay destination with a given interface.
IP Gateway To do this: 1. Give the desired dynamic routing protocol a preference of 0, which is the preference of interface routes, by using the command: SET IP ROUte PREFerence=0 PROTocol={BGP-ext|BGP-int|OSPF-EXT1| OSPF-EXT2|OSPF-INTEr|OSPF-INTRa|OSPF-Other|RIP|ALL} 2. Create a route map to give matching routes the same metric as your interface routes. To change the metric, use the command: ADD IP ROUTEMap=routemap ENTry=1..4294967295 SET METric=1 3.
x900-48 AT-9900 AT-9800 The following enhancements have been made to DHCP snooping, to support MAC-forced forwarding: AT-8700XL - AT-8600 DHCP Snooping, MACFF AT-8800 CR00014300 Description Rapier i Level AR7x0S Module AR7x5 CR 149 AR400 Features in 291-04 – – – Y Y Y Y Y Y – – – Y – – – – – – – ■ MAC-forced forwarding checks the DHCP snooping database to find out which router has been assigned to each DHCP client.
AT-9900 AT-9800 A new log message has been added to provide more information about rejected DNS requests. The message has a log type of 052 / IPDNS and subtype 002 / UNRES, and reads: x900-48 - AT-8700XL DNS AT-8600 CR00014715 AT-8800 Description Rapier i Level AR7x0S Module AR7x5 CR 150 AR400 Features in 291-04 Y Y Y Y Y Y Y Y Y Y Y – Y – – – – – – – DNS request for rejected by server. Code , .
OSPF AT-9900 AT-9800 When OSPF is running over an on-demand PPP link and the link goes down, IP notifies OSPF that the link is down and OSPF stops sending Hello packets over the link. In a network in which routes over the PPP link are all dynamically learnt through OSPF, the PPP link will not come back up because without OSPF there are no routes to direct traffic at that link.
Features in 291-03 152 Features in 291-03 Software Maintenance Version 291-03 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” in a white column indicates that the resolution is available in Version 291-03 for that product series. ■ “-” in a white column indicates that the issue did not apply to that product series. ■ a grey-shaded column indicates that Version 291-03 has not been released on that product series.
x900-48 AT-9900 AT-9800 When a switch was heavily loaded with IPv6 traffic, it could reboot because a large quantity of traffic was queued while waiting for a neighbour's MAC address to resolve. AT-8700XL 2 AT-8600 IPv6 AT-8800 CR00015678 Description Rapier i Level AR7x0S Module AR7x5 CR 153 AR400 Features in 291-03 Y Y Y Y Y – – Y Y Y This issue has been resolved by limiting the number of packets that can be queued while waiting for a neighbour's MAC address to resolve.
x900-48 AT-9900 AT-9800 Destroying a traffic class or flow group also destroyed all classifiers that were associated with that traffic class or flow group. AT-8700XL 3 AT-8600 QoS AT-8800 CR00014959 Description Rapier i Level AR7x0S Module AR7x5 CR 154 AR400 Features in 291-03 – – – Y Y Y Y Y Y – – – – Y Y Y Y – – – This issue has been resolved. User-created classifiers are no longer destroyed.
Features in 291-02 155 Switch, VLAN In some network configurations, this learning process cannot identify all router ports. For such networks, this enhancement enables you to statically configure particular ports as multicast router ports. To specify the static router ports, use the new command: add igmpsnooping vlan={vlan-name|1..4094} routerport=port-list To stop ports from being static router ports, use the new command: delete igmpsnooping vlan={vlan-name|1..
MAC-forced forwarding enhancements (CR00017819) 156 MAC-forced forwarding enhancements (CR00017819) This enhancement improved MAC-forced forwarding in the following ways: ■ The commands add and set macff server both now allow you to optionally specify a MAC and/or IP address for the static entry.
IGMP Group MIB (CR00018418) 157 IGMP Group MIB (CR00018418) AlliedWare now includes an IGMP Group MIB. This MIB is available in the file at-igmp.mib. The IGMP Group has the object identifier prefix igmp ({ modules 139 }), and contains a collection of objects and traps for monitoring IGMP group membership.
ICMP Router Discovery Advertisements (CR00010614) 158 ICMP Router Discovery Advertisements (CR00010614) Router discovery The router or switch supports all RFC 1256, ICMP Router Discovery Messages as it applies to routers. If this feature is configured, the router or switch sends router advertisements periodically and in response to router solicitations. It does not support the Host Specification section of this RFC.
ICMP Router Discovery Advertisements (CR00010614) When... (Continued) Then... (Continued) the host waits for the next unsolicited router a host does not receive a router advertisement after sending a small number advertisement of router solicitations a host needs a default router address the host uses the IP address of the router or L3 switch with the highest preference level.
ICMP Router Discovery Advertisements (CR00010614) 160 Advertisement interval The router advertisement interval is the time between router advertisements. For the first few advertisements sent from an interface (up to 3), the router or switch sends the router advertisements at intervals of at most 16 seconds.
ICMP Router Discovery Advertisements (CR00010614) 2. 161 Stop advertising on other logical interfaces. By default, logical interfaces are set to advertise if their physical interface is set to advertise.
STP and MSTP debugging enhancements (CR00016978) 162 STP and MSTP debugging enhancements (CR00016978) Debugging command and output enhancements STP and MSTP debugging have been enhanced in the following ways: ■ A new STP and MSTP debugging option turns on real-time switch port state debugging. This option displays a message every time STP/MSTP asks for the state of a port to be changed.
STP and MSTP debugging enhancements (CR00016978) New show commands The following new commands display the current port states (in hardware) of all ports that are taking part in STP or MSTP: show switch stp show switch mstp The following example shows the output of the show switch stp command. Switch STP Port State Information at 12:09:52: ST Port State --------0 2 Fo 0 3 Fo 0 5 Bl 0 6 Li The following example shows the output of the show switch mstp command.
STP and MSTP debugging enhancements (CR00016978) The following table lists the fields in this output. Parameter Meaning ST The ID number of the Spanning Tree that the port belongs to. Port The switch port whose state is displayed. State The STP state of the port.
Acting on traffic destined for a particular DHCP client (CR00017018) 165 Acting on traffic destined for a particular DHCP client (CR00017018) This enhancement enables you to act on traffic that is received on an uplink port and is destined for a particular DHCP client. It expands the classifier functionality so that the switch can use DHCP snooping records to determine which traffic is destined for each client.
Acting on traffic destined for a particular DHCP client (CR00017018) Example For example, consider the following figure. In this example, the QoS policy on the uplink port includes the following classifier: create classifier=1 ip=dhcpsnooping snoopport=x snoopvlan=y When the client receives a DHCP lease, all traffic that comes in through the uplink port and is destined for the client will match classifier 1.
Support for the new x900-48FS switch (CR00016662) Support for the new x900-48FS switch (CR00016662) The x900-48FS is a new model in the x900 Series of layer 3 gigabit and fast Ethernet switches.
IGMP snooping fast leave in multiple host mode (CR00017482) 168 IGMP snooping fast leave in multiple host mode (CR00017482) The IGMP snooping fast leave option has been enhanced, to make it available when multiple clients are attached to a single port on the snooping switch. Fast leave now has two modes available: ■ multiple host mode—the new feature. In multiple host mode, the snooper tracks which clients are joined to a given IP multicast group on a given port.
IGMP snooping fast leave in multiple host mode (CR00017482) 169 The detail parameter displays more detailed information, including expiry times for each port, and in the case of multiple host fast leave mode, the list of hosts on a port. The following example shows this. IGMP Snooping -------------------------------------------------------------------------Status ........................... Enabled Disabled All-groups ports ........ None Vlan Name (vlan id) ..... Fast Leave ..............
Support for the new Rapier 48w switch Support for the new Rapier 48w switch The Rapier 48w is a new model in the Rapier Series of layer 3 gigabit and fast Ethernet switches.
Backing up the configuration with SNMP (CR00016221) 171 Backing up the configuration with SNMP (CR00016221) With this enhancement, you can use SNMP to: ■ set parameters for uploading files from the router or switch, and ■ upload files to a TFTP server SNMP already lets you save the current configuration to a file on the router or switch. You can use this with the new options to back up the configuration to a TFTP server. To do this, perform the following steps. 1.
Backing up the configuration with SNMP (CR00016221) 2. Set the load parameters To specify the server IP address, use SNMP SET loadServer. To set the filename, use SNMP SET loadFilename. The following screenshot shows setting the filename to tst.cfg.
Backing up the configuration with SNMP (CR00016221) 3. Upload the file To upload the file, use SNMP SET loadStatus and set it to a value of 8. The following screenshot shows this.
SNMP ASN.01 BER Padding (CR00016523) 174 SNMP ASN.01 BER Padding (CR00016523) This enhancement enables you to specify whether SNMP adds 0x00 padding when the most significant 9 bits of an object’s value are all 1, or whether the encoding follows the ASN.01 BER rule, which cuts off the most significant byte of 0xff. This setting has an impact on all integer type MIB objects, including 32 bit and 64 bit counter objects.
