Allied Telesis Network Router 86222 10 User Manual

Patch Release Note  
Patch 86222-10  
For Rapier Switches and AR800 Series  
Modular Switching Routers  
Introduction  
This patch release note lists the issues addressed and enhancements made in  
patch 86222-10 for Software Release 2.2.2 on existing models of Rapier L3  
managed switches and AR800 Series L3 modular switching routers. Patch file  
details are listed in Table 1.  
Table 1: Patch file details for Patch 86222-10.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
29-Nov-2001  
86222-10.paz  
295536 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
This release note should be read in conjunction with the following documents:  
Release Note: Software Release 2.2.2 for Rapier Switches, AR300 and  
AR700 Series Routers, and AR800 Series Modular Switching Routers  
(Document Number C613-10313-00 Rev A) available from  
Rapier Switch Documentation Set for Software Release 2.2.1 available on  
the Documentation and Tools CD-ROM packaged with your switch, or  
AR800 Series Modular Switching Router Documentation Set for Software  
Release 2.2.1 available on the Documentation and Tools CD-ROM  
packaged with your switching router, or from www.alliedtelesyn.co.nz/  
WARNING: Using a patch for a different model or software release may cause  
unpredictable results, including disruption to the network. Information in this  
release note is subject to change without notice and does not represent a  
commitment on the part of Allied Telesyn International. While every effort has  
been made to ensure that the information contained within this document and  
the features and changes described are accurate, Allied Telesyn International  
can not accept any type of liability for errors in, or omissions arising from the  
use of this information.  
Simply connecting the world  
 
 
Patch 86222-10 For Rapier Switches and AR800 Series Modular Switching Routers  
3
PCR: 01248  
Module: SWI  
Network affecting: No  
A configuration problem prevented trunking of gigabit ports at 100Mbit  
speeds. This issue has been resolved. The A39 gigabit copper uplink  
reverted to autonegotiation after a restart, even if it was configured to a  
fixed speed. This issue has been resolved. When the port has been  
configured for a fixed speed, the mode is now set to MDIX, not MDI.  
PCR: 01254  
Module: PRI  
Network affecting: No  
When an M2 version of the AR020 PRI E1/T1 PIC was installed in a AR040  
NSM it was not possible to select the T1 mode of operation regardless of the  
jumper setting. This issue has been resolved.  
PCR: 01256  
Module: Firewall  
Network affecting: No  
A fatal error occurred when the firewall discarded disallowed multicast  
packets. This issue has been resolved.  
Features in 86222-08  
Patch file details for Patch 86222-08 are listed in Table 3.  
Table 3: Patch file details for Patch 86222-08.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
09-Nov-2001  
86222-08.paz  
291012 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-08 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01201  
Module: L2TP  
Network affecting: Yes  
Tunnel creation failed when attempting to establish a point-to-point tunnel  
from an ATR router (tunnel originator) to another vendor’s router. This  
issue has been resolved.  
PCR: 01233  
Module: PIM  
Network affecting: No  
When IGMP snooping was enabled, if a member left a group on a port, it  
could not re-join the group on that port. This issue has been resolved.  
Substantial changes have been made to PIM in more recent code releases.  
These have been retrofitted to 2-2-2 in the patch. Note: these changes have  
incorporated PCRs 01159 and 01190.  
PCR: 01236  
Module: PPP  
Network affecting: No  
The PPPoE access concentrator did not stop RADIUS accounting when a  
PADT termination was received without receiving a proper PPP  
termination first. This issue has been resolved.  
Patch 86222-10 for Software Release 2.2.2  
C613-10319-00 REV J  
 
 
4
Patch Release Note  
PCR: 01237  
Module: SWI  
Network affecting: No  
The dot1dBridge MIB implementation now complies with RFC1493.  
Features in 86222-07  
Patch file details for Patch 86222-07 are listed in Table 4:  
Table 4: Patch file details for Patch 86222-07  
86s-222.rez  
Base Software Release File  
Patch Release Date  
26-Oct-2001  
86222-07.paz  
250468 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-07 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01018  
Module: DHCP  
Network affecting: No  
DHCP now correctly handles request messages containing request list  
options not supported by the router.  
PCR: 01160  
Module: IPG,FIREWALL  
Network affecting: No  
The router would accept TCP sessions with destination address the same as  
the subnet broadcast address for one of the router’s interfaces. Firewall-  
generated packets destined for a subnet broadcast address on one of the  
routers interfaces would cause a fatal error. These issues have been  
resolved.  
PCR: 01168  
Module: HTTP  
Network affecting: No  
A watchdog timout occurred when the router received an HTTP message  
with an over-length header. Normal HTTP requests would also occasionally  
cause watchdog timeouts. These issues have been resolved.  
PCR: 01182  
Module: OSPF  
Network affecting: No  
The OSPF route filter was not filtering out external routes. This issue has  
been resolved.  
PCR: 01193  
Module: IPG  
Network affecting: No  
MD5 Authentication now works correctly with RIP packets.  
PCR: 01194  
Module: L2TP, IPG  
Network affecting: No  
The SET IP LOCAL command caused a fatal error if the router was  
configured with a default route over an L2TP tunnel, because there was no  
valid route to the remote IP address of the tunnel. This issue has been  
resolved.  
Patch 86222-10 for Software Release 2.2.2  
C613-10319-00 REV J  
 
Patch 86222-10 For Rapier Switches and AR800 Series Modular Switching Routers  
5
PCR: 01197  
Module: Q931  
Network affecting: No  
Debug messages are no longer generated when a Q.931 Advise of Charge  
Notification message is received.  
PCR: 01198  
Module: TCP  
Network affecting: No  
TCP sessions would get stuck in the FINWAIT2 state if the remote host did  
not send a FIN message when required. The router now starts a timer when  
a TCP session enters the FINWAIT2 state and will automatically close the  
session if the timer expires.  
PCR: 01199  
Module: IPG  
Network affecting: No  
The SET IP FILTER command was not correctly handling the ICMPTYPE  
and ICMPCODE parameters. This issue has been resolved.  
PCR: 01202  
Module: DHCP  
Network affecting: No  
The router will now accept DHCP messages that are greater than or equal  
to 576 bytes in size, and reject any message smaller than 576 bytes. This  
operation conforms to RFC 1541.  
PCR: 01203  
Module: ISAKMP  
Network affecting: No  
ISAKMP quick mode exchanges are now committed if any traffic is received  
over the newly generated SA. This improves stability in very lossy networks  
where the commit message may get lost.  
PCR: 01204  
Module: ISAKMP  
Network affecting: No  
ISAKMP debugging caused a fatal error when the debugging mode was set  
to ALL and PFS was enabled. This issue has been resolved.  
PCR: 01205  
Module: PPP  
Network affecting: No  
PPPoE interfaces with IDLE set to ON would not retry active discovery  
when more data was received if active discovery had previously failed. This  
issue has been resolved.  
PCR: 01206  
Module: ISAKMP  
Network affecting: No  
A memory loss occurred when certificates were used by ISAKMP. This issue  
has been resolved.  
PCR: 01207  
Module: ISAKMP  
Network affecting: No  
ISAKMP heartbeats are no longer transmitted if the lower layer interface is  
down. This stops ISAKMP heartbeats from bringing up links in dial-up  
environments.  
PCR: 01209  
Module: ISAKMP  
Network affecting: No  
In some conditions it was possible for ISAKMP packets to be lost and not  
retransmitted. Incoming ISAKMP messages are now validated before  
stopping retransmission of the previous message.  
PCR: 01211  
Module: SWI  
Network affecting: No  
The COS_DST bit on ARL for L3 interface should be 0x4 (higher priority) for  
CPU ports. This has been corrected.  
Patch 86222-10 for Software Release 2.2.2  
C613-10319-00 REV J  
 
6
Patch Release Note  
PCR: 01213  
Module: TRG, SNMP  
Network affecting: No  
The Trigger Facility was generating a trap with variable { 0 0 }, and was not  
documented in the ATI enterprise MIB. This issue has been resolved. The  
MIB object triggerLastTriggerActivated ({ enterprises(1) alliedTelesyn(207)  
mibObjects(8) brouterMib(4) atrouter(4) modules(4) trigger(53) 1 }) has been  
defined, to record the trigger number of the last trigger activated, and this  
variable is now transmitted in the trigger activation trap triggerTrap.  
PCR: 01214  
Module: SWI  
Network affecting: No  
In a Rapier G6, fitted with a fibre uplink module with all ports active,  
switching traffic between port 1 and the uplink caused the traffic flow to  
cease after a period of time depending on the volume of traffic. This issue  
has been resolved.  
PCR: 01216  
Module: STP  
Network affecting: No  
The Rapier did not include the message age of the received BDPU message  
in the message age of the BDPU it transmitted. Also, the message age of the  
message transmitted BDPU could be less than that of the received BDPU,  
which contravenes IEEE 802.3d. This issue has been resolved.  
PCR: 01219  
Module: VLAN,SWI  
Network affecting: No  
Reception of incorrectly tagged packets was causing corruption of the ARL  
table, eventually causing the switch to lock up. This issue has been resolved.  
Tagged packets with invalid VLAN identifiers are now discarded. The  
INFILTERING parameter of the SET SWITCH PORT command now  
defaults to ON.  
PCR: 01221  
Module: SWI  
Network affecting: No  
Flow control performance has been improved.  
PCR: 01225  
Module: IPSEC  
Network affecting: No  
The IPsec SA ID now wraps correctly at the 16 bit (ID = 65535) boundary.  
The ID is also checked to verify that it is free before it is used.  
PCR: 01227  
Module: PPP  
Network affecting: No  
If PPPoE AC services were not deleted in the same order they were added,  
the DELETE command would return an “ operation successful” message  
but the service would still appear in the output of the SHOW PPP PPPOE  
command. This issued has been resolved.  
PCR: 01229  
Module: SWI  
Network affecting: No  
The CREATE CONFIG command did not include all required L3FILTER  
parameters in the generated script file.  
PCR: 01232  
Module: SWI  
Network affecting: No  
The L3 table on the Rapier G6 is now cleared when a switch port goes down  
to ensure the L3 and ARP tables are consistent.  
Patch 86222-10 for Software Release 2.2.2  
C613-10319-00 REV J  
 
Patch 86222-10 For Rapier Switches and AR800 Series Modular Switching Routers  
7
PCR: 01234  
Module: SWI  
Network affecting: No  
A switch port that was transmitting STP BPDUs and also mirroring its  
transmit traffic to the mirror port caused a fatal error. This issue has been  
resolved.  
Features in 86222-06  
Patch file details for Patch 86222-06 are listed in Table 5.  
Table 5: Patch file details for Patch 86222-06.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
30-Aug-2001  
86222-06.paz  
226776 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-06 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01188  
Module: SWI  
Network affecting: No  
The power supply voltages of the base board PHYs on a Rapier G6 are  
controlled by a PHY register value, which was incorrectly set. This issue has  
been resolved.  
PCR: 01190  
Module: PIM  
Network affecting: No  
In PIM Dense Mode, if a data stream started before PIM hello messages  
were exchanged, the receiver did not get the data stream. This issue has  
been resolved.  
PCR: 01192  
Module: SWI  
Network affecting: No  
The Rapier G6 base ports sometimes experienced spurious link up or link  
down events. This issue has been resolved.  
Features in 86222-05  
Patch file details for Patch 86222-05 are listed in Table 6.  
Table 6: Patch file details for Patch 86222-05.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
24-Aug-2001  
86222-05.paz  
223728 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-05 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
Patch 86222-10 for Software Release 2.2.2  
C613-10319-00 REV J  
 
   
8
Patch Release Note  
PCR: 01148  
Module: SWI  
Network affecting: No  
A39 copper uplink modules in the Rapier G6 sometimes experienced  
spurious link up or link down events. This issue has been resolved.  
PCR: 01157  
Module: CORE  
Network affecting: No  
The enterprise MIB now supports objects for power supply monitoring.  
PCR: 01162  
Module: PKI  
Network affecting: No  
Certificates containing GeneralisedTime with the year in YYYY format are  
now parsed correctly. The keyUsage field of certificates is now parsed  
correctly when only one byte has been specified. The CRL update time is now  
displayed correctly in hours. If the username and password parameters are  
present the location parameter must be present and appear before the  
username and password parameters. Certificates with signatures of 257 bytes  
are now correctly parsed. Certificates added from a configuration script are  
now processed correctly.  
PCR: 01170  
Module: IPv6  
Network affecting: No  
A fatal error occurred if an IPv6 interface was deleted while packets were  
being transmitted. The number of current interfaces was not being updated  
correctly when a new IPv6 interface was added. As a result, after multiple  
additions and deletions, no more IPv6 interfaces could be added. These  
issues have been resolved.  
PCR: 01176  
Module: PKI  
Network affecting: No  
The CREATE CONFIG command now adds PKI certificates to the script in  
the same order that they were originally added to the certificate database.  
PCR: 01177  
Module: PKI  
Network affecting: No  
PKI certificates are now periodically checked (once per hour) to verify that  
they are still valid.  
PCR: 01178  
Module: IPSEC  
Network affecting: No  
IPCOMP SA’s which have the reserved CPI “3” are no longer deleted by  
ISAKMP delete messages.  
PCR: 01179  
Module: SWI  
Network affecting: No  
When a VLAN was created and then destroyed on the G6 or G6F, the  
VTABLE was corrupted. This has been fixed.  
PCR: 01181  
Module: DHCP  
Network affecting: No  
DHCP failed to send request messages when it was in a rebinding or  
renewing state. This issue has been resolved.  
PCR: 01185  
Module: SWI  
Network affecting: No  
In some extreme traffic conditions the switch could lock up, preventing  
switching of any traffic. This issue has been resolved.  
Patch 86222-10 for Software Release 2.2.2  
C613-10319-00 REV J  
 
Patch 86222-10 For Rapier Switches and AR800 Series Modular Switching Routers  
9
PCR: 01186  
Module: FIREWALL  
Network affecting: No  
When large numbers of sessions were being handled the firewall would  
become overly aggressive in restricting new sessions. The Active TCP Opens  
field in the output of the SHOW FIREWALL POLICY would show a very  
8
high number (42 × 10 ). This issue has been resolved.  
PCR: 01187  
Module: IPG  
Network affecting: No  
If the IGMP table was empty and a timeout was set, a fatal error occurred.  
This issue has been resolved.  
Features in 86222-04  
Patch file details for Patch 86222-04 are listed in Table 7.  
Table 7: Patch file details for Patch 86222-04.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
24-Aug-2001  
86222-04.paz  
220220 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-04 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01124  
Module: PKI  
Network affecting: No  
Message protection validation failures would occur intermittently. This  
issue has been resolved.  
PCR: 01136  
Module: ISAKMP  
Network affecting: No  
ISAKMP now interoperates with other vendor’s products in aggressive  
mode exchanges.  
PCR 01138  
Module: CORE, SWI  
Network affecting: No  
Support has been added for the 8624XL-80 switch with -48VDC power  
supply.  
PCR: 01152  
Module: FIREWALL  
Network affecting: No  
In a dual policy configuration, the firewall would lock up under load. The  
firewall would also mistakenly report SYN attacks. These issues have been  
resolved.  
PCR: 01159  
Module: PIM  
Network affecting: No  
The CREATE CONFIG command generated duplicate PIM interface  
configuration command lines. This issue has been resolved.  
PCR: 01162  
Module: PKI  
Network affecting: No  
Certificates containing GeneralisedTime with the year in YYYY format are  
now parsed correctly. The keyUsage field of certificates is now parsed  
Patch 86222-10 for Software Release 2.2.2  
C613-10319-00 REV J  
 
 
10  
Patch Release Note  
correctly when only one byte has been specified. The CRL update time is now  
displayed correctly in hours. If the username and password parameters are  
present the location parameter must be present and appear before the  
username and password parameters.  
PCR: 01165  
Module: DHCP  
Network affecting: No  
The DHCP server now correctly allocates addresses to clients running  
Apple Open Transport 2.5.1 or 2.5.2.  
PCR: 01166  
Module: FIREWALL  
Network affecting: No  
Both public and private access could be configured on the same interface on  
a policy. This issue has been resolved.  
PCR: 01167  
Module: ENCO  
Network affecting: No  
RSA encryption is now periodically suspended to ensure other processes  
get some CPU time during large RSA calculations.  
PCR: 01169  
Module: ISAKMP  
Network affecting: No  
The CREATE ISAKMP command now checks that the key specified by the  
LOCALRSAKEY parameter actually exists in the ENCO module.  
PCR: 01171  
Module: ETH, TRIGGER  
Network affecting: No  
The INTERFACE parameter of the CREATE TRIGGER and SET TRIGGER  
commands now supports Ethernet interfaces. Ethernet interface events can  
now generate triggers.  
PCR: 01173  
Module: Telnet  
Network affecting: No  
The Telnet server’s listen port can now be configured to a number in the  
range 1 to 65535, excluding any ports already assigned as listen ports.  
PCR: 01174  
Module: Firewall  
Network affecting: No  
The CREATE CONFIG command sometimes generated scripts for rule  
commands with GBLIP=0.0.0.0 when this was not necessary. This issue has  
been resolved.  
Features in 86222-03  
Patch file details for Patch 86222-03 are listed in Table 8.  
Table 8: Patch file details for Patch 86222-03.  
86s-222.rez  
8-Aug-2001  
86222-03.paz  
205828 bytes  
Base Software Release File  
Patch Release Date  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-03 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
Patch 86222-10 for Software Release 2.2.2  
C613-10319-00 REV J  
 
 
Patch 86222-10 For Rapier Switches and AR800 Series Modular Switching Routers  
11  
PCR: 01112  
Module: IPG  
Network affecting: No  
DNS response packets with corrupt length fields were causing a fatal error.  
This issue has been resolved.  
PCR: 01139  
Module: IPG  
Network Affecting: No  
IP NAT caused a fatal error when an ARP wait timer timed out and tried to  
send a host unreachable message. This issue has been resolved.  
PCR: 01147  
Module: STT  
Network affecting: No  
The router was restarting after a “teardrop” attack on the STT listen port.  
This issue has been resolved.  
PCR: 01150  
Module: FIREWALL  
Network affecting: No  
The entry aging process now works correctly even when there are large  
numbers of firewall entries to be aged.  
PCR: 01153  
Module: IPG  
Network affecting: No  
The command SHOW IP DEBUG=n was entered, where n was one greater  
than the number of items in the IP debug queue resulted in a fatal error. This  
issue has been resolved.  
Features in 86222-02  
Patch file details for Patch 86222-02 are listed in Table 9.  
Table 9: Patch file details for Patch 86222-06.  
86s-222.rez  
26-Jul-2001  
86222-02.paz  
202564 bytes  
Base Software Release File  
Patch Release Date  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-02 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01081  
Module: FIREWALL  
Network affecting: No  
When an interface on the firewall was configured with a global IP address  
of 0.0.0.0, outgoing packets from the private interface to the public interface  
sometimes caused a fatal error. This issue has been resolved.  
PCR: 01126  
Module: PKI  
Network affecting: No  
Re-validation of temporary CA certificates now works correctly.  
PCR: 01128  
Module: IPG  
Network affecting: No  
A fatal error occurred when IGMP received a Join message and attempted  
to forward the Join message to other switch ports. This issue has been  
resolved.  
Patch 86222-10 for Software Release 2.2.2  
C613-10319-00 REV J  
 
 
12  
Patch Release Note  
PCR: 01131  
Module: CORE  
Network affecting: No  
The SHOW CPU command sometimes displayed incorrect CPU utilisation  
figures. Typically a value of about 74% was reported when in fact the CPU  
was almost idle. This issue has been resolved.  
PCR: 01134  
Module: GUI  
Network affecting: No  
Port parameters can now be set correctly using the Layer 3 Switch GUI.  
PCR: 01135  
Module: GUI,INST  
Network affecting: No  
Clicking the Apply button on a Layer 3 Switch GUI page caused the switch  
to lock up if no configuration file was set, but boot.cfg was present. This  
issue has been resolved.  
PCR: 01137  
Module: IPG  
Network affecting: No  
A fatal error occurred when UDP received a packet with very long UDP  
packet length. This issue has been resolved.  
Features in 86222-01  
Patch file details for Patch 86222-01 are listed in Table 10.  
Table 10: Patch file details for Patch 86222-01.  
86s-222.rez  
11-Jul-2001  
86222-01.paz  
187124 bytes  
Base Software Release File  
Patch Release Date  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-01 includes the following enhancement for Software Release 2.2.2:  
PCR: 01100 Module: DHCP Network affecting: No  
The DHCP server identified the wrong port numbers for incoming DHCP  
requests causing DHCP replies to be sent to the wrong port. This issued has  
been resolved.  
PCR: 01102  
Module: IPG  
Network affecting: No  
The IP flow cache occasionally generated a watchdog fatal error. This issued  
has been resolved.  
PCR: 01102  
Module: SWI  
Network affecting: No  
Deleting entries from an L3 table occasionally resulted in a watchdog fatal  
error. This issued has been resolved.  
PCR: 01106  
Module: PKI  
Network affecting: No  
PKI enrolment no longer causes message validation to fail.  
Patch 86222-10 for Software Release 2.2.2  
C613-10319-00 REV J  
 
 
Patch 86222-10 For Rapier Switches and AR800 Series Modular Switching Routers  
13  
PCR: 01119  
Module: IPV6  
Network affecting: No  
Repeated addition and deletion of an address with the VALID parameter set  
to or from an IPV6 interface caused a fatal error. This issue has been  
corrected. The VALID parameter specifies the life of the address, and  
defaults to INFINITE. The address is deleted when the lifetime expires. The  
PREF parameter specifies the time that the address is the preferred address  
of the interface, and defaults to INFINITE. PREF must be less than or equal  
to VALID. IPV6 now checks and ensures that if either PREF or VALID is  
specified, PREF is less than or equal to VALID. When an address is deleted  
the timers are now correctly cleared.  
PCR: 01120  
Module: IPG  
Network affecting: No  
IP sometimes passed the wrong port number to PIM, causing PIM to  
process the wrong port number in its routing table. This issued has been  
resolved.  
Availability  
Patches can be downloaded from the Software Updates area of the Allied  
licence or password is not required to use a patch.  
Patch 86222-10 for Software Release 2.2.2  
C613-10319-00 REV J  
 
14  
Patch Release Note  
Patch 86222-10 for Software Release 2.2.2  
C613-10319-00 REV J  
 

ADC Network Card UTU 701C User Manual
ADTRAN Network Card 220 DDM 3192 H2TU C User Manual
Advantek Networks Switch ANS 24RV User Manual
Aiphone Paint Sprayer IS SS HID I User Manual
Aiphone Power Supply PS 18YC A User Manual
Alto Shaam Food Warmer HN2 72 User Manual
Amana Range W103209878 User Manual
Axis Communications TV Cables 39680 User Manual
Bakers Pride Oven Food Warmer CHS 1N User Manual
Bakers Pride Oven Fryer BLF F User Manual