Patch Release Note
Patch 86222-06
For Rapier Switches and AR800 Series
Modular Switching Routers
Introduction
This patch release note lists the issues addressed and enhancements made in
patch 86222-06 for Software Release 2.2.2 on existing models of Rapier L3
managed switches and AR800 Series L3 modular switching routers. Patch file
Table 1: Patch file details for Patch 86222-06.
86s-222.rez
Base Software Release File
Patch Release Date
30-Aug-2001
86222-06.paz
226776 bytes
Compressed Patch File Name
Compressed Patch File Size
This release note should be read in conjunction with the following documents:
I
Release Note: Software Release 2.2.2 for Rapier Switches, AR300 and
AR700 Series Routers, and AR800 Series Modular Switching Routers
(Document Number C613-10313-00 Rev A) available from
I
I
Rapier Switch Documentation Set for Software Release 2.2.1 available on
the Documentation and Tools CD-ROM packaged with your switch, or
AR800 Series Modular Switching Router Documentation Set for Software
Release 2.2.1 available on the Documentation and Tools CD-ROM
packaged with your switching router, or from www.alliedtelesyn.co.nz/
WARNING: Using a patch for a different model or software release may cause
unpredictable results, including disruption to the network. Information in this
release note is subject to change without notice and does not represent a
commitment on the part of Allied Telesyn International. While every effort has
been made to ensure that the information contained within this document and
the features and changes described are accurate, Allied Telesyn International
can not accept any type of liability for errors in, or omissions arising from the
use of this information.
Simply connecting the world
Patch 86222-06 For Rapier Switches and AR800 Series Modular Switching Routers
3
PCR: 01170
Module: IPv6
Network affecting: No
A fatal error occurred if an IPv6 interface was deleted while packets were
being transmitted. The number of current interfaces was not being updated
correctly when a new IPv6 interface was added. As a result, after multiple
additions and deletions, no more IPv6 interfaces could be added. These
issues have been resolved.
PCR: 01176
Module: PKI
Network affecting: No
The CREATE CONFIG command now adds PKI certificates to the script in
the same order that they were originally added to the certificate database.
PCR: 01177
Module: PKI
Network affecting: No
PKI certificates are now periodically checked (once per hour) to verify that
they are still valid.
PCR: 01178
Module: IPSEC
Network affecting: No
IPCOMP SA’s which have the reserved CPI “3” are no longer deleted by
ISAKMP delete messages.
PCR: 01179
Module: SWI
Network affecting: No
When a VLAN was created and then destroyed on the G6 or G6F, the
VTABLE was corrupted. This has been fixed.
PCR: 01181
Module: DHCP
Network affecting: No
DHCP failed to send request messages when it was in a rebinding or
renewing state. This issue has been resolved.
PCR: 01185
Module: SWI
Network affecting: No
In some extreme traffic conditions the switch could lock up, preventing
switching of any traffic. This issue has been resolved.
PCR: 01186
Module: FIREWALL
Network affecting: No
When large numbers of sessions were being handled the firewall would
become overly aggressive in restricting new sessions. The Active TCP Opens
field in the output of the SHOW FIREWALL POLICY would show a very
8
high number (42 × 10 ). This issue has been resolved.
PCR: 01187
Module: IPG
Network affecting: No
If the IGMP table was empty and a timeout was set, a fatal error occurred.
This issue has been resolved.
Patch 86222-06 for Software Release 2.2.2
C613-10319-00 REV F
4
Patch Release Note
Features in 86222-04
Table 3: Patch file details for Patch 86222-04.
86s-222.rez
Base Software Release File
Patch Release Date
24-Aug-2001
86222-04.paz
220220 bytes
Compressed Patch File Name
Compressed Patch File Size
Patch 86222-04 includes all issues resolved and enhancements released in
previous patches for Software Release 2.2.2, and the following enhancements:
PCR: 01124
Module: PKI
Network affecting: No
Message protection validation failures would occur intermittently. This
issue has been resolved.
PCR: 01136
Module: ISAKMP
Network affecting: No
ISAKMP now interoperates with other vendor’s products in aggressive
mode exchanges.
PCR 01138
Module: CORE, SWI
Network affecting: No
Support has been added for the 8624XL-80 switch with -48VDC power
supply.
PCR: 01152
Module: FIREWALL
Network affecting: No
In a dual policy configuration, the firewall would lock up under load. The
firewall would also mistakenly report SYN attacks. These issues have been
resolved.
PCR: 01159
Module: PIM
Network affecting: No
The CREATE CONFIG command generated duplicate PIM interface
configuration command lines. This issue has been resolved.
PCR: 01162
Module: PKI
Network affecting: No
Certificates containing GeneralisedTime with the year in YYYY format are
now parsed correctly. The keyUsage field of certificates is now parsed
correctly when only one byte has been specified. The CRL update time is now
displayed correctly in hours. If the username and password parameters are
present the location parameter must be present and appear before the
username and password parameters.
PCR: 01165
Module: DHCP
Network affecting: No
The DHCP server now correctly allocates addresses to clients running
Apple Open Transport 2.5.1 or 2.5.2.
PCR: 01166
Module: FIREWALL
Network affecting: No
Both public and private access could be configured on the same interface on
a policy. This issue has been resolved.
Patch 86222-06 for Software Release 2.2.2
C613-10319-00 REV F
Patch 86222-06 For Rapier Switches and AR800 Series Modular Switching Routers
5
PCR: 01167
Module: ENCO
Network affecting: No
RSA encryption is now periodically suspended to ensure other processes
get some CPU time during large RSA calculations.
PCR: 01169
Module: ISAKMP
Network affecting: No
The CREATE ISAKMP command now checks that the key specified by the
LOCALRSAKEY parameter actually exists in the ENCO module.
PCR: 01171
Module: ETH, TRIGGER
Network affecting: No
The INTERFACE parameter of the CREATE TRIGGER and SET TRIGGER
commands now supports Ethernet interfaces. Ethernet interface events can
now generate triggers.
PCR: 01173
Module: Telnet
Network affecting: No
The Telnet server’s listen port can now be configured to a number in the
range 1 to 65535, excluding any ports already assigned as listen ports.
PCR: 01174
Module: Firewall
Network affecting: No
The CREATE CONFIG command sometimes generated scripts for rule
commands with GBLIP=0.0.0.0 when this was not necessary. This issue has
been resolved.
Features in 86222-03
Table 4: Patch file details for Patch 86222-03.
86s-222.rez
8-Aug-2001
86222-03.paz
205828 bytes
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
Patch 86222-03 includes all issues resolved and enhancements released in
previous patches for Software Release 2.2.2, and the following enhancements:
PCR: 01112
Module: IPG
Network affecting: No
DNS response packets with corrupt length fields were causing a fatal error.
This issue has been resolved.
PCR: 01139
Module: IPG
Network Affecting: No
IP NAT caused a fatal error when an ARP wait timer timed out and tried to
send a host unreachable message. This issue has been resolved.
PCR: 01147
Module: STT
Network affecting: No
The router was restarting after a “teardrop” attack on the STT listen port.
This issue has been resolved.
Patch 86222-06 for Software Release 2.2.2
C613-10319-00 REV F
6
Patch Release Note
PCR: 01150
Module: FIREWALL
Network affecting: No
The entry aging process now works correctly even when there are large
numbers of firewall entries to be aged.
PCR: 01153
Module: IPG
Network affecting: No
The command SHOW IP DEBUG=n was entered, where n was one greater
than the number of items in the IP debug queue resulted in a fatal error. This
issue has been resolved.
Features in 86222-02
Table 5: Patch file details for Patch 86222-06.
86s-222.rez
26-Jul-2001
86222-02.paz
202564 bytes
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
Patch 86222-02 includes all issues resolved and enhancements released in
previous patches for Software Release 2.2.2, and the following enhancements:
PCR: 01081
Module: FIREWALL
Network affecting: No
When an interface on the firewall was configured with a global IP address
of 0.0.0.0, outgoing packets from the private interface to the public interface
sometimes caused a fatal error. This issue has been resolved.
PCR: 01126
Module: PKI
Network affecting: No
Re-validation of temporary CA certificates now works correctly.
PCR: 01128
Module: IPG
Network affecting: No
A fatal error occurred when IGMP received a Join message and attempted
to forward the Join message to other switch ports. This issue has been
resolved.
PCR: 01131
Module: CORE
Network affecting: No
The SHOW CPU command sometimes displayed incorrect CPU utilisation
figures. Typically a value of about 74% was reported when in fact the CPU
was almost idle. This issue has been resolved.
PCR: 01134
Module: GUI
Network affecting: No
Port parameters can now be set correctly using the Layer 3 Switch GUI.
PCR: 01135
Module: GUI,INST
Network affecting: No
Clicking the Apply button on a Layer 3 Switch GUI page caused the switch
to lock up if no configuration file was set, but boot.cfg was present. This
issue has been resolved.
Patch 86222-06 for Software Release 2.2.2
C613-10319-00 REV F
Patch 86222-06 For Rapier Switches and AR800 Series Modular Switching Routers
7
PCR: 01137
Module: IPG
Network affecting: No
A fatal error occurred when UDP received a packet with very long UDP
packet length. This issue has been resolved.
Features in 86222-01
Table 6: Patch file details for Patch 86222-01.
86s-222.rez
11-Jul-2001
86222-01.paz
187124 bytes
Base Software Release File
Patch Release Date
Compressed Patch File Name
Compressed Patch File Size
Patch 86222-01 includes the following enhancement for Software Release 2.2.2:
PCR: 01100 Module: DHCP Network affecting: No
The DHCP server identified the wrong port numbers for incoming DHCP
requests causing DHCP replies to be sent to the wrong port. This issued has
been resolved.
PCR: 01102
Module: IPG
Network affecting: No
The IP flow cache occasionally generated a watchdog fatal error. This issued
has been resolved.
PCR: 01102
Module: SWI
Network affecting: No
Deleting entries from an L3 table occasionally resulted in a watchdog fatal
error. This issued has been resolved.
PCR: 01106
Module: PKI
Network affecting: No
PKI enrolment no longer causes message validation to fail.
PCR: 01119
Module: IPV6
Network affecting: No
Repeated addition and deletion of an address with the VALID parameter set
to or from an IPV6 interface caused a fatal error. This issue has been
corrected. The VALID parameter specifies the life of the address, and
defaults to INFINITE. The address is deleted when the lifetime expires. The
PREF parameter specifies the time that the address is the preferred address
of the interface, and defaults to INFINITE. PREF must be less than or equal
to VALID. IPV6 now checks and ensures that if either PREF or VALID is
specified, PREF is less than or equal to VALID. When an address is deleted
the timers are now correctly cleared.
PCR: 01120
Module: IPG
Network affecting: No
IP sometimes passed the wrong port number to PIM, causing PIM to
process the wrong port number in its routing table. This issued has been
resolved.
Patch 86222-06 for Software Release 2.2.2
C613-10319-00 REV F
8
Patch Release Note
Availability
Patches can be downloaded from the Software Updates area of the Allied
licence or password is not required to use a patch.
Patch 86222-06 for Software Release 2.2.2
C613-10319-00 REV F
|