Patch | 15 |
PCR: 02292 Module: IPSECNetwork affecting: No
IPSec no longer logs packets that match an ACTION=ALLOW policy. The overhead of this logging was affecting
PCR: 02294 Module: IKMPNetwork affecting: No
The LOCALRSAKEY parameter in the CREATE ISAKMP POLICY and SET ISAKMP POLICY commands was not accepting the value zero. This issue has been resolved.
PCR: 02298 | Module: IPSEC | Network affecting: No |
The PURGE IPSEC command caused a fatal error. This issue has been | ||
resolved. |
|
|
PCR: 02299 | Module: VRRP | Network affecting: No |
If a packet with a destination IP address equal to a VRRP IP address was received when the router didn’t own the IP address, (because it didn’t have an interface with that IP address) the router incorrectly tried to forward the packet and send an ICMP “redirect” message to the source. Now, if such a packet is received, it will be discarded and an ICMP “host unreachable” message will be sent to the source.
PCR: 02301 Module: IPGNetwork affecting: No
If a DNS relay agent was configured with overlapping subnets, sometimes the DNS server response was returned to the client with a source IP address of an interface on the relay agent that was different from the interface the request was received on. This issue has been resolved.
PCR: 02302 Module: IPv6Network affecting: No
The default router lifetime value has been corrected. Also, the SET IPV6
INTERFACE command now updates valid and preferred lifetimes correctly.
PCR: 02303 Module: INSTALLNetwork affecting: No
When enabling or disabling feature licences, a message will now be generated with a warning that changes to feature licences may not take effect until after a reboot.
PCR: 02304 Module: VRRPNetwork affecting: No
VRRP used the wrong source IP address in ICMP redirects. RFC 2338 states that the source IP address of ICMP redirects should be the IP address that the end host used when making its next hop routing decision. In the case of a packet sent to a VRRP virtual MAC address, this is the primary VRRP IP address associated with the MAC address, provided such a VR exists and is in the master state. This issue has been resolved.
PCR: 02309 Module: STPNetwork affecting: No
On models except Rapier i Series Switches, the ENABLE STP DEBUG PORT command did not work correctly. This issue has been resolved.
PCR: 02311 Module: SWINetwork affecting: No
It was possible to set the trunk speed to 10/100M, even if the port within the trunk was not capable of this speed. This issue has been resolved.
Patch
