Allied Telesis Patch 86261-04 Manuel d'utilisateur télécharger pdf (Page 6)

6 Patch Release Note

Patch 86261-07 for Software Release 2.6.1

C613-10388-00 REV G

The ADD OSPF INTERFACE=virt0-0 command was incorrectly written to

the configuration file. The interface virt0-0 can not be added as an OSPF

interface. The correct command, ADD OSPF INTERFACE=virt0, is now

written to the configuration file by the CREATE CONFIG command.

The device sometimes rebooted when OSPF on demand was enabled for

PPP. This issue has been resolved.

When a port’s ingress limit was set to less than 1000 with the

INGRESSLIMIT parameter in the SET SWITCH PORT command, sending

packets to a tagged port caused FCS errors on transmission. This issue has

been resolved.

The timeout interval for IGMP group membership now conforms to RFC

2236 for IGMPv2.

Firewall NAT ARP response enhancement

Introduction Internet or WAN connections are often Ethernet interfaces. For a gateway

device to receive packets destined for a global IP address configured in a

NAT device with an Ethernet Internet or WAN interface, the device must

respond to ARP requests for that IP address. If the device does not respond

to these ARP requests, the upstream device will not be able to forward

packets destined for the global IP address, even though the routing may be

configured correctly. This PCR implements an enhancement to resolve this

issue.

What does the

enhancement do?

This enhancement allows the Firewall to respond to ARP requests for IP

addresses that are used in the NAT configuration, but that are not

configured as IP addresses on any of the device’s interfaces. Previously,

ARP responses were only generated for IP addresses owned by the

receiving interface or were reachable via another interface (when proxy

ARP was enabled). All ARP requests are subject to the condition that the

address requested in the ARP matches the subnet of the interface that the

ARP was received on.

Example

For example, if the Firewall is translating the source address of outgoing

packets to a different address that is not one of the devices interface

addresses, the Firewall needs to ARP respond for that address so that return

packets can be received by the Firewall. The destination address of the

return packet is then translated to the real source of the first packet.

Using commands for

this enhancement

This feature is always enabled when NAT rules and interface-based NATs

are created, so no configuration is required. However, it is now possible to

enable and disable ARP debugging on a firewall policy. Also, a new

command, SHOW FIREWALL ARP displays the addresses for which the

firewall may respond to ARP requests.

PCR: 40012 Module: IPG, OSPF Level: 2

PCR: 40020 Module: SW56 Level: 3

PCR: 40023 Module: IPG Level: 2

PCR: 40025 Module: Firewall

1 2 3 4 5 6 7 8 9 10 11 ... 33 34

Commentaires sur ces manuels

Pas de commentaire

Allied Telesis Patch 86261-04 Manuel d'utilisateur Page 6

Commentaires sur ces manuels

Produits connexes et manuels pour Commutateurs de réseau Allied Telesis Patch 86261-04