2
Patch Release Note
Patch 86231-06 for Software Release 2.3.1
C613-10328-00 REV F
Features in 86241-01
Patch 86241-01 includes the following enhancements:
A new command allows the Layer 3 aging timer to be changed:
SET SWITCH L3AGEINGTIMER=<seconds>
where seconds can be 30 - 43200. After each cycle of the ageing timer, all
existing Layer 3 entries with the hit bit set will have the hit bit reset to zero,
and all existing Layer 3 entries with the hit bit set to zero will be deleted.
The SHOW SWITCH command output now displays the Layer 3 ageing
timer value.
The built in Self Test Code for all Rapiers, except G6, has been improved to
enhance the detection of faults in switch chip external packet memory.
When a TCP RST/ACK was received by a firewall interface, the packet that
was passed to the other side of the firewall lost the ACK flag, and had an
incorrect ACK number. This issue has been resolved.
The SHOW CONFIG DYNAMIC=VRRP command was not showing port
monitoring and step values correctly. This issue has been resolved.
The PURGE IP command now resets the IP route cache counters to zero.
The SENDCOS filter action did not operate correctly across switch
instances. This was because the stacklink port on the Rapier 48 did not
correctly compensate for the stack tag on frames received via the filter. This
issue has been resolved.
Firewall subnet NAT rules were not working correctly from the private to
the public side of the firewall. Traffic from the public to private side
(destined for subnet NAT) was discarded. These issues have been resolved.
ICMP traffic no longer causes a RADIUS lookup for access authentication,
but is now checked by ICMP handlers for attacks and eligibility. If the ICMP
traffic matches a NAT rule, NAT will occur on inbound and outbound
traffic. HTTP 1.0 requests sometimes caused the firewall HTTP proxy to
close prematurely. Cached TCP sessions were sometimes not hit correctly.
These issues have been resolved.
On a Rapier 24, adding an IP interface over a FR interface caused an
ASSERT debug fatal error. This issue has been resolved.
PCR: 02036
Module: SWITCH
Network affecting: No
PCR 02138
Module: SWI
Network affecting: No
PCR: 02158
Module: FIREWALL
Network affecting: No
PCR: 02185
Module: VRRP
Network affecting: No
PCR: 02229
Module: IPG
Network affecting: No
PCR: 02240
Module: SWI
Network affecting: No
PCR: 02241
Module: FIREWALL
Network affecting: No
PCR: 02242
Module: IPG
Network affecting: No