Software Maintenance Release Note
Version 281-01
for AR700, AR415S, AR450S and AR44x series routers, and
AT-8600, AT-8700XL, Rapier i, AT-8800, AT-8900, x900-48, AT-9900, and AT-9800 series switches
This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 281-01 for Software Version 2.8.1. Version
details are listed in the following table:
Models
Series
Release File
Date
Size (bytes)
GUI file
AR415S, AR440S, AR441S, AR442S, AR450S
AR400
54281-01.rez
26 July 2006
4672392
415s_281-01_en_d.rsc
440s_281-01_en_d.rsc
441s_281-01_en_d.rsc
442s_281-01_en_d.rsc
450s_281-01_en_d.rsc
AR750S, AR770S
AR725, AR745
55281-01.rez
52281-01.rez
26 July 2006
26 July 2006
3934152
3999360
750s_281-01_en_d.rsc (AR750S)
AR7x5
725_281-01_en_d.rsc
745_281-01_en_d.rsc
AT-8624T/2M, AT-8624PoE, AT-8648T/2SP
AT-8724XL, AT-8748XL
AT-8600
sr281-01.rez
87281-01.rez
26 July 2006
26 July 2006
2249768
2292712
sr24_281-01_en_d.rsc
AT-8700XL
8724_281-01_en_d.rsc
8748_281-01_en_d.rsc
Rapier 24i, Rapier 48i, Rapier 16fi
AT-8824, AT-8848
Rapier i
86281-01.rez
86281-01.rez
26 July 2006
26 July 2006
4417996
4417996
r24i_281-01_en_d.rsc
r16i_281-01_en_d.rsc
r48i_281-01_en_d.rsc
AT-8800
8824_281-01_en_d.rsc
8848_281-01_en_d.rsc
Levels
3
Levels
Some of the issues addressed in this Maintenance Version include a level number. This number reflects the importance of the issue that has been resolved. The
levels are:
Level 1
Level 2
Level 3
Level 4
This issue will cause significant interruption to network services, and there is no work-around.
This issue will cause interruption to network service, however there is a work-around.
This issue will seldom appear, and will cause minor inconvenience.
This issue represents a cosmetic change and does not affect network operation.
Version 281-01
C613-10482-00 REV A
Features in 281-01
4
Features in 281-01
Software Maintenance Version 281-01 includes the resolved issues and enhancements in the following tables. In the tables, for each product series:
■
■
“Y” indicates that the resolution is available in Version 281-01 for that product series.
“-” indicates that the issue did not apply to that product series.
Level 1
CR
Module
Switch
Level
1
Description
If an AT-9924SP had a large number of SFPs installed and had a very high level of
traffic passing through the network, sometimes newly inserted SFPs were not
detected.
-
-
-
-
-
-
-
-
Y
Y
-
CR00012654
This issue has been resolved.
DHCP
1
In some configurations in which the DHCP server was enabled, the router or
switch compacted its flash memory frequently. This occurred because the DHCP
server unnecessarily updated record files in flash memory even if the record had
not changed.
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012715
CR00012760
This issue has been resolved, so that DHCP records are only updated when
necessary. Note that if the router or switch has NVS memory, it stores DHCP
records in NVS by preference, instead of in flash memory.
Log
1
Entering the command show debug caused the router or switch to reboot if one
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
or more long messages existed in the log.
This issue has been resolved.
Version 281-01
C613-10482-00 REV A
Features in 281-01
5
CR
Module
Switch
Level
1
Description
When STP is enabled on the switch but is disabled for a trunk (by using the
command disable stp port), the trunk should pass traffic. Previously, some trunk
members sometimes stayed in the “discarding” state instead.
-
-
-
-
-
-
-
Y
Y
-
CR00012933
This issue has been resolved.
DVMRP
1
1
Receiving a DVMRP Graft or Prune message occasionally caused the router or
switch to reboot.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
Y
Y
CR00013025
CR00013413
This issue has been resolved.
IP Gateway,
Load Balancer
If the router or switch was configured with a local interface IP address and the
interface to which this address belonged did not have a logical interface with
index 0, a number of connectivity issues from this router or switch occurred, in
which the router or switch was not able to communicate with UDP, TCP or PING.
Y
Y
This issue has been resolved.
SSL
1
When the router or switch used SSL to process HTTPS traffic, it rebooted.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00013666
This issue occurred, for example, when browsing securely to the GUI, or when
the load balancer was configured to support HTTPS traffic.
This issue has been resolved.
Version 281-01
C613-10482-00 REV A
Features in 281-01
6
Level 2
CR
Module
Bridge
Level
2
Description
The Bridge cannot be configured to bridge PPPoE packets from an Ethernet
interface that has also been configured as a PPPoE interface. Previously, such a
Bridge configuration would appear to succeed. However the Bridge would not
bridge PPPoE packets and the router would restart when the command reset
bridge was entered.
Y
Y
Y
-
-
-
-
-
-
-
CR00009212
This issue has been resolved. Note: if you want to bridge PPPoE packets, do not
also configure the router as a PPPoE endpoint (by using the command create
ppp=number over=ethx-any).
MSTP
2
2
2
Because of an MSTP issue, the switch did not always send a BPDU with an
agreement flag to its designated bridge, even if the switch was synchronised with
the latest spanning tree information from the designated bridge. This prevented
the designated port on the designated bridge from making a fast transition to
the forwarding state. The result was that the network could take up to two times
the “forward delay” time to fully converge.
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
Y
-
Y
Y
Y
Y
Y
Y
-
CR00009213
CR00009826
CR00010513
This issue has been resolved.
IP Gateway
When a static ARP is deleted, the router or switch sends out an ARP request to
attempt to create a dynamic ARP for that IP address. Previously, the router or
switch did not process the ARP response correctly and therefore did not add the
ARP to its ARP table.
Y
Y
Y
Y
This issue has been resolved. When a static ARP is deleted, the router or switch
attempts to create a dynamic ARP for that IP address, and will successfully add it
to the ARP table if a device responds.
BGP,
BGP did not update its route table when a blackhole route changed in IP.
This issue has been resolved.
Y
Y
Y
Y
IP Gateway
Version 281-01
C613-10482-00 REV A
Features in 281-01
7
CR
Module
File
Level
2
Description
The router or switch sometimes rebooted when copying a very large file (several
Mbytes). This issue has been resolved by improving the copy process so that it
uses fewer memory buffers.
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
Y
Y
-
Y
-
CR00011434
Switch
IPv6
2
2
On x900-48 Series switches, when the switch used a DSCP map to remark
packets, it did not mark the packets correctly.
CR00011670
CR00012364
This issue has been resolved.
For IPv6, if there were multiple equal cost multipath (ECMP) static routes to a
destination, and one or more links for the routes became inactive, the inactive
route was sometimes still chosen for forwarding. This caused brief data delivery
failure to the destination.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
Y
Y
This issue has been resolved.
IP Gateway
2
If the router or switch received an IP packet that had been sent as an Ethernet
broadcast, the router or switch responded as if the packet had been sent to its IP
address, even when the packet was destined for a different IP address. In
particular, the router or switch processed and responded to ICMP and TCP
packets that were sent as Ethernet broadcasts to different IP addresses. These
caused the router or switch to send ICMP echo responses or TCP reset packets.
Y
Y
CR00012534
This issue has been resolved. Such Ethernet broadcast packets are generally not
valid packets, so the router or switch now discards them.
Version 281-01
C613-10482-00 REV A
Features in 281-01
8
CR
Module
Firewall
Level
2
Description
When the WAN load balancer was used with IP NAT (instead of firewall NAT), and
an FTP session was established to a server on the public network, the router did
not correctly establish a return session. This meant data was unable to flow
correctly back from the server, and the router rebooted.
Y
-
Y
-
-
-
-
-
-
-
CR00012613
This issue has been resolved.
Note that the WAN load balancer is not designed for use with IP NAT, because IP
NATs are not associated with interfaces. Configurations that use an IP NAT cannot
vary the global IP address (the gblip parameter) based on the outgoing interface,
so the WAN load balancer sends all traffic out with the same source address.
Therefore, the return traffic probably comes back via the WAN load balancer
resource that is associated with the global IP. The impact is that the WAN load
balancer balances the outgoing traffic but not the return traffic.
We recommend using firewall NAT instead of IP NAT with the WAN load balancer.
VRRP,
IP Gateway
2
Under certain network conditions in which VRRP entities become temporarily
unsynchronised, the router or switch could receive a gratuitous ARP from a self-
elected VRRP master when the router or switch was still the master. This caused
the existing master to create an ARP entry that incorrectly redirected packets
towards the other VRRP entity even after the other entity had become a slave
again.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012624
This issue has been resolved. The router or switch no longer accepts gratuitous
ARPs from other VRRP entities while it is still the Master.
Switch
2
After the AR770S rebooted, the Port Link/Activity and Duplex/Collision LEDs
sometimes did not blink in response to activity and collisions, respectively.
-
-
Y
-
-
-
-
-
-
-
CR00012683
This issue has been resolved. The router detects the problem and recovers from
it, if possible. If it cannot recover from the problem, it generates a log message
of severity 6, module SWK, type REST, and subtype FAIL. The log message says
“An LED error has been detected, please power-cycle the device. If this message
appears again, contact your technical support representative for help.”
Version 281-01
C613-10482-00 REV A
Features in 281-01
9
CR
Module
Level
2
Description
IPsec, ENCO
Decrypting a large IPsec ESP packet sometimes caused the router or switch to
reboot.
Y
-
Y
-
Y
Y
Y
-
Y
-
-
-
-
-
-
-
-
-
-
-
CR00012697
This issue has been resolved.
Core
2
Soft errors can generate exceptions that would cause the router or switch to
reboot. Soft errors are spontaneous changes in the information stored in a digital
circuit, caused by physical effects. The router or switch’s handling of such errors
has been improved, so that it recovers without rebooting when possible.
CR00012710
Core, File,
Stack
2
2
The command create config=filename set did not copy the configuration file
to all switches in the stack, but only saved the file onto the current switch.
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
CR00012741
CR00012757
This issue has been resolved.
OSPF
The router or switch correctly accepted the command add ospf redistribution
protocol=static followed by the command set ospf asexternal=on or nssa.
However, the command create config did not create a valid configuration file
from these commands. If the router or switch used that configuration after a
reboot, it gave the error “Redistribution for specified routing protocol - already
exists” and did not use the user-defined redistribution definition.
Y
Y
Y
Y
This issue has been resolved. The router or switch now correctly saves and uses
the user-defined redistribution definition.
DHCP
Snooping,
2
2
When the switch had two DHCP snooping classifiers applied across all 48 ports,
and maxleases was set to 10 or more on each port, the switch rebooted.
-
-
-
-
-
-
-
-
-
-
Y
Y
-
-
CR00012820
CR00012821
Switch
This issue has been resolved.
IP Gateway
When adding, deleting or updating subnet routes of a more general route, the
software and hardware IP route tables sometimes became unsynchronised. The
same issue sometimes also occurred when updating ECMP routes. This could
cause the router or switch to forward packets to unexpected next hops.
Y
Y
Y
Y
Y
Y
This issue has been resolved.
Version 281-01
C613-10482-00 REV A
Features in 281-01
10
CR
Module
Level
2
Description
ASYN, Log
The following issues occurred with sending log messages to an asynchronous
port:
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012846
■ The log messages output on an asynchronous port were corrupt.
■ When log messages were output to an asynchronous port, that port was
(correctly) locked. However, the port remained locked after the asynchronous
log output definition was destroyed, and after the log output's destination
was changed from asynchronous to something else.
■ It was possible for a user to change the log output destination to an
asynchronous port while the user was logged into the asynchronous port. This
resulted in the user losing access to the command line interface.
■ It was possible to create a log output definition with an asynchronous port as
the destination even when another user was logged into that asynchronous
port. This resulted in the other user losing access to the command line
interface.
■ If a user changed the log output destination to an asynchronous port and
specified invalid parameters in the command, an error message was displayed
but the new output destination was saved anyway.
■ The set command allowed a user to specify an asynchronous port as the
destination without specifying the asynchronous port number. The number
defaulted to asyn0, which may not have been the desired port.
These issues have been resolved.
Core
2
2
If the switch was rebooted at a time when there was a high level of packet traffic
between the switch ports and the switch CPU, then during the reboot process it
was possible for RAM test errors to occur.
-
-
-
-
-
-
-
Y
Y
Y
Y
-
CR00012855
CR00012868
This issue has been resolved.
ENCO
Entering the command create enco key=number ip=? caused the router or
Y
Y
Y
Y
Y
Y
Y
Y
switch to reboot.
This issue has been resolved.
Version 281-01
C613-10482-00 REV A
Features in 281-01
11
CR
Module
Level
2
Description
IPv6, Switch
When an IPv6 accelerator card was installed, IPv6 multicast traffic was flooded to
all ports in a downstream VLAN, whether or not they had joined the multicast
group.
-
-
-
-
-
-
-
Y
Y
-
-
CR00012900
This issue has been resolved.
Switch, VLAN,
User
2
2
Under very rare circumstances, memory corruption could occur when packets
were transmitted by the CPU out a switch port.
Y
Y
-
Y
Y
-
-
-
-
-
-
-
-
CR00012911
CR00012951
This issue has been resolved.
IPv6
RIPng (for IPv6) sometimes sent sub-optimal routes to its neighbours. When
RIPng was configured in a network with loop topology, this could cause unstable
routing table entries on the neighbours (the metric kept being updated, as a
result of updates from neighbours).
Y
Y
Y
Y
Y
Y
This issue has been resolved. RIPng no longer sends sub-optimal routes.
Bridge
2
If a tagged packet was bridged out of a VLAN interface, the interface always
added a VLAN tag into the packet, even though the packet was already tagged.
Y
Y
Y
-
-
-
-
-
-
-
CR00012952
This issue has been resolved.
ATM
2
2
The maximum allowed value of the vpi parameter in the commands add and set
atm channel has been increased from 8 to 15.
Y
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
CR00012991
CR00013003
EPSR, Switch
When EPSR is enabled, it creates a classifier so it can send EPSR packets to the
CPU for processing. Previously, if too many classifiers existed and therefore EPSR
could not create the classifier, EPSR was enabled anyway. However, it did not
work correctly.
Y
Y
This issue has been resolved. Now, if EPSR cannot create the classifier, an error
message displays and EPSR is not enabled.
Version 281-01
C613-10482-00 REV A
Features in 281-01
12
CR
Module
IPv6
Level
2
Description
When an IPv6 address was deleted on the router or switch, and that IPv6 address
had previously been learnt by a remote IPv6 node, then the router or switch
would reboot if it received an ICMPv6 Neighbour Solicitation message from the
remote node. This meant, for example, that if you successfully pinged an address
on the router or switch, then deleted that address, then attempted to ping the
old address again, the router or switch would reboot.
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00013077
This issue has been resolved.
IP Gateway
UPnP
2
2
2
If the router or switch attempted to email log output, and used a domain name
server that gave a non-standard response to the DNS query, the router or switch
sometimes rebooted.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
CR00013234
CR00013276
CR00013309
This issue has been resolved.
In UPnP, Msearch requests were stored indefinitely, which eventually exhausted
the router’s memory and caused it to reboot.
This issue has been resolved. Msearch requests are now deleted once the router
has finished with them.
L2TP
When an L2TP LAC Client (for example, a Microsoft Windows XP VPN Client)
activated an L2TP tunnel to a router or switch that was operating as an LNS, the
dynamic PPP interface on the LNS left out the PPP authentication phase.
Y
Y
-
-
Y
Y
Y
This also prevented the interface from obtaining an IP address by remote IP
assignment from a User Database entry.
This issue has been resolved.
EPSR
2
The switch correctly accepted a changed ring flap time (the commands create or
set epsr ringflaptime). However, if the command create config was used to
save the configuration and the switch used that configuration after a reboot,
EPSR failed.
-
-
-
-
-
-
-
Y
Y
-
CR00013407
This issue has been resolved.
Version 281-01
C613-10482-00 REV A
Features in 281-01
13
CR
Module
PIMv6
Level
2
Description
When the router or switch used PIM for multicast routing, and an IPv6 multicast
client joined a group, then left it, then attempted to rejoin it, sometimes the
attempt to rejoin was not successful.
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00013529
This issue has been resolved.
Level 3
CR
Module
TTY
Level
3
Description
Editing a text file that consisted of a very large number of lines (approaching or
exceeding 30,000 lines) caused the router or switch to reboot.
Y
Y
Y
-
Y
Y
Y
-
-
-
-
Y
Y
-
Y
Y
-
-
CR00008766
This issue has been resolved.
Asyn
3
3
If information was sent to a console (asyn) port that had no cable plugged into
it, excessive CPU usage occurred.
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
CR00011444
CR00012309
This issue has been resolved.
WAN load
balancer
WAN load balancer performance has been improved, especially through
improvements to the session hashing mechanism.
Version 281-01
C613-10482-00 REV A
Features in 281-01
14
CR
Module
OSPF
Level
3
Description
An OSPF router or switch could show large numbers of entries in its
retransmission lists to certain neighbours under certain conditions (for example,
in a congested Frame Relay network). In some cases, the number of items in the
list was larger than the number of LSAs in the database.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012468
This issue has been resolved.
Also, a new NRL debugging option has been added to OSPF, to show additions
to and deletions from the neighbour retransmission list. To enable NRL
debugging, use the command:
enable ospf debug=nrl
Note that this option may generate large amounts of debugging output on a
large OSPF network. Use it with care.
To disable NRL debugging, use the command:
disable ospf debug=nrl
OSPF
3
3
In an OSPF NSSA, changing the router ID of the OSPF NSSA ASBR sometimes
caused the area border router to behave incorrectly.
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
-
CR00012598
CR00012607
This issue has been resolved.
Switch
IPv6 multicast routing using the IPv6 accelerator card on an AT-9924T or AT-8948
switch sometimes caused very high CPU utilisation, even though multicast data
is switched at wirespeed by the accelerator card.
This issue has been resolved.
many
3
The command show debug active displays information about currently-active
debugging for many modules at once. Similarly, the command disable debug
active disables debugging for many modules in a single step.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012708
This Software Version extends the list of modules that these commands act on.
They now apply to all modules with debug support, except for DS3, ACC, Q931,
SA, SYN, TPAD, and X25C.
Version 281-01
C613-10482-00 REV A
Features in 281-01
15
CR
Module
Level
3
Description
IP Gateway
When a link that had RIP configured on it went down, so that the router or switch
used an alternative route, output from the command show ip route sometimes
displayed incorrect information when the link came back up. When the link first
comes back up, the route's RIP metric is still 16, so the alternative route is still the
“best” route to the target. However, show ip route sometimes displayed a
disabled route over the original link, with a RIP metric of 16, as the best route,
even though the router or switch correctly used the alternative route.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012786
This issue has been resolved.
IP Gateway
3
3
Previously, the router accepted ARP entries with multicast IP and MAC addresses
when the MAC disparity feature was disabled. The MAC disparity feature is
disabled by default.
Y
Y
Y
Y
Y
Y
-
-
-
-
-
-
-
CR00012895
CR00012947
The issue has been resolved. The router now discards such ARP entries unless the
MAC disparity feature has been enabled by using the command enable ip
macdisparity.
Log
When a user entered the command show log receive=ipadd mask=mask, the
router or switch displayed an error message that said mask was not a valid
parameter.
Y
Y
Y
Y
Y
Y
Y
This issue has been resolved. The mask parameter is now valid for this command.
IPsec
3
3
With tunnel-mode IPsec, the router or switch decremented the time to live (TTL)
of IP packets twice when it forwarded the packets through the tunnel.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
-
-
-
-
-
-
CR00013007
CR00013048
This issue has been resolved.
Firewall
When IP NAT or firewall NAT was used, the router or switch sometimes generated
ICMP messages that specified the wrong source IP address. This meant that the
response to traceroute could be incorrect.
This issue has been resolved.
Version 281-01
C613-10482-00 REV A
Features in 281-01
16
CR
Module
IPv6
Level
3
Description
The router or switch sometimes rebooted when it processed a large number of
multicast routes that were created as the result of receiving a large amount of
data from more than 500 multicast groups.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
Y
CR00013049
This issue has been resolved.
OSPF
3
A user can configure a range on an OSPF ABR, so that the ABR aggregates the
network advertisements from one area into another area in the form of summary
LSAs. However, networks advertised into a transit area should not be aggregated
into summary LSAs. Previously, the router or switch advertised aggregated
summary LSAs into transit areas when a range had been configured.
Y
Y
Y
CR00013085
This issue has been resolved. When the router or switch is advertising into a
transit area, it ignores any configured range.
Switch
Core
3
3
When traffic on a port was mirrored and that port had a learn limit set, packets
from the CPU (such as ARP replies and ICMP replies) were not always mirrored.
-
-
-
-
-
-
Y
-
Y
-
Y
Y
Y
-
-
-
-
-
-
-
CR00013093
CR00013190
This issue has been resolved.
If a AT-8624PoE switch had a sticky fan, the fan constantly toggled between
running at full speed and slowing down. This meant that the fan continuously
generated alarms.
This issue has been resolved. If the fan reports an error more than 3 times in an
hour, it now remains at its maximum speed setting.
Core
3
On the AT-8624PoE switch, a fan fault alarm was not generated when the fan
speed dropped to 70% of the expected speed.
-
-
-
-
-
Y
-
-
-
-
CR00013202
This issue has been resolved. When the speed drops to 70% or less, a alarm is
now generated.
Version 281-01
C613-10482-00 REV A
Features in 281-01
17
CR
Module
Core
Level
3
Description
The system LED did not indicate when an internal power supply fault occurred.
-
-
Y
Y
-
-
-
-
-
-
-
-
CR00013243
This issue has been resolved. The system LED now flashes 3 times to indicate a
fault. Also, output of the show system command now reports voltages more
accurately.
OSPF
3
3
When a user changed the OSPF priority of an interface, the router or switch did
not immediately perform the process to elect a Designated Router and Backup
Designated Router (BDR).
Y
-
Y
-
Y
-
Y
-
Y
-
Y
-
Y
Y
Y
Y
Y
-
CR00013279
CR00013353
This issue has been resolved.
Switch
Certain BIST and AUTOBURNIN tests reported errors, especially if an IPv6
accelerator was installed. Also, if a user entered the commands disable or
enable switch learning and an IPv6 accelerator was installed, the switch
displayed an error message that said:
“SWI ERROR: (1) swmxMacLearningSet [1] - Unable to set learning”
These issues have been resolved.
BGP
3
3
When a user created a BGP module trigger for the peerstate event, the router
or switch did not allow specification of the script or state parameters.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
Y
Y
CR00013421
CR00013538
This issue has been resolved. All such generic parameters are now available with
module-specific triggers.
IP Gateway
Software Version 2.8.1 introduced a new msgtype parameter for the command
add igmp filter, which enables users to filter on IGMP query, report or leave
messages. This parameter was mistakenly made compulsory. Therefore, if an
existing configuration script contained IGMP filters, and the router or switch
restarted with that configuration, the filters did not work.
Y
Y
This issue has been resolved. The msgtype parameter is now optional, with a
default of report.
Version 281-01
C613-10482-00 REV A
Features in 281-01
18
Level 4
CR
Module
GUI
Level
4
Description
When the web-based GUI is used to add or remove ports from a port-based
VLAN association on an AT-9812T switch, the icons representing alternate ports
faced opposite directions.
-
-
-
-
-
-
-
-
-
-
-
-
-
Y
CR00010159
This issue has been resolved. The port icons now all have the same orientation.
IPsec
4
In output of the commands show ipsec policy and show ipsec policy
sabundle, the value for the number of bytes currently used by each SA bundle
was sometimes truncated.
Y
Y
Y
Y
Y
-
CR00011311
This issue has been resolved, and both commands now display the correct
number. As part of this, output of the command show ipsec policy has been
modified so that the expiry limits in bytes and in seconds display on separate
lines.
Also, if the expirykbytes parameter of the command create or set ipsec
bundlespecification was given a value higher than 4193280, the router or
switch instead used a lower value.
This issue has been resolved. If you specify a value above 4193280, the router or
switch now displays a warning message and sets the expiry limit to 4193280
kbytes.
IP Gateway
4
Previously the switch allowed users to specify the tag parameter when creating
or modifying a blackhole route with the commands add or set ip route.
However, blackhole routes cannot be tagged, so the switch did not apply the tag
setting in its saved configuration.
-
-
-
-
-
-
-
Y
Y
-
CR00011788
This issue has been resolved. If a command contains both the blackhole and tag
parameters, the switch now returns an error message.
Version 281-01
C613-10482-00 REV A
Features in 281-01
19
CR
Module
Level
4
Description
Remote Telnet
The “?” help description for the enable command stated that the parameter
rtelnet would “Disable the use of remote telnet to control an asyn port”.
Y
Y
Y
Y
-
-
-
-
-
-
CR00012270
This issue has been resolved. The query now states that the command enable
rtelnet enables remote telnet.
PPP
GUI
4
4
Output of the command show ppp idletimer did not display the PPP interface
name.
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
-
-
-
Y
-
Y
-
Y
-
CR00012581
CR00012655
This issue has been resolved.
The web-based Graphical User Interface (GUI) did not display software QoS
counters.
This issue has been resolved. The counters now display correctly. To access them,
select Diagnostics in the left-hand menu.
Install,
Stacking
4
4
4
If the local command show config dynamic was entered as a host-directed
command, the switch gave an incorrect error message.
-
-
-
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
CR00012755
CR00012774
CR00012824
This issue has been resolved. If you attempt to direct show config dynamic to
a host, the switch now responds with the message “Command is local, do not
use host direction”.
IP Gateway,
TCP
In an unusual network configuration where the IP subnet on one interface was a
subset of that on another interface, it was possible for the results of a trace route
to show erroneous information.
Y
Y
Y
Y
Y
This issue has been resolved. A search for an interface using an address within
the interface's subnet now finds the most specific match for the address.
GUI
Internet Explorer did not display the switch trunking summary page correctly. If
the user selected a trunk group, the radio button displayed a grey image, instead
of displaying a black dot inside a circle. This was only a display issue—the GUI
acted on the selected trunk group correctly.
-
-
-
This issue has been resolved.
Version 281-01
C613-10482-00 REV A
Features in 281-01
20
CR
Module
L2TP
Level
4
Description
When the router or switch was configured as an LNS and received an incoming
L2TP call that was associated with a disabled PPP interface, it produced an
incorrect log message.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
Y
CR00012916
This issue has been resolved.
Log
IPv6
4
4
4
When a user entered the command show log receive=ipadd, information
about all IP addresses was displayed unless the user also entered the mask
parameter.
Y
Y
Y
Y
Y
CR00012946
CR00013086
CR00013115
This issue has been resolved. Specifying an IP address without a mask now limits
the display to information about that IP address.
When the router or switch was running MLD and sent an MLD query packet, it
incremented the OutEchos counter instead of the OutGroupMembQueries
counter.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
-
-
Y
Y
Y
Y
This issue has been resolved. To see the OutGroupMembQueries counter, enter
the command show ipv6 counter.
IP Gateway
The “?” help description for the fragment parameter of the add ip interface
Y
Y
command was unclear.
This issue has been resolved. The query now states that the parameter “Decides
if Do Not Fragment is obeyed for IP packet larger than MTU”.
Version 281-01
C613-10482-00 REV A
Features in 281-01
21
Enhancements
CR
Module
Bridge
Level
-
Description
By default, when the router receives a tagged packet on an Eth or VLAN interface
and bridges it, the bridge strips out the packet’s VLAN tag. This enhancement
enables you to set the bridge to instead retain the tag, by using off, no or false
in the new command:
Y
Y
Y
-
-
-
-
-
-
-
CR00012620
set bridge stripvlantag={on|off|yes|no|true|false}
The default is on. To see whether stripping is turned on or off, use the command:
show bridge
and check the new StripVlantag entry.
L2TP
-
The connection between the router or switch, acting as an LNS, and a third party
peer, acting as an LAC, can sometimes fail during PPP link negotiation. Frequent
negotiation failures can indicate a compatibility problem between the third party
peer and Proxy Authentication responses from the router or switch. With this
enhancement, you can now disable Proxy Authentication on the router or switch
for situations where the third party equipment is not compatible. Use
proxyauth=off in the command:
Y
Y
Y
Y
Y
-
-
Y
Y
Y
CR00012692
add l2tp ip=ipadd[-ipadd] ppptemplate=0..31
[number={off|on|startup}] [pre13={off|on}]
[proxyauth={off|on}]
[tosreflect={off|on|false|true|no|yes}]
The default for proxyauth is on. Proxy Authentication should not be disabled
unless necessary.
To see whether Proxy Authentication is turned on or off, use the command:
show l2tp ip
and check the new Proxy Authentication entry.
Version 281-01
C613-10482-00 REV A
Features in 281-01
22
CR
Module
File
Level
-
Description
Previously, a user could delete the preferred software release and the current
boot configuration file (by using the command delete file), without first setting
a new preferred release or boot configuration file. Therefore, it was possible to
accidentally delete these files, which caused network disruptions if the router or
switch restarted. If the router or switch restarted after the user had deleted the
preferred release, it booted from the fallback software. Similarly, if the router or
switch restarted after the user had deleted the current boot configuration file, it
started up with no configuration.
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
CR00012850
CR00013109
This enhancement ensures that users can no longer delete the preferred software
release or the current boot configuration file. If you want to delete the files
without specifying new preferred files, first use the commands delete
install=pref or set config=none to stop the files from being preferred.
Core, SNMP,
Stack
-
Stacked devices are now SNMP accessible through a single IP address. The MIB
Object stackSnmpHost (at-stack.mib) is used to determine which stacked device
is currently responding to SNMP Requests. By setting the value of
-
-
-
Y
Y
Y
Y
Y
Y
-
CR00012857
CR00011277
stackSnmpHost, an SNMP manager can chose any one of the stacked switches
to poll. After a new value is set successfully, a new SNMP agent is chosen. On
SNMP V1 and V2c operations, the new agent is immediately ready to talk to the
manager. On SNMP v3 operations, the manager needs to re-run engine discovery
to re-synchronize the agent and manager.
Traps and notifications from stacked devices now include an extra object called
hostID, which gives the value of the switch’s host ID. This identifies which stacked
switch produced the trap or notification.
Switch
Core
-
-
New AT-8600 Series switches are now ROHS compliant (lead free). This
enhancement ensured that the new ROHS compliant 1 gigabit uplink ports are
fully supported on AT-8648T/2SP switches.
-
-
-
-
-
-
-
-
-
-
Y
Y
-
-
-
-
-
-
-
-
CR00013394
CR00013584
On AT-8624PoE switches, a new 7000 rpm fan is now supported.
Version 281-01
C613-10482-00 REV A
|