Allied Telesis AR800 Series User Manual

16

Patch Release Note

Patch 86231-10 for Software Release 2.3.1

C613-10328-00 REV J

handling for Firewall and IP NAT. Each module can now be configured to
process fragmented packets of specified protocol types without needing to
reassemble the packet. The number of fragments a packet may consist of is
also configurable. This enhanced fragment handling is disabled by default.

To enable enhanced fragmentation for Firewall, use the command:

ENABLE FIREWALL POLICY=policy_name

FRAGMENT={ICMP|UDP|OTHER}

To enable enhanced fragmentation for IP NAT, use the command:

ENABLE IP NAT FRAGMENT={ICMP|UDP|OTHER}

To disable enhanced fragmentation for Firewall, use the command:

DISABLE FIREWALL POLICY=policy_name

FRAGMENT={ICMP|UDP|OTHER}

To disable enhanced fragmentation for IP NAT, use the command

DISABLE IP NAT FRAGMENT={ICMP|UDP|OTHER}

To configure the number of fragments permitted per packet for Firewall, use
the command:

SET FIREWALL FRAGMENT=8...50

To configure the number of fragments permitted per packet for IP NAT, use
the command:

SET IP NAT FRAGMENT=8...50

TCP has been excluded from this enhancement because TCP has the MSS
(Maximum Segment Size) parameter for segment size control. Also, for
PPPoE interfaces with a reduced MTU of 1492, a previous enhancement in
PCR 02097 ensures that TCP MSS values in sessions carried by a PPPoE
interface are clamped to a value that prevents fragmentation.

A buffer leak occurred when a large number of flows (over 4000) were in use
and needed to be recycled. This issue has been resolved.

When the only feature licence in the feature licence file was disabled, the
licence file stored on FLASH memory did not change. This was due to a
previous enhancement in PCR 02184 which prevented existing files being
deleted before a new version was stored. This issue has been resolved.

A restriction now applies to the generation of unnecessary OSPF indication
LSAs, originated when a neighbour router does not support OSPF demand
circuits.

The EPORT parameter in the ADD SWITCH L3FILTER ENTRY and SET
SWITCH L3FILTER ENTRY commands was matching multicast and
broadcast packets with software filtering. This issue has been resolved.

Packets were incorrectly being switched by hardware when filters were
enabled. Packets are now switched in software if filters are set, and are
switched in hardware if no filters are set.

PCR: 02214

Module: IPG

Network affecting: No

PCR: 02215

Module: FILE

Network affecting: No

PCR 02217

Module: OSPF

Network affecting: No

PCR: 02220

Module: SWI

Network affecting: No

PCR 02222

Module: IPG

Network affecting: No