Allied Telesis Network Router R800 Series User Manual

Patch Release Note  
Patch 86222-22  
For Rapier Switches and AR800 Series  
Modular Switching Routers  
Introduction  
This patch release note lists the issues addressed and enhancements made in  
patch 86222-22 for Software Release 2.2.2 on existing models of Rapier L3  
managed switches and AR800 Series L3 modular switching routers. Patch file  
details are listed in Table 1.  
Table 1: Patch file details for Patch 86222-22.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
12-Dec-2002  
86222-22.paz  
957598 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
This release note should be read in conjunction with the following documents:  
Release Note: Software Release 2.2.2 for Rapier Switches, AR300 and  
AR700 Series Routers, and AR800 Series Modular Switching Routers  
(Document Number C613-10313-00 Rev A) available from  
Rapier Switch Documentation Set for Software Release 2.2.1 available on  
the Documentation and Tools CD-ROM packaged with your switch, or  
AR800 Series Modular Switching Router Documentation Set for Software  
Release 2.2.1 available on the Documentation and Tools CD-ROM  
packaged with your switching router, or from www.alliedtelesyn.co.nz/  
WARNING: Using a patch for a different model or software release may cause  
unpredictable results, including disruption to the network. Information in this  
release note is subject to change without notice and does not represent a  
commitment on the part of Allied Telesyn International. While every effort has  
been made to ensure that the information contained within this document and  
the features and changes described are accurate, Allied Telesyn International  
can not accept any type of liability for errors in, or omissions arising from the  
use of this information.  
Simply connecting the world  
 
 
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
3
PCR 02192  
Module: IP  
Network affecting: No  
The source IP address in DVMRP prune and graft messages was incorrect.  
This issue has been resolved.  
PCR: 02241  
Module: FIREWALL  
Network affecting: No  
Firewall subnet NAT rules were not working correctly from the private to  
the public side of the firewall. Traffic from the public to private side  
(destined for subnet NAT) was discarded. These issues have been resolved.  
ICMP traffic no longer causes a RADIUS lookup for access authentication,  
but is now checked by ICMP handlers for attacks and eligibility. If the ICMP  
traffic matches a NAT rule, NAT will occur on inbound and outbound  
traffic. HTTP 1.0 requests sometimes caused the firewall HTTP proxy to  
close prematurely. Cached TCP sessions were sometimes not hit correctly.  
These issues have been resolved.  
PCR: 02359  
Module: IPG  
Network affecting: No  
When an IP Multihomed interface was used as an OSPF interface,  
neighbour relationships were only established if the IP interface for OSPF  
was added first in the configuration. Now, OSPF establishes neighbour  
relationships regardless of the IP Multihomed interface configuration order.  
PCR: 02395  
Module: VRRP, TRG  
Network affecting: No  
The SHOW VRRP command now shows the number of trigger activations  
for the Upmaster and Downmaster triggers.  
PCR: 02396  
Module: DHCP  
Network affecting: No  
DHCP RENEW request messages are now unicast (as defined in the RFC),  
not broadcast.  
PCR 02400  
Module: CORE, FFS, FILE,  
INSTALL, SCR  
Network affecting: No  
If a problem occurred with NVS, some critical files were lost. As a result, the  
equipment was forced to load only boot ROM software at boot time. This  
patch combined with the new version of the boot ROM software (pr1-1.2.0  
for the AR700 series) resolves this issue.  
PCR 02408  
Module: SWI  
Network affecting: No  
The EPORT parameter in the SHOW SWITCH L3FILTER ENTRY command  
was displaying incorrectly after an issue was resolved in PCR02374. The  
command now displays correctly.  
PCR: 02427  
Module: DHCP  
Network affecting: No  
DHCP entry reclaim checks are now delayed by 10 seconds if the entry is  
unroutable because the interface is not up.  
PCR: 02463  
Module: DVMRP, IPG  
Network affecting: No  
Support for multi-homed interfaces has been added.  
PCR 02465  
Module: TTY  
Network affecting: No  
Under some circumstances a fatal error occurred if a large amount of data  
was pasted onto the command line. This issue has been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
4
Patch Release Note  
PCR: 02489  
Module: SWI  
Network affecting: No  
When the switch was under heavy learning load, some MAC address were  
lost. This issue has been resolved.  
PCR 02506  
Module: OSPF, IPG  
Network affecting: No  
In the ADD IP ROUTE FILTER command, when the optional parameter  
INTERFACE was included, the filter was not applied to the flooding of  
OSPF external LSAs. Also, in the command SHOW IP ROUTE FILTER, the  
output of the interface name was truncated when the name was more than  
six characters long. These issues have been resolved.  
PCR: 02509  
Module: DVMRP  
Network affecting: No  
The source net mask has been removed from DVMRP prune, graft and  
graft-ack messages.  
PCR 02526  
Module: DVMRP  
Network affecting: No  
Under some circumstances, multiple default routes were created for  
DVMRP. This issue has been resolved.  
PCR 02538  
Module: DVMRP  
Network affecting: No  
The source mask is now always 0xffffffff in the DVMRP forwarding table.  
The temporary route in the DVMRP route table was not displaying  
correctly. This issue has been resolved.  
An IGMP entry was erroneously added for the reserved IP address. This  
issue has been resolved.  
Features in 86222-21  
Patch file details are listed in Table 2:  
Table 2: Patch file details for Patch 86222-21.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
03-Oct-2002  
86222-21.paz  
408864 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-21 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 02167  
Module: FIREWALL  
Network affecting: No  
Locally generated ICMP messages, that were passed out through a firewall  
interface because they were associated with another packet flow, had their  
source address changed to that of the associated packet flow and were also  
forwarded with incorrect IP checksums. This only occurred when there was  
no NAT associated with the packet flow. This issue has been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
 
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
5
PCR: 02236  
Module: FIREWALL  
Network affecting: No  
Sometimes the retransmission of an FTP packet was not permitted through  
the Firewall. This issue has been resolved.  
PCR: 02245  
Module: VRRP  
Network affecting: No  
VRRP returned an incorrect MAC address for an ARP request. This issue  
has been resolved.  
PCR: 02327  
Module: IPG/FIREWALL  
Network affecting: No  
In some situations, multihomed interfaces caused the Firewall to apply  
NAT and rules incorrectly when packets were received from a subnet that  
was not attached to the receiving interface. This issue has been resolved.  
PCR: 02329  
Module: DHCP  
Network affecting: No  
An ARP entry for a host has been removed whenever a DHCP DISCOVER  
or DHCP REQUEST message is received from the host. This allows for  
clients changing ports on a switch.  
PCR: 02332  
Module: IPSEC  
Network affecting: No  
The sequence number extracted from the AH and ESP header was in the  
wrong endian mode, which caused an FTP error with IPSEC anti-replay.  
This issue has been resolved.  
PCR: 02343  
Module: PPP  
Network affecting: No  
When acting as a PPPoE Access Concentrator (AC), if a PPPoE client sent  
discovery packets without the "host-unique" tag, the discovery packets sent  
by the AC were corrupted. This issue has been resolved.  
PCR: 02368  
Module: IPG/IGMP  
Network affecting: No  
IGMP failed to create an automatic IGMP membership with no joining port  
when it received multicast data that no ports were interested in, when IP  
TimeToLive was set to 1 second. Also, IGMP erroneously sent a query on an  
IGMP enabled IP interface even when IGMP was disabled. These issues  
have been resolved.  
PCR: 02374  
Module: SWI  
Network affecting: No  
In the ADD SWITCH L3FILTER command, the EPORT parameter  
incorrectly accepted the value 62-63 as multicast and broadcast ports 63-64.  
This issue has been resolved.  
PCR: 02397  
Module: DVMRP  
Network affecting: No  
After a prune lifetime had expired, the interface was not joined back to the  
DVMRP multicast delivery tree. This issue has been resolved.  
PCR: 02404  
Module: IPG  
Network affecting: No  
DVMRP multicast forwarding failed to send tagged packets to a tagged  
port. Packets were erroneously sent untagged to tagged ports. This issue  
has been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
6
Patch Release Note  
Features in 86222-20  
Patch file details for Patch 86222-20 are listed in Table 3:  
Table 3: Patch file details for Patch 86222-20.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
23-Aug-2002  
86222-20.paz  
397708 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-20 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01226  
Module: IGMP  
Network affecting: Yes  
The IGMP specific query sent by the router/switch now contains the correct  
default response time of 1 second. Also, ifOutOctets in the VLAN interface  
MIB now increments correctly.  
PCR: 01270  
Module: APPLE  
Network affecting: No  
If a port did not belong to an ethernet interface, or was not directly  
connected to the seed port it could not receive advertised router numbers.  
This issue has been resolved.  
PCR: 01285  
Module: OSPF  
Network affecting: No  
When an interface went down (or was disabled) on an AS border router, the  
external routes were not removed from the routing domain. Such routes are  
now removed by premature aging.  
PCR: 02024  
Module: IPG  
Network affecting: No  
Proxy Arp can now be used on VLAN interfaces.  
PCR: 02122  
Module: FIREWALL  
Network affecting: No  
A fatal error sometimes occurred if a TCP session originating on the public  
side of the firewall sent packets before the session was established with the  
host on the private side of the firewall. This issue has been resolved.  
PCR: 02128  
Module: FIREWALL  
Network affecting: No  
Some FTP packets handled by the firewall were forwarded with incorrect  
sequence numbers, causing FTP sessions to fail. This issue has been  
resolved.  
PCR: 02150  
Module: CORE, SNMP  
Network affecting: No  
When passing 64-bit counters in an SNMP packet, only the lower 32 bits  
were passed. Now the full 64 bits of the counter will be returned if all are  
required.  
PCR: 02158  
Module: FIREWALL  
Network affecting: No  
When a TCP RST/ACK was received by a firewall interface, the packet that  
was passed to the other side of the firewall lost the ACK flag, and had an  
incorrect ACK number. This issue has been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
 
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
7
PCR 02161  
Module: IPG  
Network affecting: No  
The IP Filter SIZE parameter was not being applied correctly. This issue has  
been resolved.  
PCR 02162  
Module: IPG  
Network affecting: No  
The SET IP FILTER command would not update the SIZE parameter  
correctly. This issue has been resolved.  
PCR 02172  
Module: IPG  
Network affecting: No  
The TOS field in IP packets was not being processed by IP POLICY filters  
with an identifier greater than 7. This issue has been resolved.  
PCR: 02174  
Module: FIREWALL  
Network affecting: No  
A feature has been added that makes pings pass from the source IP address  
of the public interface to the IP address on the private interface in the  
firewall.  
PCR: 02195  
Module: SWI  
Network affecting: No  
If a port on a Rapier 48 or Rapier 48 i went down, some associated entries  
were not promptly removed from the forwarding, Layer 3 and default IP  
tables. This issue has been resolved.  
PCR: 02198  
Module: DHCP  
Network affecting: Yes  
This PCR includes the following enhancements:  
A new command, SET DHCP EXTENDID allows for multiple DHCP  
clients, and handling of arbitrary client IDs on the server.  
Static DHCP entries now return to the correct state when timing out.  
DHCP entry hashes now have memory protection to prevent fatal  
errors.  
DHCP client now retransmits XID correctly.  
Lost OFFER messages on the server are now handled correctly.  
The DHCP server now correctly handles DHCP clients being moved to  
a different interface on the DHCP server after they’ve been allocated an  
IP address.  
PCR: 02203  
Module: IPG  
Network affecting: No  
Responses to DNS requests received by a DNS relay agent, and forwarded  
to the DNS server, were returned to the requester with a source IP address  
of the DNS server rather than the DNS relay agent. This issue has been  
resolved.  
PCR: 02208  
Module: LOG  
Network affecting: No  
Log messages are no longer stored in NVS.  
PCR: 02214  
Module: IPG  
Network affecting: No  
A buffer leak occurred when a large number of flows (over 4000) were in use  
and needed to be recycled. This issue has been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
8
Patch Release Note  
PCR: 02215  
Module: FILE  
Network affecting: No  
When the only feature licence in the feature licence file was disabled, the  
licence file stored on FLASH memory did not change. This was due to a  
previous enhancement in PCR 02184 which prevented existing files being  
deleted before a new version was stored. This issue has been resolved.  
PCR: 02220  
Module: SWI  
Network affecting: No  
The EPORT parameter in the ADD SWITCH L3FILTER ENTRY and SET  
SWITCH L3FILTER ENTRY commands was matching multicast and  
broadcast packets with software filtering. This issue has been resolved.  
PCR: 02224  
Module: SWI  
Network affecting: No  
Some switch chip register values have been changed to improve QoS  
support on Rapier G6 and Rapier G6f switches.  
PCR: 02229  
Module: IPG  
Network affecting: No  
The PURGE IP command now resets the IP route cache counters to zero.  
PCR: 02242  
Module: IPG  
Network affecting: No  
On a Rapier 24, adding an IP interface over a FR interface caused an  
ASSERT debug fatal error. This issue has been resolved.  
PCR: 02246  
Module: VRRP  
Network affecting: No  
The ARL entry for the virtual router MAC was incorrectly showing a  
numerical value. The entry now shows the CPU’s port value.  
PCR: 02250  
Module: FIREWALL  
Network affecting: No  
Sometimes the Firewall erroneously used NAT. This issue has been  
resolved.  
PCR: 02259  
Module: DHCP, IPG  
Network affecting: No  
A dual Ethernet router was incorrectly accepting an IP address from a  
DHCP server when the offered address was on the same network as the  
other Ethernet interface. An error is now recorded when DHCP offers an  
address that is in the same subnet as another interface.  
PCR: 02260  
Module: TTY  
Network affecting: No  
When a ‘\n’(LF) character was received, the router/switch did not  
recognise this as the termination of a command over Telnet. This issue has  
been resolved.  
PCR: 02262  
Module: DNS  
Network affecting: No  
Responses to MX record requests were not handled correctly if the preferred  
name in the MX record differed from the one that was requested. This issue  
has been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
9
PCR: 02263  
Module: VRRP  
Network affecting: No  
The virtual MAC address was used as the source MAC for all packets  
forwarded on an interface associated with a Virtual Router (VR). This was  
confusing when multiple VRs were defined over the same interface because  
only one virtual MAC address was ever used. The other virtual MAC  
addresses (for the other VR's) were only used if the source IP address  
matched the VR’s IP address. To avoid this confusion, the system MAC  
address is now always used unless the source IP address of the packet is the  
same as the VR’s IP address.  
PCR: 02264  
Module: PIM, DVMRP, SWI  
Network affecting: No  
PIM or DVMRP failed to see any data if IGMP snooping was on and  
DVMRP or PIM was enabled after the data stream had reached the router/  
switch. This issue has been resolved.  
PCR: 02265  
Module: FIREWALL  
Network affecting: No  
MAC address lists were not working with Firewall rules. This issue has  
been resolved.  
PCR: 02268  
Module: FIREWALL  
Network affecting: No  
HTTP requests from a fixed IP address were erroneously reported as a host  
scan attack in the Firewall deny queue. This issue has been resolved.  
PCR: 02269  
Module: DUART, TM  
Network affecting: No  
Under certain circumstances, the Asyn Loopback Test failed. This issue has  
been resolved.  
PCR: 02274  
Module: TPAD  
Network affecting: No  
ARL message interrupts have been re-enabled after a software table rebuild  
to fix synchronisation of the software forwarding database with the  
hardware table.  
PCR: 02275  
Module: OSPF  
Network affecting: No  
Some routes were not added into the OSPF route list, and therefore were not  
added into the IP route table. This issue has been resolved.  
PCR: 02276  
Module: FIREWALL  
Network affecting: No  
The CREATE CONFIG command did not save the SOURCEPORT  
parameter to the configuration file when the low value of the source port  
range was set to zero. This issue has been resolved.  
PCR: 02287  
Module: IPG  
Network affecting: No  
Existing IGMP groups were not deleted when IGMP was disabled globally  
or on the associated interface. This gave the groups very high timeout  
values. This issue has been resolved.  
PCR: 02299  
Module: VRRP  
Network affecting: No  
If a packet with a destination IP address equal to a VRRP IP address was  
received when the router didn’t own the IP address, (because it didn’t have  
an interface with that IP address) the router incorrectly tried to forward the  
packet and send an ICMP “redirect” message to the source. Now, if such a  
packet is received, it will be discarded and an ICMP “host unreachable”  
message will be sent to the source.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
10  
Patch Release Note  
PCR: 02304  
Module: VRRP  
Network affecting: No  
VRRP used the wrong source IP address in ICMP redirects. RFC 2338 states  
that the source IP address of ICMP redirects should be the IP address that  
the end host used when making its next hop routing decision. In the case of  
a packet sent to a VRRP virtual MAC address, this is the primary VRRP IP  
address associated with the MAC address, provided such a VR exists and is  
in the master state. This issue has been resolved.  
PCR: 02317  
Module: IPG  
Network affecting: No  
The SIZE functionality on the IP filter was not working for IP fragmented  
packets. This issue has been resolved.  
Features in 86222-19  
Patch file details for Patch 86222-19 are listed in Table 4:  
Table 4: Patch file details for Patch 86222-19.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
11-Jun-2002  
86222-19.paz  
364584 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-19 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 02018  
Module: OSPF  
Network affecting: No  
When OSPF was calculating routes from an AS external LSA and the AS  
external router had two next hops with different metrics, the router  
erroneously added two routes instead of one route with the best metric. This  
issue has been resolved. Also, when the two equal cost routes were on the  
same IP interface, but to different next hops, the router sent the packets to  
the wrong MAC address. This issue has been resolved.  
PCR: 02098  
Module: STP  
Network affecting: No  
STP always transmits untagged packets. If a port does not belong to a  
VLAN as an untagged port, then the port must belong to one VLAN as a  
tagged port. In this case, STP should transmit VLAN tagged packets out of  
the port.  
PCR: 02123  
Module: IPG  
Network affecting: No  
The IP, MASK, and ACTION parameters could not be set with the SET IP  
ROUTE FILTER command. This issue is resolved when the filter number is  
specified at the start of the command, for example:  
SET IP ROUTE FILTER=filter-id IP=ipadd MASK=ipadd  
ACTION={INCLUDE|EXCLUDE}  
where: filter-id is the filter number. Filter numbers are displayed in the  
output of the SHOW IP ROUTE FILTER command.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
 
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
11  
PCR 02138  
Module: SWI  
Network affecting: No  
The built in Self Test Code for all Rapiers, except G6, has been improved to  
enhance the detection of faults in switch chip external packet memory.  
PCR 02140  
Module: OSPF  
Network affecting: No  
An AS boundary router advertises AS external LSAs to other routers.  
However, when the router’s configuration changed, either by adding an IP  
route filter, or by setting its ASEXTERNAL parameter to OFF using the SET  
OSPF ASEXTERNAL command followed by a restart, its neighbour state  
could not reach full state. Also, when the router had IP route filters  
configured, matched routes were not being flooded into other routers.  
However, these routes should still have been imported into the router’s  
own LSA database, but were not. These issues have been resolved.  
PCR 02144  
Module: IPG  
Network affecting:No  
The IPG module has been enhanced to support gratiutous ARP request and  
ARP reply packets.  
PCR 02151  
Module: IPG  
Network affecting: No  
The Rapier was not detecting invalid checksums in ICMP echo request  
packets. This issue has been resolved. ICMP echo request packets with  
invalid checksums are now dropped and the ICMP inErrors and inDiscards  
counters are incremented.  
PCR 02164  
Module: DHCP  
Network affecting: No  
A simple DHCP range MIB and a trap have been added. The trap is  
triggered when a DHCP request cannot be satisfied. The gateway address  
and the interface address are sent as trap variables. The range table shows  
which range was exhausted. A debug variable,  
swiDebugBroadcomParityErrors has been added to the SWI module MIB to  
count the SDRAM parity errors in the packet memory of the Broadcom  
switch chip.  
PCR 02176  
Module: FIREWALL  
Network affecting: No  
Packets traversing in and out of the same public firewall interface were  
sometimes blocked. The firewall should only control packets passing  
between a public and a private interface. This issue has been resolved.  
PCR 02181  
Module: LOAD  
Network affecting: No  
When a file upload was interrupted, the file being uploaded was not  
unlocked. The file could not be deleted without restarting the router. This  
issue has been resolved.  
PCR 02186  
Module: IPG  
Network affecting: No  
RIP was incorrectly sending triggered request packets over VLANs, even on  
non-demand links. This issue has been resolved.  
PCR 02188  
Module: VRRP  
Network affecting: No  
When VRRP responded to an ARP request for the VR IP address it was not  
making an entry in the ARP table and the switch L3 table. This issue has  
been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
12  
Patch Release Note  
Features in 86222-18  
Patch file details for Patch 86222-18 are listed in Table 5:  
Table 5: Patch file details for Patch 86222-18.  
86s-222.rez  
6-May-2002  
86222-18.paz  
342720 bytes  
Base Software Release File  
Patch Release Date  
Compressed Patch File Name  
Compressed Patch File Size  
There is no patch release 86222-17 because this patch was withdrawn.  
Patch 86222-18 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 02041  
Module: SWI  
Network affecting: No  
In some situations, the switch would stop forwarding packets via internal  
and/or external uplink ports. This issue has been resolved.  
PCR: 02073  
Module: FILE  
Network affecting: No  
If a flash write error occurred when a file was being written, the file’s  
directory entry was deleted leaving a partial file in flash. Subsequent  
attempts to write the file failed because a file of the same name already  
existed. This issue has been resolved.  
PCR: 02075  
Module: OSPF, IPG  
Network affecting: No  
In configurations containing a large number of OSPF routes, the SPF  
calculation could take a long time. During this calculation, other events  
would not be processed. This patch reduces the time required for an SPF  
calculation and allows the switch to respond to other events in the mean  
time. This patch also improves the performance of flow cache updates.  
PCR: 02081  
Module: FILE, FFS  
Network affecting: No  
If the FILE module was required to re-write a file, the existing file would be  
deleted before the size of the new file was known. This issue has been  
resolved.  
PCR: 02082  
Module: OSPF  
Network affecting: Yes  
OSPF virtual links running across a single network segment would accept  
0.0.0.0 as the next hop address. This was inherited by derivative routes,  
making them unusable. This issue has been resolved.  
PCR: 02086  
Module: FFS  
Network affecting: No  
If a file ended short of an erase block boundary and a compaction was  
started, the block in which the file was stored was not erased, causing errors  
when new files were written. Also, if the last file in the filing system ended  
on or short of an erase block boundary, and a compaction was started, then  
compaction would fail. These issues have been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
 
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
13  
PCR: 02088  
Module: SWI  
Network affecting: No  
Port mirroring on the Rapier 48 and 48i was not operating correctly because  
Destination Lookup Failure (DLF) frames were sent from the mirror port.  
This issue has been resolved.  
PCR: 02095  
Module: SWI  
Network affecting: No  
The software routing performance of the Rapier 48 and Rapier 48i has been  
enhanced.  
PCR: 02101  
Module: SWI  
Network affecting: No  
The layer 3 hardware table was not sorted properly when it contained a  
very wide range of IP addresses (eg. 10.0.0.1 - 205.33.3.1). This caused a  
small number of packets to be routed by software rather than hardware.  
This issue has been resolved.  
PCR: 02104  
Module: TRG  
Network affecting: No  
The periodic and time trigger counts were incrementing by two instead of  
one on each update. This issue has been resolved.  
PCR: 02105  
Module: FFS  
Network affecting: No  
An error occurred when the FLASH write driver was required to write  
values that were not long-word aligned and were at the driver’s page  
boundary. The driver attempted to write into the next section of memory. It  
also attempted to read the status of this section of memory, and  
misinterpreted the result as a low Vpp voltage. Also, errors occurred during  
FLASH compaction. These issues have been resolved.  
Features in 86222-16  
Patch file details for Patch 86222-16 are listed in Table 6:  
Table 6: Patch file details for Patch 86222-16.  
86s-222.rez  
1-Apr-2002  
Base Software Release File  
Patch Release Date  
86222-16.paz  
336952 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-16 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 02092  
Module: SWI  
Network affecting: No  
The SET SWITCH L3 FILT command overwrote existing Layer 3 filters. If  
multiple filter entries existed, this command changed the most recent entry,  
rather than the one specified. These issues have been resolved. Also, the SET  
SWITCH L3 FILT command now allows for creation of multiple filter  
entries with the SETPRIORITY and SETTOS parameters. The Layer 3 filter  
protocol match now has no limit.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
 
14  
Patch Release Note  
PCR: 02099  
Module: DHCP  
Network affecting: No  
A switch sometimes restarted if it was configured with static DHCP entries  
and was handling a large number of DHCP clients. This issue has been  
resolved.  
Features in 86222-15  
Patch file details for Patch 86222-15 are listed in Table 7:  
Table 7: Patch file details for Patch 86222-15.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
26-Mar-2002  
86222-15.paz  
336608 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-15 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 02015  
Module: SNMP  
Network affecting: No  
A fatal error occurred when an invalid SNMP message was received. This  
issue has been resolved.  
PCR: 02020  
Module: SWI  
Network affecting: No  
When disabling port mirroring the VLAN tagging configuration of other  
ports was corrupted. This issue has been resolved.  
PCR: 02070  
Module: CORE  
Network affecting: No  
The TickTimer ran one percent slower than it should have. This issue has  
been resolved.  
PCR: 02079  
Module: IPG  
Network affecting: No  
Static ARPs can now be added to tagged vlans.  
PCR: 02094  
Module: IPG  
Network affecting: No  
When an IP flow table contained the IP flow structure for a spoofed packet,  
the SHOW IP FLOW command would crash when executed. This issue has  
been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
 
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
15  
Features in 86222-14  
Patch file details are listed in Table 8.  
Table 8: Patch file details for Patch 86222-14.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
28-Feb-2002  
86222-14.paz  
335336 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-14 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 02005  
Module: IPG  
Network affecting: No  
When telnetting to the switch, the TCP connection was reset, and when the  
packet was passed to IPG_Forward a fatal error occurred. This patch  
implements a workaround.  
PCR: 02035  
Module: VLAN  
Network affecting: No  
The CREATE CONFIG command now correctly configures tagged ports  
belonging to VLANs not in the default STP.  
PCR: 02036  
Module: SWITCH  
Network affecting: No  
A new command allows the Layer 3 aging timer to be changed:  
SET SWITCH L3AGEINGTIMER=<seconds>  
where seconds can be 30 - 43200. After each cycle of the ageing timer, all  
existing Layer 3 entries with the hit bit set will have the hit bit reset to zero,  
and all existing Layer 3 entries with the hit bit set to zero will be deleted.  
The SHOW SWITCH command output now displays the Layer 3 ageing  
timer value.  
PCR: 02038  
Module: PING  
Network affecting: No  
Resolution of PCR 02011 in Patch 12 sometimes caused a fatal error. This  
issue has been resolved.  
PCR: 02039  
Module: IPG  
Network affecting: No  
The SHOW IP ROUTE FILTER command output displayed counters for  
'passes' and 'include' that were the same. This issue has been resolved.  
Counters now increment only when a filter is active and do not count  
interface routes.  
PCR: 02040  
Module: SWI  
Network affecting: No  
PCR 02019 permitted the reception of packets by the CPU that should have  
been discarded. This issue has been resolved.  
PCR: 02057  
Module: FIREWALL  
Network affecting: No  
Firewall TCP timeout values have been reduced for sessions placed in the  
CLOSED state after receiving a TCP/RESET. This applies to the stateful  
inspection of firewall sessions only, and not to the TCP module. Previously,  
PCR 01263 reduced the timeout value for sessions placed in the CLOSED  
state after a TCP/FIN packet was received.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
 
16  
Patch Release Note  
PCR: 02063  
Module: FIREWALL  
Network affecting: No  
Firewall IP access lists were not working correctly. If an IP range was  
specified without spaces between the IP address and the separating '-' the  
range would be ignored. Spaces are no longer required. Also, matches were  
made to addresses covered by a range in an access list if the matching range  
was numerically the lowest in the list. This issue has been resolved.  
Features in 86222-13  
Patch file details for Patch 86222-13 are listed in Table 9.  
Table 9: Patch file details for Patch 86222-13.  
86s-222.rez  
1-Feb-2002  
Base Software Release File  
Patch Release Date  
86222-13.paz  
328884 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-13 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 02014  
Module: TELNET  
Network affecting: No  
When a Telnet session was terminated without a proper logout, counters  
recording the number of logins were not correctly decremented. This issue  
has been resolved.  
PCR: 02019  
Module: SWI  
Network affecting: No  
If a layer 3 hardware filter for a particular packet type (e.g. Netbeui) was  
configured, all IP packets destined for the CPU were discarded. This issue  
has been resolved.  
Features in 86222-12  
Patch file details for Patch 86222-12 are listed in Table 10.  
Table 10: Patch file details for Patch 86222-12.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
18-Jan-2001  
86222-12.paz  
328528 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-12 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
   
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
17  
PCR: 01223  
Module: IPG  
Network affecting: No  
If route filters existed and a RESET IP command was executed, some static  
and interface routes were incorrectly removed if the filters matched. This  
issue has been resolved.  
PCR: 01257  
Module: DHCP  
Network affecting: No  
DHCP occasionally caused a fatal error. Also, while an address was in the  
reclaiming list, a DHCPDISCOVERY message requesting the address made  
the address disappear. These issues have been resolved.  
PCR: 01261  
Module: IPG/VRRP  
Network affecting: No  
A fatal error occurred when forwarding IP packets with VRRP enabled. This  
issue has been resolved.  
PCR: 01263  
Module: FIREWALL  
Network affecting: No  
The firewall TCP timeout values for sessions in the CLOSED and  
TIMEWAIT states have been reduced. This only applies to the stateful  
inspection of firewall sessions and not to the TCP module.  
PCR: 01268  
Module: SWI  
Network affecting: No  
When a Rapier was under heavy load from software routing (e.g. after a  
reboot and before the routing tables were refreshed), OSPF could take a long  
time to converge. This patch gives OSPF packets higher priority to expedite  
OSPF convergence.  
PCR: 01269  
Module: SWI  
Network affecting: No  
A new feature permits hardware filtering by the Rapier family based on the  
Ethernet frame type. The TYPE parameter:  
TYPE={802|ETHII|SNAP}  
has been added to the following commands:  
ADD SWITCH L3FILTER ENTRY  
ADD SWITCH L3FILTER MATCH  
SET SWITCH L3FILTER ENTRY  
SET SWITCH L3FILTER MATCH  
SHOW SWITCH L3FILTER  
PCR: 01272  
Module: SWI  
Network affecting: No  
A physical port could not be re-enabled once disabled when STP was active.  
This issue has been resolved.  
PCR: 01273  
Module: SWI  
Network affecting: No  
The CREATE CONFIG command now includes the STPFORWARDING  
parameter in generated scripts. The SHOW SWITCH command now  
displays the setting of STPFORWARDING.  
PCR: 01274  
Module: SWI  
Network affecting: No  
Refinements were made to the switch chip register settings improving CoS  
provision with the newer revision of switching silicon on the Rapier 16,  
Rapier 24 and Rapier 48.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
18  
Patch Release Note  
PCR: 01275  
Module: FIREWALL  
Network affecting: No  
The firewall was incorrectly forwarding multicast packets originating from  
a private address in cases where a matching route was defined. This issue  
has been resolved.  
PCR: 01276  
Module: SWI  
Network affecting: No  
When the speed of one or more switch ports was forced to a half duplex  
setting and the ports were then added to a trunk group configured for full  
duplex operation, the port settings were not overridden by the trunk group  
speed setting. The trunk group speed setting will now take precedence over  
the port speed setting.  
PCR: 01287  
Module: OSPF  
Network affecting: No  
Configuring IP route filters did not stop flooding of AS external LSAs to  
neigbours at startup. The result was that the neigbour received the AS LSAs  
and added the corresponding routes into its own routing table. However,  
after some time (e.g. 1 hour), the AS external LSAs in the neigbour’s  
database disappeared, but the corresponding routes were still in its routing  
table. This issue has been resolved.  
PCR: 01289  
Module: VRRP  
Network affecting: No  
The checksum in VRRP advertisements was not being calculated correctly.  
The calculation was not compatible with the RFC. This issue has been  
resolved.  
PCR: 01290  
Module: PPP  
Network affecting: No  
When PPP was running over Ethernet to a client from another vendor, the  
Maximum Transmission Unit value for the link was not adjusted from the  
PPP default of 1500 to 1492. This issue has been resolved.  
PCR: 01291  
Module: IPG(IGMP)  
Network affecting: No  
IGMP did not send the Start Up Query, and the Other Querier Present Timer  
did not change the Time Out value accordingly if Query Interval was  
changed. IGMP did not notify other registered parties (PIM and DVMRP)  
when a port was deleted from a membership group. IGMP reported a  
membership leave to other parties while it was still waiting for a reply to a  
group specific query from a leaving member. These issues have been  
resolved.  
PCR: 02003  
Module: FIREWALL  
Network affecting: No  
The timeout value for ICMP session entries in the firewall can now be  
adjusted via the OTHERTIMEOUT parameter of the SET FIRE POLICY  
command. Note: if the value for OTHERTIMEOUT is set to more than 10  
minutes the timeout used for ICMP sessions will default to 10 minutes.  
PCR: 02007  
Module: DHCP  
Network affecting: No  
When a DHCP server received a DHCP DISCOVERY packet passed by a  
relay agent, requesting an IP address that did not belong to the subnet the  
client and the relay agent were attached to, it offered the requested address  
if it was available. The DHCP server will now only offer an IP address from  
the subnet that connects the client and the relay agent.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
19  
PCR: 02008  
Module: TRIGGER  
Network affecting: No  
The first periodic after day trigger boundary (i.e. midnight) did not occur.  
A range check error occurred due to an incorrect comparison. These issues  
have been resolved.  
PCR: 02011  
Module: PING  
Network affecting: No  
Stopping a trace route using STOP TRACE occasionally caused a fatal error.  
This issue has been resolved.  
PCR: 02012  
Module: IPG, VLAN, SWI  
Network affecting: No  
IGMP reflooded packets with VLAN tagging were not processed correctly.  
This issue has been resolved.  
Features in 86222-11  
Patch file details for Patch 86222-11 are listed in Table 11.  
Table 11: Patch file details for Patch 86222-11.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
19-Dec-2001  
86222-11.paz  
296244 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-11 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01243  
Module: SWI  
Network affecting: No  
When a Rapier CPU was handling a large amount of traffic and a busy  
egress port went down, it was possible for the transmission of packets by  
the CPU to cease. This issue has been resolved.  
PCR: 01265  
Module: SWI  
Network affecting: No  
When trunking was in operation, in some instances the switch transmitted  
tagged packets on untagged trunk ports. This issue has been resolved.  
PCR: 01288  
Module: SWI  
Network affecting: No  
When a switch port was forced to half duplex mode and the link partner  
was forced to full duplex mode, it was possible for the switch to enter a state  
where it was unable to transmit packets. This issue has been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
 
20  
Patch Release Note  
Features in 86222-10  
Patch file details for Patch 86222-10 are listed in Table 12.  
Table 12: Patch file details for Patch 86222-10.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
29-Nov-2001  
86222-10.paz  
295536 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-10 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancement:  
PCR: 01264  
Module: SWI  
Network affecting: No  
Some switch chip register settings have been optimised to improve the  
provision of CoS with the newer revision of switching silicon.  
Features in 86222-09  
Patch file details for Patch 86222-09 are listed in Table 13.  
Table 13: Patch file details for Patch 86222-09.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
27-Nov-2001  
86222-09.paz  
295444 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-09 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01189  
Module: STP, SWI  
Network affecting: Yes  
A new feature, STP forwarding, has been added. STP forwarding can be  
enabled and disabled using the commands:  
ENABLE SWI STPFORWARD  
DISABLE SWI STPFORWARD  
When STP forwarding is enabled, all STP forwarding is ignored and all  
BDPUs received on a port are forwarded on all other ports.  
PCR: 01242  
Module: CORE, SNMP  
Network affecting: No  
The switch now delays sending link traps immediately after a restart to give  
the link to the trap host time to come up. A similar change has been made  
for the cold start trap. After a 10s delay, all interfaces which are UP have a  
link trap generated for them. After that, link traps are sent as normal.  
PCR: 01244  
Module: SWI, CORE, IPG  
Network affecting: No  
Processing invalid UDP packets caused a memory leak. This issue has been  
resolved. Additional debugging facilities were added.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
   
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
21  
PCR: 01246  
Module: SWI  
Network affecting: No  
The default setting for the switch port parameter INFILTERING is now OFF,  
as specified in IEEE802.1Q. A VLAN will still reject these packets if they are  
not from valid VLAN member ports.  
PCR: 01247  
Module: IPG  
Network affecting: No  
The IGMP snooping forwarding process now correctly selects outgoing  
ports when DVMRP is managing the multicast routing information.  
PCR: 01248  
Module: SWI  
Network affecting: No  
A configuration problem prevented trunking of gigabit ports at 100Mbit  
speeds. This issue has been resolved. The A39 gigabit copper uplink  
reverted to autonegotiation after a restart, even if it was configured to a  
fixed speed. This issue has been resolved. When the port has been  
configured for a fixed speed, the mode is now set to MDIX, not MDI.  
PCR: 01254  
Module: PRI  
Network affecting: No  
When an M2 version of the AR020 PRI E1/T1 PIC was installed in a AR040  
NSM it was not possible to select the T1 mode of operation regardless of the  
jumper setting. This issue has been resolved.  
PCR: 01256  
Module: Firewall  
Network affecting: No  
A fatal error occurred when the firewall discarded disallowed multicast  
packets. This issue has been resolved.  
Features in 86222-08  
Patch file details for Patch 86222-08 are listed in Table 14.  
Table 14: Patch file details for Patch 86222-08.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
09-Nov-2001  
86222-08.paz  
291012 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-08 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01201  
Module: L2TP  
Network affecting: Yes  
Tunnel creation failed when attempting to establish a point-to-point tunnel  
from an ATR router (tunnel originator) to another vendor’s router. This  
issue has been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
 
22  
Patch Release Note  
PCR: 01233  
Module: PIM  
Network affecting: No  
When IGMP snooping was enabled, if a member left a group on a port, it  
could not re-join the group on that port. This issue has been resolved.  
Substantial changes have been made to PIM in more recent code releases.  
These have been retrofitted to 2-2-2 in the patch. Note: these changes have  
incorporated PCRs 01159 and 01190.  
PCR: 01236  
Module: PPP  
Network affecting: No  
The PPPoE access concentrator did not stop RADIUS accounting when a  
PADT termination was received without receiving a proper PPP  
termination first. This issue has been resolved.  
PCR: 01237  
Module: SWI  
Network affecting: No  
The dot1dBridge MIB implementation now complies with RFC1493.  
Features in 86222-07  
Patch file details for Patch 86222-07 are listed in Table 15:  
Table 15: Patch file details for Patch 86222-07  
86s-222.rez  
Base Software Release File  
Patch Release Date  
26-Oct-2001  
86222-07.paz  
250468 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-07 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01018  
Module: DHCP  
Network affecting: No  
DHCP now correctly handles request messages containing request list  
options not supported by the router.  
PCR: 01160  
Module: IPG,FIREWALL  
Network affecting: No  
The router would accept TCP sessions with destination address the same as  
the subnet broadcast address for one of the router’s interfaces. Firewall-  
generated packets destined for a subnet broadcast address on one of the  
routers interfaces would cause a fatal error. These issues have been  
resolved.  
PCR: 01168  
Module: HTTP  
Network affecting: No  
A watchdog timout occurred when the router received an HTTP message  
with an over-length header. Normal HTTP requests would also occasionally  
cause watchdog timeouts. These issues have been resolved.  
PCR: 01182  
Module: OSPF  
Network affecting: No  
The OSPF route filter was not filtering out external routes. This issue has  
been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
23  
PCR: 01193  
Module: IPG  
Network affecting: No  
MD5 Authentication now works correctly with RIP packets.  
PCR: 01194  
Module: L2TP, IPG  
Network affecting: No  
The SET IP LOCAL command caused a fatal error if the router was  
configured with a default route over an L2TP tunnel, because there was no  
valid route to the remote IP address of the tunnel. This issue has been  
resolved.  
PCR: 01197  
Module: Q931  
Network affecting: No  
Debug messages are no longer generated when a Q.931 Advise of Charge  
Notification message is received.  
PCR: 01198  
Module: TCP  
Network affecting: No  
TCP sessions would get stuck in the FINWAIT2 state if the remote host did  
not send a FIN message when required. The router now starts a timer when  
a TCP session enters the FINWAIT2 state and will automatically close the  
session if the timer expires.  
PCR: 01199  
Module: IPG  
Network affecting: No  
The SET IP FILTER command was not correctly handling the ICMPTYPE  
and ICMPCODE parameters. This issue has been resolved.  
PCR: 01202  
Module: DHCP  
Network affecting: No  
The router will now accept DHCP messages that are greater than or equal  
to 576 bytes in size, and reject any message smaller than 576 bytes. This  
operation conforms to RFC 1541.  
PCR: 01203  
Module: ISAKMP  
Network affecting: No  
ISAKMP quick mode exchanges are now committed if any traffic is received  
over the newly generated SA. This improves stability in very lossy networks  
where the commit message may get lost.  
PCR: 01204  
Module: ISAKMP  
Network affecting: No  
ISAKMP debugging caused a fatal error when the debugging mode was set  
to ALL and PFS was enabled. This issue has been resolved.  
PCR: 01205  
Module: PPP  
Network affecting: No  
PPPoE interfaces with IDLE set to ON would not retry active discovery  
when more data was received if active discovery had previously failed. This  
issue has been resolved.  
PCR: 01206  
Module: ISAKMP  
Network affecting: No  
A memory loss occurred when certificates were used by ISAKMP. This issue  
has been resolved.  
PCR: 01207  
Module: ISAKMP  
Network affecting: No  
ISAKMP heartbeats are no longer transmitted if the lower layer interface is  
down. This stops ISAKMP heartbeats from bringing up links in dial-up  
environments.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
24  
Patch Release Note  
PCR: 01209  
Module: ISAKMP  
Network affecting: No  
In some conditions it was possible for ISAKMP packets to be lost and not  
retransmitted. Incoming ISAKMP messages are now validated before  
stopping retransmission of the previous message.  
PCR: 01211  
Module: SWI  
Network affecting: No  
The COS_DST bit on ARL for L3 interface should be 0x4 (higher priority) for  
CPU ports. This has been corrected.  
PCR: 01213  
Module: TRG, SNMP  
Network affecting: No  
The Trigger Facility was generating a trap with variable { 0 0 }, and was not  
documented in the ATI enterprise MIB. This issue has been resolved. The  
MIB object triggerLastTriggerActivated ({ enterprises(1) alliedTelesyn(207)  
mibObjects(8) brouterMib(4) atrouter(4) modules(4) trigger(53) 1 }) has been  
defined, to record the trigger number of the last trigger activated, and this  
variable is now transmitted in the trigger activation trap triggerTrap.  
PCR: 01214  
Module: SWI  
Network affecting: No  
In a Rapier G6, fitted with a fibre uplink module with all ports active,  
switching traffic between port 1 and the uplink caused the traffic flow to  
cease after a period of time depending on the volume of traffic. This issue  
has been resolved.  
PCR: 01216  
Module: STP  
Network affecting: No  
The Rapier did not include the message age of the received BDPU message  
in the message age of the BDPU it transmitted. Also, the message age of the  
message transmitted BDPU could be less than that of the received BDPU,  
which contravenes IEEE 802.3d. This issue has been resolved.  
PCR: 01219  
Module: VLAN,SWI  
Network affecting: No  
Reception of incorrectly tagged packets was causing corruption of the ARL  
table, eventually causing the switch to lock up. This issue has been resolved.  
Tagged packets with invalid VLAN identifiers are now discarded. The  
INFILTERING parameter of the SET SWITCH PORT command now  
defaults to ON.  
PCR: 01221  
Module: SWI  
Network affecting: No  
Flow control performance has been improved.  
PCR: 01225  
Module: IPSEC  
Network affecting: No  
The IPsec SA ID now wraps correctly at the 16 bit (ID = 65535) boundary.  
The ID is also checked to verify that it is free before it is used.  
PCR: 01227  
Module: PPP  
Network affecting: No  
If PPPoE AC services were not deleted in the same order they were added,  
the DELETE command would return an “operation successful” message  
but the service would still appear in the output of the SHOW PPP PPPOE  
command. This issue has been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
25  
PCR: 01229  
Module: SWI  
Network affecting: No  
The CREATE CONFIG command did not include all required L3FILTER  
parameters in the generated script file.  
PCR: 01232  
Module: SWI  
Network affecting: No  
The L3 table on the Rapier G6 is now cleared when a switch port goes down  
to ensure the L3 and ARP tables are consistent.  
PCR: 01234  
Module: SWI  
Network affecting: No  
A switch port that was transmitting STP BPDUs and also mirroring its  
transmit traffic to the mirror port caused a fatal error. This issue has been  
resolved.  
Features in 86222-06  
Patch file details for Patch 86222-06 are listed in Table 16.  
Table 16: Patch file details for Patch 86222-06.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
30-Aug-2001  
86222-06.paz  
226776 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-06 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01188  
Module: SWI  
Network affecting: No  
The power supply voltages of the base board PHYs on a Rapier G6 are  
controlled by a PHY register value, which was incorrectly set. This issue has  
been resolved.  
PCR: 01190  
Module: PIM  
Network affecting: No  
In PIM Dense Mode, if a data stream started before PIM hello messages  
were exchanged, the receiver did not get the data stream. This issue has  
been resolved.  
PCR: 01192  
Module: SWI  
Network affecting: No  
The Rapier G6 base ports sometimes experienced spurious link up or link  
down events. This issue has been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
 
26  
Patch Release Note  
Features in 86222-05  
Patch file details for Patch 86222-05 are listed in Table 17.  
Table 17: Patch file details for Patch 86222-05.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
24-Aug-2001  
86222-05.paz  
223728 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-05 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01148  
Module: SWI  
Network affecting: No  
A39 copper uplink modules in the Rapier G6 sometimes experienced  
spurious link up or link down events. This issue has been resolved.  
PCR: 01157  
Module: CORE  
Network affecting: No  
The enterprise MIB now supports objects for power supply monitoring.  
PCR: 01162  
Module: PKI  
Network affecting: No  
Certificates containing GeneralisedTime with the year in YYYY format are  
now parsed correctly. The keyUsage field of certificates is now parsed  
correctly when only one byte has been specified. The CRL update time is now  
displayed correctly in hours. If the username and password parameters are  
present the location parameter must be present and appear before the  
username and password parameters. Certificates with signatures of 257 bytes  
are now correctly parsed. Certificates added from a configuration script are  
now processed correctly.  
PCR: 01170  
Module: IPv6  
Network affecting: No  
A fatal error occurred if an IPv6 interface was deleted while packets were  
being transmitted. The number of current interfaces was not being updated  
correctly when a new IPv6 interface was added. As a result, after multiple  
additions and deletions, no more IPv6 interfaces could be added. These  
issues have been resolved.  
PCR: 01176  
Module: PKI  
Network affecting: No  
The CREATE CONFIG command now adds PKI certificates to the script in  
the same order that they were originally added to the certificate database.  
PCR: 01177  
Module: PKI  
Network affecting: No  
PKI certificates are now periodically checked (once per hour) to verify that  
they are still valid.  
PCR: 01178  
Module: IPSEC  
Network affecting: No  
IPCOMP SA’s which have the reserved CPI “3” are no longer deleted by  
ISAKMP delete messages.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
 
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
27  
PCR: 01179  
Module: SWI  
Network affecting: No  
When a VLAN was created and then destroyed on the G6 or G6F, the  
VTABLE was corrupted. This has been fixed.  
PCR: 01181  
Module: DHCP  
Network affecting: No  
DHCP failed to send request messages when it was in a rebinding or  
renewing state. This issue has been resolved.  
PCR: 01185  
Module: SWI  
Network affecting: No  
In some extreme traffic conditions the switch could lock up, preventing  
switching of any traffic. This issue has been resolved.  
PCR: 01186  
Module: FIREWALL  
Network affecting: No  
When large numbers of sessions were being handled the firewall would  
become overly aggressive in restricting new sessions. The Active TCP Opens  
field in the output of the SHOW FIREWALL POLICY would show a very  
high number (42 × 108). This issue has been resolved.  
PCR: 01187  
Module: IPG  
Network affecting: No  
If the IGMP table was empty and a timeout was set, a fatal error occurred.  
This issue has been resolved.  
Features in 86222-04  
Patch file details for Patch 86222-04 are listed in Table 18.  
Table 18: Patch file details for Patch 86222-04.  
86s-222.rez  
Base Software Release File  
Patch Release Date  
24-Aug-2001  
86222-04.paz  
220220 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-04 includes all issues resolved and enhancements released in  
previous patches for Software Release 2.2.2, and the following enhancements:  
PCR: 01124  
Module: PKI  
Network affecting: No  
Message protection validation failures would occur intermittently. This  
issue has been resolved.  
PCR: 01136  
Module: ISAKMP  
Network affecting: No  
ISAKMP now interoperates with other vendor’s products in aggressive  
mode exchanges.  
PCR 01138  
Module: CORE, SWI  
Network affecting: No  
Support has been added for the 8624XL-80 switch with -48VDC power  
supply.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
 
28  
Patch Release Note  
PCR: 01152  
Module: FIREWALL  
Network affecting: No  
In a dual policy configuration, the firewall would lock up under load. The  
firewall would also mistakenly report SYN attacks. These issues have been  
resolved.  
PCR: 01159  
Module: PIM  
Network affecting: No  
The CREATE CONFIG command generated duplicate PIM interface  
configuration command lines. This issue has been resolved.  
PCR: 01162  
Module: PKI  
Network affecting: No  
Certificates containing GeneralisedTime with the year in YYYY format are  
now parsed correctly. The keyUsage field of certificates is now parsed  
correctly when only one byte has been specified. The CRL update time is now  
displayed correctly in hours. If the username and password parameters are  
present the location parameter must be present and appear before the  
username and password parameters.  
PCR: 01165  
Module: DHCP  
Network affecting: No  
The DHCP server now correctly allocates addresses to clients running  
Apple Open Transport 2.5.1 or 2.5.2.  
PCR: 01166  
Module: FIREWALL  
Network affecting: No  
Both public and private access could be configured on the same interface on  
a policy. This issue has been resolved.  
PCR: 01167  
Module: ENCO  
Network affecting: No  
RSA encryption is now periodically suspended to ensure other processes  
get some CPU time during large RSA calculations.  
PCR: 01169  
Module: ISAKMP  
Network affecting: No  
The CREATE ISAKMP command now checks that the key specified by the  
LOCALRSAKEY parameter actually exists in the ENCO module.  
PCR: 01171  
Module: ETH, TRIGGER  
Network affecting: No  
The INTERFACE parameter of the CREATE TRIGGER and SET TRIGGER  
commands now supports Ethernet interfaces. Ethernet interface events can  
now generate triggers.  
PCR: 01173  
Module: Telnet  
Network affecting: No  
The Telnet server’s listen port can now be configured to a number in the  
range 1 to 65535, excluding any ports already assigned as listen ports.  
PCR: 01174  
Module: Firewall  
Network affecting: No  
The CREATE CONFIG command sometimes generated scripts for rule  
commands with GBLIP=0.0.0.0 when this was not necessary. This issue has  
been resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
Patch 86222-22 For Rapier Switches and AR800 Series Modular Switching Routers  
29  
Features in 86222-01  
Patch file details for Patch 86222-01 are listed in Table 19.  
Table 19: Patch file details for Patch 86222-01.  
86s-222.rez  
11-Jul-2001  
86222-01.paz  
187124 bytes  
Base Software Release File  
Patch Release Date  
Compressed Patch File Name  
Compressed Patch File Size  
Patch 86222-01 includes the following enhancement for Software Release 2.2.2:  
PCR: 01100 Module: DHCP Network affecting: No  
The DHCP server identified the wrong port numbers for incoming DHCP  
requests causing DHCP replies to be sent to the wrong port. This issued has  
been resolved.  
PCR: 01102  
Module: IPG  
Network affecting: No  
The IP flow cache occasionally generated a watchdog fatal error. This issued  
has been resolved.  
PCR: 01102  
Module: SWI  
Network affecting: No  
Deleting entries from an L3 table occasionally resulted in a watchdog fatal  
error. This issue has been resolved.  
PCR: 01106  
Module: PKI  
Network affecting: No  
PKI enrolment no longer causes message validation to fail.  
PCR: 01119  
Module: IPV6  
Network affecting: No  
Repeated addition and deletion of an address with the VALID parameter set  
to or from an IPV6 interface caused a fatal error. This issue has been  
corrected. The VALID parameter specifies the life of the address, and  
defaults to INFINITE. The address is deleted when the lifetime expires. The  
PREF parameter specifies the time that the address is the preferred address  
of the interface, and defaults to INFINITE. PREF must be less than or equal  
to VALID. IPV6 now checks and ensures that if either PREF or VALID is  
specified, PREF is less than or equal to VALID. When an address is deleted  
the timers are now correctly cleared.  
PCR: 01120  
Module: IPG  
Network affecting: No  
IP sometimes passed the wrong port number to PIM, causing PIM to  
process the wrong port number in its routing table. This issued has been  
resolved.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 
30  
Patch Release Note  
Availability  
Patches can be downloaded from the Software Updates area of the Allied  
licence or password is not required to use a patch.  
Patch 86222-22 for Software Release 2.2.2  
C613-10319-00 REV U  
 

Agri Fab Lawn Aerator 45 0298 User Manual
Agri Fab Spreader 45 03295 User Manual
Aiphone Telephone GF 1DK User Manual
Aiwa CD Player ADC EXI06 User Manual
Allied Telesis Network Card AT WCP200G User Manual
Allied Telesis Switch Patch 86261 04 User Manual
Alto Shaam Food Warmer ED2 48 P User Manual
Apple Network Card MagSafe User Manual
Axis Communications Security Camera P5414E User Manual
Beko Clothes Dryer DPU 8340 X User Manual