Known Issues With This Release; Acls; Arp - Sun Microsystems Secure Application Switch N1216 Release Notes

Known Issues With This Release

This section describes the known problems, restrictions, and limitations in Release
3.2 (V3_2R1) on the Sun Secure Application Switch. For tracking purposes, an
internal Sun reference number is included at the end of each item in this section.

ACLs

ACLs will not block traffic that is generated internally within the Sun Secure
Application Switch, such as RIP advertisements, outgoing Spanning Tree BPDUs,
etc. (2225/6351897)
The number of ACLs that can be applied to interfaces across the switch will vary
with the complexity of the rules that are applied. If the internal table limits are
exceeded, an error will be generated and reported through the syslog facility.
(4226/156609)
Routed traffic on a single vRouter only hits either the ingress (inbound) or the egress
(outbound) when it should hit both rules. The first rule loaded (either ingress or
egress) will match the incoming packet flow. (6614/6351901)

ARP

ARP responses with multicast MAC addresses are not automatically installed. To
resolve this issue, manually enter the static ARP. For example, firewall clusters can
be configured to send multicast ARPs.
If using VLANS, also manually add the multicast address to the VLAN by using the
vlan address command, similar to the following examples:
sun(config-vswitch-backend-vRouter-default)# ip arp static 1.1.1.1
mac 01:00:00:00:00:01
sun(config-vswitch-backend vRouter-default)# vlan 10 address static
01:00:00:00:00:01 eth.11
sun(config-vswitch-backend vRouter-default)# vlan 10 address static
01:00:00:00:00:01 lag.server
(7274/6506711)
19
Sun Secure Application Switch – Release Notes for v3.2.1