Manuals / Allied Telesis / Computer Equipment / Network Router

Allied Telesis AT-8800 Software Version 159, BadSessionIdLen, Session ID longer than 32 bytes

Models: AT-9900 AT-8700XL AT-9800 AT-8600 RAPIER I AT-8800 AT-8900 X900-48FE

1 232

Download 232 pages 5.78 Kb

Page 159

Software Version 2.8.1

159

Figure 50: Example output from the show ssl counters command

.

.

.

Server:
serverStart	2
inClientHello	0
inSSLv2ClientHello	2
inCert	0
inClientKeyExchange ..... 1
inCertVerify	0
inFinished	1
resumeRequest	0
cacheMiss	0
noCipherMatch	0
sslv2ResumeRequest	0
noCertLoaded	0
missingMessageCheckFail . 0
hsHashFail(sha)	0
badSessionIdLen	0
Client:
clientStart	0
inHelloRequest	0
inServerHello	0
inCert	0
inCertRequest	0
inSKE	0
inHelloDone	0
inChangeCipherSpec	0
inFinished	0

outServerHello	2
outCert	2
outCertRequest	0
outHelloDone	2
outChangeCS	1
outFinished	1
cacheHit	0
cacheFull	0
sslVersion	0
resumeDiffCipher	0
finishBeforeCCS	0
hsHashFail(md5)	0
hsHashFail(tls)	0

outClientHello	0
outCert	0
outCKE	0
outCertVerify	0
outChangeCS	0
outFinished	0

sslVersionFail	0	missingMessageFail	0
certRequestNoRSA	0	noCert	0
rxFinBeforeChangeCS ..... 0		hsHashFail(md5)	0
hsHashFail(sha)	0	hsHashFail(tls)	0
badSessionIdLen	1

.

.

.

Table 41: New parameters in the output of the show ssl counters command

Parameter	Meaning

Server	Counters for the SSL server

badSessionIdLen	The number of CLIENT HELLO messages received with a
	session ID longer than 32 bytes.

Client	Counters for the SSL client

badSessionIdLen	The number of SERVER HELLO messages received with a
	session ID longer than 32 bytes.

Software Version 2.8.1 C613-10477-00 REV B

Image 159

Allied Telesis AT-8800, RAPIER I, X900-48FE, AT-8900 Software Version 159, BadSessionIdLen, Session ID longer than 32 bytes

Contents

Release Note Software VersionRelease Note Software Version Introduction IntroductionProduct series Models Backwards Compatibility Issue when Upgrading Upgrading to Software VersionProduct name Release file GUI resource file CLI help file Overview of New Features Overview of New FeaturesQuickly AT-8600 AT-9800 AT-8900 X900-48FE AT-9900 Software Version AR400 AR7x5 AR750S Rapier AT-8800Snmp MIBs Restart Log AR400 AR7x5 AR750S Rapier AT-8800Extended Monitoring of CPU Utilisation Command ChangesSystem Enhancements Clearing System ParametersActivate cpu extended Disable cpu extendedEnable cpu extended Reset cpu utilisationActivate cpu extended Command Reference UpdatesDisable cpu extended Enable cpu extendedSet system name Reset cpu utilisationSet system contact Set system locationShow cpu Example output from the show cpu extended commandParameter Meaning Command Line Interface CLI Enhancements Parts of a CommandMore flexibility in Separating Parameters and Values Command Additional Shortcuts when Editing Show command historyCreate config Create config Command Line Interface CLI EnhancementsParameter Description Set command assignmentoperator Example output from the show command history command Show command historyAdd file File System EnhancementFile System Enhancement Create fileSoftware Version Parameter Description Reset file permanentredirectFile size Default 204 800 bytes Show file permanentredirectFile System Enhancement Release Note Example output from the show file permanentredirect commandOrdering Hardware Filters in 48-Port Switches Switching EnhancementsShow switch hwfilter New mode parameter in output Switching EnhancementsCommandChange Set switch hwfilter mode New commandLimiting Rapid MAC Movement PortDisableSet switch thrashlimit Create switch trunkEnable switch port vlan Set switch portRoute Update Queue Length Set switch hwrouteupdateNew command Removing a Description from a Switch Port Securing a Single Vlan through Switch FiltersChanged description parameter Configuring vlansecure New DEV option in output Change of Debug Command SyntaxEthernet Protection Switching Ring Epsr Show switch debugCreate switch trunk Debugging occurs on operations related to the switch chip Disable switch debugDisable switch filter vlansecure Disable switch port vlanEnable switch debug Enable switch filter vlansecureEnable switch port vlan Set lacp Set switch hwrouteupdate Set switch hwfilter modeSet switch port Set switch trunk Set switch thrashlimitShow lacp Example output from the show lacp commandAddress learn thrash action ..... Learn Disable Address learn thrash timeout ... secondShow switch Switching Enhancements Show switch debug Whether the debugging option for the router or switch isARL, DMA, DEV, PHY, or None VlanSecure Show switch filterShow switch hwfilter New parameter in output of the show switch filter commandMode Show switch portNew parameters in output of the show switch port command MeaningThrashaction is set to none Add ppp acservice PPPoE Access ConcentratorDelete ppp acservice Set ppp acservicePPPoE Access Concentrator Interface New parameter in output of the show ppp pppoe commandShow ppp pppoe Eth0Enable mstp port Disable mstp portEnable mstp port Disable mstp portNew Port field in output STP EnhancementShow stp port Show stp portShow asyn Asynchronous Port EnhancementMaking Asynchronous Ports Respond More Quickly Set asynShow asyn Set asynWhich characters are bundled Ten timer value 100Ten timer value Asynchronous Port Enhancement Release NoteInternet Group Management Protocol Igmp Enhancements Igmp Proxy on x900 Series SwitchesDownstream interface GroupDownstream interfaces have members Multicast groupSet ip igmp interface Igmp filtering extended to all Igmp message typesAdd ip interface Set ip interfaceShow igmp filter Internet Group Management Protocol Igmp EnhancementsAdd igmp filter Set igmp filterMonitoring reception of Igmp general query messages MSGType=QUEryREPortLEAVe Add igmp filterSet igmp filter Add ip interfaceSet ip igmp interface Set ip interface Attached to Show igmp filterLeaves Is attached to Recd PassedAn Snmp trap are generated Upstream General Query Reception Timeout .... NoneNew parameters in the output of the show ip igmp command Show ip igmpIP Route Preference Options Expanded IP TroubleshootingInternet Protocol IP Enhancements Expanded number of Eth interfaces per physical interfaceAssigning the Filter Type IPv4 Filter ExpansionWaiting for a Response to an ARP Request Enhancements to Display of UDP Connections over IPv4Show ip Set ip arpwaittimeoutNew Arp wait timeout field Adding Static ARP Entries with Multicast MAC AddressesDisable ip macdisparity Enable ip macdisparityNew IP/MAC address disparity parameter Syntax Traffic filter Add ip filterDisable ip macdisparity Enable ip macdisparity Reset ip counterSet ip arpwaittimeout Set ip route preference Set ip filterShow ip Arp wait timeout SecsModified parameters on output of the show ip command With multicast MAC addresses. One of Enabled orInternet Protocol IP Enhancements Release Note Show ip cacheWhen the entry is used Show ip counterCount Number of times the entry was found Show ip udp Show ip filterGeneration/reception of logs using the Net Manage protocol UDP on the router or switchTime synchronisation using the Network Time Protocol Generation/reception of logs using the Secure Router LogIPv6 Tunnel Expansion Show ipv6 udp New commandIPv6 Enhancements Display of UDP Connections over IPv6Show ipv6 udp L2TP Enhancements L2TP EnhancementsResetting General L2TP Counters Handling PPP Link Negotiation FailuresProxyauth=offon Add l2tp ip Disable l2tp debugEnable l2tp debug Reset l2tp counter Decode Proxy AuthenticationShow l2tp ip Show l2tp tunnelSyntax SHow L2TP TUNnel CALL=1..65535 Show l2tp tunnel callAdd ospf interface Ospf Interface PasswordOpen Shortest Path First Enhancements Nssa Translator RoleAdd ospf area Set ospf areaShow ospf area Interaction with global Ospf parameters Redistributing External RoutesOspf backward compatibility Delete ospf redistribute Disable ospf debugEnable ospf debug Add ospf redistributeNSSAStability=1..3600 NSSATranslator=CANdidateALWays Add ospf areaAdd ospf redistribute Add ospf interfaceDisable ospf debug Enable ospf debugDelete ospf redistribute BGPImport=ONOFFTrueFalseYESNO Set ospfSet ospf interface Set ospf areaSet ospf redistribute Show ospf area RoleStability Interval State Software Version 101 Show ospf redistributeBGP Enhancements BGP EnhancementsBGP Backoff Lower Threshold Upper and Lower ThresholdsBGP Peer and Peer Template Enhancements Enable and Disable BackoffDisplaying Routes Learned from a Specific BGP Peer Displaying the Number of Routes from a PeerDisplaying Information about Routes from a Peer Software Version 105 Add bgp peerAdd bgp peertemplate Disable bgp backoffBACkoff Enable bgp backoffSet bgp backoff Software Version 107Set bgp peer Software Version 109 Set bgp peertemplateMem Lower Threshold Value 90% Mem Lower Notify Show bgp backoffBGP Enhancements Release Note Mem Upper Threshold Value 95% Mem Upper NotifyShow bgp peer Show bgp routeRoutes learned MLD and MLD Snooping Enhancements MLD and MLD Snooping EnhancementsMLD Packet Formats Icmp type for MLDv2 ReportsShow mldsnooping More consistent output MLD Snooping Group Membership DisplayChange of Maximum Query Response Interval for Software Version 113Set ipv6 mld Enable ipv6 mld interfaceV2 Draft Compatible Show ipv6 mldShow mldsnooping Software Version 115MLD and MLD Snooping EnhancementsRelease Note Previous example output from the show mldsnooping commandShow classifier Extension to Range of Classifier fields for x900 SwitchesCreate classifier Set classifierCreate classifier Extension to Range of Classifier fields for x900 SwitchesSoftware Version 119 Set classifier Software Version 121 Show classifierIgmp type 0x17 V2LEAVE TCP FlagsIcmp code Icmp typeProtocol 1234567890 Layer 3 Byte Offset Value Mask Classifier Rules 2222 MAC Address Aa-bb-cc-dd-ee-ff TypeVlan1234 FormatOne of URG, ACK, RST, SYN, or FIN Igmp TypeParameter option in brackets if available TCP FlagsQoS Enhancements Port GroupsSoftware Version 125 Storm protection Show qos trafficclass Set qos policyCreate qos trafficclass Set qos trafficclassCreate qos policy Add qos portgroup portWith the enable switch port command Default portdisableStorm protection is inactive Protection is enabledCreate qos portgroup Create qos trafficclassSTORMRate Is matching STORMTimeoutWith the enable switch port command, or Enable switch port vlan commandSpecific port that consists POrt Port to delete from this port group Default no defaultDelete qos portgroup port Destroy qos portgroupReset qos portgroup counters Set qos policySoftware Version 133 Uses Kbps. If you specify Mbps or Gbps, the rate Set qos portgroupSoftware Version 135 Parameter Description Set qos trafficclassQoS Enhancements Release Note Parameter Description With the enable switch port or enable switchIs disabled by storm protection Show qos policyStorm Protection Status Rate 1kbps Window 100ms Timeout NoneShow qos port Ports Assigned to Port Groups Assigned to 213-24Show qos portgroup QoS EnhancementsRelease NotePort Group Trunk Group None Integer from 1 to Parameters in output of the show qos portgroup commandShow qos portgroup counters Software Version 139140 Show qos trafficclass Number of bytes that conforms with band with classStorm Protection Secure Copy SCP Configuring Secure CopyConfiguring the Server Configuring the ClientSoftware Version 143 Configuring UsersUse the show ssh session command to see current sessions Managing Secure Copy SessionsLoading Files to the Switch Loading using Secure CopySoftware Version 145 Uploading using Secure CopyUploading from the Switch Loading Files from a Remote MachineShow loader Uploading Files from a Remote MachineLoad Set loaderSoftware Version 147 Disable ssh debugDisable ssh server Delete ssh sessionEnable ssh debug Enable ssh serverWhether the SSH server supports SCP connections Software Version 149 LoadCopy is the default method for loading and uploading Default tftpSet loader Software Version 151 Set ssh clientAlice Set ssh serverShow loader 192.168.1.1Debug SSH Server Enabled SCP ServiceShow ssh Software Version 153Show ssh counter Reset loader commandFailure Show ssh sessionSoftware Version 155 Parameter Meaning WriteFileFailedParameter Meaning Secure Shell Session Secure Copy SCP Release NoteUpload Software Version 157Characters long Show ssl counters SSL Counter EnhancementShow ssl counters SSL Counter EnhancementClient Counters for the SSL client BadSessionIdLen Software Version 159BadSessionIdLen Session ID longer than 32 bytesFirewall Enhancements Firewall EnhancementsFirewall Licencing Disabling SIP ALG Call ID TranslationSoftware Version 161 Set firewall sipalg New commandDisplaying SIP ALG Session Details Firewall Policy Rules ExpansionShow firewall policy Reset firewall sipalg counterDisplaying a Subset of Policy Rules Set firewall sipalgShow firewall policy Show firewallCALLId Valid with the ip or summary commandsIp or callid commands Show firewall sipalgActive SIP Sessions Parameters in output of the show firewall sipalg commandService Within the private network protected by the firewallSeen on the public side of the firewall Router or switch. The router or switch only translates IPFirewall Enhancements Release Note Gbl IPCurrent SIP sessions Start up or reset Current sessions Audio sessions createdSince start up or reset Past sessions Show firewall sipalg counterThem Total number of SIP messages received that the SIP ALGEnhancements to IPsec/VPN Responding to IPsec Packets from an Unknown TunnelSoftware Version 169 Modifying the Message Retransmission Delay Retrying Isakmp Phase 1 and 2 Negotiations New usePolIkeRetryGood and usePolIkeRetryFailed VPN Tunnel LicencingNew retryikeattempts parameter New retryIkeAttemptsPh1 and retryIkeAttemptsPh2Software Version 173 Create ipsec policyMsgbackoff parameter Default incrementalMsgtimeout value Create isakmp policyOccurs between attempts After the first 16 attempts, a five minute delayRETRYIKEattempts Attempted over new Isakmp SAsSet ipsec policy Software Version 177 Set isakmp policyShow ipsec VPNs Maximum Current PeakParameter Meaning VPNs Respond Bad SPI Show ipsec policySoftware Version 179 Respond Bad SPITo true and packets processed by that policy have an Show ipsec policy counterInBadSpiResponse InBadSpiResponseShow isakmp counters Software Version 181RetryIkeAttemptsPh1 RetryIkeAttemptsPh2 UsePolIkeRetryGood UsePolIkeRetryFailed Same None Show isakmp exchangeSoftware Version 183 Message Back-off IncrementalShow isakmp policy Iskamp policy commandShow isakmp sa Software Version 185Message Back-off None Snmp MIBs Shdsl Line MIBSnmp MIBs Logging Snmp operation Snmp request not processed due to excessive memoryUsage Snmp Trap not sent due to excessive memory usage Traps on Ospf state changesTrap on Vrrp topology changes Traps on Mstp state and topology changesSoftware Version 189 Trap on Login Failures Restart LogVLAN-based port state changes New Buffer level 0 field Trap on Memory LevelsSoftware Version 191 Show bufferParameter Meaning Buffer level n New parameters in output of the show buffer commandShow buffer Buffer level 1500CDP over WAN Interfaces CDP over WAN Interfaces Disable lldp cdp interfaceDisable lldp cdp ppptemplate Enable lldp cdp debugSoftware Version 195 Enable lldp cdp interfaceEnable lldp cdp ppptemplate Enables debugging of PPP eventsPpp0 Ppp1 PPP Templates Enabled PPP Templates DisabledShow lldp cdp Show lldp cdp interfaceSoftware Version 197 Permanent Assignments on AR400 Series RoutersPage Chapter Introduction to Ethernet Protection Switching Ring EpsrEpsr Instances and Domains Introduction to Ethernet Protection Switching Ring EpsrMaster Node Ethernet Protection Switching Ring EpsrControl Vlan Data VlanFault Detection and Recovery Master Node Polling Fault DetectionTransit Node Unsolicited Fault Detection Fault Recovery Procedure Restoring Normal Operation Epsr Single Domain, Single Ring Network Configuring Epsr# For Transit Nodes 1, 2 Example script for a 4 node ring networkSingle Ring, Dual Domain Network # Node 1 Master node for RingA Transit Node for RingB Example script for a Single Ring, Two Domain Network NodeExample script for a Single Ring, Two Domain Network Nodes 2 # Node 3 Transit node for RingA Master Node for RingB Epsr and Spanning Tree Operation # For Transit Node # For Transit Nodes 2 Command ReferenceAdd epsr datavlan Add epsr datavlanCreate epsr Ethernet Protection Switching Ring Epsr Create epsrDefault 2s RIngflaptime Only configured for the master nodeSeconds 32767s. Only configured for the master node Default 1s FAilovertimeVlan-name cannot be a number or ALL Delete epsr datavlanHyphen character -. The epsr-name cannot be ALL Unique name for the VLAN. This can be from 1 toDestroy epsr Destroy epsrString, 1 to 15 characters long. Valid characters are Disable epsrEthernet Protection Switching Ring Epsr Disable epsr Epsr instance to be disabledDisable epsr debug Disable epsr debugEnable epsr Ethernet Protection Switching Ring Epsr Enable epsrEpsr instance to be enabled OUTput Enable epsr debugEnable epsr debug Epsr instance whose debugging is to be enabledPurge epsr Ethernet Protection Switching Ring Epsr Purge epsrSet epsr Set epsrVLANs within the ring domain Ethernet Protection Switching Ring Epsr Set epsr portSet epsr port Epsr to be set for the portShow epsr Show epsrEpsr instance whose details are displayed Ethernet Protection Switching Ring Epsr Show epsr Second Port Status Disabled. This parameter is only shown for a transit nodeSecond Port Shown for a transit nodeEpsr instances Ethernet Protection Switching Ring Epsr Show epsr counterShow epsr counter COUnterRelated Commands show epsr Show epsr debug Show epsr debug