Software Maintenance Release Note Version 276-03 for AT-8900 and AT-9900 series switches This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 276-03 for Software Release 2.7.6. Release details are listed in the following table: Models Series Release File Date Size (bytes) GUI file AT-8948 AT-8900 89276-03.rez 4 August 2006 4572948 — AT-9924T, AT-9924SP, AT-9924T/4SP AT-9900 89276-03.rez 4 August 2006 4572948 d9924e27.
Enabling and Installing this Release 2 Enabling and Installing this Release To use this maintenance release you must have a base release license for Software Release 2.7.6. Contact your distributor or reseller for more information. To enable this release and install it as the preferred release, use the commands: enable rel=89276-03.rez num=2.7.6 set install=pref rel=89276-03.rez Levels Some of the issues addressed in this Maintenance Version include a level number.
Features in 276-03 3 Features in 276-03 Software Maintenance Version 276-03 includes all resolved issues and enhancements in earlier versions, and the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 276-03 for that product series. ■ “-” indicates that the issue did not apply to that product series. CR00013388 This issue has been resolved.
Features in 276-02 4 Features in 276-02 Software Maintenance Version 276-02 includes all resolved issues and enhancements in earlier versions, and the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 276-02 for that product series. ■ “-” indicates that the issue did not apply to that product series.
Features in 276-02 5 AT-8948 AT-9900 AT-9800 When a better route for multicast traffic became available, PIM for IPv6 did not recalculate the route and switch the traffic to use it. AT-8700XL 2 AT-8600 IPv6, PIM6 AT-8800 Description Rapier i Level AR750S CR00000529 Module AR7x5 CR AR44x / AR450 Level 2 Y Y Y Y Y - - Y Y Y Y Y Y Y Y - - Y Y Y - - - Y Y Y Y Y Y Y This issue has been resolved.
AT-9900 AT-9800 Previously, when 300 MAC address filters were added to a port and the port was reset, the CPU became 100% utilised. AT-8948 2 AT-8700XL Switch AT-8600 CR00008699 AT-8800 Description Rapier i Level AR750S Module AR7x5 CR 6 AR44x / AR450 Features in 276-02 - - - Y Y Y Y - - - This issue has been resolved. CR00008992 IPv6 2 The router or switch sometimes unexpectedly stopped forwarding IPv6 multicast traffic if the multicast’s upstream path changed.
AT-9900 AT-9800 PPP AT-8948 When a user enabled a Dial-on-Demand PPP interface, sometimes the router or switch did not apply the associated IP route change. This meant that routes via the Dial-on-Demand PPP interface were not available for use. When this occurred, routed traffic failed to activate the associated Dial-on-Demand PPP interface.
CR Module Level AR7x5 AR750S Rapier i AT-8800 AT-8600 AT-8700XL AT-8948 AT-9900 AT-9800 8 AR44x / AR450 Features in 276-02 CR00011349 SYN 2 At low baud rates, a synchronous connection was unable to reach 100% utilisation of the available bandwidth. The queueing mechanism has been improved to allow 100% link utilisation. Flag sharing between back-to-back HDLC frames is now supported for synchronous connections.
AT-9900 AT-9800 When using an unstructured TDM group over an E1 mode PRI interface, occasionally a high level of errors was experienced. This may have caused the link to be unstable, or may have resulted in reduced data throughput.
AT-8700XL AT-8948 AT-9900 AT-9800 TCP sessions would sometimes “hang” in the Close Wait state. This behaviour occurred when a UPnP notification session was closed by the control point (usually Windows XP, SP2), via a “200 OK” message that contained a “Connection: close” field, that also had the TCP/FIN flag set.
AT-9900 AT-9800 When MLD snooping was enabled and the switch received IPv6 multicast packets (such as MLD Query, Report or Done messages; IPv6 NS packets; and IPv6 RA packets) on a non-master port of a trunk group, it incorrectly forwarded them out the master port. This resulted in a packet loop.
AT-9900 AT-9800 If the link between two PIM Sparse Mode neighbours was removed, sometimes one of the neighbours rebooted. AT-8948 2 AT-8700XL PIM AT-8600 CR00012140 AT-8800 Description Rapier i Level AR750S Module AR7x5 CR 12 AR44x / AR450 Features in 276-02 Y Y Y Y Y - - Y Y Y - - - Y Y Y Y - - - Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y - - - - Y Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
AT-9900 AT-9800 TPAD previously had issues when the LRC (Longitudinal Redundancy Check) at the end of a transaction was 0x00 and the transaction was via the TCP port. The transaction would stall in the box and eventually time out the X.25 call.
AT-9900 AT-9800 A few commands on the switch are local commands—they relate only to the switch on which the user types them, and not to any other switch in the stack. The edit command is one such command. Previously, local commands were directed across the stack, which meant they could be sent to other stack members.
AT-9900 AT-9800 When the WAN load balancer was used with IP NAT (instead of firewall NAT), and an FTP session was established to a server on the public network, the router did not correctly establish a return session. This meant data was unable to flow correctly back from the server, and the router rebooted.
Features in 276-02 16 AT-8948 AT-9900 AT-9800 If the metric on a blackhole route was changed using the command set ip route and this caused another route, which was being suppressed by the blackhole route, to become preferred, that route could sometimes fail to be imported into BGP.
AT-8948 AT-9900 AT-9800 When the router or switch received a BGP update message and created new prefix entries for the routes in the update, it reversed the order of the AS segments. AT-8700XL 3 AT-8600 BGP AT-8800 CR00010508 Description Rapier i Level AR750S Module AR7x5 CR 17 AR44x / AR450 Features in 276-02 Y Y Y Y Y - - Y Y Y Y Y Y Y Y - - Y Y Y Y Y Y Y Y - - Y Y Y Y Y Y - - - - - - - Y Y Y Y Y Y Y Y Y Y This issue has been resolved.
AT-8948 AT-9900 AT-9800 The maximum SPI value has been increased in the commands: AT-8700XL 3 AT-8600 IPsec AT-8800 CR00011510 Description Rapier i Level AR750S Module AR7x5 CR 18 AR44x / AR450 Features in 276-02 Y Y Y Y Y - - - - - Y Y Y Y Y Y Y Y Y Y create ipsec saspecification=spec-id inspi=spi outspi=spi [other parameters] set ipsec saspecification=spec-id inspi=spi outspi=spi [other parameters] The spi is now an integer in the range 256 to 4294967295.
AT-9900 AT-9800 After users added multiple ports to one private VLAN as tagged ports, those ports could not be added to another private VLAN as tagged ports by using a single command (they could be added one port at a time).
AT-9900 AT-9800 If policy-based routing and the WAN load balancer were both configured, the load balancer balanced traffic even if it matched the routing filter. Because the purpose of policy-based routing is to control the route that traffic uses, this was incorrect.
AT-9900 AT-9800 Previously, when MSTP was configured it was not possible to delete ports from VLANs in the MSTP CIST, unless MSTP was first disabled. AT-8948 3 AT-8700XL VLAN AT-8600 CR00012307 AT-8800 Description Rapier i Level AR750S Module AR7x5 CR 21 AR44x / AR450 Features in 276-02 - - - Y Y Y Y Y Y - Y Y Y Y Y Y Y Y Y Y Y Y Y Y - - - - - - Y Y Y - - - - - - - Y - Y Y Y Y Y Y Y Y This issue has been resolved.
AT-9900 AT-9800 When a user creates permanent log filters, the existing default filter is moved to the bottom of the list of filters, instead of being deleted. This behaviour is correct. However, output of the command show config dyn=log previously included commands to delete the default filter then add it back in, which was confusing.
AT-9900 AT-9800 With unidirectional traffic or small frames, an STT connection would sometimes stop passing data. AT-8948 3 AT-8700XL STT AT-8600 CR00012594 AT-8800 Description Rapier i Level AR750S Module AR7x5 CR 23 AR44x / AR450 Features in 276-02 Y Y Y Y - - - - - - This issue has been resolved. This issue has been resolved.
AT-9900 AT-9800 To simplify displaying BGP memory usage, the command show bgp memlimit bgp has been removed. Use the command show bgp memlimit scan instead.
Features in 276-02 25 AT-8948 AT-9900 AT-9800 Two new commands have been added to simplify MSTP management: AT-8700XL - AT-8600 MSTP AT-8800 CR00007105 Description Rapier i Level AR750S Module AR7x5 CR AR44x / AR450 Enhancements - - - Y Y Y Y Y Y - Y Y Y Y Y Y Y Y Y Y - - - - - - - - Y - enable mstp port={port-list|all} disable mstp port={port-list|all} These commands enable or disable MSTP on the specified ports for the CIST and all currently-configured MS
CR Module Level Description AR7x5 AR750S Rapier i AT-8800 AT-8600 AT-8700XL AT-8948 AT-9900 AT-9800 26 AR44x / AR450 Features in 276-02 CR00011204 IP Gateway - This Software Version allows you to add ARP entries with multicast MAC addresses and allows the router or switch to accept packets with conflicting IP and MAC addresses. It introduces the enable ip macdisparity and disable ip macdisparity commands to support this.
AT-9900 AT-9800 By default, when the router receives a tagged packet on an Eth or VLAN interface and bridges it, the bridge strips out the packet’s VLAN tag.
Features in 276-01 28 Features in 276-01 Software Maintenance Version 276-01 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” in a white column indicates that the resolution is available in Version 276-01 for that product series. ■ “-” in a white column indicates that the issue did not apply to that product series. ■ a grey-shaded column indicates that Version 276-01 was not released on that product series.
AT-9900 AT-9800 Previously, if a switch port’s learn limit was changed to a number that was less than the currently-learned number of MAC addresses, you were unable to delete the learned MAC addresses. The switch also did not lock the port.
AT-8948 AT-9900 AT-9800 Sometimes the forwarding of packets occurred unnecessarily slowly. This happened if the forwarding interface was associated with an IP filter with a variable field pattern, such as TCP session or ICMP code and type.
AT-8948 AT-9900 AT-9800 When port authentication was using a RADIUS server, it sometimes stopped working after several hours. This was because port authentication generated RADIUS Accounting Request (STOP) messages with an incorrect Acct-SessionTime value.
AT-9900 AT-9800 Previously, if an IPsec/ISAKMP tunnel was under heavy load, an ISAKMP peer may have retransmitted messages. When the last message in an ISAKMP exchange was retransmitted, the remote peer did not expect to receive the second message after the exchange had finished and caused the router or switch to reboot.
AT-9900 AT-9800 Using an online limit for a PPP interface over PPPoE over a VLAN caused the router or switch to reboot when the online limit was reached.
Features in 276-01 34 AT-9900 AT-9800 When a user logged onto the router or switch through the GUI, the router or switch’s log recorded several HTTP 404 (Not Found) errors. This was because the browser expected to see some images that the GUI resource file did not contain.
AT-9900 AT-9800 The IAC (interpret as control) characters (0xFF) are escaped when sent across the permanent assignment connection. If TCP could not send the entire buffer, the two IAC characters were previously split up, which resulted in extra IAC characters in the receive buffers. AT-8948 3 AT-8700XL PERM AT-8600 CR00011664 AT-8800 Description Rapier i Level AR750S Module AR7x5 CR 35 AR400 Features in 276-01 Y Y Y - - - - - - - This issue has been resolved.
Features in 276-01 36 CR Module Level Description AR400 AR7x5 AR750S Rapier i AT-8800 AT-8600 AT-8700XL AT-8948 AT-9900 AT-9800 Enhancements CR00010196 BGP, - A new feature enables you to set the maximum length of the hardware route update queue, and display the current queue size, status and maximum length. For more information, see “Route Update Queue Length (CR00010196)” on page 44.
Adding Static ARP Entries with Multicast MAC Addresses (CR00011204) 37 Adding Static ARP Entries with Multicast MAC Addresses (CR00011204) This Software Version allows you to add ARP entries with multicast MAC addresses and allows the router or switch to accept packets with conflicting IP and MAC addresses. It introduces the enable ip macdisparity and disable ip macdisparity commands to support this.
Adding Static ARP Entries with Multicast MAC Addresses (CR00011204) To see whether macdisparity is enabled or disabled, use the command: show ip For an example of how to use ARP entries with multicast MAC addresses, see Guideline to Windows 2003 Network Load Balancing Clustering with Allied Telesyn Switches. This is available from the Resource Center on your Documentation and Tools CD-ROM, or from: www.alliedtelesyn.co.uk/en-gb/solutions/techdocs.
Securing a Single VLAN through Switch Filters (CR00011271) 39 Securing a Single VLAN through Switch Filters (CR00011271) On AT-8824, Rapier 24i, AT-8724XL and AT-8624 switches, this enhancement enables you to use switch filters to secure only the current VLAN, instead of securing all VLANs on the switch. To turn on this feature, a new command disables “vlansecure” for filters (see “Configuring vlansecure” on page 40).
Securing a Single VLAN through Switch Filters (CR00011271) Configuring vlansecure To turn off the default behaviour, so that the filter prevents access to only the current VLAN when you move the host, use the new command: disable switch filter vlansecure To return to the standard filter behaviour, use the new command: enable switch filter vlansecure To display which mode the filtering behaviour is in, use the existing command: show switch filter This command now displays the additional field “VlanSecure
Making Asynchronous Ports Respond More Quickly (CR00011565) 41 Making Asynchronous Ports Respond More Quickly (CR00011565) When an asynchronous port is in ten mode, it bundles together the characters that it receives within a certain time period, instead of passing them one at a time to a higher protocol layer for processing. The time period over which characters are bundled is set by the ten timer.
Making Asynchronous Ports Respond More Quickly (CR00011565) Figure 1: New parameters in the output of the show asyn=0 command ASYN 0 : 0000001470 seconds ASYN information Name ...................... Status .................... Mode ...................... Data rate ................. Parity .................... Data bits ................. Stop bits ................. Test mode ................. In flow state (mode) ...... Out flow state (mode) ..... Autobaud mode ............. Max tx queue length .......
Displaying Routes Learned from a Specific BGP Peer (CR00011724) Displaying Routes Learned from a Specific BGP Peer (CR00011724) This enhancement enables you to display: ■ the number of routes learned from a specific peer ■ information about each route learned from a specific peer Displaying the Number of Routes from a Peer To display the number of routes learned from a specific peer, use the existing command: show bgp peer=ip-address and check the new “Routes learned” field (Figure 2).
Route Update Queue Length (CR00010196) 44 Route Update Queue Length (CR00010196) When hardware learning delay is enabled (the default), the switch learns new routes in software, then places them into a queue for adding them to its hardware routing table.
Route Update Queue Length (CR00010196) Figure 4: Output of the show switch command when hardware learning delay is enabled Switch Configuration ----------------------------------------------------------Switch Address ............. 00-00-cd-12-78-03 Learning ................... ON Ageing Timer ............... ON IP route: Learn delay ............. 4 ms queue size ........ 0 queue limit ....... 1000000 percent in use .... 0 high water mark ... 0 queue maximum ..... 1500000 queue default .....
Permanent Assignments (CR00011355) 46 Permanent Assignments (CR00011355) Permanent assignments provide a method for creating permanent links between terminal ports on routers. Any two terminal ports on a single router or on routers that can communicate with each other via TCP/IP can be set up to have a permanent assignment between them. Asynchronous traffic coming into each port is sent via TCP to other port and then sent out that port.
Permanent Assignments (CR00011355) 47 Figure 5: Example output from the show perm command Port Name Local Remote IP address ----------------------------------------------laser-print 12 04 172.16.8.37 ----------------------------------------------- If the two ports of the permanent assignment are on different routers, the add perm command must be entered on each router. If both ports are on the same router, the command only needs to be entered once.
Permanent Assignments (CR00011355) Figure 6: Example output from the show perm command for router 172.26.4.1 Port Name Local Remote IP address ----------------------------------------------main office 02 03 172.20.34.9 ----------------------------------------------- The commands to be executed on the router with address 172.20.34.9 are: add perm=main office lport=3 rport=3 ip=172.26.4.1 show perm which produces the output shown in Figure 7.
Permanent Assignments (CR00011355) 49 Command Reference This section describes commands available on the router to configure and manage permanent assignments. add perm Syntax ADD PERM=perm-name LPORT=lport RPORT=rport IP=ipadd where: ■ perm-name is the name of the permanent assignment. The name is case- sensitive and must be identical on each router in the permanent assignment. If the name contains spaces, it must be in double quotes.
Permanent Assignments (CR00011355) 50 Related Commands delete perm reset perm set perm show perm delete perm Syntax DELete PERM=perm-name where perm-name is the name of the permanent assignment. The name is case sensitive and must be identical on each router in the permanent assignment. If the name contains spaces, it must be in double quotes. Description This command removes a named permanent assignment from the local router. The permanent assignment must also be removed from the remote router.
Permanent Assignments (CR00011355) 51 reset perm Syntax RESET PERM=perm-name where perm-name is the name of the permanent assignment. The name is case sensitive and must be identical on each router in the permanent assignment. If the name contains spaces, it must be in double quotes. Description This command resets a named permanent assignment. The port being used by the permanent assignment is reset and the TCP connection being used for the permanent assignment is reset.
Permanent Assignments (CR00011355) 52 set perm Syntax SET PERM=perm-name [LPORT=lport] [RPORT=rport] [IP=ipadd] where: ■ perm-name is the name of the permanent assignment. The name is case sensitive and must be identical on each router in the permanent assignment. If the name contains spaces, it must be in double quotes. ■ lport is the number of the local asynchronous port for this permanent assignment. Ports are numbered sequentially starting with port 0.
Permanent Assignments (CR00011355) 53 show perm Syntax SHOW PERM[=perm-name] where perm-name is the name of a permanent assignment Description This command displays the name, local and remote ports and remote IP address for all permanent assignments currently defined on the router. If a permanent assignment is specified by name, only that permanent assignment is displayed (Figure 8, Table 2).
Permanent Assignments (CR00011355) Related Commands add perm delete perm reset perm set perm Version 276-03 C613-10474-00 REV B 54
