Allied Telesis Switch sr264 03 User Manual

Patch Release Note  
Patch sr264-03  
for AT-8600 series switches  
Introduction  
This patch release note lists the issues addressed and enhancements made in  
patch sr264-03 for Software Release 2.6.4 on existing models of AT-8600 series  
switches. Patch file details are listed in Table 1.  
Table 1: Patch file details for Patch sr264-03.  
sr-264.rez  
Base Software Release File  
Patch Release Date  
30-July-2004  
sr264-03.paz  
40912 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
This release note should be read in conjunction with the following documents:  
Release Note: Software Release 2.6.4 for AT-8600 Series switches  
(Document Number C613-10404-00 REV A) available from  
AT-8600 Series Switch Documentation Set for Software Release 2.6.4  
available on the Documentation and Tools CD-ROM packaged with your  
WARNING: Using a patch for a different model or software release may cause  
unpredictable results, including disruption to the network. Information in this  
release note is subject to change without notice and does not represent a  
commitment on the part of Allied Telesyn International. While every effort has  
been made to ensure that the information contained within this document and  
the features and changes described are accurate, Allied Telesyn International  
can not accept any type of liability for errors in, or omissions arising from the  
use of this information.  
Simply connecting the world  
 
 
Patch sr264-03 for AT-8600 series switches  
3
PCR: 40417  
Module: OSPF  
Level: 3  
When LS Acks (Link State Advert acks) were received, they were compared  
against the transmitted LSA (Link State Advert). If it was the same, the LSA  
was removed from the re-transmission list. The algorithm used in this check  
has been changed to be compliant with the algorithm specified in section  
13.1 of RFC2328, to determine if the LS Ack received is the instance as the  
LSA.  
PCR: 40440  
Module: CLASSIFIER  
Level: 3  
For those classifiers that specified the IP protocol as a match criterion, the IP  
protocol number was being stored and displayed in a configuration file as a  
hexadecimal value rather than a decimal value. This issue has been  
resolved.  
PCR: 40441  
Module: IPG, VRRP  
Level: 4  
If VRRP was enabled and a reset ip command was issued followed by a  
disable vrrp command, then the device would still reply to pings, even  
though the device was no longer the VRRP master. Duplicate echo replies  
were seen on the device sending the pings. This issue has been resolved.  
PCR: 40446  
Module: DHCP  
Level: 2  
In certain situations, if a DHCP client used a DHCP relay agent to request  
IP addresses from the switch acting as the DHCP server on a different  
subnet, it was not be able to renew the IP address allocated to it. This issue  
has been resolved.  
PCR: 40447  
Module: CORE, SWI, SW56  
Support was added for new fibre uplink modules A45SC, A45SCSM, and  
GBIC uplink module A47.  
PCR: 40453  
Module: IPG  
Level: 2  
Particular IP packets (unicast destination IP, but multicast destination  
MAC) could result in a memory leak, which in some cases could cause the  
device to stop responding to the command line. This issue has been  
resolved.  
Patch sr264-03 for Software Release 2.6.4  
C613-10407-00 REV C  
 
4
Patch Release Note  
Features in sr264-02  
Patch file details are listed in Table 2.  
Table 2: Patch file details for Patch sr264-02.  
sr-264.rez  
Base Software Release File  
Patch Release Date  
06-July-2004  
sr264-02.paz  
9288 bytes  
Compressed Patch File Name  
Compressed Patch File Size  
Patch sr264-02 includes the following resolved issues and enhancements:  
PCR: 40360 Module: SWITCH Level: 3  
Factory LED tests (enable/disable switch led test for AT-8800 series  
switches only and enable/disable switch stpf) were removed prior to  
release 2.6.4. This issue has been resolved.  
PCR: 40374  
Module: PORTAUTH, USER,  
UTILITY  
Support has been added for EAP types TLS, TTLS, and PEAP when the  
switch is acting as an 802.1x authenticator. See “The Authentication Server”  
on page 5 for more information.  
PCR: 40414  
Module: TM, CORE  
Level: 3  
Factory Autoburn test caused a switch reboot when BIST started to run.  
This issue has been resolved.  
Patch sr264-03 for Software Release 2.6.4  
C613-10407-00 REV C  
 
 
Patch sr264-03 for AT-8600 series switches  
5
The Authentication Server  
The authentication server verifies the supplicant’s details, passed to it by the  
authenticator. This implementation of 802.1x control requires that a port acting  
as an authenticator must communicate with a RADIUS authentication server.  
The RADIUS server must be capable of receiving and deciphering EAP in  
RADIUS packets.  
The authentication server must be connected to a port on the switch which does not have  
port authentication enabled, or is set with CONTROL=AUTHORISED.  
The supported supplicant encryption mechanisms for communication with the  
RADIUS server are EAP-MD5 and EAP-OTP. With this enhancement the  
encryption methods supported by authenticators are EAP-MD5, EAP-OTP,  
EAP-TLS, EAP-TTLS, and EAP-PEAP.  
Steps in the Authentication Process  
Until authentication is successful, the supplicant can only access the  
authenticator to perform authentication message exchanges, or access services  
not controlled by the authenticator’s controlled port.  
Initial 802.1x control begins with an unauthenticated supplicant and an  
authenticator. A port under 802.1x control acting as an authenticator is in an  
unauthorised state until authentication is successful.  
1. Either the authenticator or the supplicant can initiate an authentication  
message exchange. The authenticator initiates the authentication message  
exchange by sending an EAPOL packet containing an encapsulated  
EAP-Request/Identity packet. The supplicant initiates an authentication  
message exchange by sending an EAPOL-Start packet, to which the  
authenticator responds by sending an EAPOL packet containing an  
encapsulated EAP-Request/Identity packet.  
2. The supplicant sends an EAPOL packet containing an encapsulated  
EAP-Response/Identity packet to the authentication server via the  
authenticator, confirming its identity.  
3. The authentication server selects an EAP authentication algorithm to verify  
the supplicant’s identity, and sends an EAP-Request packet to the  
supplicant via the authenticator.  
4. The supplicant provides its authentication credentials to the authenticator  
server via an EAP-Response packet.  
5. The authentication server either sends an EAP-Success packet or  
EAP-Reject packet to the supplicant via the authenticator.  
6. Upon successful authorisation of the supplicant by the authenticator server,  
a port under 802.1x control is in an authorised state, unless the MAC  
associated with the port is either physically or administratively inoperable.  
Also upon successful authorisation of the supplicant by the authenticator  
server, the supplicant is allowed full access to services offered via the  
controlled port. If piggybacking is enabled on the authorised authenticator  
port, any other device connected will also be give full access.  
Patch sr264-03 for Software Release 2.6.4  
C613-10407-00 REV C  
 
 
6
Patch Release Note  
7. When the supplicant sends an EAPOL-Logoff message to the authenticator  
the port under 802.1x control is set to unauthorised.  
A successful authentication message exchange, initiated and ended by a  
supplicant using OTP authentication, is shown in below.  
To minimise the risk of denial-of-service attacks by issuing EAPOL-Logoff  
messages to an Authenticator Port Access Entity (PAE) from a third party  
device, we recommend that 802.1x not be used in a shared media LAN.  
Figure 1: Authentication Messaging Exchange Initiated by the Supplicant.  
Authenticator Server  
Supplicant PAE  
Authenticator PAE  
Port Unauthorised  
EAPOL-Start  
EAP-Request/Identity  
EAP-Response/Identity  
EAP-Response/OTP  
EAP-Request/OTP  
EAP-Success  
Port Authorised  
EAPOL-Logoff  
Port Unauthorised  
Exchange of EAPOL frames  
Exchange of EAP frames carried  
by RADIUS  
8021X5  
Availability  
Patches can be downloaded from the Software Updates area of the Allied  
licence or password is not required to use a patch.  
Patch sr264-03 for Software Release 2.6.4  
C613-10407-00 REV C  
 

Acoustic Energy Projector LT25 User Manual
Aiphone Home Security System JB DVF HID I User Manual
Air King Ventilation Hood AK965 User Manual
Aiwa CRT Television TV A2115 User Manual
Aiwa Radio FR CD1500 User Manual
Alpine Car Stereo System DVA 5205P User Manual
Alvin Picnic Table Drawing Table User Manual
AMX Network Router nxc User Manual
Atomic Scuba Diving Equipment 12 0102 3P User Manual
Avital Remote Starter 3100L User Manual