Summary of the content on the page No. 1
Software Maintenance Release Note
Maintenance Version 291-10
for AR415S, AR440S, AR441S, AR442S, AR450S, AR725, AR745, AR750S, AR750S-DP, and AR770S routers and
AT-8600, AT-8700XL, Rapier i, Rapier w, AT-8800, AT-8900, x900-48, AT-9900, and AT-9800 Series switches
This software maintenance release note lists the issues addressed and enhancements made in Maintenance Version 291-10 for Software Version 2.9.1. Version
details are listed in the following table:
Models Series Release File Date Size
Summary of the content on the page No. 2
Enabling and Installing this Release 2 Models Series Release File Date Size (bytes) GUI file AT-8824, AT-8848 AT-8800 86291-10.rez 24 July 2007 4587048 8824_291-10_en_d.rsc 8848_291-10_en_d.rsc AT-8948, AT8948i, x900-48FE, x900-48FE-N, x900-48 89291-10.rez 24 July 2007 4884216 - x900-48FS AT-9924T, AT-9924SP, AT-9924T/4SP AT-9900 89291-10.rez 24 July 2007 4884216 9924_291-10_en_d.rsc AT-9812T, AT-9816GB AT-9800 sb291-10.rez 24 July 2007 3988344 9812_291-10_en_d.rsc 9816_291-10_en_d.rsc Caution:
Summary of the content on the page No. 3
Levels 3 Levels Some of the issues addressed in this Maintenance Version include a level number. This number reflects the importance of the issue that has been resolved. The levels are: Level 1 This issue will cause significant interruption to network services, and there is no work-around. Level 2 This issue will cause interruption to network service, however there is a work-around. Level 3 This issue will seldom appear, and will cause minor inconvenience. Level 4 This issue represents a cosme
Summary of the content on the page No. 4
Features in 291-10 4 Features in 291-10 Software Maintenance Version 291-10 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-10 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues Level 2 CR Module Level Description Switching, 2 Enabling DHCP snooping (correctly) adds a hardware filter to all untrusted --
Summary of the content on the page No. 5
Features in 291-10 5 CR Module Level Description Switching 2 The resolution to CR 444 meant that packets processed by the CPU are now -- -Y Y Y Y Y -- - CR00018663 subjected to the same filtering as packets switched in hardware. However, this filtering did not always return the expected results. Sometimes its IP address matching was incorrect, and it did not correctly process filters with an action of nodrop. These issues have been resolved. OSPF 2 On a router or switch with OSPF redistributi
Summary of the content on the page No. 6
Features in 291-10 6 Level 3 CR Module Level Description Ping 3 Traceroute (the trace command) did not work. It returned the error “The YY YYY YYY YY Y CR00018514 destination is either unspecified or invalid” even if the destination was reachable. This issue has been resolved. Level 4 No level 4 issues Enhancements No enhancements Version 291-10 C613-10488-00 REV G AR400 AR7x5 AR7x0S Rapier i Rapier w AT-8800 AT-8600 AT-8700XL x900-48 AT-9900 AT-9800��������������������������������������������
Summary of the content on the page No. 7
Features in 291-09 7 Features in 291-09 Software Maintenance Version 291-09 includes the enhancement in the following table, which is available for x900-48FE and x900-48FE-N switches. Level 1-4 No level 1-4 issues Enhancements CR Module Level Description Core - CPU fan monitoring is now disabled by default on x900-48FE and - - - - - - - -Y - - CR00018530 x900-48FE-N switches. Monitoring the fan is unnecessary unless an accelerator card is installed on the switch, so disabling monitoring reduces
Summary of the content on the page No. 8
Features in 291-08 8 Features in 291-08 Software Maintenance Version 291-08 includes the resolved issues and enhancements in the following tables. In the tables, for each product series: ■ “Y” indicates that the resolution is available in Version 291-08 for that product series. ■ “–” indicates that the issue did not apply to that product series. Level 1 No level 1 issues Level 2 CR Module Level Description Switching, 2 If a packet should have matched a hardware filter with a deny action and -- -
Summary of the content on the page No. 9
Features in 291-08 9 CR Module Level Description Classifier 2 The following issues existed with classifiers: YY YYY Y- - YY Y CR00003495 ■ classifiers matching protocol=ipv6 and ipprotocol=icmp could be created more than once ■ classifiers matching protocol=ipv6 and ipprotocol=1 could be created but were meaningless because 1 represents IPv4 ICMP ■ classifiers matching protocol=ip and ipprotocol=58 could be created but were meaningless because 58 represents IPv6 ICMP. These issues have been r
Summary of the content on the page No. 10
Features in 291-08 10 CR Module Level Description RIPng 2 The following issues occurred with RIPng: YY YYY Y- - YY Y CR00007178 ■ RIPng dropped requests from peers with non link-local addresses. ■ for a solicited response, if the routes did not exist on the device, RIPng returned a metric of 0 for them instead of returning a metric of 16 ■ RIPng performed split-horizon checking for solicited responses ■ RIPng used the link-local address to respond to all requests, even if the request used a no
Summary of the content on the page No. 11
Features in 291-08 11 CR Module Level Description PPP 2 If the router or switch received an LCP packet with an unrecognised YY YYY Y- - YY Y CR00010967 protocol, it responded with a ProtocolReject packet of incorrect length that did not respect the established MRU of the peer. This issue has been resolved. PPP 2 When the established Maximum Receive Unit (MRU) of the remote PPP peer YY YYY Y- - YY Y CR00010968 was greater than the established MRU of the local PPP peer, Echo Reply packets did no
Summary of the content on the page No. 12
Features in 291-08 12 CR Module Level Description TTY 2 Unexpected characters could appear on the terminal emulator display YY YYY YYY YY Y CR00012871 when the column size was set greater than 80 and the user edited a command that spanned more than one line of the display. This issue has been resolved. DVMRP, 2 If a frame relay interface was configured as a DVMRP interface, then the YY YYY - - - - - - CR00013597 DLC value was not correctly generated in output of the command show Frame Relay c
Summary of the content on the page No. 13
Features in 291-08 13 CR Module Level Description IPv6 2 If a user shortened the prefix length of an IPv6 interface address, then YY YYY Y- - YY Y CR00013778 lengthened it, it became impossible to change the prefix length again. This issue has been resolved. MSTP 2 Executing the commands disable mstp port=number or enable mstp - - - YY YYY YY - CR00013893 port=number would not disable or enable the port on all MSTIs. This issue has been resolved. L2TP 2 An L2TP call could be deleted when still a
Summary of the content on the page No. 14
Features in 291-08 14 CR Module Level Description PIM6 2 If an IPv6 accelerator was used, and the upstream router forwarded IPv6 -- --- --- Y Y - CR00014827 multicast data just before the prune limit timer expired, then the downstream router sometimes did not send the prune until significantly after the timer expired. This issue has been resolved. MSTP, GUI 2 Using the web-based GUI to set the Point-to-Point Link in the MSTP CIST - - - YY YYY YY - CR00015169 Port configuration to a non-defaul
Summary of the content on the page No. 15
Features in 291-08 15 CR Module Level Description IPv6 2 The timer that governs the interval between repeated neighbour YY YYY Y- - YY Y CR00016587 solicitation messages could only be configured by using the ndretrans parameter of the set ipv6 nd command, and not through router advertisements that the router or switch received from other routers. This issue has been resolved. Instead of using the ndretrans parameter of the command set ipv6 nd, use the retrans parameter to configure the time
Summary of the content on the page No. 16
Features in 291-08 16 CR Module Level Description ATM 2 If a PPP instance was destroyed after an attached ATM channel had been Y - --- --- -- - CR00016985 modified using the set atm channel command, the router rebooted. The router could also reboot if an ATM channel was deleted under similar circumstances. This issue has been resolved. IPsec 2 AlliedWare IPsec would not interoperate with Microsoft Windows Vista YY YYY Y- - - - - CR00016989 VPN clients. This was because Microsoft changed the IP
Summary of the content on the page No. 17
Features in 291-08 17 CR Module Level Description IPsec 2 If an IPsec tunnel with no encryption (NULL) was negotiated in AlliedWare YY YYY Y- - - - - CR00017226 over NAT-T, the ESP packets did not contain an RFC 3948 compliant checksum. This means that some vendors may have discarded packets sent by the AlliedWare peer over such a tunnel. This issue has been resolved. Note the null encryption is useful for debugging the traffic over an IPsec tunnel and should not be used in a working IPsec
Summary of the content on the page No. 18
Features in 291-08 18 CR Module Level Description QoS, 2 Some small memory access violations existed in DHCP snooping. - - - YY YYY YY - CR00017368 DHCP These violations have been resolved. Snooping Also, a new console error message is displayed if a user tries to add a duplicate classifier to a QoS policy. For example, if traffic class 101 belongs to policy 2 and a user tries to add a flow group to traffic class 101 when the flow group’s classifier is number 54 and already belongs to policy
Summary of the content on the page No. 19
Features in 291-08 19 CR Module Level Description ISAKMP 2 The router or switch sometimes could not establish a VPN when the remote YY YYY Y- - - - - CR00017518 peer was behind a NAT gateway and the router or switch’s remote ID was set to default. This issue has been resolved. PPP 2 If a PPPoE AC service had been added, but AC mode had not been enabled YY YYY Y- - YY Y CR00017634 by using the enable ppp ac command, PADI frames were processed anyway, potentially leading to a reboot. This issu
Summary of the content on the page No. 20
Features in 291-08 20 CR Module Level Description IP Gateway, 2 When the DHCP server was enabled on a router or switch that also had a YY YYY YYY YY Y CR00017731 DHCP local IP interface defined by using the set ip local command, outgoing DHCP server packets would use the set ip local command's IP address as their source address. Furthermore, if the broadcast flag was set to TRUE in the DHCP Discover message that the server was replying to, then the server would send the DHCP Offer packet out
