background image

16

Patch Release Note

Patch SB251-13 for Software Release 2.5.1

C613-10361-00 REV M

MLD snooping on the switch uses the last 4 bytes of the IPv6 address to 
distinguish multicast addresses. It is therefore unable to distinguish different 
multicast addresses that end with the same 4 bytes. Creating an entry for a 
multicast group will have the effect of creating an entry for all groups with 
addresses that end with the same 4 bytes as that group’s address. For example, 
traffic for the groups:

ffxx xxxx xxxx xxxx xxxx xxxx 1234 5678 and 

ffyy yyyy yyyy yyyy yyyy yyyy 1234 5678

will be forwarded out the same set of ports, irrespective of the values of x and 
y. Therefore, if MLD snooping is used, no two groups within the multicast 
domain should be given an address that ends in the same 4 bytes.

Similarly, all addresses beginning with ff02 and ending with any of:

0000:0001, 0000:0002, 0000:0004, 0000:0005, 0000:0006, 

0000:0009, 0000:000d, 0000:000f or 0000:0012

will be flooded out all ports in the VLAN, because MLD snooping cannot 
distinguish them from IPv6 special addresses. These addresses should be 
avoided if MLD snooping is used.

MLD snooping is enabled by default. To disable it, use the command:

DISABLE MLDSNOOPING

Note that IPv6 multicast packets will flood the VLAN when MLD snooping is 
disabled. Disabling MLD snooping may be useful on Rapier i Series Switches if 
filters are used extensively, because MLD snooping uses a Layer 3 filter. When 
MLD snooping is disabled, this filter becomes available. See “

Hardware Packet 

Filters

” in the

 Switching

 chapter of the Software Reference for information 

about filters. 

To enable MLD snooping, use the command:

ENABLE MLDSNOOPING

MLD snooping can only be enabled if a free filter entry is available.

To display debugging information, use the command:

ENABLE MLDSNOOPING DEBUG

This command displays the ports that are currently receiving MLD packets and 
the ports that are being added or taken off the switch’s multicast group 
membership registration.

To disable debugging, use the command:

DISABLE MLDSNOOPING DEBUG

To display information about MLD snooping, use the command:

SHOW MLDSNOOPING [COUNTER]

Example output from the SHOW MLDSNOOPING command is described in 
Figure 1 on page 17 and Table 1 on page 18. Example output from the SHOW 
MLDSNOOPING COUNTER command is described in Figure 2 on page 18 
and Table 2 on page 18. 

Summary of Contents for SB251-13

Page 1: ...Series Switches Document Number C613 10354 00 Rev D available on the Documentation and Tools CD ROM packaged with your switch or from www alliedtelesyn co nz documentation documentation html WARNING U...

Page 2: ...and This issue has been resolved Running the PURGE IP command with a multicast address and multiple sources was causing a fatal error This issue has been resolved The value specified for the IP parame...

Page 3: ...lved When CAM segments were full the CAM entries were not being moved correctly and occasionally corrupting on compaction This issue has been resolved The SHOW SYS SYSR SLAVE command did not return a...

Page 4: ...ntExist counter When a user logged on twice thus creating two sessions the user log on time for the second session was overwriting the value recorded for the first This issue has been resolved by disp...

Page 5: ...the file name using the shortened DOS 8 3 format where file names are 8 characters long with extensions of 3 characters This issue has been resolved so that long configuration file names are now displ...

Page 6: ...0 This issue has been resolved MLD and MLD Snooping now require the hop limit to be 1 Packets with bad ACK numbers were sometimes generated by the firewall as part of the proxy TCP setup process These...

Page 7: ...This issue has been resolved A multihomed interface sometimes sent duplicate multicast packets This issue has been resolved The incorrect logical interface was selected for broadcast packets received...

Page 8: ...een resolved A fatal error occurred when the PIM path was recovering This issue has been resolved MLD startup query packets were not being sent correctly due to IPv6 MLD being unaware of the IPv6 inte...

Page 9: ...into one physical interface the RIPng request packet was erroneously transmitted from all interfaces on the switch This issue has been resolved BGP sent Update packets when the local host route table...

Page 10: ...net command line parameter was repeated for example SHOW TELNET TELNET These issues have been resolved Packets were not routed when an IPv6 flow was enabled This issue has been resolved The switch was...

Page 11: ...debug information was returned when an ICMPv6 PacketTooBig message was received This issue has been resolved The IPSec configuration was not created correctly when the RADDRESS and LNAME parameters in...

Page 12: ...ts and interfaces were causing fatal errors due to the excessive number of link state advertisements generated This issue has been resolved by limiting the combined number of routers and hosts within...

Page 13: ...resolved by preventing the configuration being set from files other than those located in the root directory The prune time limit was not being cancelled when an IGMP join was received by the switch T...

Page 14: ...correctly when hot swapping line cards This resulted in links other than the preferred link being selected Also when a layer two data stream was forwarded from one line card the source card to another...

Page 15: ...6 multicast traffic out all ports MLD snooping is independent of the MLD and Layer 3 configuration so an IPv6 interface does not have to be attached to the VLAN and MLD does not have to be enabled or...

Page 16: ...dresses should be avoided if MLD snooping is used MLD snooping is enabled by default To disable it use the command DISABLE MLDSNOOPING Note that IPv6 multicast packets will flood the VLAN when MLD sno...

Page 17: ...W MLDSNOOPING command MLD Snooping Status ENABLED Debugging DISABLED Group Timeout 270 Secs Interface vlan1 Multicast Address ff05 2222 3333 4444 5555 6666 7777 1111 Ports 1 2 4 6 Entry Timeout 120 Se...

Page 18: ...erface Ports The member ports for the multicast group Entry Timeout The number of seconds remaining until this multicast registration will be deleted if no listener joins are received MLD Snooping Cou...

Page 19: ...issue has been resolved In configurations using two switch controller cards the system redundancy feature SYSR could not locate and initialise the second switch control card This issue has been resolv...

Page 20: ...t MAXBANDWIDTH setting regardless of either the configured value or the port speed capability This was resulting in the MAXBANDWIDTH value being too high This issue has been resolved Additional messag...

Page 21: ...mpting to configure port 17 would produce no error message and attempting to configure ports 18 and above would result in an incorrect error message Also the SwitchBlade could be allocated with 17 por...

Page 22: ...s issue has been resolved PIM4 and PIM6 were not sending Hello packets if the HELLOINTERVAL was not a multiple of 10 This is set with the ADD PIM INTERFACE ADD PIM6 INTERFACE SET PIM INTERFACE and SET...

Page 23: ...n the ADD BGP PEER and SET BGP PEER commands were not interacting correctly This issue has been resolved The PURGE IP command did not remove ENABLE IP IGMP from the configuration This issue has been r...

Page 24: ...ts with a TTL greater than 1 will be forwarded The error message for an incorrectly added or removed port now displays both the card and the port identifiers The DELETE SWITCH FILTER command did not w...

Page 25: ...ange of ports This issue has been resolved Entering the command SET SWITCH TRUNK SPEED was returning the inappropriate error message The INSTANCE specified does not exist This issue has been resolved...

Page 26: ...P packets are now dropped by IP The SHOW FIREWALL POLICY was not showing the correct debugging items as set with the ENABLE FIREWALL POLICY DEBUG command This issue has been resolved Firewall rules we...

Page 27: ...g was not updating the L3 multicasting entries for that port This issue has been resolved A log message is now created when a user is forced to logout from an asynchronous port when another user i e s...

Page 28: ...handled as a link parameter Features in SB251 11 Patch SB251 11 includes all issues resolved and enhancements released in previous patches for Software Release 2 5 1 and the following enhancements Af...

Page 29: ...s been resolved SMTP proxy was falsely detecting third party relay under some circumstances This issue has been resolved Previously Get or GetNext port state information could not be obtained from the...

Page 30: ...rtup when SHOW INTERFACE and SHOW ETH STATE had them as down This issue has been resolved The SHOW IPv6 COUNTER command now shows the outAdvert messages in the Total Out Messages counter field DHCP as...

Page 31: ...to module The file format specifier has been altered from DDDD MMMM NNNNNNNN TTT to MMMM NNNNNNNN TTT IGMP Snooping did not use DVMRP messages to identify a port This issue has been resolved The outp...

Page 32: ...ource even if it was used for the last successful connection Sometimes healthcheck pings were not sent to the load balancer resources This issue has been resolved The system became unstable if the ADD...

Page 33: ...DYNAMIC PING command was producing an incorrect output format These issues have been resolved The TRACE command was not working when using an IPv6 link local address This issue has been resolved A me...

Page 34: ...information for ports on the controller card located in bay A The default now displays all external ports for switch instances except for those on the controller card This command no longer displays...

Page 35: ...LAN was changing from the DOWN to UP state Also multicast streams could be received while the VLAN was changing from DOWN to UP causing a PIM Reverse Path Forwarding unicast route lookup failure This...

Page 36: ...ript always contained LQR ON even when the LQR value was not the default This issue has been resolved The EGRESS parameter setting was not displayed by the SHOW CONFIG DYNAMIC command This issue has b...

Page 37: ...LAC attempted to disconnect the call from its tunnel If the tunnel had not been created the device restarted This issue has been resolved PINGING between blades within the same switch failed whenever...

Page 38: ...nk cards AT 9800 Series switches were not sending a temperature trap when the temperature exceeded the threshold of 40 C This issue has been resolved Enabling OSPF via the GUI was sometimes causing fa...

Page 39: ...ue has been resolved Now the VLAN tag is ignored on all devices except Rapier i Series Switches with multiple STPs on the receiving port Multicast Listener Discovery MLD was not setting the filter mod...

Page 40: ...D was being returned for Fan PSU in SNMP v1 trap messages This issue has been resolved Entering a after SET STP stp name at the CLI to request context sensitive help only returned the PORT and DEFAULT...

Page 41: ...GBIC installed This issue has been resolved If IPsec was using PPPoE the initiator continued to keep the IPsec SA even if the PPPoE session failed and the ISAKMP Heartbeat timer expired This issue ha...

Page 42: ...lved The default for the PROXYARP parameter in the SET IP INTERFACE command for a VLAN interface was OFF The default is now ON FTP data transfers did not succeed for some types of NAT Also the presenc...

Page 43: ...ORY was used to set a non existent or invalid directory This issue has been resolved When the device was acting as a DHCP client and the DHCP server provided a gateway address a statically configured...

Page 44: ...t incrementing correctly This issue has been resolved In rare circumstances removing the cable from an IPv6 interface was resulting in fatal errors This issue has been resolved A VLAN interface receiv...

Page 45: ...xecuting the DISABLE SYSTEM SECURITY command This issue has been resolved A fatal error sometimes occurred when forwarding traffic over an IPv6 tunnel This issue has been resolved The SMTP proxy did n...

Page 46: ...a HTTP This issue has been resolved If the firewall was enabled when BGP was in use outgoing BGP data packets would have IP header errors and incorrect checksums This problem has been resolved If in a...

Page 47: ...are similar to the following swiCXeVirtCamTranslateAddress ulEntryNo 4294967254 entries 8192 last 106495 An error was not returned if the SET FIREWALL POLICY RULE command was executed with PROTOCOL 1...

Page 48: ...ent with the correct source IP address When the device was acting as a DNS relay agent a fatal error occurred after approximately 3 hours of heavy load This issue has been resolved HTTP proxy was not...

Page 49: ...ncreased from 40 C to 60 C Disabling and then enabling IPv6 made the CREATE IPV6 INTERFACE VLAN command appear twice in the configuration script This issue has been resolved A fatal error sometimes oc...

Page 50: ...Previously when the ADD FIREWALL POLICY INTERFACE command activated software routing the static IP ARP entries were removed automatically Static IP ARP entries now remain and the following message is...

Page 51: ...The operation of the ADD IPV6 ROUTE command METRIC parameter has changed and now applies differently for statically and non statically defined routes Previously an interface failure would cause this p...

Page 52: ...en the PROTOCOL parameter was not TCP The SESSION parameter specifies the type of TCP packet to match This issue has been resolved The MIB object dot1dStpTimeSinceTopologyChange has been implemented t...

Page 53: ...st 10 seconds This issue has been resolved IGMP Query messages were sent over an interface even if IGMP had been disabled on that interface This issue has been resolved SwitchBlade port numbers were d...

Page 54: ...re deleted the corresponding IP flow cache was not invalidated This issue has been resolved If the firewall received a packet with an incorrect TCP checksum and ACK number the packet was sent to the c...

Page 55: ...timeout is changed Fatal errors occurred on occasions when mirroring was enabled This issue has been resolved The output of the SHOW DVMRP FORWARDING command did not display the forwarding ports This...

Page 56: ...d STP ports were not remaining in the disabled state This issue has also been resolved When changing from RSTP to STP mode the STPCOMPATIBLE option for the RSTPTYPE parameter incorrectly appeared in t...

Page 57: ...n unrelated port to stop forwarding packets or learn new MAC addresses This issue has been resolved so that unrelated ports are not affected by the trunk group port deletion All IP routes were being a...

Page 58: ...hcost for the trunk group ports to be less than the default value for a single port STP reconfigures if the Master port in a trunk group goes link down If the Master port in a trunk group goes link do...

Page 59: ...eature An enhancement has been made to the Test module to optimise the reception of the loopbacked packets that are used to confirm operation of the switch ports Features in SB251 06 Patch file detail...

Page 60: ...llowing enhancements An internal misconfiguration of memory occurred when an M3 control card and an M5 control card were installed and the M3 control card was acting as the Master This could cause une...

Page 61: ...listed in Table 7 Patch SB251 03 includes all issues resolved and enhancements released in previous patches for Software Release 2 5 1 and the following enhancements The SwitchBlade mirror port field...

Page 62: ...ld not be added to the default VLAN after a hotswap if the default VLAN was Protocol Subnet MAC address or Limited protocol based This issue has been resolved Incorrect handling of TCP sessions and po...

Page 63: ...ue has been resolved When the Built In Self Test was run a fault would occasionally be reported which said that a MAC address was not learnt during the loopback test The ports in the BIST loopback tes...

Page 64: ...of the port bandwidth used when the default traffic class percentage bandwidth is set on a QoS Policy Adding a layer 2 filter on a SwitchBlade did not block traffic to the end host as intended This i...

Page 65: ...FLOW PAUSE command was executed on a port or ports they would still appear to be enabled at a higher level This issue has been resolved DHCP RENEW request messages are now unicast as defined in the R...

Page 66: ...d was inserted in the left hand slot to act as a slave has been resolved Support has been added to allow for multicasting to any number of overlapping VLANs up to the maximum number of multicast forwa...

Reviews: