background image

2

Patch Release Note

Patch 86231-06 for Software Release 2.3.1

C613-10328-00 REV F

Features in 86241-01

Patch 86241-01 includes the following enhancements:

 

A new command allows the Layer 3 aging timer to be changed:

    SET SWITCH L3AGEINGTIMER=<seconds>

where seconds can be 30 - 43200. After each cycle of the ageing timer, all 
existing Layer 3 entries with the hit bit set will have the hit bit reset to zero, 
and all existing Layer 3 entries with the hit bit set to zero will be deleted.

The SHOW SWITCH command output now displays the Layer 3 ageing 
timer value.

The built in Self Test Code for all Rapiers, except G6, has been improved to 
enhance the detection of faults in switch chip external packet memory.

When a TCP RST/ACK was received by a firewall interface, the packet that 
was passed to the other side of the firewall lost the ACK flag, and had an 
incorrect ACK number. This issue has been resolved.

 

The SHOW CONFIG DYNAMIC=VRRP command was not showing port 
monitoring and step values correctly. This issue has been resolved.

The PURGE IP command now resets the IP route cache counters to zero.

The SENDCOS filter action did not operate correctly across switch 
instances. This was because the stacklink port on the Rapier 48 did not  
correctly compensate for the stack tag on frames received via the filter. This 
issue has been resolved.

Firewall subnet NAT rules were not working correctly from the private to 
the public side of the firewall. Traffic from the public to private side 
(destined for subnet NAT) was discarded. These issues have been resolved. 
ICMP traffic no  longer causes a RADIUS lookup for access authentication, 
but is now checked by ICMP handlers for attacks and eligibility. If the ICMP 
traffic matches a NAT rule, NAT will occur on inbound and outbound 
traffic. HTTP 1.0 requests sometimes caused the firewall HTTP proxy to 
close prematurely. Cached TCP sessions were sometimes not hit correctly. 
These issues have been resolved.

On a Rapier 24, adding an IP interface over a FR interface caused an 
ASSERT debug fatal error. This issue has been resolved.

PCR: 02036

Module: SWITCH

Network affecting: No

PCR 02138

Module: SWI

Network affecting: No

PCR: 02158

Module: FIREWALL

Network affecting: No

PCR: 02185

Module: VRRP

Network affecting: No

PCR: 02229

Module: IPG

Network affecting: No

PCR: 02240

Module: SWI

Network affecting: No

PCR: 02241

Module: FIREWALL

Network affecting: No

PCR: 02242

Module: IPG

Network affecting: No

Reviews: