VYATTA, INC.

| Release Notes

Vyatta Release 6.1-2010.08.20

August 2010
Document Part No. A0-0095-10-0025

Vyatta
1301 Shoreway Road
Suite 200
Belmont, CA 94002
vyatta.com
Contents
These release notes document changes in Release 6.1-2010.08.20.
 Security
 New in This Release
 Behavior Changes
 Documentation Changes
 Upgrade Notes
 Resolved Issues

 Known Issues

Security
There are no security announcements in this release.

New in This Release

Release 6.1-2010.08.20 of the Vyatta system includes features for the Vyatta Core as
well as features for the Vyatta SE and Vyatta Plus.

The following new features are available for the Vyatta Core:
 Stateful failover for NAT and firewall. The Vyatta Core system supports two
high-availability solutions for failover: clustering and VRRP. In this release, the
Vyatta system can track NAT and firewall connections and synchronize active
connection state to the clustering or VRRP standby systems, helping the standby
to take over without re-establishing connections if the primary fails.

 LLDP support. The Vyatta system now supports the Link Layer Discovery
Protocol (LLDP), an open standard for network devices to communicate link layer
topology and connection endpoint information on IEEE 802 (Ethernet) LANs and
MANs. LLDP allows a station on the network to advertise information about its
capabilities, configuration, and identity to other LLDP-enabled stations on the
same physical network and store this information as a standard RFC 2922 MIB,
which a network management system can query to model the topology of the
network.
 QoS Input interfaces. The Vyatta Core now supports a special-purpose interface
called an Input interface that, used in conjunction with interface input
redirection, can extend QoS functionality. Using Input interfaces, you can apply a
single QoS policy across the combined inbound traffic from multiple interfaces.
You can also apply outbound QoS policies to inbound traffic. For information on
Input interfaces, see the Vyatta System LAN Interface Reference Guide.

1
 Port mirroring and redirection. Inbound traffic on Ethernet interfaces can now
be mirrored using the mirror option during interface configuration. This feature
is useful for mirroring packets to an IDS, for example. Traffic redirection allows
you to redirect inbound traffic from multiple Ethernet interfaces to a single
Input interface, where you can (for example) apply a single QoS policy to the
combined traffic or apply an outbound QoS policy to inbound traffic. Traffic
mirroring and redirection are supported on physical Ethernet interfaces only. For
information on port mirroring and redirection, see the Vyatta System LAN
Interface Reference Guide.
 IPS enhancements. The IPS function has been extended to allow you to suppress
and enable Snort rules on a per-SID basis and to exclude entire categories of
Snort rules. The system now also supports setting the Snort $HOME_NETWORK
variable through the Vyatta CLI. For information about IPS enhancements, see
the Vyatta System Security Reference Guide.

 BGP hop count security. The Generalized TTL Security Mechanism has been
implemented to add BGP hop count security to existing BGP security mechanisms
(IP address and MD5). Hop count security provides additional security from man-
in-the-middle and other attacks. For information about BGP hop count security,
see the Vyatta System BGP Reference Guide.
 Layer 2 bridging. This release adds mechanisms to bridge multiple Ethernet
segments across a WAN link—for example, in cloud computing systems. Ethernet
links can be bridged through GRE and OpenVPN tunnels. Information for this
feature can be found in the Vyatta System LAN Interfaces Guide and the Vyatta
Tunnels Reference Guide.
 Enhancements to image-based upgrade. The previous release of the Vyatta
system introduced image-based upgrade functionality. In this release, image-
based upgrade has been enhanced with several new capabilities:
 The install-image and add system image commands have been extended
with the ability to assign a name to the system image. Once named, the
image can be referenced by name in CLI commands; for example, the delete
system image command. The new rename system image command allows
you to rename a system image.
 The show system image command has been extended with an option
(storage) that displays amount of disk storage utilized by each image.
 Digital signature check has been added for ISO files where a URL is specified.
The add system image command has been extended to use a digital
signature file to verify the system ISO file if a digital signature file exists.
 Enhanced “show tech-support” command. The output of the “show tech-
support” command has been reorganized and reformatted to provide additional
information and be more meaningful. A new option, brief, has been added to
generate output based on the most commonly-used troubleshooting commands.
For information on this feature, see the Vyatta Basic System Guide.
 IPv6 BGP support. Support for BGP has been extended to support peering
sessions running over TCP over IPv6. Any BGP peering session can now carry IPv4

2
 routing information, IPv6 routing information, or both. For information about
BGP routing, see the Vyatta System BGP Reference Guide.
 DHCPv6. This release introduces support for the Dynamic Host Configuration
Protocol for IPv6. DHCPv6 provides stateful address auto-configuration and
stateful auto-configuration. The Vyatta Core system can act as a fully-featured
DHCPv6 server and also provides DHCPv6 relay agent and DHCPv6 client support.
For information about DHCPv6, see the Vyatta System Services Guide.
 SNMP for IPv6. SNMP support has been extended to support RFC 2454 (IP
Version 6 Management Information Base for the User Datagram Protocol) and
RFC 2465 (Management Information Base for IP Version 6). You can configure
any combination of IPv4 and IPv6 addresses for SNMP community and SNMP trap
destinations, as well as for a new option, listen-address, which allows you to
restrict incoming requests to particular interfaces. For information about SNMP
for IPv6, see the Vyatta System Basic System Guide.

The following new features are available for the Vyatta Subscription Edition:
 TACACS+ IPv4 AAA Support. The Vyatta Subscription Edition now supports IPv4
AAA services through a central TACACS+ authentication server. TACACS+
authentication can be used on its own or in conjunction with Vyatta system
login authentication. In addition, Vyatta system login user IDs can be mapped to
TACACS+ usernames. For information on this feature, see the Vyatta System
Basic System Reference Guide.
 Configuration synchronization. The Vyatta Subscription Edition now allows
you to synchronize selected portions of the configuration subtree, such as
firewall or clustering, between redundant systems over a dedicated LAN link. For
information on this feature, see the Vyatta System High Availability Reference
Guide.
 Remote Access API. The Vyatta Remote Access API enables remote command
execution on a Vyatta Subscription Edition system over HTTPs using a simple,
coherent, stateless interface. In addition to accessing the standard set of
operational and configuration commands, the API provides process control and
management features. The API adheres to Representational State Transfer
(REST) principles where possible, and uses the JavaScript Object Notation (JSON)
format for data representation. Vyatta Version 6.1 includes minor feature
enhancements and a complete documentation set including usage scenarios.

The following new service is offered through the Vyatta PLUS subscription service:

 Vyatta PLUS Snort VRT service. Vyatta’s Sourcefire VRT based network intrusion
prevention and detection system provides integration of the industry-leading
Snort rules used by security professionals worldwide. Subscribers to the paid
Vyatta PLUS Snort VRT service access the Sourcefire VRT Certified Rules as new
vulnerabilities are found. For information on the Snort VRT service, see the
Vyatta System Security Reference Guide.

3
Behavior Changes
In previous releases, BGP peer groups were configured using the protocols bgp asn
neighbor configuration node. Starting with this release, BGP peer groups are
configured using the protocols bgp asn peer-group configuration node. Previous
BGP peer-group configuration is automatically migrated to the new configuration
structure when you upgrade to this release.
In previous releases, Vyatta appliances were loaded with a disk-based installation of
the Vyatta software. Starting with this release, all Vyatta appliances will be loaded
with an image-based installation of the software.
In previous releases, system processes were restarted using the ‘clear’ command.
Starting with this release, the following are restarted using the ‘restart’ command:
- Connection tracking synchronization service (conntrack-sync)
- DHCPv6 service (dhcpv6)
- Flow accounting service (flow-accounting)

- IPsec VPN service (vpn)

- VRRP service (vrrp)
- WAN load balancing service (wan-load-balance)

Documentation Changes
The Vyatta Remote Access API 2.0 Developer’s Reference Guide was created to
explain how to use the Remote Access API.

The Vyatta System IP Services Reference Guide has been renamed to Vyatta System
Services Reference Guide.

Upgrade Notes
Please note that the full-upgrade command is designed to upgrade a system from
one general availability (GA) release to another (not from a Beta release to the GA
version of the release). It is possible that full-upgrade may not work as intended
and could fail if full-upgrade is used to upgrade from the Beta version to the GA
version of the release. For hardware-based systems, Vyatta recommends image-
based upgrade using the add system image command. For virtualized
environments, deploying the new templates is recommended, after which you can
migrate your configuration. These procedures are described in the Vyatta Installing
and Upgrading Guide.

4
Resolved Issues
Bug Severity Component Description
ID

BGP

3118 minor BGP “set protocols bgp <> neighbor <> timers ......” – no
configuration existence check of “holdtime” for “keepalive”
and vice versa.
3239 major BGP defining BGP peer-group using neighbor statement does not
always work
3240 enhancement BGP Use “peer-group” instead of “neighbor” to define peer
groups
3290 minor BGP configuration of bgp neighbor should fail on commit if
minimum required values are not set
4210 unassigned BGP new cli has problems prioritizing bgp peer groups
4393 unassigned BGP Allow prefix-list in both peer-group configuration and peer
4626 minor BGP Inconsistencies with ‘show ipv6 bgp neighbors’ commands
4715 unassigned BGP There is no command to set bgp peer-group directly
4744 unassigned BGP ipv6 bgp redistribute doesn’t work
4937 enhancement BGP Support RFC 5082 GTSM for BGP “TTL Security”
5060 unassigned BGP error adding route-map to bgp ipv6 peer
5344 unassigned BGP committing prefix-list6 as bgp ipv6 neighbor prefix-list got
“prefix-list <> doesn’t exist”
5345 unassigned BGP committing filter-list for bgp ipv6 neigbor failed
5347 unassigned BGP committing unsuppress-map for bgp ipv6 neigbor failed
5351 unassigned BGP executing “show ipv6 bgp neighbors” got “Incomplete
command”
5475 unassigned BGP There is no parameter completion for “protocols bgp <>
neighbor <> distribute-list”
5476 unassigned BGP There is no parameter completion for “protocols bgp <>
neighbor <> address-family ipv6-unicat distribute-list”
5477 unassigned BGP The parameter completion for “protocols bgp <> neighbor
<ipv4> prefix-list” contains prefix-list6 names
5584 trivial BGP CLI auto-completes Ipv6 prefix list name in wrong place
5614 trivial BGP unable to set ipv6 route-map
5818 unassigned BGP Can’t delete empty “peer-group”

Bridging

5257 trivial Bridging some interfaces’ help strings don’t follow the default style

CLI

1452 enhancement CLI Add warning prompt to save configuration when exiting
configuration mode

5
2619 enhancement CLI Implement something similar to Juniper’s “show | display set”
functionality
3709 enhancement CLI ENH: Add tab-completion for “copy” and “rename”
commands
3737 enhancement CLI ENH: include all users’ bash histories in “show tech-support”
output
4661 enhancement CLI CLI interactive help command suggestion u32 replacement.
5213 unassigned CLI CLI doesn’t properly handle explicit path in node.def
5397 unassigned CLI “show vpn ipsec status command” reports no active tunnels
though ipsec tunnels are up
5506 minor CLI Configure mode help at root is incorrect
5522 minor CLI Vyatta-bash based on ancient version
5554 enhancement CLI Add command to show current role

Cluster

5134 major Cluster Clustering causes router to reboot when an IP service cannot
be released

Connection Tracking

2891 enhancement Connection Add conntrack-tools/conntrackd to system to synchronize

Tracking firewall/nat state tables between multiple routers

DHCP

5465 major DHCP DHCP client uses out of date files to update /etc/resolv.conf
5897 minor DHCP Upgrade DHCP to 4.1.1-P1

DNS-forwarding

5533 unassigned DNS-forwarding Not ready for DNSSEC implementation on May 5th, 2010

Documentation

1930 enhancement Documentation OSPF Docs: enhance description of rfc1583-compatibility

option
5615 enhancement Documentation Include an example of adding remote-access VPN users in the
zone firewall documentation
5878 unassigned Documentation document nat rule increase

Firewall

4629 minor Firewall Configuration Limitation for recent count firewall rule; max
of 20 allowed
4796 enhancement Firewall Allow Logging on built-in rule 10000
5203 unassigned Firewall negation in firewall rule causes deprecation message
5744 major Firewall iptables errors and out of sync issue when attempting to
reference a firewall group in an anti brute-force rule
5917 trivial Firewall FW: Max characters exceeded for ipset rule when using “set
firewall group address-group” command

GUI

6
4454 enhancement GUI Add the ability to configure a GUI listen-address to restrict
local GUI access
5633 unassigned GUI GUI: Cannot set firewall rule action drop (in some browsers)
5665 minor GUI Large files are displayed in chunks.
5670 minor GUI Attempting to set the “*” value under Ethernet interface IP
generates a set failed error
5791 major GUI GUI show log permission denied
5408 unassigned GUI2 spurious error in rest api when committing telnet
configuration node.

IDS

4270 minor IDS Content inspection rule sid:100000122 causes an extremely

high amount of false positive matches
4704 enhancement IDS ENH: allow snort $HOME_NET to be configured
5515 unassigned IDS committing “content-inspection ips actions <> sdrop” failed
5530 unassigned IDS When Snort is drop mode it is affecting access to websites
5546 minor IDS IPS update-hour with leading zeroes passes validation but
prevents updates
5612 enhancement IDS ENH: Operational command to manually update Snort/IPS
rule database
5619 major IDS Various false positives in Snort/IPS block or alert for
legitimate traffic

Installer

5416 unassigned Installer install-system fails on grub installation

5443 major Installer install-system/install-image hang under HV
5496 minor Installer Upgrades to Version 6 from 3.0.x and 3.1.x fail with the
following error: touch: cannot touch `/etc/squid3/squid.conf’
5512 major Installer Installing a new kernel package on an image-installed system
has no affect
5549 unassigned Installer Delete system image prompt message
5557 major Installer virt kernel becomes the default after full-upgrade from
VC5.0.2 to VC6.0-2010.04.22
5695 unassigned Installer install-system fails on drive previously installed with install-
image
5845 major Installer Full-upgrade on system with two or more images removes
other images
5846 major Installer Installing a new grub package removes system images
5929 minor Installer SSH host keys are not preserved during “add system image”
(VSE6.0 to VSE6.1.beta)

Interface

4680 minor Interface Unable to enable proxy ARP on a VLAN interface

4977 major Interface BONDING: setting primary interface for active-standby type
bond fails at boot

7
5021 unassigned Interface delete interface fails with smp_affinity error
5497 enhancement Interface Display entire interface description in the operational
command output of ‘show interfaces’

Ipv6

4981 major Ipv6 Ipv6 static routes are inactive

5796 unassigned Ipv6 Ipv6 static route to blackhole doesn’t work

Kernel

5419 unassigned Kernel deleting bridge under interface and bridge itself in the same
commit results in system hang
5438 unassigned Kernel Hyper-V unnelin drivers not visible
5548 unassigned Kernel Xenserver LiveMigration hangs / fails when VM is configured
to use 2 CPUs
5588 enhancement Kernel Add the ability to modify the size of the connection tracking
expectation table via the CLI
5690 major Kernel Unable to install to an LSI SAS2008 SAS/SATA controller “no
suitable drive found”

Load Balancer

4248 enhancement Load Balancer Add a ‘clear wan-load-balancing’ command to the Vyatta CLI
5715 unassigned Load Balancer vif pppoe interface fails to set up default route in WLB

Netflow

5525 unassigned Netflow sflow error if only using vlans

5583 unassigned Netflow netflow stops working if WLB is configure after it

OpenVPN

5664 major OpenVPN Clear openvpn command terminates process but does not
restart it

OSPF

3096 minor OSPF OSPF: LSAs with links being removed were not removed
unneling y after Delete and re-adding after the
links(networks) were deleleted and added to a new area
4161 enhancement OSPF Bad config handling of “protocols ospf passive-interface”
5283 trivial OSPF OSPF IA routes for wireless interfaces not advertised to
neighbors.
5321 unassigned OSPF Out-of-bounds operation in function
5429 enhancement OSPF Support route-maps when redistributing into OSPFv3
5683 major OSPF Non-existing options to ospfv3 show database command

PPP

5215 enhancement PPP ENH: Add a configuration item to disable MLPPP header
compression

QoS

8
4541 trivial QoS Rate limiter policy should be renamed
5123 enhancement QoS Add incoming traffic-shaping
5385 major QoS unnelin protocol match field issues
5407 unassigned QoS traffic-limiter priority field should be renamed
5689 minor QoS QoS: TC command failed. at /opt/ unnel/sbin/ unnel-qos.pl
line 187
5769 major QoS Qos does not match on incoming interface
5795 minor QoS combined match rules for interface and address don’t work
5799 enhancement QoS Allow QoS to match against firewall marking
5808 enhancement QoS ENH: Add VPN interface QoS statistics

RAID

4182 major RAID System unbootable after running install-system RAID

installation
5399 major RAID Grub admits disk that was removed from RAID-1 group into
the group

Serial

5456 minor Serial Syntax errors: Activating a PPPOE interface on adsl0 causes
errors.
5463 minor Serial unfriendly error message
5702 major Serial Multilink MLPPP interfaces do not load on boot if a
description is configured

SNMP

4131 major SNMP Reproducible memory leak in snmpd

5199 enhancement SNMP Missing IPV6 support in SNMP

System

3610 enhancement System ENH: Add “show cluster status” to output of “show tech-
support”
4077 enhancement System ENH: Provide warning for invalid values in “encrypted-
password”
4712 unassigned System Vyatta vmdk changes
4896 enhancement System Radius server config should be using Debian auth-client-
config
5166 major System Interface.pm lacks pppoe interface type.
5394 unassigned System colons in “show version” output not aligned
5418 minor System setting invalid user and then deleting user prevents further
successful commits in session
5449 unassigned System grub.cfg default menu entry is not the serial console one for
the added image after “add system image” is done through
serial console
5473 major System telnetd does not write utmp/wtmp log out records
5607 unassigned System no help string for “clear https” and “clear wan-load-balance”

9
5656 enhancement System ENH: Enable SSL (HTTPS) encrypted package repository server
access
5774 critical System full-upgrade run from version 6 to a later version 6 on a xen
VM results in a system that no longer boots
5782 enhancement System ENH: command to generate a compressed archive of vital
data for support escalations
5785 enhancement System Please add the ‘show system image’ output to show tech-
support

TACACS+

5316 enhancement TACACS+ Add an operational command to show the privilege level of a
user (tacacs)

URL Filtering

5871 unassigned URL Filtering “update webproxy vyattaguard” should check disk space

VPN

3584 enhancement VPN openvpn – add option to disable interface

3766 enhancement VPN Support Ethernet packet unneling over GRE
5087 unassigned VPN add support to specify PFS group when PFS is enabled
5401 minor VPN VPN: L2TP remote-access CLI should not require server-key-
password and crl-file for X509 auth
5652 enhancement VPN ENH: Set IKE/IPSEC SA keying tries to forever

VRRP

5675 unassigned VRRP clearing vrrp master for an interface group removes sync-
group config from keepalived.conf

Web proxy

4958 minor Web proxy Squid Crashed: exited due to signal 6

5487 unassigned Web proxy http redirect url address placed on the router itself gets
blocked by local-zone’s firewall when using Zone Based
Firewall
5527 enhancement Web proxy EN: add support for local ok/block of urls
5528 enhancement Web proxy EN: add support for disable url-filtering
5529 unassigned Web proxy ENH: add proxy-bypass to webproxy
5739 unassigned Web proxy webproxy generates continues to generate iptables error
after first commit failure

Wireless

5268 enhancement Wireless INTERFACES: Add a command to disable a wireless interface.

5282 enhancement Wireless WIRELESS: Two interfaces cannot be configured with
different SSIDs on the same channel.
5368 enhancement Wireless WIRELESS: Multiple wireless devices require unique mac
addresses
5417 enhancement Wireless WIRELESS: Add “clear interfaces wireless” commands for
wireless interfaces.

10
5628 unassigned Wireless Deleting a wireless interface is not aligned with removal of
e.g. ethernet

Known Issues
Bug ID Component Description

BGP
5890 BGP Although ttl-security can be configured with an Ipv6 connection it has no
effect.
Recommended action: None
6030 BGP Currently, BGP redistribution does not support IPv4 and IPv6 at the same
time.
Recommended action: None
6042 BGP “… confederation peers <asn>” needs to be set/committed prior to the
peer’s <asn> is set/committed.
Recommended action: None
CLI
2654 CLI The “configure” and “install-system” commands are not available to
operator level users.
Recommended action: None
2777 CLI Typing a single quote on the command line puts the CLI into a state where it
is expecting additional input.
Recommended action: None
Cluster
3105 Cluster If two HA systems start their initialization within a narrow time window it is
possible for both to decide not to move resources from the primary to the
secondary. This is typically only a problem when there are many resources
configured (e.g., 40).
Recommended action: Do not start the two HA systems within 30 seconds
(the default “init dead time”) of each other. If already in the state where
resources are not moved, restarting one of the HA daemons will correct the
problem.
Documentation
5666 Documentation The BGP documentation needs to be updated to show how BGP sources
routes into its local tables.
Recommended action: None
Firewall
5065 Firewall A commit error is generated if a firewall “name” configuration is deleted at
the same time as deleting the assignment of the firewall “name” to an
interface.
Recommended action: Delete the assignment and commit the change, then
delete the “name” configuration and commit the change.
GUI
4091 GUI Time zone cannot be set via the GUI.
Recommended action: Use the “set system time-zone” CLI command to set
the time zone.

11
Interfaces
4695 Interfaces Some old hardware does not support VLANs. If a VLAN is configured on one
of these cards, the message “Operation not supported” is displayed. Drivers
that are known to exhibit this behavior are:
- bonding without slaves
- PS3 network interface
- Intel i2400m wimax
- IP over Infiniband
Recommended action: Upgrade hardware or do not use VLANs.
Kernel
5295 Kernel Connection tracking helper modules cannot re-assemble application layer
PDUs residing in two or more TCP segments. This is typically only a problem
when an application layer PDU is larger than 1500 bytes. The result of this
issue is that the application can fail.
Recommended action: None
Load Balancing
5126 Load balancing There was an issue using PPPoE for WAN Load Balancing if set up as a DHCP
interface. A change was made to WAN Load Balancing that potentially
fixed this issue. It needs to be tested with the current release.
Recommended action: None
NAT
5026 NAT A NAT rule does not take effect on a specific value due to the existence of a
previous connection tracking entry until the connection tracking table is
flushed. The same thing can occur with firewall rules.
Recommended action: Flush the connection tracking table using the
“conntrack –F” command for any manual change of the NAT/Firewall
configuration while the system is running.
5678 NAT “show nat translations monitor” cannot currently be used to continuously
monitor both source and destination NAT translations together.
Recommended action: Monitor source and destination NAT translation
separately using “show nat translations source monitor” and “show nat
translations destination monitor”.
OSPF
2801 OSPF Pre-existing protocol configuration files are not initialized. When a system
with OSPF statements saved in the configuration is rebooted, the system
fails to load with a “Commit failed” error. The “interfaces” and “system”
configuration nodes load correctly, but other configuration nodes do not.
This issue recurs each time the system is rebooted.
Recommended action: None
3004 OSPF Virtual links included in an OSPF area configuration must be removed prior
to deleting the OSPF area if there is no interface included in the area.
Recommended action: None
3348 OSPF If the OSPF router-id is to be changed, it has to be changed after OSPF
routers are done converging – when OSPF adjacencies are stable and OSPF
routes in the RIB are synced with OSPF LSAs.
Recommended action: None
Policy
4392 Policy The”set policy route-map <name> rule <num> ip-next-hop” command
currently only accepts and Ipv4 address. It should also accept an Ipv6 address

12
 and a “peer-address”.
Recommended action: None
QoS
5005 QoS QoS can only be applied to active PPPoE interfaces.
Recommended action:
1. Bring up the pppoe interface
2. Change the traffic-policy configuration
3. commit
4. Change traffic-policy configuration back to the desired
configuration
5. commit
6. Observe QoS applied to the pppoe interface
Serial
2319 Serial Unframed E1 does not work on certain hardware.
Unframed E1 is WORKING on the following cards:
A102SH
A104SH with Maxim framer

Unframed E1 is NOT WORKING on the following cards:

A104SH with PMC framer
Recommended action: To run unframed E1 do not use A104SH with PMC
framer.
3786 Serial Serial loopback framer test is not 100% successful when it should be. This
looks to be a hardware issue. Waiting for manufacturer (Sangoma) to
resolve.
Recommended action: None
SNMP
6102 SNMP Currently, SNMP reports an IF-MIB::ifSpeed value of 10000000 (10Mbit) for
all interfaces.
Recommended action: None
Static
4228 Static Recursive routes via routing protocols (i.e. non-static) are not currently
supported.
Recommended action: None
System
4051 System If the “set system syslog console” command is configured, prior to upgrade,
commit and save the command:

“set system syslog console facility all”

This will restore the default facility of the syslog command as seen prior to
Release 3.2.1 for the console method.
Recommended action: None
5792 System When executed the 'show system image', 'show system image version', and
'show system image storage' commands on a livecd, the output is "Can not
open Grub config file" and just the header with no information about
storage respectively. The message is cryptic should indicate that it is not
valid to run these commands on a livecd.
Recommended action: None

13
 5949 System In the VMware ESX 4 environment, if VMI paravirtualization support is
changed (either enabled or disabled) after the system boots it will cause
system initiation failure in subsequent boots.
Recommended action: Do not change the VMI paravirtualization support
once the virtual machine boots or redeploy the virtual machine template to
change the parameter before booting the virtual machine.
6066 System During an upgrade, if the root user password is configured, it will be reset
until the system is rebooted and has reread the configuration file.
Recommended action: Reboot the system after upgrade.
VPN
5305 VPN

14